diff --git a/Package.swift b/Package.swift index 116e14f880c..00fe75fe279 100644 --- a/Package.swift +++ b/Package.swift @@ -255,7 +255,7 @@ func addResolvedTargets() { // MARK: - Generated addDependencies( - clientRuntimeVersion: "0.71.0", + clientRuntimeVersion: "0.72.0", crtVersion: "0.36.0" ) @@ -373,6 +373,7 @@ let serviceTargets: [String] = [ "AWSDeviceFarm", "AWSDirectConnect", "AWSDirectoryService", + "AWSDirectoryServiceData", "AWSDocDB", "AWSDocDBElastic", "AWSDrs", diff --git a/Package.version b/Package.version index afaf360d37f..7f207341d5d 100644 --- a/Package.version +++ b/Package.version @@ -1 +1 @@ -1.0.0 \ No newline at end of file +1.0.1 \ No newline at end of file diff --git a/Package.version.next b/Package.version.next index 7f207341d5d..e6d5cb833c6 100644 --- a/Package.version.next +++ b/Package.version.next @@ -1 +1 @@ -1.0.1 \ No newline at end of file +1.0.2 \ No newline at end of file diff --git a/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md b/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md index e904495e105..8a64567e8a7 100644 --- a/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md +++ b/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md @@ -295,6 +295,8 @@ This SDK is open-source. Code is available on Github [here](https://github.com/ [AWSDirectoryService](../../../../../swift/api/awsdirectoryservice/latest) +[AWSDirectoryServiceData](../../../../../swift/api/awsdirectoryservicedata/latest) + [AWSDocDB](../../../../../swift/api/awsdocdb/latest) [AWSDocDBElastic](../../../../../swift/api/awsdocdbelastic/latest) diff --git a/Sources/Services/AWSCostExplorer/Sources/AWSCostExplorer/Models.swift b/Sources/Services/AWSCostExplorer/Sources/AWSCostExplorer/Models.swift index ff41f0e3bb0..311bed526fe 100644 --- a/Sources/Services/AWSCostExplorer/Sources/AWSCostExplorer/Models.swift +++ b/Sources/Services/AWSCostExplorer/Sources/AWSCostExplorer/Models.swift @@ -143,7 +143,7 @@ extension CostExplorerClientTypes { } extension CostExplorerClientTypes { - /// The combination of Amazon Web Service, linked account, linked account name, Region, and usage type where a cost anomaly is observed. The linked account name will only be available when the account name can be identified. + /// The combination of Amazon Web Servicesservice, linked account, linked account name, Region, and usage type where a cost anomaly is observed. The linked account name will only be available when the account name can be identified. public struct RootCause { /// The member account value that's associated with the cost anomaly. public var linkedAccount: Swift.String? @@ -151,7 +151,7 @@ extension CostExplorerClientTypes { public var linkedAccountName: Swift.String? /// The Amazon Web Services Region that's associated with the cost anomaly. public var region: Swift.String? - /// The Amazon Web Service name that's associated with the cost anomaly. + /// The Amazon Web Servicesservice name that's associated with the cost anomaly. public var service: Swift.String? /// The UsageType value that's associated with the cost anomaly. public var usageType: Swift.String? @@ -187,7 +187,7 @@ extension CostExplorerClientTypes { public var anomalyScore: CostExplorerClientTypes.AnomalyScore? /// The first day the anomaly is detected. public var anomalyStartDate: Swift.String? - /// The dimension for the anomaly (for example, an Amazon Web Service in a service monitor). + /// The dimension for the anomaly (for example, an Amazon Web Servicesservice in a service monitor). public var dimensionValue: Swift.String? /// The feedback value. public var feedback: CostExplorerClientTypes.AnomalyFeedbackType? @@ -2691,6 +2691,42 @@ extension CostExplorerClientTypes { } +extension CostExplorerClientTypes { + /// The DynamoDB reservations that Amazon Web Services recommends that you purchase. + public struct DynamoDBCapacityDetails { + /// The capacity unit of the recommended reservation. + public var capacityUnits: Swift.String? + /// The Amazon Web Services Region of the recommended reservation. + public var region: Swift.String? + + public init( + capacityUnits: Swift.String? = nil, + region: Swift.String? = nil + ) + { + self.capacityUnits = capacityUnits + self.region = region + } + } + +} + +extension CostExplorerClientTypes { + /// Details about the reservations that Amazon Web Services recommends that you purchase. + public struct ReservedCapacityDetails { + /// The DynamoDB reservations that Amazon Web Services recommends that you purchase. + public var dynamoDBCapacityDetails: CostExplorerClientTypes.DynamoDBCapacityDetails? + + public init( + dynamoDBCapacityDetails: CostExplorerClientTypes.DynamoDBCapacityDetails? = nil + ) + { + self.dynamoDBCapacityDetails = dynamoDBCapacityDetails + } + } + +} + extension CostExplorerClientTypes { /// Details about your recommended reservation purchase. public struct ReservationPurchaseRecommendationDetail { @@ -2698,13 +2734,15 @@ extension CostExplorerClientTypes { public var accountId: Swift.String? /// The average number of normalized units that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. public var averageNormalizedUnitsUsedPerHour: Swift.String? + /// The average number of provisioned capacity units that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. + public var averageNumberOfCapacityUnitsUsedPerHour: Swift.String? /// The average number of instances that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. public var averageNumberOfInstancesUsedPerHour: Swift.String? - /// The average utilization of your instances. Amazon Web Services uses this to calculate your recommended reservation purchases. + /// The average utilization of your recommendations. Amazon Web Services uses this to calculate your recommended reservation purchases. public var averageUtilization: Swift.String? - /// The currency code that Amazon Web Services used to calculate the costs for this instance. + /// The currency code that Amazon Web Services used to calculate the costs for this recommendation. public var currencyCode: Swift.String? - /// How long Amazon Web Services estimates that it takes for this instance to start saving you money, in months. + /// How long Amazon Web Services estimates that it takes for this recommendation to start saving you money, in months. public var estimatedBreakEvenInMonths: Swift.String? /// How much Amazon Web Services estimates that you spend on On-Demand Instances in a month. public var estimatedMonthlyOnDemandCost: Swift.String? @@ -2718,24 +2756,33 @@ extension CostExplorerClientTypes { public var instanceDetails: CostExplorerClientTypes.InstanceDetails? /// The maximum number of normalized units that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. public var maximumNormalizedUnitsUsedPerHour: Swift.String? + /// The maximum number of provisioned capacity units that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. + public var maximumNumberOfCapacityUnitsUsedPerHour: Swift.String? /// The maximum number of instances that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. public var maximumNumberOfInstancesUsedPerHour: Swift.String? /// The minimum number of normalized units that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. public var minimumNormalizedUnitsUsedPerHour: Swift.String? + /// The minimum number of provisioned capacity units that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. + public var minimumNumberOfCapacityUnitsUsedPerHour: Swift.String? /// The minimum number of instances that you used in an hour during the historical period. Amazon Web Services uses this to calculate your recommended reservation purchases. public var minimumNumberOfInstancesUsedPerHour: Swift.String? /// The number of normalized units that Amazon Web Services recommends that you purchase. public var recommendedNormalizedUnitsToPurchase: Swift.String? + /// The number of reserved capacity units that Amazon Web Services recommends that you purchase. + public var recommendedNumberOfCapacityUnitsToPurchase: Swift.String? /// The number of instances that Amazon Web Services recommends that you purchase. public var recommendedNumberOfInstancesToPurchase: Swift.String? - /// How much purchasing this instance costs you on a monthly basis. + /// How much purchasing this recommendation costs you on a monthly basis. public var recurringStandardMonthlyCost: Swift.String? - /// How much purchasing this instance costs you upfront. + /// Details about the reservations that Amazon Web Services recommends that you purchase. + public var reservedCapacityDetails: CostExplorerClientTypes.ReservedCapacityDetails? + /// How much purchasing this recommendation costs you upfront. public var upfrontCost: Swift.String? public init( accountId: Swift.String? = nil, averageNormalizedUnitsUsedPerHour: Swift.String? = nil, + averageNumberOfCapacityUnitsUsedPerHour: Swift.String? = nil, averageNumberOfInstancesUsedPerHour: Swift.String? = nil, averageUtilization: Swift.String? = nil, currencyCode: Swift.String? = nil, @@ -2746,17 +2793,22 @@ extension CostExplorerClientTypes { estimatedReservationCostForLookbackPeriod: Swift.String? = nil, instanceDetails: CostExplorerClientTypes.InstanceDetails? = nil, maximumNormalizedUnitsUsedPerHour: Swift.String? = nil, + maximumNumberOfCapacityUnitsUsedPerHour: Swift.String? = nil, maximumNumberOfInstancesUsedPerHour: Swift.String? = nil, minimumNormalizedUnitsUsedPerHour: Swift.String? = nil, + minimumNumberOfCapacityUnitsUsedPerHour: Swift.String? = nil, minimumNumberOfInstancesUsedPerHour: Swift.String? = nil, recommendedNormalizedUnitsToPurchase: Swift.String? = nil, + recommendedNumberOfCapacityUnitsToPurchase: Swift.String? = nil, recommendedNumberOfInstancesToPurchase: Swift.String? = nil, recurringStandardMonthlyCost: Swift.String? = nil, + reservedCapacityDetails: CostExplorerClientTypes.ReservedCapacityDetails? = nil, upfrontCost: Swift.String? = nil ) { self.accountId = accountId self.averageNormalizedUnitsUsedPerHour = averageNormalizedUnitsUsedPerHour + self.averageNumberOfCapacityUnitsUsedPerHour = averageNumberOfCapacityUnitsUsedPerHour self.averageNumberOfInstancesUsedPerHour = averageNumberOfInstancesUsedPerHour self.averageUtilization = averageUtilization self.currencyCode = currencyCode @@ -2767,12 +2819,16 @@ extension CostExplorerClientTypes { self.estimatedReservationCostForLookbackPeriod = estimatedReservationCostForLookbackPeriod self.instanceDetails = instanceDetails self.maximumNormalizedUnitsUsedPerHour = maximumNormalizedUnitsUsedPerHour + self.maximumNumberOfCapacityUnitsUsedPerHour = maximumNumberOfCapacityUnitsUsedPerHour self.maximumNumberOfInstancesUsedPerHour = maximumNumberOfInstancesUsedPerHour self.minimumNormalizedUnitsUsedPerHour = minimumNormalizedUnitsUsedPerHour + self.minimumNumberOfCapacityUnitsUsedPerHour = minimumNumberOfCapacityUnitsUsedPerHour self.minimumNumberOfInstancesUsedPerHour = minimumNumberOfInstancesUsedPerHour self.recommendedNormalizedUnitsToPurchase = recommendedNormalizedUnitsToPurchase + self.recommendedNumberOfCapacityUnitsToPurchase = recommendedNumberOfCapacityUnitsToPurchase self.recommendedNumberOfInstancesToPurchase = recommendedNumberOfInstancesToPurchase self.recurringStandardMonthlyCost = recurringStandardMonthlyCost + self.reservedCapacityDetails = reservedCapacityDetails self.upfrontCost = upfrontCost } } @@ -5820,7 +5876,7 @@ public struct GetDimensionValuesInput { /// /// * AZ - The Availability Zone. An example is us-east-1a. /// - /// * BILLING_ENTITY - The Amazon Web Services seller that your account is with. Possible values are the following: - Amazon Web Services(Amazon Web Services): The entity that sells Amazon Web Services. - AISPL (Amazon Internet Services Pvt. Ltd.): The local Indian entity that's an acting reseller for Amazon Web Services in India. - Amazon Web Services Marketplace: The entity that supports the sale of solutions that are built on Amazon Web Services by third-party software providers. + /// * BILLING_ENTITY - The Amazon Web Services seller that your account is with. Possible values are the following: - Amazon Web Services(Amazon Web Services): The entity that sells Amazon Web Servicesservices. - AISPL (Amazon Internet Services Pvt. Ltd.): The local Indian entity that's an acting reseller for Amazon Web Servicesservices in India. - Amazon Web Services Marketplace: The entity that supports the sale of solutions that are built on Amazon Web Services by third-party software providers. /// /// * CACHE_ENGINE - The Amazon ElastiCache operating system. Examples are Windows or Linux. /// @@ -9740,6 +9796,32 @@ extension CostExplorerClientTypes.ReservationPurchaseRecommendationDetail { value.estimatedReservationCostForLookbackPeriod = try reader["EstimatedReservationCostForLookbackPeriod"].readIfPresent() value.upfrontCost = try reader["UpfrontCost"].readIfPresent() value.recurringStandardMonthlyCost = try reader["RecurringStandardMonthlyCost"].readIfPresent() + value.reservedCapacityDetails = try reader["ReservedCapacityDetails"].readIfPresent(with: CostExplorerClientTypes.ReservedCapacityDetails.read(from:)) + value.recommendedNumberOfCapacityUnitsToPurchase = try reader["RecommendedNumberOfCapacityUnitsToPurchase"].readIfPresent() + value.minimumNumberOfCapacityUnitsUsedPerHour = try reader["MinimumNumberOfCapacityUnitsUsedPerHour"].readIfPresent() + value.maximumNumberOfCapacityUnitsUsedPerHour = try reader["MaximumNumberOfCapacityUnitsUsedPerHour"].readIfPresent() + value.averageNumberOfCapacityUnitsUsedPerHour = try reader["AverageNumberOfCapacityUnitsUsedPerHour"].readIfPresent() + return value + } +} + +extension CostExplorerClientTypes.ReservedCapacityDetails { + + static func read(from reader: SmithyJSON.Reader) throws -> CostExplorerClientTypes.ReservedCapacityDetails { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + var value = CostExplorerClientTypes.ReservedCapacityDetails() + value.dynamoDBCapacityDetails = try reader["DynamoDBCapacityDetails"].readIfPresent(with: CostExplorerClientTypes.DynamoDBCapacityDetails.read(from:)) + return value + } +} + +extension CostExplorerClientTypes.DynamoDBCapacityDetails { + + static func read(from reader: SmithyJSON.Reader) throws -> CostExplorerClientTypes.DynamoDBCapacityDetails { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + var value = CostExplorerClientTypes.DynamoDBCapacityDetails() + value.capacityUnits = try reader["CapacityUnits"].readIfPresent() + value.region = try reader["Region"].readIfPresent() return value } } diff --git a/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/DirectoryClient.swift b/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/DirectoryClient.swift index 98bd692a925..6d0716f777e 100644 --- a/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/DirectoryClient.swift +++ b/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/DirectoryClient.swift @@ -279,7 +279,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityAlreadyExistsException` : The specified entity already exists. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. @@ -354,11 +354,11 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryAlreadyInRegionException` : The Region you specified is the same Region where the Managed Microsoft AD directory was created. Specify a different Region and try again. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `RegionLimitExceededException` : You have reached the limit for maximum number of simultaneous Region replications per directory. @@ -728,7 +728,7 @@ extension DirectoryClient { /// __Possible Exceptions:__ /// - `AuthenticationFailedException` : An authentication error occurred. /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityAlreadyExistsException` : The specified entity already exists. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. @@ -804,7 +804,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityAlreadyExistsException` : The specified entity already exists. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. @@ -1251,7 +1251,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -1621,7 +1621,7 @@ extension DirectoryClient { /// - `CertificateInUseException` : The certificate is being used for the LDAP security connection and cannot be removed without disabling LDAP security. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. /// - `UnsupportedOperationException` : The operation is not supported. @@ -1842,7 +1842,7 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. /// - `InvalidParameterException` : One or more parameters are not valid. @@ -1918,7 +1918,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -2055,6 +2055,80 @@ extension DirectoryClient { return try await op.execute(input: input) } + /// Performs the `DescribeDirectoryDataAccess` operation on the `DirectoryService_20150416` service. + /// + /// Obtains status of directory data access enablement through the Directory Service Data API for the specified directory. + /// + /// - Parameter DescribeDirectoryDataAccessInput : [no documentation found] + /// + /// - Returns: `DescribeDirectoryDataAccessOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. + /// - `ClientException` : A client exception has occurred. + /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. + /// - `ServiceException` : An exception has occurred in Directory Service. + /// - `UnsupportedOperationException` : The operation is not supported. + public func describeDirectoryDataAccess(input: DescribeDirectoryDataAccessInput) async throws -> DescribeDirectoryDataAccessOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "describeDirectoryDataAccess") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(DescribeDirectoryDataAccessInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(DescribeDirectoryDataAccessOutput.httpOutput(from:), DescribeDirectoryDataAccessOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.interceptors.add(AWSClientRuntime.XAmzTargetMiddleware(xAmzTarget: "DirectoryService_20150416.DescribeDirectoryDataAccess")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: DescribeDirectoryDataAccessInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/x-amz-json-1.1")) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "Directory") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "DescribeDirectoryDataAccess") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + /// Performs the `DescribeDomainControllers` operation on the `DirectoryService_20150416` service. /// /// Provides information about any domain controllers in your directory. @@ -2289,7 +2363,7 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. /// - `InvalidNextTokenException` : The NextToken value is not valid. @@ -2664,7 +2738,7 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. /// - `InvalidNextTokenException` : The NextToken value is not valid. @@ -2739,7 +2813,7 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. /// - `InvalidClientAuthStatusException` : Client authentication is already enabled. @@ -2803,6 +2877,82 @@ extension DirectoryClient { return try await op.execute(input: input) } + /// Performs the `DisableDirectoryDataAccess` operation on the `DirectoryService_20150416` service. + /// + /// Deactivates access to directory data via the Directory Service Data API for the specified directory. + /// + /// - Parameter DisableDirectoryDataAccessInput : [no documentation found] + /// + /// - Returns: `DisableDirectoryDataAccessOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. + /// - `ClientException` : A client exception has occurred. + /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. + /// - `DirectoryInDesiredStateException` : The directory is already updated to desired update type settings. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. + /// - `ServiceException` : An exception has occurred in Directory Service. + /// - `UnsupportedOperationException` : The operation is not supported. + public func disableDirectoryDataAccess(input: DisableDirectoryDataAccessInput) async throws -> DisableDirectoryDataAccessOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "disableDirectoryDataAccess") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(DisableDirectoryDataAccessInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(DisableDirectoryDataAccessOutput.httpOutput(from:), DisableDirectoryDataAccessOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.interceptors.add(AWSClientRuntime.XAmzTargetMiddleware(xAmzTarget: "DirectoryService_20150416.DisableDirectoryDataAccess")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: DisableDirectoryDataAccessInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/x-amz-json-1.1")) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "Directory") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "DisableDirectoryDataAccess") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + /// Performs the `DisableLDAPS` operation on the `DirectoryService_20150416` service. /// /// Deactivates LDAP secure calls for the specified directory. @@ -2816,7 +2966,7 @@ extension DirectoryClient { /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `InvalidLDAPSStatusException` : The LDAP activities could not be performed because they are limited by the LDAPS status. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -3036,7 +3186,7 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. /// - `InvalidClientAuthStatusException` : Client authentication is already enabled. @@ -3101,6 +3251,82 @@ extension DirectoryClient { return try await op.execute(input: input) } + /// Performs the `EnableDirectoryDataAccess` operation on the `DirectoryService_20150416` service. + /// + /// Enables access to directory data via the Directory Service Data API for the specified directory. + /// + /// - Parameter EnableDirectoryDataAccessInput : [no documentation found] + /// + /// - Returns: `EnableDirectoryDataAccessOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. + /// - `ClientException` : A client exception has occurred. + /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. + /// - `DirectoryInDesiredStateException` : The directory is already updated to desired update type settings. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. + /// - `ServiceException` : An exception has occurred in Directory Service. + /// - `UnsupportedOperationException` : The operation is not supported. + public func enableDirectoryDataAccess(input: EnableDirectoryDataAccessInput) async throws -> EnableDirectoryDataAccessOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "enableDirectoryDataAccess") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(EnableDirectoryDataAccessInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(EnableDirectoryDataAccessOutput.httpOutput(from:), EnableDirectoryDataAccessOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.interceptors.add(AWSClientRuntime.XAmzTargetMiddleware(xAmzTarget: "DirectoryService_20150416.EnableDirectoryDataAccess")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: EnableDirectoryDataAccessInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/x-amz-json-1.1")) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "Directory") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "EnableDirectoryDataAccess") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + /// Performs the `EnableLDAPS` operation on the `DirectoryService_20150416` service. /// /// Activates the switch for the specific directory to always use LDAP secure calls. @@ -3114,7 +3340,7 @@ extension DirectoryClient { /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `InvalidLDAPSStatusException` : The LDAP activities could not be performed because they are limited by the LDAPS status. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `NoAvailableCertificateException` : Client authentication setup could not be completed because at least one valid certificate must be registered in the system. @@ -3854,7 +4080,7 @@ extension DirectoryClient { /// - `CertificateLimitExceededException` : The certificate could not be added because the certificate limit has been reached. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `InvalidCertificateException` : The certificate PEM that was provided has incorrect encoding. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -4076,7 +4302,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -4149,10 +4375,10 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `ServiceException` : An exception has occurred in Directory Service. /// - `UnsupportedOperationException` : The operation is not supported. public func removeRegion(input: RemoveRegionInput) async throws -> RemoveRegionOutput { @@ -4288,7 +4514,7 @@ extension DirectoryClient { /// Performs the `ResetUserPassword` operation on the `DirectoryService_20150416` service. /// - /// Resets the password for any user in your Managed Microsoft AD or Simple AD directory. You can reset the password for any user in your directory with the following exceptions: + /// Resets the password for any user in your Managed Microsoft AD or Simple AD directory. Disabled users will become enabled and can be authenticated following the API call. You can reset the password for any user in your directory with the following exceptions: /// /// * For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user. /// @@ -4302,7 +4528,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidPasswordException` : The new password provided by the user does not meet the password complexity requirements defined in your directory. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -4450,7 +4676,7 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryAlreadySharedException` : The specified directory has already been shared with this Amazon Web Services account. /// - `EntityDoesNotExistException` : The specified entity could not be found. @@ -4530,7 +4756,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -4679,7 +4905,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. @@ -4753,11 +4979,11 @@ extension DirectoryClient { /// - Throws: One of the exceptions listed below __Possible Exceptions__. /// /// __Possible Exceptions:__ - /// - `AccessDeniedException` : Client authentication is not available in this region at this time. + /// - `AccessDeniedException` : You do not have sufficient access to perform this action. /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. /// - `DirectoryInDesiredStateException` : The directory is already updated to desired update type settings. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. /// - `SnapshotLimitExceededException` : The maximum number of manual snapshots for the directory has been reached. You can use the [GetSnapshotLimits] operation to determine the snapshot limits for a directory. @@ -4832,7 +5058,7 @@ extension DirectoryClient { /// /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `DomainControllerLimitExceededException` : The maximum allowed number of domain controllers per directory was exceeded. The default limit per directory is 20 domain controllers. /// - `EntityDoesNotExistException` : The specified entity could not be found. /// - `InvalidParameterException` : One or more parameters are not valid. @@ -4982,7 +5208,7 @@ extension DirectoryClient { /// __Possible Exceptions:__ /// - `ClientException` : A client exception has occurred. /// - `DirectoryDoesNotExistException` : The specified directory does not exist in the system. - /// - `DirectoryUnavailableException` : The specified directory is unavailable or could not be found. + /// - `DirectoryUnavailableException` : The specified directory is unavailable. /// - `IncompatibleSettingsException` : The specified directory setting is not compatible with other settings. /// - `InvalidParameterException` : One or more parameters are not valid. /// - `ServiceException` : An exception has occurred in Directory Service. diff --git a/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/Models.swift b/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/Models.swift index 7736e89b871..0228768cfe4 100644 --- a/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/Models.swift +++ b/Sources/Services/AWSDirectoryService/Sources/AWSDirectoryService/Models.swift @@ -328,7 +328,7 @@ public struct AcceptSharedDirectoryOutput { } } -/// Client authentication is not available in this region at this time. +/// You do not have sufficient access to perform this action. public struct AccessDeniedException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { public struct Properties { @@ -357,7 +357,7 @@ public struct AccessDeniedException: ClientRuntime.ModeledError, AWSClientRuntim } } -/// The specified directory is unavailable or could not be found. +/// The specified directory is unavailable. public struct DirectoryUnavailableException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { public struct Properties { @@ -473,39 +473,39 @@ public struct AddIpRoutesInput { public var ipRoutes: [DirectoryClientTypes.IpRoute]? /// If set to true, updates the inbound and outbound rules of the security group that has the description: "Amazon Web Services created security group for directory ID directory controllers." Following are the new rules: Inbound: /// - /// * Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: 0.0.0.0/0 + /// * Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: 0.0.0.0/0 + /// * Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: 0.0.0.0/0 + /// * Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: 0.0.0.0/0 + /// * Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: 0.0.0.0/0 + /// * Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: 0.0.0.0/0 + /// * Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: 0.0.0.0/0 + /// * Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: 0.0.0.0/0 + /// * Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: 0.0.0.0/0 + /// * Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: 0.0.0.0/0 + /// * Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: 0.0.0.0/0 + /// * Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: 0.0.0.0/0 + /// * Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: 0.0.0.0/0 + /// * Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: DNS (UDP), Protocol: UDP, Range: 53, Source: 0.0.0.0/0 + /// * Type: DNS (UDP), Protocol: UDP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: DNS (TCP), Protocol: TCP, Range: 53, Source: 0.0.0.0/0 + /// * Type: DNS (TCP), Protocol: TCP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: LDAP, Protocol: TCP, Range: 389, Source: 0.0.0.0/0 + /// * Type: LDAP, Protocol: TCP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR /// - /// * Type: All ICMP, Protocol: All, Range: N/A, Source: 0.0.0.0/0 + /// * Type: All ICMP, Protocol: All, Range: N/A, Source: Managed Microsoft AD VPC IPv4 CIDR /// /// /// Outbound: @@ -731,10 +731,10 @@ public struct TagLimitExceededException: ClientRuntime.ModeledError, AWSClientRu extension DirectoryClientTypes { /// Metadata assigned to a directory consisting of a key-value pair. public struct Tag { - /// Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$"). + /// Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$"). /// This member is required. public var key: Swift.String? - /// The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$"). + /// The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$"). /// This member is required. public var value: Swift.String? @@ -1928,7 +1928,7 @@ public struct CreateTrustInput { /// The direction of the trust relationship. /// This member is required. public var trustDirection: DirectoryClientTypes.TrustDirection? - /// The trust password. The must be the same password that was used when creating the trust relationship on the external domain. + /// The trust password. The trust password must be the same password that was used when creating the trust relationship on the external domain. /// This member is required. public var trustPassword: Swift.String? /// The trust relationship type. Forest is the default. @@ -1972,6 +1972,44 @@ public struct CreateTrustOutput { } } +extension DirectoryClientTypes { + + public enum DataAccessStatus: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case disabled + case disabling + case enabled + case enabling + case failed + case sdkUnknown(Swift.String) + + public static var allCases: [DataAccessStatus] { + return [ + .disabled, + .disabling, + .enabled, + .enabling, + .failed + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .disabled: return "Disabled" + case .disabling: return "Disabling" + case .enabled: return "Enabled" + case .enabling: return "Enabling" + case .failed: return "Failed" + case let .sdkUnknown(s): return s + } + } + } +} + /// Deletes a conditional forwarder. public struct DeleteConditionalForwarderInput { /// The directory ID for which you are deleting the conditional forwarder. @@ -2409,7 +2447,7 @@ extension DirectoryClientTypes { public var displayLabel: Swift.String? /// The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers. public var radiusPort: Swift.Int? - /// The maximum number of times that communication with the RADIUS server is attempted. + /// The maximum number of times that communication with the RADIUS server is retried after the initial attempt. public var radiusRetries: Swift.Int /// An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer. public var radiusServers: [Swift.String]? @@ -2579,6 +2617,7 @@ extension DirectoryClientTypes { case requested case restorefailed case restoring + case updating case sdkUnknown(Swift.String) public static var allCases: [DirectoryStage] { @@ -2593,7 +2632,8 @@ extension DirectoryClientTypes { .inoperable, .requested, .restorefailed, - .restoring + .restoring, + .updating ] } @@ -2615,6 +2655,7 @@ extension DirectoryClientTypes { case .requested: return "Requested" case .restorefailed: return "RestoreFailed" case .restoring: return "Restoring" + case .updating: return "Updating" case let .sdkUnknown(s): return s } } @@ -2707,7 +2748,7 @@ extension DirectoryClientTypes { public var stageLastUpdatedDateTime: Foundation.Date? /// Additional information about the directory stage. public var stageReason: Swift.String? - /// The directory size. + /// The directory type. public var type: DirectoryClientTypes.DirectoryType? /// A [DirectoryVpcSettingsDescription] object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed Microsoft AD directory. public var vpcSettings: DirectoryClientTypes.DirectoryVpcSettingsDescription? @@ -2794,6 +2835,31 @@ public struct DescribeDirectoriesOutput { } } +public struct DescribeDirectoryDataAccessInput { + /// The directory identifier. + /// This member is required. + public var directoryId: Swift.String? + + public init( + directoryId: Swift.String? = nil + ) + { + self.directoryId = directoryId + } +} + +public struct DescribeDirectoryDataAccessOutput { + /// The current status of data access through the Directory Service Data API. + public var dataAccessStatus: DirectoryClientTypes.DataAccessStatus? + + public init( + dataAccessStatus: DirectoryClientTypes.DataAccessStatus? = nil + ) + { + self.dataAccessStatus = dataAccessStatus + } +} + public struct DescribeDomainControllersInput { /// Identifier of the directory for which to retrieve the domain controller information. /// This member is required. @@ -2829,6 +2895,7 @@ extension DirectoryClientTypes { case failed case impaired case restoring + case updating case sdkUnknown(Swift.String) public static var allCases: [DomainControllerStatus] { @@ -2839,7 +2906,8 @@ extension DirectoryClientTypes { .deleting, .failed, .impaired, - .restoring + .restoring, + .updating ] } @@ -2857,6 +2925,7 @@ extension DirectoryClientTypes { case .failed: return "Failed" case .impaired: return "Impaired" case .restoring: return "Restoring" + case .updating: return "Updating" case let .sdkUnknown(s): return s } } @@ -4052,7 +4121,7 @@ public struct DisableClientAuthenticationInput { /// The identifier of the directory /// This member is required. public var directoryId: Swift.String? - /// The type of client authentication to disable. Currently, only the parameter, SmartCard is supported. + /// The type of client authentication to disable. Currently the only parameter "SmartCard" is supported. /// This member is required. public var type: DirectoryClientTypes.ClientAuthenticationType? @@ -4071,6 +4140,24 @@ public struct DisableClientAuthenticationOutput { public init() { } } +public struct DisableDirectoryDataAccessInput { + /// The directory identifier. + /// This member is required. + public var directoryId: Swift.String? + + public init( + directoryId: Swift.String? = nil + ) + { + self.directoryId = directoryId + } +} + +public struct DisableDirectoryDataAccessOutput { + + public init() { } +} + /// The LDAP activities could not be performed because they are limited by the LDAPS status. public struct InvalidLDAPSStatusException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { @@ -4228,6 +4315,24 @@ public struct EnableClientAuthenticationOutput { public init() { } } +public struct EnableDirectoryDataAccessInput { + /// The directory identifier. + /// This member is required. + public var directoryId: Swift.String? + + public init( + directoryId: Swift.String? = nil + ) + { + self.directoryId = directoryId + } +} + +public struct EnableDirectoryDataAccessOutput { + + public init() { } +} + public struct EnableLDAPSInput { /// The identifier of the directory. /// This member is required. @@ -5800,6 +5905,13 @@ extension DescribeDirectoriesInput { } } +extension DescribeDirectoryDataAccessInput { + + static func urlPathProvider(_ value: DescribeDirectoryDataAccessInput) -> Swift.String? { + return "/" + } +} + extension DescribeDomainControllersInput { static func urlPathProvider(_ value: DescribeDomainControllersInput) -> Swift.String? { @@ -5870,6 +5982,13 @@ extension DisableClientAuthenticationInput { } } +extension DisableDirectoryDataAccessInput { + + static func urlPathProvider(_ value: DisableDirectoryDataAccessInput) -> Swift.String? { + return "/" + } +} + extension DisableLDAPSInput { static func urlPathProvider(_ value: DisableLDAPSInput) -> Swift.String? { @@ -5898,6 +6017,13 @@ extension EnableClientAuthenticationInput { } } +extension EnableDirectoryDataAccessInput { + + static func urlPathProvider(_ value: EnableDirectoryDataAccessInput) -> Swift.String? { + return "/" + } +} + extension EnableLDAPSInput { static func urlPathProvider(_ value: EnableLDAPSInput) -> Swift.String? { @@ -6344,6 +6470,14 @@ extension DescribeDirectoriesInput { } } +extension DescribeDirectoryDataAccessInput { + + static func write(value: DescribeDirectoryDataAccessInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["DirectoryId"].write(value.directoryId) + } +} + extension DescribeDomainControllersInput { static func write(value: DescribeDomainControllersInput?, to writer: SmithyJSON.Writer) throws { @@ -6448,6 +6582,14 @@ extension DisableClientAuthenticationInput { } } +extension DisableDirectoryDataAccessInput { + + static func write(value: DisableDirectoryDataAccessInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["DirectoryId"].write(value.directoryId) + } +} + extension DisableLDAPSInput { static func write(value: DisableLDAPSInput?, to writer: SmithyJSON.Writer) throws { @@ -6484,6 +6626,14 @@ extension EnableClientAuthenticationInput { } } +extension EnableDirectoryDataAccessInput { + + static func write(value: EnableDirectoryDataAccessInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["DirectoryId"].write(value.directoryId) + } +} + extension EnableLDAPSInput { static func write(value: EnableLDAPSInput?, to writer: SmithyJSON.Writer) throws { @@ -6999,6 +7149,18 @@ extension DescribeDirectoriesOutput { } } +extension DescribeDirectoryDataAccessOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DescribeDirectoryDataAccessOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = DescribeDirectoryDataAccessOutput() + value.dataAccessStatus = try reader["DataAccessStatus"].readIfPresent() + return value + } +} + extension DescribeDomainControllersOutput { static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DescribeDomainControllersOutput { @@ -7123,6 +7285,13 @@ extension DisableClientAuthenticationOutput { } } +extension DisableDirectoryDataAccessOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DisableDirectoryDataAccessOutput { + return DisableDirectoryDataAccessOutput() + } +} + extension DisableLDAPSOutput { static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DisableLDAPSOutput { @@ -7151,6 +7320,13 @@ extension EnableClientAuthenticationOutput { } } +extension EnableDirectoryDataAccessOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> EnableDirectoryDataAccessOutput { + return EnableDirectoryDataAccessOutput() + } +} + extension EnableLDAPSOutput { static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> EnableLDAPSOutput { @@ -7890,6 +8066,24 @@ enum DescribeDirectoriesOutputError { } } +enum DescribeDirectoryDataAccessOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.AWSJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ClientException": return try ClientException.makeError(baseError: baseError) + case "DirectoryDoesNotExistException": return try DirectoryDoesNotExistException.makeError(baseError: baseError) + case "ServiceException": return try ServiceException.makeError(baseError: baseError) + case "UnsupportedOperationException": return try UnsupportedOperationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + enum DescribeDomainControllersOutputError { static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { @@ -8078,6 +8272,26 @@ enum DisableClientAuthenticationOutputError { } } +enum DisableDirectoryDataAccessOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.AWSJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ClientException": return try ClientException.makeError(baseError: baseError) + case "DirectoryDoesNotExistException": return try DirectoryDoesNotExistException.makeError(baseError: baseError) + case "DirectoryInDesiredStateException": return try DirectoryInDesiredStateException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "ServiceException": return try ServiceException.makeError(baseError: baseError) + case "UnsupportedOperationException": return try UnsupportedOperationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + enum DisableLDAPSOutputError { static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { @@ -8152,6 +8366,26 @@ enum EnableClientAuthenticationOutputError { } } +enum EnableDirectoryDataAccessOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.AWSJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ClientException": return try ClientException.makeError(baseError: baseError) + case "DirectoryDoesNotExistException": return try DirectoryDoesNotExistException.makeError(baseError: baseError) + case "DirectoryInDesiredStateException": return try DirectoryInDesiredStateException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "ServiceException": return try ServiceException.makeError(baseError: baseError) + case "UnsupportedOperationException": return try UnsupportedOperationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + enum EnableLDAPSOutputError { static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { @@ -8980,6 +9214,20 @@ extension InvalidClientAuthStatusException { } } +extension DirectoryInDesiredStateException { + + static func makeError(baseError: AWSClientRuntime.AWSJSONError) throws -> DirectoryInDesiredStateException { + let reader = baseError.errorBodyReader + var value = DirectoryInDesiredStateException() + value.properties.message = try reader["Message"].readIfPresent() + value.properties.requestId = try reader["RequestId"].readIfPresent() + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + extension InvalidLDAPSStatusException { static func makeError(baseError: AWSClientRuntime.AWSJSONError) throws -> InvalidLDAPSStatusException { @@ -9134,20 +9382,6 @@ extension DirectoryNotSharedException { } } -extension DirectoryInDesiredStateException { - - static func makeError(baseError: AWSClientRuntime.AWSJSONError) throws -> DirectoryInDesiredStateException { - let reader = baseError.errorBodyReader - var value = DirectoryInDesiredStateException() - value.properties.message = try reader["Message"].readIfPresent() - value.properties.requestId = try reader["RequestId"].readIfPresent() - value.httpResponse = baseError.httpResponse - value.requestID = baseError.requestID - value.message = baseError.message - return value - } -} - extension DomainControllerLimitExceededException { static func makeError(baseError: AWSClientRuntime.AWSJSONError) throws -> DomainControllerLimitExceededException { diff --git a/Sources/Services/AWSDirectoryServiceData/Package.swift.txt b/Sources/Services/AWSDirectoryServiceData/Package.swift.txt new file mode 100644 index 00000000000..c7ac298b83a --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Package.swift.txt @@ -0,0 +1,95 @@ +// swift-tools-version: 5.9.0 + +import PackageDescription + +let package = Package( + name: "AWSDirectoryServiceData", + platforms: [ + .macOS(.v10_15), .iOS(.v13) + ], + products: [ + .library(name: "AWSDirectoryServiceData", targets: ["AWSDirectoryServiceData"]) + ], + dependencies: [ + .package( + id: "aws-sdk-swift.smithy-swift", + exact: "0.0.1" + ), + .package( + id: "aws-sdk-swift.AWSClientRuntime", + exact: "0.0.1" + ), + .package( + id: "aws-sdk-swift.AWSSDKHTTPAuth", + exact: "0.0.1" + ), + ], + targets: [ + .target( + name: "AWSDirectoryServiceData", + dependencies: [ + .product( + name: "SmithyHTTPAuthAPI", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "Smithy", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "ClientRuntime", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "AWSClientRuntime", + package: "aws-sdk-swift.AWSClientRuntime" + ), + .product( + name: "SmithyIdentity", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "SmithyRetriesAPI", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "SmithyHTTPAPI", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "AWSSDKHTTPAuth", + package: "aws-sdk-swift.AWSSDKHTTPAuth" + ), + .product( + name: "SmithyJSON", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "SmithyReadWrite", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "SmithyRetries", + package: "aws-sdk-swift.smithy-swift" + ), + .product( + name: "SmithyTestUtil", + package: "aws-sdk-swift.smithy-swift" + ), + ], + resources: [ + .process("Resources") + ] + ), + .testTarget( + name: "AWSDirectoryServiceDataTests", + dependencies: [ + "AWSDirectoryServiceData", + .product( + name: "SmithyTestUtil", + package: "aws-sdk-swift.smithy-swift" + ), + ] + ) + ] +) diff --git a/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/AuthSchemeResolver.swift b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/AuthSchemeResolver.swift new file mode 100644 index 00000000000..f88a1c537a8 --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/AuthSchemeResolver.swift @@ -0,0 +1,56 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by smithy-swift-codegen. DO NOT EDIT! + +import class Smithy.Context +import enum Smithy.ClientError +import enum SmithyHTTPAuthAPI.SigningPropertyKeys +import protocol SmithyHTTPAuthAPI.AuthSchemeResolver +import protocol SmithyHTTPAuthAPI.AuthSchemeResolverParameters +import struct SmithyHTTPAuthAPI.AuthOption + +public struct DirectoryServiceDataAuthSchemeResolverParameters: SmithyHTTPAuthAPI.AuthSchemeResolverParameters { + public let operation: Swift.String + // Region is used for SigV4 auth scheme + public let region: Swift.String? +} + +public protocol DirectoryServiceDataAuthSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { + // Intentionally empty. + // This is the parent protocol that all auth scheme resolver implementations of + // the service DirectoryServiceData must conform to. +} + +public struct DefaultDirectoryServiceDataAuthSchemeResolver: DirectoryServiceDataAuthSchemeResolver { + + public func resolveAuthScheme(params: SmithyHTTPAuthAPI.AuthSchemeResolverParameters) throws -> [SmithyHTTPAuthAPI.AuthOption] { + var validAuthOptions = [SmithyHTTPAuthAPI.AuthOption]() + guard let serviceParams = params as? DirectoryServiceDataAuthSchemeResolverParameters else { + throw Smithy.ClientError.authError("Service specific auth scheme parameters type must be passed to auth scheme resolver.") + } + switch serviceParams.operation { + default: + var sigV4Option = SmithyHTTPAuthAPI.AuthOption(schemeID: "aws.auth#sigv4") + sigV4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingName, value: "ds-data") + guard let region = serviceParams.region else { + throw Smithy.ClientError.authError("Missing region in auth scheme parameters for SigV4 auth scheme.") + } + sigV4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingRegion, value: region) + validAuthOptions.append(sigV4Option) + } + return validAuthOptions + } + + public func constructParameters(context: Smithy.Context) throws -> SmithyHTTPAuthAPI.AuthSchemeResolverParameters { + guard let opName = context.getOperation() else { + throw Smithy.ClientError.dataNotFound("Operation name not configured in middleware context for auth scheme resolver params construction.") + } + let opRegion = context.getRegion() + return DirectoryServiceDataAuthSchemeResolverParameters(operation: opName, region: opRegion) + } +} diff --git a/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/DirectoryServiceDataClient.swift b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/DirectoryServiceDataClient.swift new file mode 100644 index 00000000000..df8f94d3879 --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/DirectoryServiceDataClient.swift @@ -0,0 +1,1484 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by smithy-swift-codegen. DO NOT EDIT! + +import class AWSClientRuntime.AWSClientConfigDefaultsProvider +import class AWSClientRuntime.AmzSdkRequestMiddleware +import class AWSClientRuntime.DefaultAWSClientPlugin +import class ClientRuntime.ClientBuilder +import class ClientRuntime.DefaultClientPlugin +import class ClientRuntime.HttpClientConfiguration +import class ClientRuntime.OrchestratorBuilder +import class ClientRuntime.OrchestratorTelemetry +import class ClientRuntime.SdkHttpClient +import class Smithy.ContextBuilder +import class SmithyHTTPAPI.HTTPRequest +import class SmithyHTTPAPI.HTTPResponse +@_spi(SmithyReadWrite) import class SmithyJSON.Writer +import enum AWSClientRuntime.AWSRetryErrorInfoProvider +import enum AWSClientRuntime.AWSRetryMode +import enum ClientRuntime.ClientLogMode +import enum ClientRuntime.DefaultTelemetry +import enum ClientRuntime.OrchestratorMetricsAttributesKeys +import protocol AWSClientRuntime.AWSDefaultClientConfiguration +import protocol AWSClientRuntime.AWSRegionClientConfiguration +import protocol ClientRuntime.Client +import protocol ClientRuntime.DefaultClientConfiguration +import protocol ClientRuntime.DefaultHttpClientConfiguration +import protocol ClientRuntime.HttpInterceptorProvider +import protocol ClientRuntime.IdempotencyTokenGenerator +import protocol ClientRuntime.InterceptorProvider +import protocol ClientRuntime.TelemetryProvider +import protocol Smithy.LogAgent +import protocol SmithyHTTPAPI.HTTPClient +import protocol SmithyHTTPAuthAPI.AuthSchemeResolver +import protocol SmithyIdentity.AWSCredentialIdentityResolver +import protocol SmithyIdentity.BearerTokenIdentityResolver +@_spi(SmithyReadWrite) import protocol SmithyReadWrite.SmithyWriter +import struct AWSClientRuntime.AmzSdkInvocationIdMiddleware +import struct AWSClientRuntime.EndpointResolverMiddleware +import struct AWSClientRuntime.UserAgentMiddleware +import struct AWSSDKHTTPAuth.SigV4AuthScheme +import struct ClientRuntime.AuthSchemeMiddleware +@_spi(SmithyReadWrite) import struct ClientRuntime.BodyMiddleware +import struct ClientRuntime.ContentLengthMiddleware +import struct ClientRuntime.ContentTypeMiddleware +@_spi(SmithyReadWrite) import struct ClientRuntime.DeserializeMiddleware +import struct ClientRuntime.IdempotencyTokenMiddleware +import struct ClientRuntime.LoggerMiddleware +import struct ClientRuntime.QueryItemMiddleware +import struct ClientRuntime.SignerMiddleware +import struct ClientRuntime.URLHostMiddleware +import struct ClientRuntime.URLPathMiddleware +import struct Smithy.Attributes +import struct SmithyIdentity.BearerTokenIdentity +import struct SmithyIdentity.StaticBearerTokenIdentityResolver +import struct SmithyRetries.DefaultRetryStrategy +import struct SmithyRetriesAPI.RetryStrategyOptions +import typealias SmithyHTTPAuthAPI.AuthSchemes + +public class DirectoryServiceDataClient: ClientRuntime.Client { + public static let clientName = "DirectoryServiceDataClient" + let client: ClientRuntime.SdkHttpClient + let config: DirectoryServiceDataClient.DirectoryServiceDataClientConfiguration + let serviceName = "Directory Service Data" + + public required init(config: DirectoryServiceDataClient.DirectoryServiceDataClientConfiguration) { + client = ClientRuntime.SdkHttpClient(engine: config.httpClientEngine, config: config.httpClientConfiguration) + self.config = config + } + + public convenience init(region: Swift.String) throws { + let config = try DirectoryServiceDataClient.DirectoryServiceDataClientConfiguration(region: region) + self.init(config: config) + } + + public convenience required init() async throws { + let config = try await DirectoryServiceDataClient.DirectoryServiceDataClientConfiguration() + self.init(config: config) + } +} + +extension DirectoryServiceDataClient { + public class DirectoryServiceDataClientConfiguration: AWSClientRuntime.AWSDefaultClientConfiguration & AWSClientRuntime.AWSRegionClientConfiguration & ClientRuntime.DefaultClientConfiguration & ClientRuntime.DefaultHttpClientConfiguration { + public var useFIPS: Swift.Bool? + + public var useDualStack: Swift.Bool? + + public var appID: Swift.String? + + public var awsCredentialIdentityResolver: any SmithyIdentity.AWSCredentialIdentityResolver + + public var awsRetryMode: AWSClientRuntime.AWSRetryMode + + public var maxAttempts: Swift.Int? + + public var region: Swift.String? + + public var signingRegion: Swift.String? + + public var endpointResolver: EndpointResolver + + public var telemetryProvider: ClientRuntime.TelemetryProvider + + public var retryStrategyOptions: SmithyRetriesAPI.RetryStrategyOptions + + public var clientLogMode: ClientRuntime.ClientLogMode + + public var endpoint: Swift.String? + + public var idempotencyTokenGenerator: ClientRuntime.IdempotencyTokenGenerator + + public var httpClientEngine: SmithyHTTPAPI.HTTPClient + + public var httpClientConfiguration: ClientRuntime.HttpClientConfiguration + + public var authSchemes: SmithyHTTPAuthAPI.AuthSchemes? + + public var authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver + + public var bearerTokenIdentityResolver: any SmithyIdentity.BearerTokenIdentityResolver + + public private(set) var interceptorProviders: [ClientRuntime.InterceptorProvider] + + public private(set) var httpInterceptorProviders: [ClientRuntime.HttpInterceptorProvider] + + internal let logger: Smithy.LogAgent + + private init(_ useFIPS: Swift.Bool?, _ useDualStack: Swift.Bool?, _ appID: Swift.String?, _ awsCredentialIdentityResolver: any SmithyIdentity.AWSCredentialIdentityResolver, _ awsRetryMode: AWSClientRuntime.AWSRetryMode, _ maxAttempts: Swift.Int?, _ region: Swift.String?, _ signingRegion: Swift.String?, _ endpointResolver: EndpointResolver, _ telemetryProvider: ClientRuntime.TelemetryProvider, _ retryStrategyOptions: SmithyRetriesAPI.RetryStrategyOptions, _ clientLogMode: ClientRuntime.ClientLogMode, _ endpoint: Swift.String?, _ idempotencyTokenGenerator: ClientRuntime.IdempotencyTokenGenerator, _ httpClientEngine: SmithyHTTPAPI.HTTPClient, _ httpClientConfiguration: ClientRuntime.HttpClientConfiguration, _ authSchemes: SmithyHTTPAuthAPI.AuthSchemes?, _ authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver, _ bearerTokenIdentityResolver: any SmithyIdentity.BearerTokenIdentityResolver, _ interceptorProviders: [ClientRuntime.InterceptorProvider], _ httpInterceptorProviders: [ClientRuntime.HttpInterceptorProvider]) { + self.useFIPS = useFIPS + self.useDualStack = useDualStack + self.appID = appID + self.awsCredentialIdentityResolver = awsCredentialIdentityResolver + self.awsRetryMode = awsRetryMode + self.maxAttempts = maxAttempts + self.region = region + self.signingRegion = signingRegion + self.endpointResolver = endpointResolver + self.telemetryProvider = telemetryProvider + self.retryStrategyOptions = retryStrategyOptions + self.clientLogMode = clientLogMode + self.endpoint = endpoint + self.idempotencyTokenGenerator = idempotencyTokenGenerator + self.httpClientEngine = httpClientEngine + self.httpClientConfiguration = httpClientConfiguration + self.authSchemes = authSchemes + self.authSchemeResolver = authSchemeResolver + self.bearerTokenIdentityResolver = bearerTokenIdentityResolver + self.interceptorProviders = interceptorProviders + self.httpInterceptorProviders = httpInterceptorProviders + self.logger = telemetryProvider.loggerProvider.getLogger(name: DirectoryServiceDataClient.clientName) + } + + public convenience init(useFIPS: Swift.Bool? = nil, useDualStack: Swift.Bool? = nil, appID: Swift.String? = nil, awsCredentialIdentityResolver: (any SmithyIdentity.AWSCredentialIdentityResolver)? = nil, awsRetryMode: AWSClientRuntime.AWSRetryMode? = nil, maxAttempts: Swift.Int? = nil, region: Swift.String? = nil, signingRegion: Swift.String? = nil, endpointResolver: EndpointResolver? = nil, telemetryProvider: ClientRuntime.TelemetryProvider? = nil, retryStrategyOptions: SmithyRetriesAPI.RetryStrategyOptions? = nil, clientLogMode: ClientRuntime.ClientLogMode? = nil, endpoint: Swift.String? = nil, idempotencyTokenGenerator: ClientRuntime.IdempotencyTokenGenerator? = nil, httpClientEngine: SmithyHTTPAPI.HTTPClient? = nil, httpClientConfiguration: ClientRuntime.HttpClientConfiguration? = nil, authSchemes: SmithyHTTPAuthAPI.AuthSchemes? = nil, authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver? = nil, bearerTokenIdentityResolver: (any SmithyIdentity.BearerTokenIdentityResolver)? = nil, interceptorProviders: [ClientRuntime.InterceptorProvider]? = nil, httpInterceptorProviders: [ClientRuntime.HttpInterceptorProvider]? = nil) throws { + self.init(useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), try awsCredentialIdentityResolver ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.awsCredentialIdentityResolver(awsCredentialIdentityResolver), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, region, signingRegion, try endpointResolver ?? DefaultEndpointResolver(), telemetryProvider ?? ClientRuntime.DefaultTelemetry.provider, try retryStrategyOptions ?? AWSClientConfigDefaultsProvider.retryStrategyOptions(awsRetryMode, maxAttempts), clientLogMode ?? AWSClientConfigDefaultsProvider.clientLogMode(), endpoint, idempotencyTokenGenerator ?? AWSClientConfigDefaultsProvider.idempotencyTokenGenerator(), httpClientEngine ?? AWSClientConfigDefaultsProvider.httpClientEngine(), httpClientConfiguration ?? AWSClientConfigDefaultsProvider.httpClientConfiguration(), authSchemes ?? [AWSSDKHTTPAuth.SigV4AuthScheme()], authSchemeResolver ?? DefaultDirectoryServiceDataAuthSchemeResolver(), bearerTokenIdentityResolver ?? SmithyIdentity.StaticBearerTokenIdentityResolver(token: SmithyIdentity.BearerTokenIdentity(token: "")), interceptorProviders ?? [], httpInterceptorProviders ?? []) + } + + public convenience init(useFIPS: Swift.Bool? = nil, useDualStack: Swift.Bool? = nil, appID: Swift.String? = nil, awsCredentialIdentityResolver: (any SmithyIdentity.AWSCredentialIdentityResolver)? = nil, awsRetryMode: AWSClientRuntime.AWSRetryMode? = nil, maxAttempts: Swift.Int? = nil, region: Swift.String? = nil, signingRegion: Swift.String? = nil, endpointResolver: EndpointResolver? = nil, telemetryProvider: ClientRuntime.TelemetryProvider? = nil, retryStrategyOptions: SmithyRetriesAPI.RetryStrategyOptions? = nil, clientLogMode: ClientRuntime.ClientLogMode? = nil, endpoint: Swift.String? = nil, idempotencyTokenGenerator: ClientRuntime.IdempotencyTokenGenerator? = nil, httpClientEngine: SmithyHTTPAPI.HTTPClient? = nil, httpClientConfiguration: ClientRuntime.HttpClientConfiguration? = nil, authSchemes: SmithyHTTPAuthAPI.AuthSchemes? = nil, authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver? = nil, bearerTokenIdentityResolver: (any SmithyIdentity.BearerTokenIdentityResolver)? = nil, interceptorProviders: [ClientRuntime.InterceptorProvider]? = nil, httpInterceptorProviders: [ClientRuntime.HttpInterceptorProvider]? = nil) async throws { + self.init(useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), try awsCredentialIdentityResolver ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.awsCredentialIdentityResolver(awsCredentialIdentityResolver), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, try await AWSClientRuntime.AWSClientConfigDefaultsProvider.region(region), try await AWSClientRuntime.AWSClientConfigDefaultsProvider.region(region), try endpointResolver ?? DefaultEndpointResolver(), telemetryProvider ?? ClientRuntime.DefaultTelemetry.provider, try retryStrategyOptions ?? AWSClientConfigDefaultsProvider.retryStrategyOptions(awsRetryMode, maxAttempts), clientLogMode ?? AWSClientConfigDefaultsProvider.clientLogMode(), endpoint, idempotencyTokenGenerator ?? AWSClientConfigDefaultsProvider.idempotencyTokenGenerator(), httpClientEngine ?? AWSClientConfigDefaultsProvider.httpClientEngine(), httpClientConfiguration ?? AWSClientConfigDefaultsProvider.httpClientConfiguration(), authSchemes ?? [AWSSDKHTTPAuth.SigV4AuthScheme()], authSchemeResolver ?? DefaultDirectoryServiceDataAuthSchemeResolver(), bearerTokenIdentityResolver ?? SmithyIdentity.StaticBearerTokenIdentityResolver(token: SmithyIdentity.BearerTokenIdentity(token: "")), interceptorProviders ?? [], httpInterceptorProviders ?? []) + } + + public convenience required init() async throws { + try await self.init(useFIPS: nil, useDualStack: nil, appID: nil, awsCredentialIdentityResolver: nil, awsRetryMode: nil, maxAttempts: nil, region: nil, signingRegion: nil, endpointResolver: nil, telemetryProvider: nil, retryStrategyOptions: nil, clientLogMode: nil, endpoint: nil, idempotencyTokenGenerator: nil, httpClientEngine: nil, httpClientConfiguration: nil, authSchemes: nil, authSchemeResolver: nil, bearerTokenIdentityResolver: nil, interceptorProviders: nil, httpInterceptorProviders: nil) + } + + public convenience init(region: String) throws { + self.init(nil, nil, try AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), try AWSClientConfigDefaultsProvider.awsCredentialIdentityResolver(), try AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), nil, region, region, try DefaultEndpointResolver(), ClientRuntime.DefaultTelemetry.provider, try AWSClientConfigDefaultsProvider.retryStrategyOptions(), AWSClientConfigDefaultsProvider.clientLogMode(), nil, AWSClientConfigDefaultsProvider.idempotencyTokenGenerator(), AWSClientConfigDefaultsProvider.httpClientEngine(), AWSClientConfigDefaultsProvider.httpClientConfiguration(), [AWSSDKHTTPAuth.SigV4AuthScheme()], DefaultDirectoryServiceDataAuthSchemeResolver(), SmithyIdentity.StaticBearerTokenIdentityResolver(token: SmithyIdentity.BearerTokenIdentity(token: "")), [], []) + } + + public var partitionID: String? { + return "\(DirectoryServiceDataClient.clientName) - \(region ?? "")" + } + public func addInterceptorProvider(_ provider: ClientRuntime.InterceptorProvider) { + self.interceptorProviders.append(provider) + } + + public func addInterceptorProvider(_ provider: ClientRuntime.HttpInterceptorProvider) { + self.httpInterceptorProviders.append(provider) + } + + } + + public static func builder() -> ClientRuntime.ClientBuilder { + return ClientRuntime.ClientBuilder(defaultPlugins: [ + ClientRuntime.DefaultClientPlugin(), + AWSClientRuntime.DefaultAWSClientPlugin(clientName: self.clientName), + DefaultAWSAuthSchemePlugin() + ]) + } +} + +extension DirectoryServiceDataClient { + /// Performs the `AddGroupMember` operation on the `DirectoryServiceData` service. + /// + /// Adds an existing user, group, or computer as a group member. + /// + /// - Parameter AddGroupMemberInput : [no documentation found] + /// + /// - Returns: `AddGroupMemberOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func addGroupMember(input: AddGroupMemberInput) async throws -> AddGroupMemberOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "addGroupMember") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(AddGroupMemberInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(AddGroupMemberInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: AddGroupMemberInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(AddGroupMemberOutput.httpOutput(from:), AddGroupMemberOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "AddGroupMember") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `CreateGroup` operation on the `DirectoryServiceData` service. + /// + /// Creates a new group. + /// + /// - Parameter CreateGroupInput : [no documentation found] + /// + /// - Returns: `CreateGroupOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func createGroup(input: CreateGroupInput) async throws -> CreateGroupOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "createGroup") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(CreateGroupInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(CreateGroupInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: CreateGroupInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(CreateGroupOutput.httpOutput(from:), CreateGroupOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "CreateGroup") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `CreateUser` operation on the `DirectoryServiceData` service. + /// + /// Creates a new user. + /// + /// - Parameter CreateUserInput : [no documentation found] + /// + /// - Returns: `CreateUserOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func createUser(input: CreateUserInput) async throws -> CreateUserOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "createUser") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(CreateUserInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(CreateUserInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: CreateUserInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(CreateUserOutput.httpOutput(from:), CreateUserOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "CreateUser") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `DeleteGroup` operation on the `DirectoryServiceData` service. + /// + /// Deletes a group. + /// + /// - Parameter DeleteGroupInput : [no documentation found] + /// + /// - Returns: `DeleteGroupOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func deleteGroup(input: DeleteGroupInput) async throws -> DeleteGroupOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "deleteGroup") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(DeleteGroupInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(DeleteGroupInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: DeleteGroupInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(DeleteGroupOutput.httpOutput(from:), DeleteGroupOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "DeleteGroup") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `DeleteUser` operation on the `DirectoryServiceData` service. + /// + /// Deletes a user. + /// + /// - Parameter DeleteUserInput : [no documentation found] + /// + /// - Returns: `DeleteUserOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func deleteUser(input: DeleteUserInput) async throws -> DeleteUserOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "deleteUser") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(DeleteUserInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(DeleteUserInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: DeleteUserInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(DeleteUserOutput.httpOutput(from:), DeleteUserOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "DeleteUser") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `DescribeGroup` operation on the `DirectoryServiceData` service. + /// + /// Returns information about a specific group. + /// + /// - Parameter DescribeGroupInput : [no documentation found] + /// + /// - Returns: `DescribeGroupOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func describeGroup(input: DescribeGroupInput) async throws -> DescribeGroupOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "describeGroup") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(DescribeGroupInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(DescribeGroupInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: DescribeGroupInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(DescribeGroupOutput.httpOutput(from:), DescribeGroupOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "DescribeGroup") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `DescribeUser` operation on the `DirectoryServiceData` service. + /// + /// Returns information about a specific user. + /// + /// - Parameter DescribeUserInput : [no documentation found] + /// + /// - Returns: `DescribeUserOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func describeUser(input: DescribeUserInput) async throws -> DescribeUserOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "describeUser") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(DescribeUserInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(DescribeUserInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: DescribeUserInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(DescribeUserOutput.httpOutput(from:), DescribeUserOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "DescribeUser") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `DisableUser` operation on the `DirectoryServiceData` service. + /// + /// Deactivates an active user account. For information about how to enable an inactive user account, see [ResetUserPassword](https://docs.aws.amazon.com/directoryservice/latest/devguide/API_ResetUserPassword.html) in the Directory Service API Reference. + /// + /// - Parameter DisableUserInput : [no documentation found] + /// + /// - Returns: `DisableUserOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func disableUser(input: DisableUserInput) async throws -> DisableUserOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "disableUser") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(DisableUserInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(DisableUserInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: DisableUserInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(DisableUserOutput.httpOutput(from:), DisableUserOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "DisableUser") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `ListGroupMembers` operation on the `DirectoryServiceData` service. + /// + /// Returns member information for the specified group. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListGroupMembers.NextToken member contains a token that you pass in the next call to ListGroupMembers. This retrieves the next set of items. You can also specify a maximum number of return results with the MaxResults parameter. + /// + /// - Parameter ListGroupMembersInput : [no documentation found] + /// + /// - Returns: `ListGroupMembersOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func listGroupMembers(input: ListGroupMembersInput) async throws -> ListGroupMembersOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "listGroupMembers") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(ListGroupMembersInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(ListGroupMembersInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: ListGroupMembersInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(ListGroupMembersOutput.httpOutput(from:), ListGroupMembersOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "ListGroupMembers") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `ListGroups` operation on the `DirectoryServiceData` service. + /// + /// Returns group information for the specified directory. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListGroups.NextToken member contains a token that you pass in the next call to ListGroups. This retrieves the next set of items. You can also specify a maximum number of return results with the MaxResults parameter. + /// + /// - Parameter ListGroupsInput : [no documentation found] + /// + /// - Returns: `ListGroupsOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func listGroups(input: ListGroupsInput) async throws -> ListGroupsOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "listGroups") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(ListGroupsInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(ListGroupsInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: ListGroupsInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(ListGroupsOutput.httpOutput(from:), ListGroupsOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "ListGroups") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `ListGroupsForMember` operation on the `DirectoryServiceData` service. + /// + /// Returns group information for the specified member. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListGroupsForMember.NextToken member contains a token that you pass in the next call to ListGroupsForMember. This retrieves the next set of items. You can also specify a maximum number of return results with the MaxResults parameter. + /// + /// - Parameter ListGroupsForMemberInput : [no documentation found] + /// + /// - Returns: `ListGroupsForMemberOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func listGroupsForMember(input: ListGroupsForMemberInput) async throws -> ListGroupsForMemberOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "listGroupsForMember") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(ListGroupsForMemberInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(ListGroupsForMemberInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: ListGroupsForMemberInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(ListGroupsForMemberOutput.httpOutput(from:), ListGroupsForMemberOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "ListGroupsForMember") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `ListUsers` operation on the `DirectoryServiceData` service. + /// + /// Returns user information for the specified directory. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListUsers.NextToken member contains a token that you pass in the next call to ListUsers. This retrieves the next set of items. You can also specify a maximum number of return results with the MaxResults parameter. + /// + /// - Parameter ListUsersInput : [no documentation found] + /// + /// - Returns: `ListUsersOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func listUsers(input: ListUsersInput) async throws -> ListUsersOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "listUsers") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(ListUsersInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(ListUsersInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: ListUsersInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(ListUsersOutput.httpOutput(from:), ListUsersOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "ListUsers") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `RemoveGroupMember` operation on the `DirectoryServiceData` service. + /// + /// Removes a member from a group. + /// + /// - Parameter RemoveGroupMemberInput : [no documentation found] + /// + /// - Returns: `RemoveGroupMemberOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func removeGroupMember(input: RemoveGroupMemberInput) async throws -> RemoveGroupMemberOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "removeGroupMember") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(RemoveGroupMemberInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(RemoveGroupMemberInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: RemoveGroupMemberInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(RemoveGroupMemberOutput.httpOutput(from:), RemoveGroupMemberOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "RemoveGroupMember") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `SearchGroups` operation on the `DirectoryServiceData` service. + /// + /// Searches the specified directory for a group. You can find groups that match the SearchString parameter with the value of their attributes included in the SearchString parameter. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the SearchGroups.NextToken member contains a token that you pass in the next call to SearchGroups. This retrieves the next set of items. You can also specify a maximum number of return results with the MaxResults parameter. + /// + /// - Parameter SearchGroupsInput : [no documentation found] + /// + /// - Returns: `SearchGroupsOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func searchGroups(input: SearchGroupsInput) async throws -> SearchGroupsOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "searchGroups") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(SearchGroupsInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(SearchGroupsInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: SearchGroupsInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(SearchGroupsOutput.httpOutput(from:), SearchGroupsOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "SearchGroups") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `SearchUsers` operation on the `DirectoryServiceData` service. + /// + /// Searches the specified directory for a user. You can find users that match the SearchString parameter with the value of their attributes included in the SearchString parameter. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the SearchUsers.NextToken member contains a token that you pass in the next call to SearchUsers. This retrieves the next set of items. You can also specify a maximum number of return results with the MaxResults parameter. + /// + /// - Parameter SearchUsersInput : [no documentation found] + /// + /// - Returns: `SearchUsersOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func searchUsers(input: SearchUsersInput) async throws -> SearchUsersOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "searchUsers") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.URLPathMiddleware(SearchUsersInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(SearchUsersInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: SearchUsersInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(SearchUsersOutput.httpOutput(from:), SearchUsersOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "SearchUsers") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `UpdateGroup` operation on the `DirectoryServiceData` service. + /// + /// Updates group information. + /// + /// - Parameter UpdateGroupInput : [no documentation found] + /// + /// - Returns: `UpdateGroupOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func updateGroup(input: UpdateGroupInput) async throws -> UpdateGroupOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "updateGroup") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(UpdateGroupInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(UpdateGroupInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: UpdateGroupInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(UpdateGroupOutput.httpOutput(from:), UpdateGroupOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "UpdateGroup") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + + /// Performs the `UpdateUser` operation on the `DirectoryServiceData` service. + /// + /// Updates user information. + /// + /// - Parameter UpdateUserInput : [no documentation found] + /// + /// - Returns: `UpdateUserOutput` : [no documentation found] + /// + /// - Throws: One of the exceptions listed below __Possible Exceptions__. + /// + /// __Possible Exceptions:__ + /// - `AccessDeniedException` : You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. + /// - `ConflictException` : This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. + /// - `DirectoryUnavailableException` : The request could not be completed due to a problem in the configuration or current state of the specified directory. + /// - `InternalServerException` : The operation didn't succeed because an internal error occurred. Try again later. + /// - `ResourceNotFoundException` : The resource couldn't be found. + /// - `ThrottlingException` : The limit on the number of requests per second has been exceeded. + /// - `ValidationException` : The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. + public func updateUser(input: UpdateUserInput) async throws -> UpdateUserOutput { + let context = Smithy.ContextBuilder() + .withMethod(value: .post) + .withServiceName(value: serviceName) + .withOperation(value: "updateUser") + .withIdempotencyTokenGenerator(value: config.idempotencyTokenGenerator) + .withLogger(value: config.logger) + .withPartitionID(value: config.partitionID) + .withAuthSchemes(value: config.authSchemes ?? []) + .withAuthSchemeResolver(value: config.authSchemeResolver) + .withUnsignedPayloadTrait(value: false) + .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout) + .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: "smithy.api#httpBearerAuth") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") + .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") + .withRegion(value: config.region) + .withSigningName(value: "ds-data") + .withSigningRegion(value: config.signingRegion) + .build() + let builder = ClientRuntime.OrchestratorBuilder() + config.interceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + config.httpInterceptorProviders.forEach { provider in + builder.interceptors.add(provider.create()) + } + builder.interceptors.add(ClientRuntime.IdempotencyTokenMiddleware(keyPath: \.clientToken)) + builder.interceptors.add(ClientRuntime.URLPathMiddleware(UpdateUserInput.urlPathProvider(_:))) + builder.interceptors.add(ClientRuntime.URLHostMiddleware()) + builder.serialize(ClientRuntime.QueryItemMiddleware(UpdateUserInput.queryItemProvider(_:))) + builder.interceptors.add(ClientRuntime.ContentTypeMiddleware(contentType: "application/json")) + builder.serialize(ClientRuntime.BodyMiddleware(rootNodeInfo: "", inputWritingClosure: UpdateUserInput.write(value:to:))) + builder.interceptors.add(ClientRuntime.ContentLengthMiddleware()) + builder.deserialize(ClientRuntime.DeserializeMiddleware(UpdateUserOutput.httpOutput(from:), UpdateUserOutputError.httpError(from:))) + builder.interceptors.add(ClientRuntime.LoggerMiddleware(clientLogMode: config.clientLogMode)) + builder.retryStrategy(SmithyRetries.DefaultRetryStrategy(options: config.retryStrategyOptions)) + builder.retryErrorInfoProvider(AWSClientRuntime.AWSRetryErrorInfoProvider.errorInfo(for:)) + builder.applySigner(ClientRuntime.SignerMiddleware()) + let endpointParams = EndpointParams(endpoint: config.endpoint, region: config.region, useDualStack: config.useDualStack ?? false, useFIPS: config.useFIPS ?? false) + builder.applyEndpoint(AWSClientRuntime.EndpointResolverMiddleware(endpointResolverBlock: { [config] in try config.endpointResolver.resolve(params: $0) }, endpointParams: endpointParams)) + builder.interceptors.add(AWSClientRuntime.UserAgentMiddleware(serviceID: serviceName, version: "1.0", config: config)) + builder.selectAuthScheme(ClientRuntime.AuthSchemeMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkInvocationIdMiddleware()) + builder.interceptors.add(AWSClientRuntime.AmzSdkRequestMiddleware(maxRetries: config.retryStrategyOptions.maxRetriesBase)) + var metricsAttributes = Smithy.Attributes() + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.service, value: "DirectoryServiceData") + metricsAttributes.set(key: ClientRuntime.OrchestratorMetricsAttributesKeys.method, value: "UpdateUser") + let op = builder.attributes(context) + .telemetry(ClientRuntime.OrchestratorTelemetry( + telemetryProvider: config.telemetryProvider, + metricsAttributes: metricsAttributes, + meterScope: serviceName, + tracerScope: serviceName + )) + .executeRequest(client) + .build() + return try await op.execute(input: input) + } + +} diff --git a/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Endpoints.swift b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Endpoints.swift new file mode 100644 index 00000000000..9e99d226abe --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Endpoints.swift @@ -0,0 +1,73 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by smithy-swift-codegen. DO NOT EDIT! + +import class ClientRuntime.EndpointsRequestContext +import let AWSClientRuntime.awsPartitionJSON +import protocol ClientRuntime.EndpointsRequestContextProviding +import struct ClientRuntime.DefaultEndpointResolver +import struct ClientRuntime.StaticEndpointResolver +import struct SmithyHTTPAPI.Endpoint + +public struct EndpointParams { + /// Override the endpoint used to send this request + public let endpoint: Swift.String? + /// The AWS region used to dispatch the request. + public let region: Swift.String? + /// When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error. + public let useDualStack: Swift.Bool + /// When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error. + public let useFIPS: Swift.Bool + + public init( + endpoint: Swift.String? = nil, + region: Swift.String? = nil, + useDualStack: Swift.Bool = false, + useFIPS: Swift.Bool = false + ) + { + self.endpoint = endpoint + self.region = region + self.useDualStack = useDualStack + self.useFIPS = useFIPS + } +} + +extension EndpointParams: ClientRuntime.EndpointsRequestContextProviding { + + public var context: ClientRuntime.EndpointsRequestContext { + get throws { + let context = try ClientRuntime.EndpointsRequestContext() + try context.add(name: "Endpoint", value: self.endpoint) + try context.add(name: "Region", value: self.region) + try context.add(name: "UseDualStack", value: self.useDualStack) + try context.add(name: "UseFIPS", value: self.useFIPS) + return context + } + } +} + +public protocol EndpointResolver { + func resolve(params: EndpointParams) throws -> SmithyHTTPAPI.Endpoint +} + +typealias DefaultEndpointResolver = ClientRuntime.DefaultEndpointResolver + +extension DefaultEndpointResolver { + private static let ruleSet = "{\"version\":\"1.0\",\"parameters\":{\"Region\":{\"builtIn\":\"AWS::Region\",\"required\":false,\"documentation\":\"The AWS region used to dispatch the request.\",\"type\":\"String\"},\"UseDualStack\":{\"builtIn\":\"AWS::UseDualStack\",\"required\":true,\"default\":false,\"documentation\":\"When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.\",\"type\":\"Boolean\"},\"UseFIPS\":{\"builtIn\":\"AWS::UseFIPS\",\"required\":true,\"default\":false,\"documentation\":\"When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.\",\"type\":\"Boolean\"},\"Endpoint\":{\"builtIn\":\"SDK::Endpoint\",\"required\":false,\"documentation\":\"Override the endpoint used to send this request\",\"type\":\"String\"}},\"rules\":[{\"conditions\":[{\"fn\":\"isSet\",\"argv\":[{\"ref\":\"Endpoint\"}]}],\"rules\":[{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[{\"ref\":\"UseFIPS\"},true]}],\"error\":\"Invalid Configuration: FIPS and custom endpoint are not supported\",\"type\":\"error\"},{\"conditions\":[],\"rules\":[{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[{\"ref\":\"UseDualStack\"},true]}],\"error\":\"Invalid Configuration: Dualstack and custom endpoint are not supported\",\"type\":\"error\"},{\"conditions\":[],\"endpoint\":{\"url\":{\"ref\":\"Endpoint\"},\"properties\":{},\"headers\":{}},\"type\":\"endpoint\"}],\"type\":\"tree\"}],\"type\":\"tree\"},{\"conditions\":[],\"rules\":[{\"conditions\":[{\"fn\":\"isSet\",\"argv\":[{\"ref\":\"Region\"}]}],\"rules\":[{\"conditions\":[{\"fn\":\"aws.partition\",\"argv\":[{\"ref\":\"Region\"}],\"assign\":\"PartitionResult\"}],\"rules\":[{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[{\"ref\":\"UseFIPS\"},true]},{\"fn\":\"booleanEquals\",\"argv\":[{\"ref\":\"UseDualStack\"},true]}],\"rules\":[{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[true,{\"fn\":\"getAttr\",\"argv\":[{\"ref\":\"PartitionResult\"},\"supportsFIPS\"]}]},{\"fn\":\"booleanEquals\",\"argv\":[true,{\"fn\":\"getAttr\",\"argv\":[{\"ref\":\"PartitionResult\"},\"supportsDualStack\"]}]}],\"rules\":[{\"conditions\":[],\"rules\":[{\"conditions\":[],\"endpoint\":{\"url\":\"https://ds-data-fips.{Region}.{PartitionResult#dualStackDnsSuffix}\",\"properties\":{},\"headers\":{}},\"type\":\"endpoint\"}],\"type\":\"tree\"}],\"type\":\"tree\"},{\"conditions\":[],\"error\":\"FIPS and DualStack are enabled, but this partition does not support one or both\",\"type\":\"error\"}],\"type\":\"tree\"},{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[{\"ref\":\"UseFIPS\"},true]}],\"rules\":[{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[{\"fn\":\"getAttr\",\"argv\":[{\"ref\":\"PartitionResult\"},\"supportsFIPS\"]},true]}],\"rules\":[{\"conditions\":[],\"rules\":[{\"conditions\":[],\"endpoint\":{\"url\":\"https://ds-data-fips.{Region}.{PartitionResult#dnsSuffix}\",\"properties\":{},\"headers\":{}},\"type\":\"endpoint\"}],\"type\":\"tree\"}],\"type\":\"tree\"},{\"conditions\":[],\"error\":\"FIPS is enabled but this partition does not support FIPS\",\"type\":\"error\"}],\"type\":\"tree\"},{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[{\"ref\":\"UseDualStack\"},true]}],\"rules\":[{\"conditions\":[{\"fn\":\"booleanEquals\",\"argv\":[true,{\"fn\":\"getAttr\",\"argv\":[{\"ref\":\"PartitionResult\"},\"supportsDualStack\"]}]}],\"rules\":[{\"conditions\":[],\"rules\":[{\"conditions\":[],\"endpoint\":{\"url\":\"https://ds-data.{Region}.{PartitionResult#dualStackDnsSuffix}\",\"properties\":{},\"headers\":{}},\"type\":\"endpoint\"}],\"type\":\"tree\"}],\"type\":\"tree\"},{\"conditions\":[],\"error\":\"DualStack is enabled but this partition does not support DualStack\",\"type\":\"error\"}],\"type\":\"tree\"},{\"conditions\":[],\"rules\":[{\"conditions\":[],\"endpoint\":{\"url\":\"https://ds-data.{Region}.{PartitionResult#dnsSuffix}\",\"properties\":{},\"headers\":{}},\"type\":\"endpoint\"}],\"type\":\"tree\"}],\"type\":\"tree\"}],\"type\":\"tree\"},{\"conditions\":[],\"error\":\"Invalid Configuration: Missing Region\",\"type\":\"error\"}],\"type\":\"tree\"}]}" + + init() throws { + try self.init(partitions: AWSClientRuntime.awsPartitionJSON, ruleSet: Self.ruleSet) + } +} + +extension DefaultEndpointResolver: EndpointResolver {} + +typealias StaticEndpointResolver = ClientRuntime.StaticEndpointResolver + +extension StaticEndpointResolver: EndpointResolver {} diff --git a/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Models.swift b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Models.swift new file mode 100644 index 00000000000..353bd778ef5 --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Models.swift @@ -0,0 +1,2897 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by smithy-swift-codegen. DO NOT EDIT! + +@_spi(SmithyReadWrite) import ClientRuntime +import class SmithyHTTPAPI.HTTPResponse +@_spi(SmithyReadWrite) import class SmithyJSON.Reader +@_spi(SmithyReadWrite) import class SmithyJSON.Writer +import enum ClientRuntime.ErrorFault +import enum Smithy.ClientError +import enum SmithyReadWrite.ReaderError +@_spi(SmithyReadWrite) import enum SmithyReadWrite.ReadingClosures +@_spi(SmithyReadWrite) import enum SmithyReadWrite.WritingClosures +import protocol AWSClientRuntime.AWSServiceError +import protocol ClientRuntime.HTTPError +import protocol ClientRuntime.ModeledError +@_spi(SmithyReadWrite) import protocol SmithyReadWrite.SmithyReader +@_spi(SmithyReadWrite) import protocol SmithyReadWrite.SmithyWriter +@_spi(SmithyReadWrite) import struct AWSClientRuntime.RestJSONError +@_spi(UnknownAWSHTTPServiceError) import struct AWSClientRuntime.UnknownAWSHTTPServiceError +import struct Smithy.URIQueryItem + +extension DirectoryServiceDataClientTypes { + + public enum AccessDeniedReason: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case dataDisabled + case directoryAuth + case iamAuth + case sdkUnknown(Swift.String) + + public static var allCases: [AccessDeniedReason] { + return [ + .dataDisabled, + .directoryAuth, + .iamAuth + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .dataDisabled: return "DATA_DISABLED" + case .directoryAuth: return "DIRECTORY_AUTH" + case .iamAuth: return "IAM_AUTH" + case let .sdkUnknown(s): return s + } + } + } +} + +/// You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId doesn't exist or the user, member, or group might be outside of your organizational unit (OU). Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU. +public struct AccessDeniedException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { + + public struct Properties { + public internal(set) var message: Swift.String? = nil + /// Reason the request was unauthorized. + public internal(set) var reason: DirectoryServiceDataClientTypes.AccessDeniedReason? = nil + } + + public internal(set) var properties = Properties() + public static var typeName: Swift.String { "AccessDeniedException" } + public static var fault: ClientRuntime.ErrorFault { .client } + public static var isRetryable: Swift.Bool { false } + public static var isThrottling: Swift.Bool { false } + public internal(set) var httpResponse = SmithyHTTPAPI.HTTPResponse() + public internal(set) var message: Swift.String? + public internal(set) var requestID: Swift.String? + + public init( + message: Swift.String? = nil, + reason: DirectoryServiceDataClientTypes.AccessDeniedReason? = nil + ) + { + self.properties.message = message + self.properties.reason = reason + } +} + +/// This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in. This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request. +public struct ConflictException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { + + public struct Properties { + public internal(set) var message: Swift.String? = nil + } + + public internal(set) var properties = Properties() + public static var typeName: Swift.String { "ConflictException" } + public static var fault: ClientRuntime.ErrorFault { .client } + public static var isRetryable: Swift.Bool { false } + public static var isThrottling: Swift.Bool { false } + public internal(set) var httpResponse = SmithyHTTPAPI.HTTPResponse() + public internal(set) var message: Swift.String? + public internal(set) var requestID: Swift.String? + + public init( + message: Swift.String? = nil + ) + { + self.properties.message = message + } +} + +extension DirectoryServiceDataClientTypes { + + public enum DirectoryUnavailableReason: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case directoryResourcesExceeded + case directoryTimeout + case invalidDirectoryState + case noDiskSpace + case trustAuthFailure + case sdkUnknown(Swift.String) + + public static var allCases: [DirectoryUnavailableReason] { + return [ + .directoryResourcesExceeded, + .directoryTimeout, + .invalidDirectoryState, + .noDiskSpace, + .trustAuthFailure + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .directoryResourcesExceeded: return "DIRECTORY_RESOURCES_EXCEEDED" + case .directoryTimeout: return "DIRECTORY_TIMEOUT" + case .invalidDirectoryState: return "INVALID_DIRECTORY_STATE" + case .noDiskSpace: return "NO_DISK_SPACE" + case .trustAuthFailure: return "TRUST_AUTH_FAILURE" + case let .sdkUnknown(s): return s + } + } + } +} + +/// The request could not be completed due to a problem in the configuration or current state of the specified directory. +public struct DirectoryUnavailableException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { + + public struct Properties { + public internal(set) var message: Swift.String? = nil + /// Reason the request failed for the specified directory. + public internal(set) var reason: DirectoryServiceDataClientTypes.DirectoryUnavailableReason? = nil + } + + public internal(set) var properties = Properties() + public static var typeName: Swift.String { "DirectoryUnavailableException" } + public static var fault: ClientRuntime.ErrorFault { .client } + public static var isRetryable: Swift.Bool { true } + public static var isThrottling: Swift.Bool { false } + public internal(set) var httpResponse = SmithyHTTPAPI.HTTPResponse() + public internal(set) var message: Swift.String? + public internal(set) var requestID: Swift.String? + + public init( + message: Swift.String? = nil, + reason: DirectoryServiceDataClientTypes.DirectoryUnavailableReason? = nil + ) + { + self.properties.message = message + self.properties.reason = reason + } +} + +/// The operation didn't succeed because an internal error occurred. Try again later. +public struct InternalServerException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { + + public struct Properties { + public internal(set) var message: Swift.String? = nil + } + + public internal(set) var properties = Properties() + public static var typeName: Swift.String { "InternalServerException" } + public static var fault: ClientRuntime.ErrorFault { .server } + public static var isRetryable: Swift.Bool { true } + public static var isThrottling: Swift.Bool { false } + public internal(set) var httpResponse = SmithyHTTPAPI.HTTPResponse() + public internal(set) var message: Swift.String? + public internal(set) var requestID: Swift.String? + + public init( + message: Swift.String? = nil + ) + { + self.properties.message = message + } +} + +/// The resource couldn't be found. +public struct ResourceNotFoundException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { + + public struct Properties { + public internal(set) var message: Swift.String? = nil + } + + public internal(set) var properties = Properties() + public static var typeName: Swift.String { "ResourceNotFoundException" } + public static var fault: ClientRuntime.ErrorFault { .client } + public static var isRetryable: Swift.Bool { false } + public static var isThrottling: Swift.Bool { false } + public internal(set) var httpResponse = SmithyHTTPAPI.HTTPResponse() + public internal(set) var message: Swift.String? + public internal(set) var requestID: Swift.String? + + public init( + message: Swift.String? = nil + ) + { + self.properties.message = message + } +} + +/// The limit on the number of requests per second has been exceeded. +public struct ThrottlingException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { + + public struct Properties { + /// This member is required. + public internal(set) var message: Swift.String? = nil + /// The recommended amount of seconds to retry after a throttling exception. + public internal(set) var retryAfterSeconds: Swift.Int? = nil + } + + public internal(set) var properties = Properties() + public static var typeName: Swift.String { "ThrottlingException" } + public static var fault: ClientRuntime.ErrorFault { .client } + public static var isRetryable: Swift.Bool { true } + public static var isThrottling: Swift.Bool { true } + public internal(set) var httpResponse = SmithyHTTPAPI.HTTPResponse() + public internal(set) var message: Swift.String? + public internal(set) var requestID: Swift.String? + + public init( + message: Swift.String? = nil, + retryAfterSeconds: Swift.Int? = nil + ) + { + self.properties.message = message + self.properties.retryAfterSeconds = retryAfterSeconds + } +} + +extension DirectoryServiceDataClientTypes { + + public enum ValidationExceptionReason: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case attributeExists + case duplicateAttribute + case invalidAttributeForGroup + case invalidAttributeForModify + case invalidAttributeForSearch + case invalidAttributeForUser + case invalidAttributeName + case invalidAttributeValue + case invalidDirectoryType + case invalidNextToken + case invalidRealm + case invalidSecondaryRegion + case ldapSizeLimitExceeded + case ldapUnsupportedOperation + case missingAttribute + case sdkUnknown(Swift.String) + + public static var allCases: [ValidationExceptionReason] { + return [ + .attributeExists, + .duplicateAttribute, + .invalidAttributeForGroup, + .invalidAttributeForModify, + .invalidAttributeForSearch, + .invalidAttributeForUser, + .invalidAttributeName, + .invalidAttributeValue, + .invalidDirectoryType, + .invalidNextToken, + .invalidRealm, + .invalidSecondaryRegion, + .ldapSizeLimitExceeded, + .ldapUnsupportedOperation, + .missingAttribute + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .attributeExists: return "ATTRIBUTE_EXISTS" + case .duplicateAttribute: return "DUPLICATE_ATTRIBUTE" + case .invalidAttributeForGroup: return "INVALID_ATTRIBUTE_FOR_GROUP" + case .invalidAttributeForModify: return "INVALID_ATTRIBUTE_FOR_MODIFY" + case .invalidAttributeForSearch: return "INVALID_ATTRIBUTE_FOR_SEARCH" + case .invalidAttributeForUser: return "INVALID_ATTRIBUTE_FOR_USER" + case .invalidAttributeName: return "INVALID_ATTRIBUTE_NAME" + case .invalidAttributeValue: return "INVALID_ATTRIBUTE_VALUE" + case .invalidDirectoryType: return "INVALID_DIRECTORY_TYPE" + case .invalidNextToken: return "INVALID_NEXT_TOKEN" + case .invalidRealm: return "INVALID_REALM" + case .invalidSecondaryRegion: return "INVALID_SECONDARY_REGION" + case .ldapSizeLimitExceeded: return "LDAP_SIZE_LIMIT_EXCEEDED" + case .ldapUnsupportedOperation: return "LDAP_UNSUPPORTED_OPERATION" + case .missingAttribute: return "MISSING_ATTRIBUTE" + case let .sdkUnknown(s): return s + } + } + } +} + +/// The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request. +public struct ValidationException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error { + + public struct Properties { + public internal(set) var message: Swift.String? = nil + /// Reason the request failed validation. + public internal(set) var reason: DirectoryServiceDataClientTypes.ValidationExceptionReason? = nil + } + + public internal(set) var properties = Properties() + public static var typeName: Swift.String { "ValidationException" } + public static var fault: ClientRuntime.ErrorFault { .client } + public static var isRetryable: Swift.Bool { false } + public static var isThrottling: Swift.Bool { false } + public internal(set) var httpResponse = SmithyHTTPAPI.HTTPResponse() + public internal(set) var message: Swift.String? + public internal(set) var requestID: Swift.String? + + public init( + message: Swift.String? = nil, + reason: DirectoryServiceDataClientTypes.ValidationExceptionReason? = nil + ) + { + self.properties.message = message + self.properties.reason = reason + } +} + +public struct AddGroupMemberInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// The name of the group. + /// This member is required. + public var groupName: Swift.String? + /// The SAMAccountName of the user, group, or computer to add as a group member. + /// This member is required. + public var memberName: Swift.String? + /// The domain name that's associated with the group member. This parameter is required only when adding a member outside of your Managed Microsoft AD domain to a group inside of your Managed Microsoft AD domain. This parameter defaults to the Managed Microsoft AD domain. This parameter is case insensitive. + public var memberRealm: Swift.String? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + groupName: Swift.String? = nil, + memberName: Swift.String? = nil, + memberRealm: Swift.String? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.groupName = groupName + self.memberName = memberName + self.memberRealm = memberRealm + } +} + +public struct AddGroupMemberOutput { + + public init() { } +} + +extension DirectoryServiceDataClientTypes { + /// The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html). + public enum AttributeValue { + /// Indicates that the attribute type value is a string. For example: "S": "S Group" + case s(Swift.String) + /// Indicates that the attribute type value is a number. For example: "N": "16" + case n(Swift.Int) + /// Indicates that the attribute type value is a boolean. For example: "BOOL": true + case bool(Swift.Bool) + /// Indicates that the attribute type value is a string set. For example: "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"] + case ss([Swift.String]) + case sdkUnknown(Swift.String) + } + +} + +extension DirectoryServiceDataClientTypes { + + public enum GroupScope: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case builtinLocal + case domainLocal + case global + case universal + case sdkUnknown(Swift.String) + + public static var allCases: [GroupScope] { + return [ + .builtinLocal, + .domainLocal, + .global, + .universal + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .builtinLocal: return "BuiltinLocal" + case .domainLocal: return "DomainLocal" + case .global: return "Global" + case .universal: return "Universal" + case let .sdkUnknown(s): return s + } + } + } +} + +extension DirectoryServiceDataClientTypes { + + public enum GroupType: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case distribution + case security + case sdkUnknown(Swift.String) + + public static var allCases: [GroupType] { + return [ + .distribution, + .security + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .distribution: return "Distribution" + case .security: return "Security" + case let .sdkUnknown(s): return s + } + } + } +} + +public struct CreateGroupInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// The scope of the AD group. For details, see [Active Directory security group scope](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#group-scope). + public var groupScope: DirectoryServiceDataClientTypes.GroupScope? + /// The AD group type. For details, see [Active Directory security group type](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#how-active-directory-security-groups-work). + public var groupType: DirectoryServiceDataClientTypes.GroupType? + /// An expression that defines one or more attributes with the data type and value of each attribute. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The name of the group. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + groupScope: DirectoryServiceDataClientTypes.GroupScope? = nil, + groupType: DirectoryServiceDataClientTypes.GroupType? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + samAccountName: Swift.String? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.groupScope = groupScope + self.groupType = groupType + self.otherAttributes = otherAttributes + self.samAccountName = samAccountName + } +} + +public struct CreateGroupOutput { + /// The identifier (ID) of the directory that's associated with the group. + public var directoryId: Swift.String? + /// The name of the group. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the group. + public var sid: Swift.String? + + public init( + directoryId: Swift.String? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.samAccountName = samAccountName + self.sid = sid + } +} + +public struct CreateUserInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that’s associated with the user. + /// This member is required. + public var directoryId: Swift.String? + /// The email address of the user. + public var emailAddress: Swift.String? + /// The first name of the user. + public var givenName: Swift.String? + /// An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html). Attribute names are case insensitive. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The name of the user. + /// This member is required. + public var samAccountName: Swift.String? + /// The last name of the user. + public var surname: Swift.String? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + emailAddress: Swift.String? = nil, + givenName: Swift.String? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + samAccountName: Swift.String? = nil, + surname: Swift.String? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.emailAddress = emailAddress + self.givenName = givenName + self.otherAttributes = otherAttributes + self.samAccountName = samAccountName + self.surname = surname + } +} + +extension CreateUserInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "CreateUserInput(clientToken: \(Swift.String(describing: clientToken)), directoryId: \(Swift.String(describing: directoryId)), otherAttributes: \(Swift.String(describing: otherAttributes)), samAccountName: \(Swift.String(describing: samAccountName)), emailAddress: \"CONTENT_REDACTED\", givenName: \"CONTENT_REDACTED\", surname: \"CONTENT_REDACTED\")"} +} + +public struct CreateUserOutput { + /// The identifier (ID) of the directory where the address block is added. + public var directoryId: Swift.String? + /// The name of the user. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the user. + public var sid: Swift.String? + + public init( + directoryId: Swift.String? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.samAccountName = samAccountName + self.sid = sid + } +} + +public struct DeleteGroupInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// The name of the group. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + samAccountName: Swift.String? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.samAccountName = samAccountName + } +} + +public struct DeleteGroupOutput { + + public init() { } +} + +public struct DeleteUserInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the user. + /// This member is required. + public var directoryId: Swift.String? + /// The name of the user. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + samAccountName: Swift.String? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.samAccountName = samAccountName + } +} + +public struct DeleteUserOutput { + + public init() { } +} + +public struct DescribeGroupInput { + /// The Identifier (ID) of the directory associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// One or more attributes to be returned for the group. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data-attributes.html). + public var otherAttributes: [Swift.String]? + /// The domain name that's associated with the group. This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned. This value is case insensitive. + public var realm: Swift.String? + /// The name of the group. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + directoryId: Swift.String? = nil, + otherAttributes: [Swift.String]? = nil, + realm: Swift.String? = nil, + samAccountName: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.otherAttributes = otherAttributes + self.realm = realm + self.samAccountName = samAccountName + } +} + +public struct DescribeGroupOutput { + /// The identifier (ID) of the directory that's associated with the group. + public var directoryId: Swift.String? + /// The [distinguished name](https://learn.microsoft.com/en-us/windows/win32/ad/object-names-and-identities#distinguished-name) of the object. + public var distinguishedName: Swift.String? + /// The scope of the AD group. For details, see [Active Directory security groups](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#group-scope). + public var groupScope: DirectoryServiceDataClientTypes.GroupScope? + /// The AD group type. For details, see [Active Directory security group type](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#how-active-directory-security-groups-work). + public var groupType: DirectoryServiceDataClientTypes.GroupType? + /// The attribute values that are returned for the attribute names that are included in the request. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The domain name that's associated with the group. + public var realm: Swift.String? + /// The name of the group. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the group. + public var sid: Swift.String? + + public init( + directoryId: Swift.String? = nil, + distinguishedName: Swift.String? = nil, + groupScope: DirectoryServiceDataClientTypes.GroupScope? = nil, + groupType: DirectoryServiceDataClientTypes.GroupType? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + realm: Swift.String? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.distinguishedName = distinguishedName + self.groupScope = groupScope + self.groupType = groupType + self.otherAttributes = otherAttributes + self.realm = realm + self.samAccountName = samAccountName + self.sid = sid + } +} + +extension DescribeGroupOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "DescribeGroupOutput(directoryId: \(Swift.String(describing: directoryId)), groupScope: \(Swift.String(describing: groupScope)), groupType: \(Swift.String(describing: groupType)), otherAttributes: \(Swift.String(describing: otherAttributes)), realm: \(Swift.String(describing: realm)), samAccountName: \(Swift.String(describing: samAccountName)), sid: \(Swift.String(describing: sid)), distinguishedName: \"CONTENT_REDACTED\")"} +} + +public struct DescribeUserInput { + /// The identifier (ID) of the directory that's associated with the user. + /// This member is required. + public var directoryId: Swift.String? + /// One or more attribute names to be returned for the user. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html). + public var otherAttributes: [Swift.String]? + /// The domain name that's associated with the user. This parameter is optional, so you can return users outside your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned. This value is case insensitive. + public var realm: Swift.String? + /// The name of the user. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + directoryId: Swift.String? = nil, + otherAttributes: [Swift.String]? = nil, + realm: Swift.String? = nil, + samAccountName: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.otherAttributes = otherAttributes + self.realm = realm + self.samAccountName = samAccountName + } +} + +public struct DescribeUserOutput { + /// The identifier (ID) of the directory that's associated with the user. + public var directoryId: Swift.String? + /// The [distinguished name](https://learn.microsoft.com/en-us/windows/win32/ad/object-names-and-identities#distinguished-name) of the object. + public var distinguishedName: Swift.String? + /// The email address of the user. + public var emailAddress: Swift.String? + /// Indicates whether the user account is active. + public var enabled: Swift.Bool? + /// The first name of the user. + public var givenName: Swift.String? + /// The attribute values that are returned for the attribute names that are included in the request. Attribute names are case insensitive. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The domain name that's associated with the user. + public var realm: Swift.String? + /// The name of the user. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the user. + public var sid: Swift.String? + /// The last name of the user. + public var surname: Swift.String? + /// The UPN that is an Internet-style login name for a user and is based on the Internet standard [RFC 822](https://www.ietf.org/rfc/rfc0822.txt). The UPN is shorter than the distinguished name and easier to remember. + public var userPrincipalName: Swift.String? + + public init( + directoryId: Swift.String? = nil, + distinguishedName: Swift.String? = nil, + emailAddress: Swift.String? = nil, + enabled: Swift.Bool? = nil, + givenName: Swift.String? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + realm: Swift.String? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil, + surname: Swift.String? = nil, + userPrincipalName: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.distinguishedName = distinguishedName + self.emailAddress = emailAddress + self.enabled = enabled + self.givenName = givenName + self.otherAttributes = otherAttributes + self.realm = realm + self.samAccountName = samAccountName + self.sid = sid + self.surname = surname + self.userPrincipalName = userPrincipalName + } +} + +extension DescribeUserOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "DescribeUserOutput(directoryId: \(Swift.String(describing: directoryId)), enabled: \(Swift.String(describing: enabled)), otherAttributes: \(Swift.String(describing: otherAttributes)), realm: \(Swift.String(describing: realm)), samAccountName: \(Swift.String(describing: samAccountName)), sid: \(Swift.String(describing: sid)), distinguishedName: \"CONTENT_REDACTED\", emailAddress: \"CONTENT_REDACTED\", givenName: \"CONTENT_REDACTED\", surname: \"CONTENT_REDACTED\", userPrincipalName: \"CONTENT_REDACTED\")"} +} + +public struct DisableUserInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the user. + /// This member is required. + public var directoryId: Swift.String? + /// The name of the user. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + samAccountName: Swift.String? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.samAccountName = samAccountName + } +} + +public struct DisableUserOutput { + + public init() { } +} + +public struct ListGroupMembersInput { + /// The identifier (ID) of the directory that's associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// The maximum number of results to be returned per request. + public var maxResults: Swift.Int? + /// The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain. This parameter is optional and case insensitive. + public var memberRealm: Swift.String? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name that's associated with the group. This parameter is optional, so you can return members from a group outside of your Managed Microsoft AD domain. When no value is defined, only members of your Managed Microsoft AD groups are returned. This value is case insensitive. + public var realm: Swift.String? + /// The name of the group. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + directoryId: Swift.String? = nil, + maxResults: Swift.Int? = nil, + memberRealm: Swift.String? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil, + samAccountName: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.maxResults = maxResults + self.memberRealm = memberRealm + self.nextToken = nextToken + self.realm = realm + self.samAccountName = samAccountName + } +} + +extension ListGroupMembersInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListGroupMembersInput(directoryId: \(Swift.String(describing: directoryId)), maxResults: \(Swift.String(describing: maxResults)), memberRealm: \(Swift.String(describing: memberRealm)), realm: \(Swift.String(describing: realm)), samAccountName: \(Swift.String(describing: samAccountName)), nextToken: \"CONTENT_REDACTED\")"} +} + +extension DirectoryServiceDataClientTypes { + + public enum MemberType: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case computer + case group + case user + case sdkUnknown(Swift.String) + + public static var allCases: [MemberType] { + return [ + .computer, + .group, + .user + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .computer: return "COMPUTER" + case .group: return "GROUP" + case .user: return "USER" + case let .sdkUnknown(s): return s + } + } + } +} + +extension DirectoryServiceDataClientTypes { + /// A member object that contains identifying information for a specified member. + public struct Member { + /// The AD type of the member object. + /// This member is required. + public var memberType: DirectoryServiceDataClientTypes.MemberType? + /// The name of the group member. + /// This member is required. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the group member. + /// This member is required. + public var sid: Swift.String? + + public init( + memberType: DirectoryServiceDataClientTypes.MemberType? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil + ) + { + self.memberType = memberType + self.samAccountName = samAccountName + self.sid = sid + } + } + +} + +public struct ListGroupMembersOutput { + /// Identifier (ID) of the directory associated with the group. + public var directoryId: Swift.String? + /// The domain name that's associated with the member. + public var memberRealm: Swift.String? + /// The member information that the request returns. + public var members: [DirectoryServiceDataClientTypes.Member]? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name that's associated with the group. + public var realm: Swift.String? + + public init( + directoryId: Swift.String? = nil, + memberRealm: Swift.String? = nil, + members: [DirectoryServiceDataClientTypes.Member]? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.memberRealm = memberRealm + self.members = members + self.nextToken = nextToken + self.realm = realm + } +} + +extension ListGroupMembersOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListGroupMembersOutput(directoryId: \(Swift.String(describing: directoryId)), memberRealm: \(Swift.String(describing: memberRealm)), members: \(Swift.String(describing: members)), realm: \(Swift.String(describing: realm)), nextToken: \"CONTENT_REDACTED\")"} +} + +public struct ListGroupsInput { + /// The identifier (ID) of the directory that's associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// The maximum number of results to be returned per request. + public var maxResults: Swift.Int? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name associated with the directory. This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned. This value is case insensitive. + public var realm: Swift.String? + + public init( + directoryId: Swift.String? = nil, + maxResults: Swift.Int? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.maxResults = maxResults + self.nextToken = nextToken + self.realm = realm + } +} + +extension ListGroupsInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListGroupsInput(directoryId: \(Swift.String(describing: directoryId)), maxResults: \(Swift.String(describing: maxResults)), realm: \(Swift.String(describing: realm)), nextToken: \"CONTENT_REDACTED\")"} +} + +extension DirectoryServiceDataClientTypes { + /// A structure containing a subset of fields of a group object from a directory. + public struct GroupSummary { + /// The scope of the AD group. For details, see [Active Directory security groups](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#group-scope). + /// This member is required. + public var groupScope: DirectoryServiceDataClientTypes.GroupScope? + /// The AD group type. For details, see [Active Directory security group type](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#how-active-directory-security-groups-work). + /// This member is required. + public var groupType: DirectoryServiceDataClientTypes.GroupType? + /// The name of the group. + /// This member is required. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the group. + /// This member is required. + public var sid: Swift.String? + + public init( + groupScope: DirectoryServiceDataClientTypes.GroupScope? = nil, + groupType: DirectoryServiceDataClientTypes.GroupType? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil + ) + { + self.groupScope = groupScope + self.groupType = groupType + self.samAccountName = samAccountName + self.sid = sid + } + } + +} + +public struct ListGroupsOutput { + /// The identifier (ID) of the directory that's associated with the group. + public var directoryId: Swift.String? + /// The group information that the request returns. + public var groups: [DirectoryServiceDataClientTypes.GroupSummary]? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name associated with the group. + public var realm: Swift.String? + + public init( + directoryId: Swift.String? = nil, + groups: [DirectoryServiceDataClientTypes.GroupSummary]? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.groups = groups + self.nextToken = nextToken + self.realm = realm + } +} + +extension ListGroupsOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListGroupsOutput(directoryId: \(Swift.String(describing: directoryId)), groups: \(Swift.String(describing: groups)), realm: \(Swift.String(describing: realm)), nextToken: \"CONTENT_REDACTED\")"} +} + +public struct ListGroupsForMemberInput { + /// The identifier (ID) of the directory that's associated with the member. + /// This member is required. + public var directoryId: Swift.String? + /// The maximum number of results to be returned per request. + public var maxResults: Swift.Int? + /// The domain name that's associated with the group member. This parameter is optional, so you can limit your results to the group members in a specific domain. This parameter is case insensitive and defaults to Realm + public var memberRealm: Swift.String? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name that's associated with the group. This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned. This value is case insensitive and defaults to your Managed Microsoft AD domain. + public var realm: Swift.String? + /// The SAMAccountName of the user, group, or computer that's a member of the group. + /// This member is required. + public var samAccountName: Swift.String? + + public init( + directoryId: Swift.String? = nil, + maxResults: Swift.Int? = nil, + memberRealm: Swift.String? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil, + samAccountName: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.maxResults = maxResults + self.memberRealm = memberRealm + self.nextToken = nextToken + self.realm = realm + self.samAccountName = samAccountName + } +} + +extension ListGroupsForMemberInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListGroupsForMemberInput(directoryId: \(Swift.String(describing: directoryId)), maxResults: \(Swift.String(describing: maxResults)), memberRealm: \(Swift.String(describing: memberRealm)), realm: \(Swift.String(describing: realm)), samAccountName: \(Swift.String(describing: samAccountName)), nextToken: \"CONTENT_REDACTED\")"} +} + +public struct ListGroupsForMemberOutput { + /// The identifier (ID) of the directory that's associated with the member. + public var directoryId: Swift.String? + /// The group information that the request returns. + public var groups: [DirectoryServiceDataClientTypes.GroupSummary]? + /// The domain that's associated with the member. + public var memberRealm: Swift.String? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain that's associated with the group. + public var realm: Swift.String? + + public init( + directoryId: Swift.String? = nil, + groups: [DirectoryServiceDataClientTypes.GroupSummary]? = nil, + memberRealm: Swift.String? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.groups = groups + self.memberRealm = memberRealm + self.nextToken = nextToken + self.realm = realm + } +} + +extension ListGroupsForMemberOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListGroupsForMemberOutput(directoryId: \(Swift.String(describing: directoryId)), groups: \(Swift.String(describing: groups)), memberRealm: \(Swift.String(describing: memberRealm)), realm: \(Swift.String(describing: realm)), nextToken: \"CONTENT_REDACTED\")"} +} + +public struct ListUsersInput { + /// The identifier (ID) of the directory that's associated with the user. + /// This member is required. + public var directoryId: Swift.String? + /// The maximum number of results to be returned per request. + public var maxResults: Swift.Int? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name that's associated with the user. This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned. This value is case insensitive. + public var realm: Swift.String? + + public init( + directoryId: Swift.String? = nil, + maxResults: Swift.Int? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.maxResults = maxResults + self.nextToken = nextToken + self.realm = realm + } +} + +extension ListUsersInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListUsersInput(directoryId: \(Swift.String(describing: directoryId)), maxResults: \(Swift.String(describing: maxResults)), realm: \(Swift.String(describing: realm)), nextToken: \"CONTENT_REDACTED\")"} +} + +extension DirectoryServiceDataClientTypes { + /// A structure containing a subset of the fields of a user object from a directory. + public struct UserSummary { + /// Indicates whether the user account is active. + /// This member is required. + public var enabled: Swift.Bool? + /// The first name of the user. + public var givenName: Swift.String? + /// The name of the user. + /// This member is required. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the user. + /// This member is required. + public var sid: Swift.String? + /// The last name of the user. + public var surname: Swift.String? + + public init( + enabled: Swift.Bool? = nil, + givenName: Swift.String? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil, + surname: Swift.String? = nil + ) + { + self.enabled = enabled + self.givenName = givenName + self.samAccountName = samAccountName + self.sid = sid + self.surname = surname + } + } + +} + +extension DirectoryServiceDataClientTypes.UserSummary: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "UserSummary(enabled: \(Swift.String(describing: enabled)), samAccountName: \(Swift.String(describing: samAccountName)), sid: \(Swift.String(describing: sid)), givenName: \"CONTENT_REDACTED\", surname: \"CONTENT_REDACTED\")"} +} + +public struct ListUsersOutput { + /// The identifier (ID) of the directory that's associated with the user. + public var directoryId: Swift.String? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain that's associated with the user. + public var realm: Swift.String? + /// The user information that the request returns. + public var users: [DirectoryServiceDataClientTypes.UserSummary]? + + public init( + directoryId: Swift.String? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil, + users: [DirectoryServiceDataClientTypes.UserSummary]? = nil + ) + { + self.directoryId = directoryId + self.nextToken = nextToken + self.realm = realm + self.users = users + } +} + +extension ListUsersOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "ListUsersOutput(directoryId: \(Swift.String(describing: directoryId)), realm: \(Swift.String(describing: realm)), users: \(Swift.String(describing: users)), nextToken: \"CONTENT_REDACTED\")"} +} + +public struct RemoveGroupMemberInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the member. + /// This member is required. + public var directoryId: Swift.String? + /// The name of the group. + /// This member is required. + public var groupName: Swift.String? + /// The SAMAccountName of the user, group, or computer to remove from the group. + /// This member is required. + public var memberName: Swift.String? + /// The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain. This parameter is optional and case insensitive. + public var memberRealm: Swift.String? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + groupName: Swift.String? = nil, + memberName: Swift.String? = nil, + memberRealm: Swift.String? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.groupName = groupName + self.memberName = memberName + self.memberRealm = memberRealm + } +} + +public struct RemoveGroupMemberOutput { + + public init() { } +} + +public struct SearchGroupsInput { + /// The identifier (ID) of the directory that's associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// The maximum number of results to be returned per request. + public var maxResults: Swift.Int? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name that's associated with the group. This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned. This value is case insensitive. + public var realm: Swift.String? + /// One or more data attributes that are used to search for a group. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html). + /// This member is required. + public var searchAttributes: [Swift.String]? + /// The attribute value that you want to search for. Wildcard (*) searches aren't supported. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html). + /// This member is required. + public var searchString: Swift.String? + + public init( + directoryId: Swift.String? = nil, + maxResults: Swift.Int? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil, + searchAttributes: [Swift.String]? = nil, + searchString: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.maxResults = maxResults + self.nextToken = nextToken + self.realm = realm + self.searchAttributes = searchAttributes + self.searchString = searchString + } +} + +extension SearchGroupsInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "SearchGroupsInput(directoryId: \(Swift.String(describing: directoryId)), maxResults: \(Swift.String(describing: maxResults)), realm: \(Swift.String(describing: realm)), searchAttributes: \(Swift.String(describing: searchAttributes)), nextToken: \"CONTENT_REDACTED\", searchString: \"CONTENT_REDACTED\")"} +} + +extension DirectoryServiceDataClientTypes { + /// A group object that contains identifying information and attributes for a specified group. + public struct Group { + /// The [distinguished name](https://learn.microsoft.com/en-us/windows/win32/ad/object-names-and-identities#distinguished-name) of the object. + public var distinguishedName: Swift.String? + /// The scope of the AD group. For details, see [Active Directory security groups](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#group-scope) + public var groupScope: DirectoryServiceDataClientTypes.GroupScope? + /// The AD group type. For details, see [Active Directory security group type](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#how-active-directory-security-groups-work). + public var groupType: DirectoryServiceDataClientTypes.GroupType? + /// An expression of one or more attributes, data types, and the values of a group. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The name of the group. + /// This member is required. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the group. + public var sid: Swift.String? + + public init( + distinguishedName: Swift.String? = nil, + groupScope: DirectoryServiceDataClientTypes.GroupScope? = nil, + groupType: DirectoryServiceDataClientTypes.GroupType? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil + ) + { + self.distinguishedName = distinguishedName + self.groupScope = groupScope + self.groupType = groupType + self.otherAttributes = otherAttributes + self.samAccountName = samAccountName + self.sid = sid + } + } + +} + +extension DirectoryServiceDataClientTypes.Group: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "Group(groupScope: \(Swift.String(describing: groupScope)), groupType: \(Swift.String(describing: groupType)), otherAttributes: \(Swift.String(describing: otherAttributes)), samAccountName: \(Swift.String(describing: samAccountName)), sid: \(Swift.String(describing: sid)), distinguishedName: \"CONTENT_REDACTED\")"} +} + +public struct SearchGroupsOutput { + /// The identifier (ID) of the directory that's associated with the group. + public var directoryId: Swift.String? + /// The group information that the request returns. + public var groups: [DirectoryServiceDataClientTypes.Group]? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain that's associated with the group. + public var realm: Swift.String? + + public init( + directoryId: Swift.String? = nil, + groups: [DirectoryServiceDataClientTypes.Group]? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.groups = groups + self.nextToken = nextToken + self.realm = realm + } +} + +extension SearchGroupsOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "SearchGroupsOutput(directoryId: \(Swift.String(describing: directoryId)), groups: \(Swift.String(describing: groups)), realm: \(Swift.String(describing: realm)), nextToken: \"CONTENT_REDACTED\")"} +} + +public struct SearchUsersInput { + /// The identifier (ID) of the directory that's associated with the user. + /// This member is required. + public var directoryId: Swift.String? + /// The maximum number of results to be returned per request. + public var maxResults: Swift.Int? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain name that's associated with the user. This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned. This value is case insensitive. + public var realm: Swift.String? + /// One or more data attributes that are used to search for a user. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html). + /// This member is required. + public var searchAttributes: [Swift.String]? + /// The attribute value that you want to search for. Wildcard (*) searches aren't supported. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html). + /// This member is required. + public var searchString: Swift.String? + + public init( + directoryId: Swift.String? = nil, + maxResults: Swift.Int? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil, + searchAttributes: [Swift.String]? = nil, + searchString: Swift.String? = nil + ) + { + self.directoryId = directoryId + self.maxResults = maxResults + self.nextToken = nextToken + self.realm = realm + self.searchAttributes = searchAttributes + self.searchString = searchString + } +} + +extension SearchUsersInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "SearchUsersInput(directoryId: \(Swift.String(describing: directoryId)), maxResults: \(Swift.String(describing: maxResults)), realm: \(Swift.String(describing: realm)), searchAttributes: \(Swift.String(describing: searchAttributes)), nextToken: \"CONTENT_REDACTED\", searchString: \"CONTENT_REDACTED\")"} +} + +extension DirectoryServiceDataClientTypes { + /// A user object that contains identifying information and attributes for a specified user. + public struct User { + /// The [distinguished name](https://learn.microsoft.com/en-us/windows/win32/ad/object-names-and-identities#distinguished-name) of the object. + public var distinguishedName: Swift.String? + /// The email address of the user. + public var emailAddress: Swift.String? + /// Indicates whether the user account is active. + public var enabled: Swift.Bool? + /// The first name of the user. + public var givenName: Swift.String? + /// An expression that includes one or more attributes, data types, and values of a user. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The name of the user. + /// This member is required. + public var samAccountName: Swift.String? + /// The unique security identifier (SID) of the user. + public var sid: Swift.String? + /// The last name of the user. + public var surname: Swift.String? + /// The UPN that is an internet-style login name for a user and based on the internet standard [RFC 822](https://www.ietf.org/rfc/rfc0822.txt). The UPN is shorter than the distinguished name and easier to remember. + public var userPrincipalName: Swift.String? + + public init( + distinguishedName: Swift.String? = nil, + emailAddress: Swift.String? = nil, + enabled: Swift.Bool? = nil, + givenName: Swift.String? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + samAccountName: Swift.String? = nil, + sid: Swift.String? = nil, + surname: Swift.String? = nil, + userPrincipalName: Swift.String? = nil + ) + { + self.distinguishedName = distinguishedName + self.emailAddress = emailAddress + self.enabled = enabled + self.givenName = givenName + self.otherAttributes = otherAttributes + self.samAccountName = samAccountName + self.sid = sid + self.surname = surname + self.userPrincipalName = userPrincipalName + } + } + +} + +extension DirectoryServiceDataClientTypes.User: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "User(enabled: \(Swift.String(describing: enabled)), otherAttributes: \(Swift.String(describing: otherAttributes)), samAccountName: \(Swift.String(describing: samAccountName)), sid: \(Swift.String(describing: sid)), distinguishedName: \"CONTENT_REDACTED\", emailAddress: \"CONTENT_REDACTED\", givenName: \"CONTENT_REDACTED\", surname: \"CONTENT_REDACTED\", userPrincipalName: \"CONTENT_REDACTED\")"} +} + +public struct SearchUsersOutput { + /// The identifier (ID) of the directory where the address block is added. + public var directoryId: Swift.String? + /// An encoded paging token for paginated calls that can be passed back to retrieve the next page. + public var nextToken: Swift.String? + /// The domain that's associated with the user. + public var realm: Swift.String? + /// The user information that the request returns. + public var users: [DirectoryServiceDataClientTypes.User]? + + public init( + directoryId: Swift.String? = nil, + nextToken: Swift.String? = nil, + realm: Swift.String? = nil, + users: [DirectoryServiceDataClientTypes.User]? = nil + ) + { + self.directoryId = directoryId + self.nextToken = nextToken + self.realm = realm + self.users = users + } +} + +extension SearchUsersOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "SearchUsersOutput(directoryId: \(Swift.String(describing: directoryId)), realm: \(Swift.String(describing: realm)), users: \(Swift.String(describing: users)), nextToken: \"CONTENT_REDACTED\")"} +} + +extension DirectoryServiceDataClientTypes { + + public enum UpdateType: Swift.Equatable, Swift.RawRepresentable, Swift.CaseIterable, Swift.Hashable { + case add + case remove + case replace + case sdkUnknown(Swift.String) + + public static var allCases: [UpdateType] { + return [ + .add, + .remove, + .replace + ] + } + + public init?(rawValue: Swift.String) { + let value = Self.allCases.first(where: { $0.rawValue == rawValue }) + self = value ?? Self.sdkUnknown(rawValue) + } + + public var rawValue: Swift.String { + switch self { + case .add: return "ADD" + case .remove: return "REMOVE" + case .replace: return "REPLACE" + case let .sdkUnknown(s): return s + } + } + } +} + +public struct UpdateGroupInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the group. + /// This member is required. + public var directoryId: Swift.String? + /// The scope of the AD group. For details, see [Active Directory security groups](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#group-scope). + public var groupScope: DirectoryServiceDataClientTypes.GroupScope? + /// The AD group type. For details, see [Active Directory security group type](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#how-active-directory-security-groups-work). + public var groupType: DirectoryServiceDataClientTypes.GroupType? + /// An expression that defines one or more attributes with the data type and the value of each attribute. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The name of the group. + /// This member is required. + public var samAccountName: Swift.String? + /// The type of update to be performed. If no value exists for the attribute, use ADD. Otherwise, use REPLACE to change an attribute value or REMOVE to clear the attribute value. + public var updateType: DirectoryServiceDataClientTypes.UpdateType? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + groupScope: DirectoryServiceDataClientTypes.GroupScope? = nil, + groupType: DirectoryServiceDataClientTypes.GroupType? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + samAccountName: Swift.String? = nil, + updateType: DirectoryServiceDataClientTypes.UpdateType? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.groupScope = groupScope + self.groupType = groupType + self.otherAttributes = otherAttributes + self.samAccountName = samAccountName + self.updateType = updateType + } +} + +public struct UpdateGroupOutput { + + public init() { } +} + +public struct UpdateUserInput { + /// A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException. This parameter is optional when using the CLI or SDK. + public var clientToken: Swift.String? + /// The identifier (ID) of the directory that's associated with the user. + /// This member is required. + public var directoryId: Swift.String? + /// The email address of the user. + public var emailAddress: Swift.String? + /// The first name of the user. + public var givenName: Swift.String? + /// An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see [Directory Service Data Attributes](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data-attributes.html). Attribute names are case insensitive. + public var otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? + /// The name of the user. + /// This member is required. + public var samAccountName: Swift.String? + /// The last name of the user. + public var surname: Swift.String? + /// The type of update to be performed. If no value exists for the attribute, use ADD. Otherwise, use REPLACE to change an attribute value or REMOVE to clear the attribute value. + public var updateType: DirectoryServiceDataClientTypes.UpdateType? + + public init( + clientToken: Swift.String? = nil, + directoryId: Swift.String? = nil, + emailAddress: Swift.String? = nil, + givenName: Swift.String? = nil, + otherAttributes: [Swift.String: DirectoryServiceDataClientTypes.AttributeValue]? = nil, + samAccountName: Swift.String? = nil, + surname: Swift.String? = nil, + updateType: DirectoryServiceDataClientTypes.UpdateType? = nil + ) + { + self.clientToken = clientToken + self.directoryId = directoryId + self.emailAddress = emailAddress + self.givenName = givenName + self.otherAttributes = otherAttributes + self.samAccountName = samAccountName + self.surname = surname + self.updateType = updateType + } +} + +extension UpdateUserInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "UpdateUserInput(clientToken: \(Swift.String(describing: clientToken)), directoryId: \(Swift.String(describing: directoryId)), otherAttributes: \(Swift.String(describing: otherAttributes)), samAccountName: \(Swift.String(describing: samAccountName)), updateType: \(Swift.String(describing: updateType)), emailAddress: \"CONTENT_REDACTED\", givenName: \"CONTENT_REDACTED\", surname: \"CONTENT_REDACTED\")"} +} + +public struct UpdateUserOutput { + + public init() { } +} + +extension AddGroupMemberInput { + + static func urlPathProvider(_ value: AddGroupMemberInput) -> Swift.String? { + return "/GroupMemberships/AddGroupMember" + } +} + +extension AddGroupMemberInput { + + static func queryItemProvider(_ value: AddGroupMemberInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension CreateGroupInput { + + static func urlPathProvider(_ value: CreateGroupInput) -> Swift.String? { + return "/Groups/CreateGroup" + } +} + +extension CreateGroupInput { + + static func queryItemProvider(_ value: CreateGroupInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension CreateUserInput { + + static func urlPathProvider(_ value: CreateUserInput) -> Swift.String? { + return "/Users/CreateUser" + } +} + +extension CreateUserInput { + + static func queryItemProvider(_ value: CreateUserInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension DeleteGroupInput { + + static func urlPathProvider(_ value: DeleteGroupInput) -> Swift.String? { + return "/Groups/DeleteGroup" + } +} + +extension DeleteGroupInput { + + static func queryItemProvider(_ value: DeleteGroupInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension DeleteUserInput { + + static func urlPathProvider(_ value: DeleteUserInput) -> Swift.String? { + return "/Users/DeleteUser" + } +} + +extension DeleteUserInput { + + static func queryItemProvider(_ value: DeleteUserInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension DescribeGroupInput { + + static func urlPathProvider(_ value: DescribeGroupInput) -> Swift.String? { + return "/Groups/DescribeGroup" + } +} + +extension DescribeGroupInput { + + static func queryItemProvider(_ value: DescribeGroupInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension DescribeUserInput { + + static func urlPathProvider(_ value: DescribeUserInput) -> Swift.String? { + return "/Users/DescribeUser" + } +} + +extension DescribeUserInput { + + static func queryItemProvider(_ value: DescribeUserInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension DisableUserInput { + + static func urlPathProvider(_ value: DisableUserInput) -> Swift.String? { + return "/Users/DisableUser" + } +} + +extension DisableUserInput { + + static func queryItemProvider(_ value: DisableUserInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension ListGroupMembersInput { + + static func urlPathProvider(_ value: ListGroupMembersInput) -> Swift.String? { + return "/GroupMemberships/ListGroupMembers" + } +} + +extension ListGroupMembersInput { + + static func queryItemProvider(_ value: ListGroupMembersInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension ListGroupsInput { + + static func urlPathProvider(_ value: ListGroupsInput) -> Swift.String? { + return "/Groups/ListGroups" + } +} + +extension ListGroupsInput { + + static func queryItemProvider(_ value: ListGroupsInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension ListGroupsForMemberInput { + + static func urlPathProvider(_ value: ListGroupsForMemberInput) -> Swift.String? { + return "/GroupMemberships/ListGroupsForMember" + } +} + +extension ListGroupsForMemberInput { + + static func queryItemProvider(_ value: ListGroupsForMemberInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension ListUsersInput { + + static func urlPathProvider(_ value: ListUsersInput) -> Swift.String? { + return "/Users/ListUsers" + } +} + +extension ListUsersInput { + + static func queryItemProvider(_ value: ListUsersInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension RemoveGroupMemberInput { + + static func urlPathProvider(_ value: RemoveGroupMemberInput) -> Swift.String? { + return "/GroupMemberships/RemoveGroupMember" + } +} + +extension RemoveGroupMemberInput { + + static func queryItemProvider(_ value: RemoveGroupMemberInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension SearchGroupsInput { + + static func urlPathProvider(_ value: SearchGroupsInput) -> Swift.String? { + return "/Groups/SearchGroups" + } +} + +extension SearchGroupsInput { + + static func queryItemProvider(_ value: SearchGroupsInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension SearchUsersInput { + + static func urlPathProvider(_ value: SearchUsersInput) -> Swift.String? { + return "/Users/SearchUsers" + } +} + +extension SearchUsersInput { + + static func queryItemProvider(_ value: SearchUsersInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension UpdateGroupInput { + + static func urlPathProvider(_ value: UpdateGroupInput) -> Swift.String? { + return "/Groups/UpdateGroup" + } +} + +extension UpdateGroupInput { + + static func queryItemProvider(_ value: UpdateGroupInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension UpdateUserInput { + + static func urlPathProvider(_ value: UpdateUserInput) -> Swift.String? { + return "/Users/UpdateUser" + } +} + +extension UpdateUserInput { + + static func queryItemProvider(_ value: UpdateUserInput) throws -> [Smithy.URIQueryItem] { + var items = [Smithy.URIQueryItem]() + guard let directoryId = value.directoryId else { + let message = "Creating a URL Query Item failed. directoryId is required and must not be nil." + throw Smithy.ClientError.unknownError(message) + } + let directoryIdQueryItem = Smithy.URIQueryItem(name: "DirectoryId".urlPercentEncoding(), value: Swift.String(directoryId).urlPercentEncoding()) + items.append(directoryIdQueryItem) + return items + } +} + +extension AddGroupMemberInput { + + static func write(value: AddGroupMemberInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["GroupName"].write(value.groupName) + try writer["MemberName"].write(value.memberName) + try writer["MemberRealm"].write(value.memberRealm) + } +} + +extension CreateGroupInput { + + static func write(value: CreateGroupInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["GroupScope"].write(value.groupScope) + try writer["GroupType"].write(value.groupType) + try writer["OtherAttributes"].writeMap(value.otherAttributes, valueWritingClosure: DirectoryServiceDataClientTypes.AttributeValue.write(value:to:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension CreateUserInput { + + static func write(value: CreateUserInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["EmailAddress"].write(value.emailAddress) + try writer["GivenName"].write(value.givenName) + try writer["OtherAttributes"].writeMap(value.otherAttributes, valueWritingClosure: DirectoryServiceDataClientTypes.AttributeValue.write(value:to:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + try writer["SAMAccountName"].write(value.samAccountName) + try writer["Surname"].write(value.surname) + } +} + +extension DeleteGroupInput { + + static func write(value: DeleteGroupInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension DeleteUserInput { + + static func write(value: DeleteUserInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension DescribeGroupInput { + + static func write(value: DescribeGroupInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["OtherAttributes"].writeList(value.otherAttributes, memberWritingClosure: SmithyReadWrite.WritingClosures.writeString(value:to:), memberNodeInfo: "member", isFlattened: false) + try writer["Realm"].write(value.realm) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension DescribeUserInput { + + static func write(value: DescribeUserInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["OtherAttributes"].writeList(value.otherAttributes, memberWritingClosure: SmithyReadWrite.WritingClosures.writeString(value:to:), memberNodeInfo: "member", isFlattened: false) + try writer["Realm"].write(value.realm) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension DisableUserInput { + + static func write(value: DisableUserInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension ListGroupMembersInput { + + static func write(value: ListGroupMembersInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["MaxResults"].write(value.maxResults) + try writer["MemberRealm"].write(value.memberRealm) + try writer["NextToken"].write(value.nextToken) + try writer["Realm"].write(value.realm) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension ListGroupsInput { + + static func write(value: ListGroupsInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["MaxResults"].write(value.maxResults) + try writer["NextToken"].write(value.nextToken) + try writer["Realm"].write(value.realm) + } +} + +extension ListGroupsForMemberInput { + + static func write(value: ListGroupsForMemberInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["MaxResults"].write(value.maxResults) + try writer["MemberRealm"].write(value.memberRealm) + try writer["NextToken"].write(value.nextToken) + try writer["Realm"].write(value.realm) + try writer["SAMAccountName"].write(value.samAccountName) + } +} + +extension ListUsersInput { + + static func write(value: ListUsersInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["MaxResults"].write(value.maxResults) + try writer["NextToken"].write(value.nextToken) + try writer["Realm"].write(value.realm) + } +} + +extension RemoveGroupMemberInput { + + static func write(value: RemoveGroupMemberInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["GroupName"].write(value.groupName) + try writer["MemberName"].write(value.memberName) + try writer["MemberRealm"].write(value.memberRealm) + } +} + +extension SearchGroupsInput { + + static func write(value: SearchGroupsInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["MaxResults"].write(value.maxResults) + try writer["NextToken"].write(value.nextToken) + try writer["Realm"].write(value.realm) + try writer["SearchAttributes"].writeList(value.searchAttributes, memberWritingClosure: SmithyReadWrite.WritingClosures.writeString(value:to:), memberNodeInfo: "member", isFlattened: false) + try writer["SearchString"].write(value.searchString) + } +} + +extension SearchUsersInput { + + static func write(value: SearchUsersInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["MaxResults"].write(value.maxResults) + try writer["NextToken"].write(value.nextToken) + try writer["Realm"].write(value.realm) + try writer["SearchAttributes"].writeList(value.searchAttributes, memberWritingClosure: SmithyReadWrite.WritingClosures.writeString(value:to:), memberNodeInfo: "member", isFlattened: false) + try writer["SearchString"].write(value.searchString) + } +} + +extension UpdateGroupInput { + + static func write(value: UpdateGroupInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["GroupScope"].write(value.groupScope) + try writer["GroupType"].write(value.groupType) + try writer["OtherAttributes"].writeMap(value.otherAttributes, valueWritingClosure: DirectoryServiceDataClientTypes.AttributeValue.write(value:to:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + try writer["SAMAccountName"].write(value.samAccountName) + try writer["UpdateType"].write(value.updateType) + } +} + +extension UpdateUserInput { + + static func write(value: UpdateUserInput?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + try writer["ClientToken"].write(value.clientToken) + try writer["EmailAddress"].write(value.emailAddress) + try writer["GivenName"].write(value.givenName) + try writer["OtherAttributes"].writeMap(value.otherAttributes, valueWritingClosure: DirectoryServiceDataClientTypes.AttributeValue.write(value:to:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + try writer["SAMAccountName"].write(value.samAccountName) + try writer["Surname"].write(value.surname) + try writer["UpdateType"].write(value.updateType) + } +} + +extension AddGroupMemberOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> AddGroupMemberOutput { + return AddGroupMemberOutput() + } +} + +extension CreateGroupOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> CreateGroupOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = CreateGroupOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.samAccountName = try reader["SAMAccountName"].readIfPresent() + value.sid = try reader["SID"].readIfPresent() + return value + } +} + +extension CreateUserOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> CreateUserOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = CreateUserOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.samAccountName = try reader["SAMAccountName"].readIfPresent() + value.sid = try reader["SID"].readIfPresent() + return value + } +} + +extension DeleteGroupOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DeleteGroupOutput { + return DeleteGroupOutput() + } +} + +extension DeleteUserOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DeleteUserOutput { + return DeleteUserOutput() + } +} + +extension DescribeGroupOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DescribeGroupOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = DescribeGroupOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.distinguishedName = try reader["DistinguishedName"].readIfPresent() + value.groupScope = try reader["GroupScope"].readIfPresent() + value.groupType = try reader["GroupType"].readIfPresent() + value.otherAttributes = try reader["OtherAttributes"].readMapIfPresent(valueReadingClosure: DirectoryServiceDataClientTypes.AttributeValue.read(from:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + value.realm = try reader["Realm"].readIfPresent() + value.samAccountName = try reader["SAMAccountName"].readIfPresent() + value.sid = try reader["SID"].readIfPresent() + return value + } +} + +extension DescribeUserOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DescribeUserOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = DescribeUserOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.distinguishedName = try reader["DistinguishedName"].readIfPresent() + value.emailAddress = try reader["EmailAddress"].readIfPresent() + value.enabled = try reader["Enabled"].readIfPresent() + value.givenName = try reader["GivenName"].readIfPresent() + value.otherAttributes = try reader["OtherAttributes"].readMapIfPresent(valueReadingClosure: DirectoryServiceDataClientTypes.AttributeValue.read(from:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + value.realm = try reader["Realm"].readIfPresent() + value.samAccountName = try reader["SAMAccountName"].readIfPresent() + value.sid = try reader["SID"].readIfPresent() + value.surname = try reader["Surname"].readIfPresent() + value.userPrincipalName = try reader["UserPrincipalName"].readIfPresent() + return value + } +} + +extension DisableUserOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> DisableUserOutput { + return DisableUserOutput() + } +} + +extension ListGroupMembersOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> ListGroupMembersOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = ListGroupMembersOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.memberRealm = try reader["MemberRealm"].readIfPresent() + value.members = try reader["Members"].readListIfPresent(memberReadingClosure: DirectoryServiceDataClientTypes.Member.read(from:), memberNodeInfo: "member", isFlattened: false) + value.nextToken = try reader["NextToken"].readIfPresent() + value.realm = try reader["Realm"].readIfPresent() + return value + } +} + +extension ListGroupsOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> ListGroupsOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = ListGroupsOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.groups = try reader["Groups"].readListIfPresent(memberReadingClosure: DirectoryServiceDataClientTypes.GroupSummary.read(from:), memberNodeInfo: "member", isFlattened: false) + value.nextToken = try reader["NextToken"].readIfPresent() + value.realm = try reader["Realm"].readIfPresent() + return value + } +} + +extension ListGroupsForMemberOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> ListGroupsForMemberOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = ListGroupsForMemberOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.groups = try reader["Groups"].readListIfPresent(memberReadingClosure: DirectoryServiceDataClientTypes.GroupSummary.read(from:), memberNodeInfo: "member", isFlattened: false) + value.memberRealm = try reader["MemberRealm"].readIfPresent() + value.nextToken = try reader["NextToken"].readIfPresent() + value.realm = try reader["Realm"].readIfPresent() + return value + } +} + +extension ListUsersOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> ListUsersOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = ListUsersOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.nextToken = try reader["NextToken"].readIfPresent() + value.realm = try reader["Realm"].readIfPresent() + value.users = try reader["Users"].readListIfPresent(memberReadingClosure: DirectoryServiceDataClientTypes.UserSummary.read(from:), memberNodeInfo: "member", isFlattened: false) + return value + } +} + +extension RemoveGroupMemberOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> RemoveGroupMemberOutput { + return RemoveGroupMemberOutput() + } +} + +extension SearchGroupsOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> SearchGroupsOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = SearchGroupsOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.groups = try reader["Groups"].readListIfPresent(memberReadingClosure: DirectoryServiceDataClientTypes.Group.read(from:), memberNodeInfo: "member", isFlattened: false) + value.nextToken = try reader["NextToken"].readIfPresent() + value.realm = try reader["Realm"].readIfPresent() + return value + } +} + +extension SearchUsersOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> SearchUsersOutput { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let reader = responseReader + var value = SearchUsersOutput() + value.directoryId = try reader["DirectoryId"].readIfPresent() + value.nextToken = try reader["NextToken"].readIfPresent() + value.realm = try reader["Realm"].readIfPresent() + value.users = try reader["Users"].readListIfPresent(memberReadingClosure: DirectoryServiceDataClientTypes.User.read(from:), memberNodeInfo: "member", isFlattened: false) + return value + } +} + +extension UpdateGroupOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> UpdateGroupOutput { + return UpdateGroupOutput() + } +} + +extension UpdateUserOutput { + + static func httpOutput(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> UpdateUserOutput { + return UpdateUserOutput() + } +} + +enum AddGroupMemberOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum CreateGroupOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum CreateUserOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum DeleteGroupOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum DeleteUserOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum DescribeGroupOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum DescribeUserOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum DisableUserOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum ListGroupMembersOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum ListGroupsOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum ListGroupsForMemberOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum ListUsersOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum RemoveGroupMemberOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum SearchGroupsOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum SearchUsersOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum UpdateGroupOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +enum UpdateUserOutputError { + + static func httpError(from httpResponse: SmithyHTTPAPI.HTTPResponse) async throws -> Swift.Error { + let data = try await httpResponse.data() + let responseReader = try SmithyJSON.Reader.from(data: data) + let baseError = try AWSClientRuntime.RestJSONError(httpResponse: httpResponse, responseReader: responseReader, noErrorWrapping: false) + if let error = baseError.customError() { return error } + switch baseError.code { + case "AccessDeniedException": return try AccessDeniedException.makeError(baseError: baseError) + case "ConflictException": return try ConflictException.makeError(baseError: baseError) + case "DirectoryUnavailableException": return try DirectoryUnavailableException.makeError(baseError: baseError) + case "InternalServerException": return try InternalServerException.makeError(baseError: baseError) + case "ResourceNotFoundException": return try ResourceNotFoundException.makeError(baseError: baseError) + case "ThrottlingException": return try ThrottlingException.makeError(baseError: baseError) + case "ValidationException": return try ValidationException.makeError(baseError: baseError) + default: return try AWSClientRuntime.UnknownAWSHTTPServiceError.makeError(baseError: baseError) + } + } +} + +extension AccessDeniedException { + + static func makeError(baseError: AWSClientRuntime.RestJSONError) throws -> AccessDeniedException { + let reader = baseError.errorBodyReader + var value = AccessDeniedException() + value.properties.message = try reader["Message"].readIfPresent() + value.properties.reason = try reader["Reason"].readIfPresent() + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + +extension ValidationException { + + static func makeError(baseError: AWSClientRuntime.RestJSONError) throws -> ValidationException { + let reader = baseError.errorBodyReader + var value = ValidationException() + value.properties.message = try reader["Message"].readIfPresent() + value.properties.reason = try reader["Reason"].readIfPresent() + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + +extension ConflictException { + + static func makeError(baseError: AWSClientRuntime.RestJSONError) throws -> ConflictException { + let reader = baseError.errorBodyReader + var value = ConflictException() + value.properties.message = try reader["Message"].readIfPresent() + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + +extension DirectoryUnavailableException { + + static func makeError(baseError: AWSClientRuntime.RestJSONError) throws -> DirectoryUnavailableException { + let reader = baseError.errorBodyReader + var value = DirectoryUnavailableException() + value.properties.message = try reader["Message"].readIfPresent() + value.properties.reason = try reader["Reason"].readIfPresent() + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + +extension ResourceNotFoundException { + + static func makeError(baseError: AWSClientRuntime.RestJSONError) throws -> ResourceNotFoundException { + let reader = baseError.errorBodyReader + var value = ResourceNotFoundException() + value.properties.message = try reader["Message"].readIfPresent() + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + +extension ThrottlingException { + + static func makeError(baseError: AWSClientRuntime.RestJSONError) throws -> ThrottlingException { + let reader = baseError.errorBodyReader + let httpResponse = baseError.httpResponse + var value = ThrottlingException() + if let retryAfterSecondsHeaderValue = httpResponse.headers.value(for: "Retry-After") { + value.properties.retryAfterSeconds = Swift.Int(retryAfterSecondsHeaderValue) ?? 0 + } + value.properties.message = try reader["Message"].readIfPresent() ?? "" + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + +extension InternalServerException { + + static func makeError(baseError: AWSClientRuntime.RestJSONError) throws -> InternalServerException { + let reader = baseError.errorBodyReader + var value = InternalServerException() + value.properties.message = try reader["Message"].readIfPresent() + value.httpResponse = baseError.httpResponse + value.requestID = baseError.requestID + value.message = baseError.message + return value + } +} + +extension DirectoryServiceDataClientTypes.AttributeValue { + + static func write(value: DirectoryServiceDataClientTypes.AttributeValue?, to writer: SmithyJSON.Writer) throws { + guard let value else { return } + switch value { + case let .bool(bool): + try writer["BOOL"].write(bool) + case let .n(n): + try writer["N"].write(n) + case let .s(s): + try writer["S"].write(s) + case let .ss(ss): + try writer["SS"].writeList(ss, memberWritingClosure: SmithyReadWrite.WritingClosures.writeString(value:to:), memberNodeInfo: "member", isFlattened: false) + case let .sdkUnknown(sdkUnknown): + try writer["sdkUnknown"].write(sdkUnknown) + } + } + + static func read(from reader: SmithyJSON.Reader) throws -> DirectoryServiceDataClientTypes.AttributeValue { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + let name = reader.children.filter { $0.hasContent && $0.nodeInfo.name != "__type" }.first?.nodeInfo.name + switch name { + case "S": + return .s(try reader["S"].read()) + case "N": + return .n(try reader["N"].read()) + case "BOOL": + return .bool(try reader["BOOL"].read()) + case "SS": + return .ss(try reader["SS"].readList(memberReadingClosure: SmithyReadWrite.ReadingClosures.readString(from:), memberNodeInfo: "member", isFlattened: false)) + default: + return .sdkUnknown(name ?? "") + } + } +} + +extension DirectoryServiceDataClientTypes.Member { + + static func read(from reader: SmithyJSON.Reader) throws -> DirectoryServiceDataClientTypes.Member { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + var value = DirectoryServiceDataClientTypes.Member() + value.sid = try reader["SID"].readIfPresent() ?? "" + value.samAccountName = try reader["SAMAccountName"].readIfPresent() ?? "" + value.memberType = try reader["MemberType"].readIfPresent() ?? .sdkUnknown("") + return value + } +} + +extension DirectoryServiceDataClientTypes.GroupSummary { + + static func read(from reader: SmithyJSON.Reader) throws -> DirectoryServiceDataClientTypes.GroupSummary { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + var value = DirectoryServiceDataClientTypes.GroupSummary() + value.sid = try reader["SID"].readIfPresent() ?? "" + value.samAccountName = try reader["SAMAccountName"].readIfPresent() ?? "" + value.groupType = try reader["GroupType"].readIfPresent() ?? .sdkUnknown("") + value.groupScope = try reader["GroupScope"].readIfPresent() ?? .sdkUnknown("") + return value + } +} + +extension DirectoryServiceDataClientTypes.UserSummary { + + static func read(from reader: SmithyJSON.Reader) throws -> DirectoryServiceDataClientTypes.UserSummary { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + var value = DirectoryServiceDataClientTypes.UserSummary() + value.sid = try reader["SID"].readIfPresent() ?? "" + value.samAccountName = try reader["SAMAccountName"].readIfPresent() ?? "" + value.givenName = try reader["GivenName"].readIfPresent() + value.surname = try reader["Surname"].readIfPresent() + value.enabled = try reader["Enabled"].readIfPresent() ?? false + return value + } +} + +extension DirectoryServiceDataClientTypes.Group { + + static func read(from reader: SmithyJSON.Reader) throws -> DirectoryServiceDataClientTypes.Group { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + var value = DirectoryServiceDataClientTypes.Group() + value.sid = try reader["SID"].readIfPresent() + value.samAccountName = try reader["SAMAccountName"].readIfPresent() ?? "" + value.distinguishedName = try reader["DistinguishedName"].readIfPresent() + value.groupType = try reader["GroupType"].readIfPresent() + value.groupScope = try reader["GroupScope"].readIfPresent() + value.otherAttributes = try reader["OtherAttributes"].readMapIfPresent(valueReadingClosure: DirectoryServiceDataClientTypes.AttributeValue.read(from:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + return value + } +} + +extension DirectoryServiceDataClientTypes.User { + + static func read(from reader: SmithyJSON.Reader) throws -> DirectoryServiceDataClientTypes.User { + guard reader.hasContent else { throw SmithyReadWrite.ReaderError.requiredValueNotPresent } + var value = DirectoryServiceDataClientTypes.User() + value.sid = try reader["SID"].readIfPresent() + value.samAccountName = try reader["SAMAccountName"].readIfPresent() ?? "" + value.distinguishedName = try reader["DistinguishedName"].readIfPresent() + value.userPrincipalName = try reader["UserPrincipalName"].readIfPresent() + value.emailAddress = try reader["EmailAddress"].readIfPresent() + value.givenName = try reader["GivenName"].readIfPresent() + value.surname = try reader["Surname"].readIfPresent() + value.enabled = try reader["Enabled"].readIfPresent() + value.otherAttributes = try reader["OtherAttributes"].readMapIfPresent(valueReadingClosure: DirectoryServiceDataClientTypes.AttributeValue.read(from:), keyNodeInfo: "key", valueNodeInfo: "value", isFlattened: false) + return value + } +} + +public enum DirectoryServiceDataClientTypes {} diff --git a/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Paginators.swift b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Paginators.swift new file mode 100644 index 00000000000..76c8a2c0bf6 --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Paginators.swift @@ -0,0 +1,212 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by smithy-swift-codegen. DO NOT EDIT! + +import protocol ClientRuntime.PaginateToken +import struct ClientRuntime.PaginatorSequence + +extension DirectoryServiceDataClient { + /// Paginate over `[ListGroupMembersOutput]` results. + /// + /// When this operation is called, an `AsyncSequence` is created. AsyncSequences are lazy so no service + /// calls are made until the sequence is iterated over. This also means there is no guarantee that the request is valid + /// until then. If there are errors in your request, you will see the failures only after you start iterating. + /// - Parameters: + /// - input: A `[ListGroupMembersInput]` to start pagination + /// - Returns: An `AsyncSequence` that can iterate over `ListGroupMembersOutput` + public func listGroupMembersPaginated(input: ListGroupMembersInput) -> ClientRuntime.PaginatorSequence { + return ClientRuntime.PaginatorSequence(input: input, inputKey: \.nextToken, outputKey: \.nextToken, paginationFunction: self.listGroupMembers(input:)) + } +} + +extension ListGroupMembersInput: ClientRuntime.PaginateToken { + public func usingPaginationToken(_ token: Swift.String) -> ListGroupMembersInput { + return ListGroupMembersInput( + directoryId: self.directoryId, + maxResults: self.maxResults, + memberRealm: self.memberRealm, + nextToken: token, + realm: self.realm, + samAccountName: self.samAccountName + )} +} + +extension PaginatorSequence where OperationStackInput == ListGroupMembersInput, OperationStackOutput == ListGroupMembersOutput { + /// This paginator transforms the `AsyncSequence` returned by `listGroupMembersPaginated` + /// to access the nested member `[DirectoryServiceDataClientTypes.Member]` + /// - Returns: `[DirectoryServiceDataClientTypes.Member]` + public func members() async throws -> [DirectoryServiceDataClientTypes.Member] { + return try await self.asyncCompactMap { item in item.members } + } +} +extension DirectoryServiceDataClient { + /// Paginate over `[ListGroupsOutput]` results. + /// + /// When this operation is called, an `AsyncSequence` is created. AsyncSequences are lazy so no service + /// calls are made until the sequence is iterated over. This also means there is no guarantee that the request is valid + /// until then. If there are errors in your request, you will see the failures only after you start iterating. + /// - Parameters: + /// - input: A `[ListGroupsInput]` to start pagination + /// - Returns: An `AsyncSequence` that can iterate over `ListGroupsOutput` + public func listGroupsPaginated(input: ListGroupsInput) -> ClientRuntime.PaginatorSequence { + return ClientRuntime.PaginatorSequence(input: input, inputKey: \.nextToken, outputKey: \.nextToken, paginationFunction: self.listGroups(input:)) + } +} + +extension ListGroupsInput: ClientRuntime.PaginateToken { + public func usingPaginationToken(_ token: Swift.String) -> ListGroupsInput { + return ListGroupsInput( + directoryId: self.directoryId, + maxResults: self.maxResults, + nextToken: token, + realm: self.realm + )} +} + +extension PaginatorSequence where OperationStackInput == ListGroupsInput, OperationStackOutput == ListGroupsOutput { + /// This paginator transforms the `AsyncSequence` returned by `listGroupsPaginated` + /// to access the nested member `[DirectoryServiceDataClientTypes.GroupSummary]` + /// - Returns: `[DirectoryServiceDataClientTypes.GroupSummary]` + public func groups() async throws -> [DirectoryServiceDataClientTypes.GroupSummary] { + return try await self.asyncCompactMap { item in item.groups } + } +} +extension DirectoryServiceDataClient { + /// Paginate over `[ListGroupsForMemberOutput]` results. + /// + /// When this operation is called, an `AsyncSequence` is created. AsyncSequences are lazy so no service + /// calls are made until the sequence is iterated over. This also means there is no guarantee that the request is valid + /// until then. If there are errors in your request, you will see the failures only after you start iterating. + /// - Parameters: + /// - input: A `[ListGroupsForMemberInput]` to start pagination + /// - Returns: An `AsyncSequence` that can iterate over `ListGroupsForMemberOutput` + public func listGroupsForMemberPaginated(input: ListGroupsForMemberInput) -> ClientRuntime.PaginatorSequence { + return ClientRuntime.PaginatorSequence(input: input, inputKey: \.nextToken, outputKey: \.nextToken, paginationFunction: self.listGroupsForMember(input:)) + } +} + +extension ListGroupsForMemberInput: ClientRuntime.PaginateToken { + public func usingPaginationToken(_ token: Swift.String) -> ListGroupsForMemberInput { + return ListGroupsForMemberInput( + directoryId: self.directoryId, + maxResults: self.maxResults, + memberRealm: self.memberRealm, + nextToken: token, + realm: self.realm, + samAccountName: self.samAccountName + )} +} + +extension PaginatorSequence where OperationStackInput == ListGroupsForMemberInput, OperationStackOutput == ListGroupsForMemberOutput { + /// This paginator transforms the `AsyncSequence` returned by `listGroupsForMemberPaginated` + /// to access the nested member `[DirectoryServiceDataClientTypes.GroupSummary]` + /// - Returns: `[DirectoryServiceDataClientTypes.GroupSummary]` + public func groups() async throws -> [DirectoryServiceDataClientTypes.GroupSummary] { + return try await self.asyncCompactMap { item in item.groups } + } +} +extension DirectoryServiceDataClient { + /// Paginate over `[ListUsersOutput]` results. + /// + /// When this operation is called, an `AsyncSequence` is created. AsyncSequences are lazy so no service + /// calls are made until the sequence is iterated over. This also means there is no guarantee that the request is valid + /// until then. If there are errors in your request, you will see the failures only after you start iterating. + /// - Parameters: + /// - input: A `[ListUsersInput]` to start pagination + /// - Returns: An `AsyncSequence` that can iterate over `ListUsersOutput` + public func listUsersPaginated(input: ListUsersInput) -> ClientRuntime.PaginatorSequence { + return ClientRuntime.PaginatorSequence(input: input, inputKey: \.nextToken, outputKey: \.nextToken, paginationFunction: self.listUsers(input:)) + } +} + +extension ListUsersInput: ClientRuntime.PaginateToken { + public func usingPaginationToken(_ token: Swift.String) -> ListUsersInput { + return ListUsersInput( + directoryId: self.directoryId, + maxResults: self.maxResults, + nextToken: token, + realm: self.realm + )} +} + +extension PaginatorSequence where OperationStackInput == ListUsersInput, OperationStackOutput == ListUsersOutput { + /// This paginator transforms the `AsyncSequence` returned by `listUsersPaginated` + /// to access the nested member `[DirectoryServiceDataClientTypes.UserSummary]` + /// - Returns: `[DirectoryServiceDataClientTypes.UserSummary]` + public func users() async throws -> [DirectoryServiceDataClientTypes.UserSummary] { + return try await self.asyncCompactMap { item in item.users } + } +} +extension DirectoryServiceDataClient { + /// Paginate over `[SearchGroupsOutput]` results. + /// + /// When this operation is called, an `AsyncSequence` is created. AsyncSequences are lazy so no service + /// calls are made until the sequence is iterated over. This also means there is no guarantee that the request is valid + /// until then. If there are errors in your request, you will see the failures only after you start iterating. + /// - Parameters: + /// - input: A `[SearchGroupsInput]` to start pagination + /// - Returns: An `AsyncSequence` that can iterate over `SearchGroupsOutput` + public func searchGroupsPaginated(input: SearchGroupsInput) -> ClientRuntime.PaginatorSequence { + return ClientRuntime.PaginatorSequence(input: input, inputKey: \.nextToken, outputKey: \.nextToken, paginationFunction: self.searchGroups(input:)) + } +} + +extension SearchGroupsInput: ClientRuntime.PaginateToken { + public func usingPaginationToken(_ token: Swift.String) -> SearchGroupsInput { + return SearchGroupsInput( + directoryId: self.directoryId, + maxResults: self.maxResults, + nextToken: token, + realm: self.realm, + searchAttributes: self.searchAttributes, + searchString: self.searchString + )} +} + +extension PaginatorSequence where OperationStackInput == SearchGroupsInput, OperationStackOutput == SearchGroupsOutput { + /// This paginator transforms the `AsyncSequence` returned by `searchGroupsPaginated` + /// to access the nested member `[DirectoryServiceDataClientTypes.Group]` + /// - Returns: `[DirectoryServiceDataClientTypes.Group]` + public func groups() async throws -> [DirectoryServiceDataClientTypes.Group] { + return try await self.asyncCompactMap { item in item.groups } + } +} +extension DirectoryServiceDataClient { + /// Paginate over `[SearchUsersOutput]` results. + /// + /// When this operation is called, an `AsyncSequence` is created. AsyncSequences are lazy so no service + /// calls are made until the sequence is iterated over. This also means there is no guarantee that the request is valid + /// until then. If there are errors in your request, you will see the failures only after you start iterating. + /// - Parameters: + /// - input: A `[SearchUsersInput]` to start pagination + /// - Returns: An `AsyncSequence` that can iterate over `SearchUsersOutput` + public func searchUsersPaginated(input: SearchUsersInput) -> ClientRuntime.PaginatorSequence { + return ClientRuntime.PaginatorSequence(input: input, inputKey: \.nextToken, outputKey: \.nextToken, paginationFunction: self.searchUsers(input:)) + } +} + +extension SearchUsersInput: ClientRuntime.PaginateToken { + public func usingPaginationToken(_ token: Swift.String) -> SearchUsersInput { + return SearchUsersInput( + directoryId: self.directoryId, + maxResults: self.maxResults, + nextToken: token, + realm: self.realm, + searchAttributes: self.searchAttributes, + searchString: self.searchString + )} +} + +extension PaginatorSequence where OperationStackInput == SearchUsersInput, OperationStackOutput == SearchUsersOutput { + /// This paginator transforms the `AsyncSequence` returned by `searchUsersPaginated` + /// to access the nested member `[DirectoryServiceDataClientTypes.User]` + /// - Returns: `[DirectoryServiceDataClientTypes.User]` + public func users() async throws -> [DirectoryServiceDataClientTypes.User] { + return try await self.asyncCompactMap { item in item.users } + } +} diff --git a/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Plugins.swift b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Plugins.swift new file mode 100644 index 00000000000..33980e56f16 --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Plugins.swift @@ -0,0 +1,82 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by smithy-swift-codegen. DO NOT EDIT! + +import class AWSClientRuntime.AWSClientConfigDefaultsProvider +import protocol ClientRuntime.ClientConfiguration +import protocol ClientRuntime.Plugin +import protocol SmithyHTTPAuthAPI.AuthSchemeResolver +import protocol SmithyIdentity.AWSCredentialIdentityResolver +import protocol SmithyIdentity.BearerTokenIdentityResolver +import struct AWSSDKHTTPAuth.SigV4AuthScheme +import struct SmithyIdentity.BearerTokenIdentity +import struct SmithyIdentity.StaticBearerTokenIdentityResolver +import typealias SmithyHTTPAuthAPI.AuthSchemes + +public class DirectoryServiceDataClientEndpointPlugin: Plugin { + private var endpointResolver: EndpointResolver + + public init(endpointResolver: EndpointResolver) { + self.endpointResolver = endpointResolver + } + + public convenience init() throws { + self.init(endpointResolver: try DefaultEndpointResolver()) + } + + public func configureClient(clientConfiguration: ClientRuntime.ClientConfiguration) throws { + if let config = clientConfiguration as? DirectoryServiceDataClient.DirectoryServiceDataClientConfiguration { + config.endpointResolver = self.endpointResolver + } + } +} + +public class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { + + public init() {} + + public func configureClient(clientConfiguration: ClientRuntime.ClientConfiguration) throws { + if let config = clientConfiguration as? DirectoryServiceDataClient.DirectoryServiceDataClientConfiguration { + config.authSchemeResolver = DefaultDirectoryServiceDataAuthSchemeResolver() + config.authSchemes = [AWSSDKHTTPAuth.SigV4AuthScheme()] + config.awsCredentialIdentityResolver = try AWSClientRuntime.AWSClientConfigDefaultsProvider.awsCredentialIdentityResolver() + config.bearerTokenIdentityResolver = SmithyIdentity.StaticBearerTokenIdentityResolver(token: SmithyIdentity.BearerTokenIdentity(token: "")) + } + } +} + +public class DirectoryServiceDataClientAuthSchemePlugin: ClientRuntime.Plugin { + private var authSchemes: SmithyHTTPAuthAPI.AuthSchemes? + private var authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver? + private var awsCredentialIdentityResolver: (any SmithyIdentity.AWSCredentialIdentityResolver)? + private var bearerTokenIdentityResolver: (any SmithyIdentity.BearerTokenIdentityResolver)? + + public init(authSchemes: SmithyHTTPAuthAPI.AuthSchemes? = nil, authSchemeResolver: DirectoryServiceDataAuthSchemeResolver? = nil, awsCredentialIdentityResolver: (any SmithyIdentity.AWSCredentialIdentityResolver)? = nil, bearerTokenIdentityResolver: (any SmithyIdentity.BearerTokenIdentityResolver)? = nil) { + self.authSchemeResolver = authSchemeResolver + self.authSchemes = authSchemes + self.awsCredentialIdentityResolver = awsCredentialIdentityResolver + self.bearerTokenIdentityResolver = bearerTokenIdentityResolver + } + + public func configureClient(clientConfiguration: ClientRuntime.ClientConfiguration) throws { + if let config = clientConfiguration as? DirectoryServiceDataClient.DirectoryServiceDataClientConfiguration { + if (self.authSchemes != nil) { + config.authSchemes = self.authSchemes + } + if (self.authSchemeResolver != nil) { + config.authSchemeResolver = self.authSchemeResolver! + } + if (self.awsCredentialIdentityResolver != nil) { + config.awsCredentialIdentityResolver = self.awsCredentialIdentityResolver! + } + if (self.bearerTokenIdentityResolver != nil) { + config.bearerTokenIdentityResolver = self.bearerTokenIdentityResolver! + } + } + } +} diff --git a/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Resources/Package.version b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Resources/Package.version new file mode 100644 index 00000000000..d3827e75a5c --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Sources/AWSDirectoryServiceData/Resources/Package.version @@ -0,0 +1 @@ +1.0 diff --git a/Sources/Services/AWSDirectoryServiceData/Tests/AWSDirectoryServiceDataTests/EndpointResolverTest.swift b/Sources/Services/AWSDirectoryServiceData/Tests/AWSDirectoryServiceDataTests/EndpointResolverTest.swift new file mode 100644 index 00000000000..65115b923cb --- /dev/null +++ b/Sources/Services/AWSDirectoryServiceData/Tests/AWSDirectoryServiceDataTests/EndpointResolverTest.swift @@ -0,0 +1,516 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by smithy-swift-codegen. DO NOT EDIT! + +@testable import AWSDirectoryServiceData +import SmithyTestUtil +import XCTest +import enum ClientRuntime.EndpointError +import struct SmithyHTTPAPI.Endpoint +import struct SmithyHTTPAPI.Headers + +class EndpointResolverTest: XCTestCase { + + override class func setUp() { + SmithyTestUtil.TestInitializer.initialize() + } + + /// For region us-east-1 with FIPS enabled and DualStack enabled + func testResolve1() throws { + let endpointParams = EndpointParams( + region: "us-east-1", + useDualStack: true, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.us-east-1.api.aws", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-east-1 with FIPS enabled and DualStack disabled + func testResolve2() throws { + let endpointParams = EndpointParams( + region: "us-east-1", + useDualStack: false, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.us-east-1.amazonaws.com", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-east-1 with FIPS disabled and DualStack enabled + func testResolve3() throws { + let endpointParams = EndpointParams( + region: "us-east-1", + useDualStack: true, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.us-east-1.api.aws", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-east-1 with FIPS disabled and DualStack disabled + func testResolve4() throws { + let endpointParams = EndpointParams( + region: "us-east-1", + useDualStack: false, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.us-east-1.amazonaws.com", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region cn-north-1 with FIPS enabled and DualStack enabled + func testResolve5() throws { + let endpointParams = EndpointParams( + region: "cn-north-1", + useDualStack: true, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.cn-north-1.api.amazonwebservices.com.cn", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region cn-north-1 with FIPS enabled and DualStack disabled + func testResolve6() throws { + let endpointParams = EndpointParams( + region: "cn-north-1", + useDualStack: false, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.cn-north-1.amazonaws.com.cn", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region cn-north-1 with FIPS disabled and DualStack enabled + func testResolve7() throws { + let endpointParams = EndpointParams( + region: "cn-north-1", + useDualStack: true, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.cn-north-1.api.amazonwebservices.com.cn", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region cn-north-1 with FIPS disabled and DualStack disabled + func testResolve8() throws { + let endpointParams = EndpointParams( + region: "cn-north-1", + useDualStack: false, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.cn-north-1.amazonaws.com.cn", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-gov-east-1 with FIPS enabled and DualStack enabled + func testResolve9() throws { + let endpointParams = EndpointParams( + region: "us-gov-east-1", + useDualStack: true, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.us-gov-east-1.api.aws", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-gov-east-1 with FIPS enabled and DualStack disabled + func testResolve10() throws { + let endpointParams = EndpointParams( + region: "us-gov-east-1", + useDualStack: false, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.us-gov-east-1.amazonaws.com", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-gov-east-1 with FIPS disabled and DualStack enabled + func testResolve11() throws { + let endpointParams = EndpointParams( + region: "us-gov-east-1", + useDualStack: true, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.us-gov-east-1.api.aws", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-gov-east-1 with FIPS disabled and DualStack disabled + func testResolve12() throws { + let endpointParams = EndpointParams( + region: "us-gov-east-1", + useDualStack: false, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.us-gov-east-1.amazonaws.com", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-iso-east-1 with FIPS enabled and DualStack enabled + func testResolve13() throws { + let endpointParams = EndpointParams( + region: "us-iso-east-1", + useDualStack: true, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + XCTAssertThrowsError(try resolver.resolve(params: endpointParams)) { error in + switch error { + case ClientRuntime.EndpointError.unresolved(let message): + XCTAssertEqual("FIPS and DualStack are enabled, but this partition does not support one or both", message) + default: + XCTFail() + } + } + } + + /// For region us-iso-east-1 with FIPS enabled and DualStack disabled + func testResolve14() throws { + let endpointParams = EndpointParams( + region: "us-iso-east-1", + useDualStack: false, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.us-iso-east-1.c2s.ic.gov", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-iso-east-1 with FIPS disabled and DualStack enabled + func testResolve15() throws { + let endpointParams = EndpointParams( + region: "us-iso-east-1", + useDualStack: true, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + XCTAssertThrowsError(try resolver.resolve(params: endpointParams)) { error in + switch error { + case ClientRuntime.EndpointError.unresolved(let message): + XCTAssertEqual("DualStack is enabled but this partition does not support DualStack", message) + default: + XCTFail() + } + } + } + + /// For region us-iso-east-1 with FIPS disabled and DualStack disabled + func testResolve16() throws { + let endpointParams = EndpointParams( + region: "us-iso-east-1", + useDualStack: false, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.us-iso-east-1.c2s.ic.gov", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-isob-east-1 with FIPS enabled and DualStack enabled + func testResolve17() throws { + let endpointParams = EndpointParams( + region: "us-isob-east-1", + useDualStack: true, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + XCTAssertThrowsError(try resolver.resolve(params: endpointParams)) { error in + switch error { + case ClientRuntime.EndpointError.unresolved(let message): + XCTAssertEqual("FIPS and DualStack are enabled, but this partition does not support one or both", message) + default: + XCTFail() + } + } + } + + /// For region us-isob-east-1 with FIPS enabled and DualStack disabled + func testResolve18() throws { + let endpointParams = EndpointParams( + region: "us-isob-east-1", + useDualStack: false, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data-fips.us-isob-east-1.sc2s.sgov.gov", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For region us-isob-east-1 with FIPS disabled and DualStack enabled + func testResolve19() throws { + let endpointParams = EndpointParams( + region: "us-isob-east-1", + useDualStack: true, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + XCTAssertThrowsError(try resolver.resolve(params: endpointParams)) { error in + switch error { + case ClientRuntime.EndpointError.unresolved(let message): + XCTAssertEqual("DualStack is enabled but this partition does not support DualStack", message) + default: + XCTFail() + } + } + } + + /// For region us-isob-east-1 with FIPS disabled and DualStack disabled + func testResolve20() throws { + let endpointParams = EndpointParams( + region: "us-isob-east-1", + useDualStack: false, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://ds-data.us-isob-east-1.sc2s.sgov.gov", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For custom endpoint with region set and fips disabled and dualstack disabled + func testResolve21() throws { + let endpointParams = EndpointParams( + endpoint: "https://example.com", + region: "us-east-1", + useDualStack: false, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://example.com", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For custom endpoint with region not set and fips disabled and dualstack disabled + func testResolve22() throws { + let endpointParams = EndpointParams( + endpoint: "https://example.com", + useDualStack: false, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + let actual = try resolver.resolve(params: endpointParams) + + let properties: [String: AnyHashable] = + [:] + + let headers = SmithyHTTPAPI.Headers() + let expected = try SmithyHTTPAPI.Endpoint(urlString: "https://example.com", headers: headers, properties: properties) + + XCTAssertEqual(expected, actual) + } + + /// For custom endpoint with fips enabled and dualstack disabled + func testResolve23() throws { + let endpointParams = EndpointParams( + endpoint: "https://example.com", + region: "us-east-1", + useDualStack: false, + useFIPS: true + ) + let resolver = try DefaultEndpointResolver() + + XCTAssertThrowsError(try resolver.resolve(params: endpointParams)) { error in + switch error { + case ClientRuntime.EndpointError.unresolved(let message): + XCTAssertEqual("Invalid Configuration: FIPS and custom endpoint are not supported", message) + default: + XCTFail() + } + } + } + + /// For custom endpoint with fips disabled and dualstack enabled + func testResolve24() throws { + let endpointParams = EndpointParams( + endpoint: "https://example.com", + region: "us-east-1", + useDualStack: true, + useFIPS: false + ) + let resolver = try DefaultEndpointResolver() + + XCTAssertThrowsError(try resolver.resolve(params: endpointParams)) { error in + switch error { + case ClientRuntime.EndpointError.unresolved(let message): + XCTAssertEqual("Invalid Configuration: Dualstack and custom endpoint are not supported", message) + default: + XCTFail() + } + } + } + + /// Missing region + func testResolve25() throws { + let endpointParams = EndpointParams( + ) + let resolver = try DefaultEndpointResolver() + + XCTAssertThrowsError(try resolver.resolve(params: endpointParams)) { error in + switch error { + case ClientRuntime.EndpointError.unresolved(let message): + XCTAssertEqual("Invalid Configuration: Missing Region", message) + default: + XCTFail() + } + } + } + +} diff --git a/Sources/Services/AWSGuardDuty/Sources/AWSGuardDuty/Models.swift b/Sources/Services/AWSGuardDuty/Sources/AWSGuardDuty/Models.swift index ab628549e75..0530b130712 100644 --- a/Sources/Services/AWSGuardDuty/Sources/AWSGuardDuty/Models.swift +++ b/Sources/Services/AWSGuardDuty/Sources/AWSGuardDuty/Models.swift @@ -5385,6 +5385,8 @@ extension GuardDutyClientTypes { public var definitionArn: Swift.String? /// The name of the task group that's associated with the task. public var group: Swift.String? + /// A capacity on which the task is running. For example, Fargate and EC2. + public var launchType: Swift.String? /// The Unix timestamp for the time when the task started. public var startedAt: Foundation.Date? /// Contains the tag specified when a task is started. @@ -5403,6 +5405,7 @@ extension GuardDutyClientTypes { containers: [GuardDutyClientTypes.Container]? = nil, definitionArn: Swift.String? = nil, group: Swift.String? = nil, + launchType: Swift.String? = nil, startedAt: Foundation.Date? = nil, startedBy: Swift.String? = nil, tags: [GuardDutyClientTypes.Tag]? = nil, @@ -5415,6 +5418,7 @@ extension GuardDutyClientTypes { self.containers = containers self.definitionArn = definitionArn self.group = group + self.launchType = launchType self.startedAt = startedAt self.startedBy = startedBy self.tags = tags @@ -14008,7 +14012,7 @@ extension GuardDutyClientTypes.KubernetesApiCallAction { var value = GuardDutyClientTypes.KubernetesApiCallAction() value.requestUri = try reader["requestUri"].readIfPresent() value.verb = try reader["verb"].readIfPresent() - value.sourceIps = try reader["sourceIps"].readListIfPresent(memberReadingClosure: SmithyReadWrite.ReadingClosures.readString(from:), memberNodeInfo: "member", isFlattened: false) + value.sourceIps = try reader["sourceIPs"].readListIfPresent(memberReadingClosure: SmithyReadWrite.ReadingClosures.readString(from:), memberNodeInfo: "member", isFlattened: false) value.userAgent = try reader["userAgent"].readIfPresent() value.remoteIpDetails = try reader["remoteIpDetails"].readIfPresent(with: GuardDutyClientTypes.RemoteIpDetails.read(from:)) value.statusCode = try reader["statusCode"].readIfPresent() @@ -14317,6 +14321,7 @@ extension GuardDutyClientTypes.EcsTaskDetails { value.volumes = try reader["volumes"].readListIfPresent(memberReadingClosure: GuardDutyClientTypes.Volume.read(from:), memberNodeInfo: "member", isFlattened: false) value.containers = try reader["containers"].readListIfPresent(memberReadingClosure: GuardDutyClientTypes.Container.read(from:), memberNodeInfo: "member", isFlattened: false) value.group = try reader["group"].readIfPresent() + value.launchType = try reader["launchType"].readIfPresent() return value } } diff --git a/Sources/Services/AWSMailManager/Sources/AWSMailManager/MailManagerClient.swift b/Sources/Services/AWSMailManager/Sources/AWSMailManager/MailManagerClient.swift index 178d36caaf0..e85405edb8f 100644 --- a/Sources/Services/AWSMailManager/Sources/AWSMailManager/MailManagerClient.swift +++ b/Sources/Services/AWSMailManager/Sources/AWSMailManager/MailManagerClient.swift @@ -3439,7 +3439,7 @@ extension MailManagerClient { /// Performs the `UpdateRuleSet` operation on the `MailManagerSvc` service. /// - /// >Update attributes of an already provisioned rule set. + /// Update attributes of an already provisioned rule set. /// /// - Parameter UpdateRuleSetInput : [no documentation found] /// diff --git a/Sources/Services/AWSMailManager/Sources/AWSMailManager/Models.swift b/Sources/Services/AWSMailManager/Sources/AWSMailManager/Models.swift index 4189325feda..2d0e315d71d 100644 --- a/Sources/Services/AWSMailManager/Sources/AWSMailManager/Models.swift +++ b/Sources/Services/AWSMailManager/Sources/AWSMailManager/Models.swift @@ -1948,6 +1948,8 @@ extension MailManagerClientTypes { public enum RuleStringToEvaluate { /// The email attribute to evaluate in a string condition expression. case attribute(MailManagerClientTypes.RuleStringEmailAttribute) + /// The email MIME X-Header attribute to evaluate in a string condition expression. + case mimeheaderattribute(Swift.String) case sdkUnknown(Swift.String) } @@ -7178,6 +7180,8 @@ extension MailManagerClientTypes.RuleStringToEvaluate { switch value { case let .attribute(attribute): try writer["Attribute"].write(attribute) + case let .mimeheaderattribute(mimeheaderattribute): + try writer["MimeHeaderAttribute"].write(mimeheaderattribute) case let .sdkUnknown(sdkUnknown): try writer["sdkUnknown"].write(sdkUnknown) } @@ -7189,6 +7193,8 @@ extension MailManagerClientTypes.RuleStringToEvaluate { switch name { case "Attribute": return .attribute(try reader["Attribute"].read()) + case "MimeHeaderAttribute": + return .mimeheaderattribute(try reader["MimeHeaderAttribute"].read()) default: return .sdkUnknown(name ?? "") } diff --git a/Sources/Services/AWSRDS/Sources/AWSRDS/RDSClient.swift b/Sources/Services/AWSRDS/Sources/AWSRDS/RDSClient.swift index b92ffce87e8..d2f70488f7a 100644 --- a/Sources/Services/AWSRDS/Sources/AWSRDS/RDSClient.swift +++ b/Sources/Services/AWSRDS/Sources/AWSRDS/RDSClient.swift @@ -10688,7 +10688,7 @@ extension RDSClient { /// Performs the `RestoreDBInstanceFromDBSnapshot` operation on the `AmazonRDSv19` service. /// - /// Creates a new DB instance from a DB snapshot. The target database is created from the source database restore point with most of the source's original configuration, including the default security group and DB parameter group. By default, the new DB instance is created as a Single-AZ deployment, except when the instance is a SQL Server instance that has an option group associated with mirroring. In this case, the instance becomes a Multi-AZ deployment, not a Single-AZ deployment. If you want to replace your original DB instance with the new, restored DB instance, then rename your original DB instance before you call the RestoreDBInstanceFromDBSnapshot operation. RDS doesn't allow two DB instances with the same name. After you have renamed your original DB instance with a different identifier, then you can pass the original name of the DB instance as the DBInstanceIdentifier in the call to the RestoreDBInstanceFromDBSnapshot operation. The result is that you replace the original DB instance with the DB instance created from the snapshot. If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier must be the ARN of the shared DB snapshot. This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, use RestoreDBClusterFromSnapshot. + /// Creates a new DB instance from a DB snapshot. The target database is created from the source database restore point with most of the source's original configuration, including the default security group and DB parameter group. By default, the new DB instance is created as a Single-AZ deployment, except when the instance is a SQL Server instance that has an option group associated with mirroring. In this case, the instance becomes a Multi-AZ deployment, not a Single-AZ deployment. If you want to replace your original DB instance with the new, restored DB instance, then rename your original DB instance before you call the RestoreDBInstanceFromDBSnapshot operation. RDS doesn't allow two DB instances with the same name. After you have renamed your original DB instance with a different identifier, then you can pass the original name of the DB instance as the DBInstanceIdentifier in the call to the RestoreDBInstanceFromDBSnapshot operation. The result is that you replace the original DB instance with the DB instance created from the snapshot. If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier must be the ARN of the shared DB snapshot. To restore from a DB snapshot with an unsupported engine version, you must first upgrade the engine version of the snapshot. For more information about upgrading a RDS for MySQL DB snapshot engine version, see [Upgrading a MySQL DB snapshot engine version](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/mysql-upgrade-snapshot.html). For more information about upgrading a RDS for PostgreSQL DB snapshot engine version, [Upgrading a PostgreSQL DB snapshot engine version](https://docs.aws.amazon.com/USER_UpgradeDBSnapshot.PostgreSQL.html). This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, use RestoreDBClusterFromSnapshot. /// /// - Parameter RestoreDBInstanceFromDBSnapshotInput : /// diff --git a/Sources/Services/AWSS3/Sources/AWSS3/Models.swift b/Sources/Services/AWSS3/Sources/AWSS3/Models.swift index 3fecf4836ee..c97bcbc9e72 100644 --- a/Sources/Services/AWSS3/Sources/AWSS3/Models.swift +++ b/Sources/Services/AWSS3/Sources/AWSS3/Models.swift @@ -818,7 +818,7 @@ extension S3ClientTypes { public struct CompleteMultipartUploadOutput { /// The name of the bucket that contains the newly created object. Does not return the access point ARN or access point alias if used. Access points are not supported by directory buckets. public var bucket: Swift.String? - /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the Amazon S3 User Guide. public var checksumCRC32: Swift.String? @@ -838,9 +838,9 @@ public struct CompleteMultipartUploadOutput { public var location: Swift.String? /// If present, indicates that the requester was successfully charged for the request. This functionality is not supported for directory buckets. public var requestCharged: S3ClientTypes.RequestCharged? - /// The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms). public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? - /// If present, indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? /// Version ID of the newly created object, in case the bucket has versioning turned on. This functionality is not supported for directory buckets. public var versionId: Swift.String? @@ -1161,7 +1161,7 @@ public struct CopyObjectInput { /// The name of the destination bucket. Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide. Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the Amazon S3 User Guide. Access points and Object Lambda access points are not supported by directory buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the Amazon S3 User Guide. /// This member is required. public var bucket: Swift.String? - /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Specifying this header with a COPY action doesn’t affect bucket-level settings for S3 Bucket Key. For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon S3 User Guide. This functionality is not supported when the destination bucket is a directory bucket. + /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Specifying this header with a COPY action doesn’t affect bucket-level settings for S3 Bucket Key. For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon S3 User Guide. Directory buckets - S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. public var bucketKeyEnabled: Swift.Bool? /// Specifies the caching behavior along the request/reply chain. public var cacheControl: Swift.String? @@ -1267,7 +1267,18 @@ public struct CopyObjectInput { public var objectLockRetainUntilDate: Foundation.Date? /// Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 User Guide. This functionality is not supported for directory buckets. public var requestPayer: S3ClientTypes.RequestPayer? - /// The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). Unrecognized or unsupported values won’t write a destination object and will receive a 400 Bad Request response. Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy. When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. With server-side encryption, Amazon S3 encrypts your data as it writes your data to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in the Amazon S3 User Guide. For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when storing this object in Amazon S3. Unrecognized or unsupported values won’t write a destination object and will receive a 400 Bad Request response. Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a different default encryption configuration, Amazon S3 uses the corresponding encryption key to encrypt the target object copy. With server-side encryption, Amazon S3 encrypts your data as it writes your data to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) in the Amazon S3 User Guide. General purpose buckets + /// + /// * For general purpose buckets, there are the following supported options for server-side encryption: server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), and server-side encryption with customer-provided encryption keys (SSE-C). Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy. + /// + /// * When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. + /// + /// + /// Directory buckets + /// + /// * For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). + /// + /// * To encrypt new object copies to a directory bucket with SSE-KMS, we recommend you specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk)). [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS, you can't override the customer managed key for the bucket's SSE-KMS configuration. Then, when you perform a CopyObject operation and want to specify server-side encryption settings for new object copies with SSE-KMS in the encryption-related request headers, you must ensure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration. public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// Specifies the algorithm to use when encrypting the object (for example, AES256). When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. This functionality is not supported when the destination bucket is a directory bucket. public var sseCustomerAlgorithm: Swift.String? @@ -1275,9 +1286,9 @@ public struct CopyObjectInput { public var sseCustomerKey: Swift.String? /// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported when the destination bucket is a directory bucket. public var sseCustomerKeyMD5: Swift.String? - /// Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This value must be explicitly added to specify encryption context for CopyObject requests. This functionality is not supported when the destination bucket is a directory bucket. + /// Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for the destination object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. General purpose buckets - This value must be explicitly added to specify encryption context for CopyObject requests if you want an additional encryption context for your destination object. The additional encryption context of the source object won't be copied to the destination object. For more information, see [Encryption context](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context) in the Amazon S3 User Guide. Directory buckets - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. public var ssekmsEncryptionContext: Swift.String? - /// Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object encryption. All GET and PUT requests for an object protected by KMS will fail if they're not made via SSL or using SigV4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see [Specifying the Signature Version in Request Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) in the Amazon S3 User Guide. This functionality is not supported when the destination bucket is a directory bucket. + /// Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. All GET and PUT requests for an object protected by KMS will fail if they're not made via SSL or using SigV4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see [Specifying the Signature Version in Request Authentication](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) in the Amazon S3 User Guide. Directory buckets - If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. public var ssekmsKeyId: Swift.String? /// If the x-amz-storage-class header is not used, the copied object will be stored in the STANDARD Storage Class by default. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. /// @@ -1466,7 +1477,7 @@ extension S3ClientTypes { } public struct CopyObjectOutput { - /// Indicates whether the copied object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the copied object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// Container for all response elements. public var copyObjectResult: S3ClientTypes.CopyObjectResult? @@ -1476,15 +1487,15 @@ public struct CopyObjectOutput { public var expiration: Swift.String? /// If present, indicates that the requester was successfully charged for the request. This functionality is not supported for directory buckets. public var requestCharged: S3ClientTypes.RequestCharged? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This functionality is not supported for directory buckets. + /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. public var ssekmsEncryptionContext: Swift.String? - /// If present, indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? /// Version ID of the newly created copy. This functionality is not supported for directory buckets. public var versionId: Swift.String? @@ -1938,7 +1949,7 @@ public struct CreateMultipartUploadInput { /// The name of the bucket where the multipart upload is initiated and where the object is uploaded. Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide. Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the Amazon S3 User Guide. Access points and Object Lambda access points are not supported by directory buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the Amazon S3 User Guide. /// This member is required. public var bucket: Swift.String? - /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Specifying this header with an object action doesn’t affect bucket-level settings for S3 Bucket Key. This functionality is not supported for directory buckets. + /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). General purpose buckets - Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this header with a PUT action doesn't affect bucket-level settings for S3 Bucket Key. Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. public var bucketKeyEnabled: Swift.Bool? /// Specifies caching behavior along the request/reply chain. public var cacheControl: Swift.String? @@ -2105,7 +2116,9 @@ public struct CreateMultipartUploadInput { public var objectLockRetainUntilDate: Foundation.Date? /// Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 User Guide. This functionality is not supported for directory buckets. public var requestPayer: S3ClientTypes.RequestPayer? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). + /// + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket. When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), the encryption request headers must match the default encryption configuration of the directory bucket. public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// Specifies the algorithm to use when encrypting the object (for example, AES256). This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? @@ -2113,9 +2126,9 @@ public struct CreateMultipartUploadInput { public var sseCustomerKey: Swift.String? /// Specifies the 128-bit MD5 digest of the customer-provided encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This functionality is not supported for directory buckets. + /// Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. Directory buckets - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. public var ssekmsEncryptionContext: Swift.String? - /// Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric encryption customer managed key to use for object encryption. This functionality is not supported for directory buckets. + /// Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID. General purpose buckets - If you specify x-amz-server-side-encryption with aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data. Directory buckets - If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. public var ssekmsKeyId: Swift.String? /// By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in the Amazon S3 User Guide. /// @@ -2206,7 +2219,7 @@ public struct CreateMultipartUploadOutput { public var abortRuleId: Swift.String? /// The name of the bucket to which the multipart upload was initiated. Does not return the access point ARN or access point alias if used. Access points are not supported by directory buckets. public var bucket: Swift.String? - /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// The algorithm that was used to create a checksum of the object. public var checksumAlgorithm: S3ClientTypes.ChecksumAlgorithm? @@ -2214,15 +2227,15 @@ public struct CreateMultipartUploadOutput { public var key: Swift.String? /// If present, indicates that the requester was successfully charged for the request. This functionality is not supported for directory buckets. public var requestCharged: S3ClientTypes.RequestCharged? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This functionality is not supported for directory buckets. + /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. public var ssekmsEncryptionContext: Swift.String? - /// If present, indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? /// ID for the initiated multipart upload. public var uploadId: Swift.String? @@ -2311,21 +2324,42 @@ public struct CreateSessionInput { /// The name of the bucket that you create a session for. /// This member is required. public var bucket: Swift.String? - /// Specifies the mode of the session that will be created, either ReadWrite or ReadOnly. By default, a ReadWrite session is created. A ReadWrite session is capable of executing all the Zonal endpoint APIs on a directory bucket. A ReadOnly session is constrained to execute the following Zonal endpoint APIs: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, ListParts, and ListMultipartUploads. + /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using KMS keys (SSE-KMS). S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. + public var bucketKeyEnabled: Swift.Bool? + /// The server-side encryption algorithm to use when you store objects in the directory bucket. For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). By default, Amazon S3 encrypts data with SSE-S3. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. + public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? + /// Specifies the mode of the session that will be created, either ReadWrite or ReadOnly. By default, a ReadWrite session is created. A ReadWrite session is capable of executing all the Zonal endpoint API operations on a directory bucket. A ReadOnly session is constrained to execute the following Zonal endpoint API operations: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, ListParts, and ListMultipartUploads. public var sessionMode: S3ClientTypes.SessionMode? + /// Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject operations on this object. General purpose buckets - This value must be explicitly added during CopyObject operations if you want an additional encryption context for your object. For more information, see [Encryption context](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context) in the Amazon S3 User Guide. Directory buckets - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. + public var ssekmsEncryptionContext: Swift.String? + /// If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Also, if the KMS key doesn't exist in the same account that't issuing the command, you must use the full Key ARN not the Key ID. Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. + public var ssekmsKeyId: Swift.String? public init( bucket: Swift.String? = nil, - sessionMode: S3ClientTypes.SessionMode? = nil + bucketKeyEnabled: Swift.Bool? = nil, + serverSideEncryption: S3ClientTypes.ServerSideEncryption? = nil, + sessionMode: S3ClientTypes.SessionMode? = nil, + ssekmsEncryptionContext: Swift.String? = nil, + ssekmsKeyId: Swift.String? = nil ) { self.bucket = bucket + self.bucketKeyEnabled = bucketKeyEnabled + self.serverSideEncryption = serverSideEncryption self.sessionMode = sessionMode + self.ssekmsEncryptionContext = ssekmsEncryptionContext + self.ssekmsKeyId = ssekmsKeyId } } +extension CreateSessionInput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "CreateSessionInput(bucket: \(Swift.String(describing: bucket)), bucketKeyEnabled: \(Swift.String(describing: bucketKeyEnabled)), serverSideEncryption: \(Swift.String(describing: serverSideEncryption)), sessionMode: \(Swift.String(describing: sessionMode)), ssekmsEncryptionContext: \"CONTENT_REDACTED\", ssekmsKeyId: \"CONTENT_REDACTED\")"} +} + extension S3ClientTypes { - /// The established temporary security credentials of the session. Directory buckets - These session credentials are only supported for the authentication and authorization of Zonal endpoint APIs on directory buckets. + /// The established temporary security credentials of the session. Directory buckets - These session credentials are only supported for the authentication and authorization of Zonal endpoint API operations on directory buckets. public struct SessionCredentials { /// A unique identifier that's associated with a secret access key. The access key ID and the secret access key are used together to sign programmatic Amazon Web Services requests cryptographically. /// This member is required. @@ -2362,18 +2396,39 @@ extension S3ClientTypes.SessionCredentials: Swift.CustomDebugStringConvertible { } public struct CreateSessionOutput { + /// Indicates whether to use an S3 Bucket Key for server-side encryption with KMS keys (SSE-KMS). + public var bucketKeyEnabled: Swift.Bool? /// The established temporary security credentials for the created session. /// This member is required. public var credentials: S3ClientTypes.SessionCredentials? + /// The server-side encryption algorithm used when you store objects in the directory bucket. + public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? + /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject operations on this object. + public var ssekmsEncryptionContext: Swift.String? + /// If you specify x-amz-server-side-encryption with aws:kms, this header indicates the ID of the KMS symmetric encryption customer managed key that was used for object encryption. + public var ssekmsKeyId: Swift.String? public init( - credentials: S3ClientTypes.SessionCredentials? = nil + bucketKeyEnabled: Swift.Bool? = nil, + credentials: S3ClientTypes.SessionCredentials? = nil, + serverSideEncryption: S3ClientTypes.ServerSideEncryption? = nil, + ssekmsEncryptionContext: Swift.String? = nil, + ssekmsKeyId: Swift.String? = nil ) { + self.bucketKeyEnabled = bucketKeyEnabled self.credentials = credentials + self.serverSideEncryption = serverSideEncryption + self.ssekmsEncryptionContext = ssekmsEncryptionContext + self.ssekmsKeyId = ssekmsKeyId } } +extension CreateSessionOutput: Swift.CustomDebugStringConvertible { + public var debugDescription: Swift.String { + "CreateSessionOutput(bucketKeyEnabled: \(Swift.String(describing: bucketKeyEnabled)), credentials: \(Swift.String(describing: credentials)), serverSideEncryption: \(Swift.String(describing: serverSideEncryption)), ssekmsEncryptionContext: \"CONTENT_REDACTED\", ssekmsKeyId: \"CONTENT_REDACTED\")"} +} + public struct DeleteBucketInput { /// Specifies the bucket being deleted. Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide /// This member is required. @@ -2431,10 +2486,10 @@ public struct DeleteBucketCorsInput { } public struct DeleteBucketEncryptionInput { - /// The name of the bucket containing the server-side encryption configuration to delete. + /// The name of the bucket containing the server-side encryption configuration to delete. Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide /// This member is required. public var bucket: Swift.String? - /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). + /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code 501 Not Implemented. public var expectedBucketOwner: Swift.String? public init( @@ -4335,10 +4390,10 @@ public struct GetBucketCorsOutput { } public struct GetBucketEncryptionInput { - /// The name of the bucket from which the server-side encryption configuration is retrieved. + /// The name of the bucket from which the server-side encryption configuration is retrieved. Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide /// This member is required. public var bucket: Swift.String? - /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). + /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code 501 Not Implemented. public var expectedBucketOwner: Swift.String? public init( @@ -4352,9 +4407,22 @@ public struct GetBucketEncryptionInput { } extension S3ClientTypes { - /// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key in your Amazon Web Services account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the Amazon S3 API Reference. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + /// + /// * General purpose buckets - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key (aws/s3) in your Amazon Web Services account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + /// + /// * Directory buckets - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. + /// + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. public struct ServerSideEncryptionByDefault { - /// Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if SSEAlgorithm is set to aws:kms or aws:kms:dsse. You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + /// Amazon Web Services Key Management Service (KMS) customer managed key ID to use for the default encryption. + /// + /// * General purpose buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms or aws:kms:dsse. + /// + /// * Directory buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms. + /// + /// + /// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. /// /// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab /// @@ -4363,9 +4431,16 @@ extension S3ClientTypes { /// * Key Alias: alias/alias-name /// /// - /// If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. If you are using encryption with cross-account or Amazon Web Services service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in Amazon Web Services KMS](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the Amazon Web Services Key Management Service Developer Guide. + /// If you are using encryption with cross-account or Amazon Web Services service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + /// + /// * General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + /// + /// * Directory buckets - When you specify an [KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + /// + /// + /// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in Amazon Web Services KMS](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the Amazon Web Services Key Management Service Developer Guide. public var kmsMasterKeyID: Swift.String? - /// Server-side encryption algorithm to use for the default encryption. + /// Server-side encryption algorithm to use for the default encryption. For directory buckets, there are only two supported values for server-side encryption: AES256 and aws:kms. /// This member is required. public var sseAlgorithm: S3ClientTypes.ServerSideEncryption? @@ -4387,11 +4462,19 @@ extension S3ClientTypes.ServerSideEncryptionByDefault: Swift.CustomDebugStringCo } extension S3ClientTypes { - /// Specifies the default server-side encryption configuration. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// Specifies the default server-side encryption configuration. + /// + /// * General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// + /// * Directory buckets - When you specify an [KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. public struct ServerSideEncryptionRule { /// Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. public var applyServerSideEncryptionByDefault: S3ClientTypes.ServerSideEncryptionByDefault? - /// Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon S3 User Guide. + /// Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key. + /// + /// * General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the Amazon S3 User Guide. + /// + /// * Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. public var bucketKeyEnabled: Swift.Bool? public init( @@ -6319,7 +6402,7 @@ extension S3ClientTypes { } extension S3ClientTypes { - /// Optional configuration to replicate existing source bucket objects. For more information, see [Replicating Existing Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) in the Amazon S3 User Guide. + /// Optional configuration to replicate existing source bucket objects. This parameter is no longer supported. To replicate existing objects, see [Replicating existing objects with S3 Batch Replication](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-batch-replication-batch.html) in the Amazon S3 User Guide. public struct ExistingObjectReplication { /// Specifies whether Amazon S3 replicates existing source bucket objects. /// This member is required. @@ -6526,7 +6609,7 @@ extension S3ClientTypes { /// A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC). /// This member is required. public var destination: S3ClientTypes.Destination? - /// Optional configuration to replicate existing source bucket objects. For more information, see [Replicating Existing Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) in the Amazon S3 User Guide. + /// Optional configuration to replicate existing source bucket objects. This parameter is no longer supported. To replicate existing objects, see [Replicating existing objects with S3 Batch Replication](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-batch-replication-batch.html) in the Amazon S3 User Guide. public var existingObjectReplication: S3ClientTypes.ExistingObjectReplication? /// A filter that identifies the subset of objects to which the replication rule applies. A Filter must specify exactly one Prefix, Tag, or an And child element. public var filter: S3ClientTypes.ReplicationRuleFilter? @@ -7052,7 +7135,7 @@ public struct GetObjectInput { /// The bucket name containing the object. Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide. Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the Amazon S3 User Guide. Object Lambda access points - When you use this action with an Object Lambda access point, you must direct requests to the Object Lambda access point hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. Access points and Object Lambda access points are not supported by directory buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the Amazon S3 User Guide. /// This member is required. public var bucket: Swift.String? - /// To retrieve the checksum, this mode must be enabled. In addition, if you enable checksum mode and the object is uploaded with a [checksum](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) and encrypted with an Key Management Service (KMS) key, you must have permission to use the kms:Decrypt action to retrieve the checksum. + /// To retrieve the checksum, this mode must be enabled. General purpose buckets - In addition, if you enable checksum mode and the object is uploaded with a [checksum](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) and encrypted with an Key Management Service (KMS) key, you must have permission to use the kms:Decrypt action to retrieve the checksum. public var checksumMode: S3ClientTypes.ChecksumMode? /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). public var expectedBucketOwner: Swift.String? @@ -7226,7 +7309,7 @@ public struct GetObjectOutput { public var acceptRanges: Swift.String? /// Object data. public var body: Smithy.ByteStream? - /// Indicates whether the object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// Specifies caching behavior along the request/reply chain. public var cacheControl: Swift.String? @@ -7282,13 +7365,13 @@ public struct GetObjectOutput { public var requestCharged: S3ClientTypes.RequestCharged? /// Provides information about object restoration action and expiration time of the restored object copy. This functionality is not supported for directory buckets. Only the S3 Express One Zone storage class is supported by directory buckets to store objects. public var restore: Swift.String? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3. public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// If present, indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? /// Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects. Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects. public var storageClass: S3ClientTypes.StorageClass? @@ -8160,7 +8243,7 @@ public struct HeadObjectInput { /// The name of the bucket that contains the object. Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide. Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the Amazon S3 User Guide. Access points and Object Lambda access points are not supported by directory buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the Amazon S3 User Guide. /// This member is required. public var bucket: Swift.String? - /// To retrieve the checksum, this parameter must be enabled. In addition, if you enable checksum mode and the object is uploaded with a [checksum](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) and encrypted with an Key Management Service (KMS) key, you must have permission to use the kms:Decrypt action to retrieve the checksum. + /// To retrieve the checksum, this parameter must be enabled. General purpose buckets - If you enable checksum mode and the object is uploaded with a [checksum](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) and encrypted with an Key Management Service (KMS) key, you must have permission to use the kms:Decrypt action to retrieve the checksum. Directory buckets - If you enable ChecksumMode and the object is encrypted with Amazon Web Services Key Management Service (Amazon Web Services KMS), you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key to retrieve the checksum of the object. public var checksumMode: S3ClientTypes.ChecksumMode? /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). public var expectedBucketOwner: Swift.String? @@ -8317,7 +8400,7 @@ public struct HeadObjectOutput { public var acceptRanges: Swift.String? /// The archive state of the head object. This functionality is not supported for directory buckets. public var archiveStatus: S3ClientTypes.ArchiveStatus? - /// Indicates whether the object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// Specifies caching behavior along the request/reply chain. public var cacheControl: Swift.String? @@ -8376,13 +8459,13 @@ public struct HeadObjectOutput { public var requestCharged: S3ClientTypes.RequestCharged? /// If the object is an archived object (an object whose storage class is GLACIER), the response includes this header if either the archive restoration is in progress (see [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) or an archive copy is already restored. If an archive copy is already restored, the header value indicates when Amazon S3 is scheduled to delete the object copy. For example: x-amz-restore: ongoing-request="false", expiry-date="Fri, 21 Dec 2012 00:00:00 GMT" If the object restoration is in progress, the header returns the value ongoing-request="true". For more information about archiving objects, see [Transitioning Objects: General Considerations](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). This functionality is not supported for directory buckets. Only the S3 Express One Zone storage class is supported by directory buckets to store objects. public var restore: Swift.String? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// If present, indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? /// Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects. public var storageClass: S3ClientTypes.StorageClass? @@ -9864,14 +9947,14 @@ public struct PutBucketCorsInput { } public struct PutBucketEncryptionInput { - /// Specifies default encryption for a bucket using server-side encryption with different key options. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with an Amazon Web Services KMS key (SSE-KMS) or a customer-provided key (SSE-C). For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the Amazon S3 User Guide. + /// Specifies default encryption for a bucket using server-side encryption with different key options. Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must also follow the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide /// This member is required. public var bucket: Swift.String? - /// Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter. + /// Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see [Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter. For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance. public var checksumAlgorithm: S3ClientTypes.ChecksumAlgorithm? - /// The base64-encoded 128-bit MD5 digest of the server-side encryption configuration. For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically. + /// The base64-encoded 128-bit MD5 digest of the server-side encryption configuration. For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically. This functionality is not supported for directory buckets. public var contentMD5: Swift.String? - /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). + /// The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied). For directory buckets, this header is not supported in this API operation. If you specify this header, the request fails with the HTTP status code 501 Not Implemented. public var expectedBucketOwner: Swift.String? /// Specifies the default server-side-encryption configuration. /// This member is required. @@ -10464,7 +10547,7 @@ public struct PutObjectInput { /// The bucket name to which the PUT action was initiated. Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the Amazon S3 User Guide. Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see [Using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) in the Amazon S3 User Guide. Access points and Object Lambda access points are not supported by directory buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see [What is S3 on Outposts?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the Amazon S3 User Guide. /// This member is required. public var bucket: Swift.String? - /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Specifying this header with a PUT action doesn’t affect bucket-level settings for S3 Bucket Key. This functionality is not supported for directory buckets. + /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). General purpose buckets - Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. Also, specifying this header with a PUT action doesn't affect bucket-level settings for S3 Bucket Key. Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. public var bucketKeyEnabled: Swift.Bool? /// Can be used to specify caching behavior along the request/reply chain. For more information, see [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). public var cacheControl: Swift.String? @@ -10544,7 +10627,11 @@ public struct PutObjectInput { public var objectLockRetainUntilDate: Foundation.Date? /// Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. If either the source or destination S3 bucket has Requester Pays enabled, the requester will pay for corresponding charges to copy the object. For information about downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 User Guide. This functionality is not supported for directory buckets. public var requestPayer: S3ClientTypes.RequestPayer? - /// The server-side encryption algorithm that was used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). General purpose buckets - You have four mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest by using server-side encryption with other key options. For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) value is supported. + /// The server-side encryption algorithm that was used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). + /// + /// * General purpose buckets - You have four mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest by using server-side encryption with other key options. For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the Amazon S3 User Guide. + /// + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket. When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), the encryption request headers must match the default encryption configuration of the directory bucket. public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// Specifies the algorithm to use when encrypting the object (for example, AES256). This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? @@ -10552,9 +10639,9 @@ public struct PutObjectInput { public var sseCustomerKey: Swift.String? /// Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// Specifies the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject or CopyObject operations on this object. This value must be explicitly added during CopyObject operations. This functionality is not supported for directory buckets. + /// Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject operations on this object. General purpose buckets - This value must be explicitly added during CopyObject operations if you want an additional encryption context for your object. For more information, see [Encryption context](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context) in the Amazon S3 User Guide. Directory buckets - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). An additional encryption context value is not supported. public var ssekmsEncryptionContext: Swift.String? - /// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data. If the KMS key does not exist in the same account that's issuing the command, you must use the full ARN and not just the ID. This functionality is not supported for directory buckets. + /// Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID. General purpose buckets - If you specify x-amz-server-side-encryption with aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data. Directory buckets - If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. public var ssekmsKeyId: Swift.String? /// By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see [Storage Classes](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) in the Amazon S3 User Guide. /// @@ -10655,7 +10742,7 @@ extension PutObjectInput: Swift.CustomDebugStringConvertible { } public struct PutObjectOutput { - /// Indicates whether the uploaded object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the uploaded object uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the Amazon S3 User Guide. public var checksumCRC32: Swift.String? @@ -10671,15 +10758,15 @@ public struct PutObjectOutput { public var expiration: Swift.String? /// If present, indicates that the requester was successfully charged for the request. This functionality is not supported for directory buckets. public var requestCharged: S3ClientTypes.RequestCharged? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3. public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject or CopyObject operations on this object. This functionality is not supported for directory buckets. + /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. The value of this header is a Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject operations on this object. public var ssekmsEncryptionContext: Swift.String? - /// If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, this header indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? /// Version ID of the object. If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects. For more information about versioning, see [Adding Objects to Versioning-Enabled Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) in the Amazon S3 User Guide. For information about returning the versioning state of a bucket, see [GetBucketVersioning](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). This functionality is not supported for directory buckets. public var versionId: Swift.String? @@ -12033,7 +12120,7 @@ extension UploadPartInput: Swift.CustomDebugStringConvertible { } public struct UploadPartOutput { - /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// The base64-encoded, 32-bit CRC32 checksum of the object. This will only be present if it was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see [ Checking object integrity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) in the Amazon S3 User Guide. public var checksumCRC32: Swift.String? @@ -12047,13 +12134,13 @@ public struct UploadPartOutput { public var eTag: Swift.String? /// If present, indicates that the requester was successfully charged for the request. This functionality is not supported for directory buckets. public var requestCharged: S3ClientTypes.RequestCharged? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// If present, indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? public init( @@ -12234,7 +12321,7 @@ extension S3ClientTypes { } public struct UploadPartCopyOutput { - /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality is not supported for directory buckets. + /// Indicates whether the multipart upload uses an S3 Bucket Key for server-side encryption with Key Management Service (KMS) keys (SSE-KMS). public var bucketKeyEnabled: Swift.Bool? /// Container for all response elements. public var copyPartResult: S3ClientTypes.CopyPartResult? @@ -12242,13 +12329,13 @@ public struct UploadPartCopyOutput { public var copySourceVersionId: Swift.String? /// If present, indicates that the requester was successfully charged for the request. This functionality is not supported for directory buckets. public var requestCharged: S3ClientTypes.RequestCharged? - /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms). public var serverSideEncryption: S3ClientTypes.ServerSideEncryption? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to confirm the encryption algorithm that's used. This functionality is not supported for directory buckets. public var sseCustomerAlgorithm: Swift.String? /// If server-side encryption with a customer-provided encryption key was requested, the response will include this header to provide the round-trip message integrity verification of the customer-provided encryption key. This functionality is not supported for directory buckets. public var sseCustomerKeyMD5: Swift.String? - /// If present, indicates the ID of the Key Management Service (KMS) symmetric encryption customer managed key that was used for the object. This functionality is not supported for directory buckets. + /// If present, indicates the ID of the KMS key that was used for object encryption. public var ssekmsKeyId: Swift.String? public init( @@ -12891,6 +12978,18 @@ extension CreateSessionInput { static func headerProvider(_ value: CreateSessionInput) -> SmithyHTTPAPI.Headers { var items = SmithyHTTPAPI.Headers() + if let bucketKeyEnabled = value.bucketKeyEnabled { + items.add(SmithyHTTPAPI.Header(name: "x-amz-server-side-encryption-bucket-key-enabled", value: Swift.String(bucketKeyEnabled))) + } + if let ssekmsEncryptionContext = value.ssekmsEncryptionContext { + items.add(SmithyHTTPAPI.Header(name: "x-amz-server-side-encryption-context", value: Swift.String(ssekmsEncryptionContext))) + } + if let ssekmsKeyId = value.ssekmsKeyId { + items.add(SmithyHTTPAPI.Header(name: "x-amz-server-side-encryption-aws-kms-key-id", value: Swift.String(ssekmsKeyId))) + } + if let serverSideEncryption = value.serverSideEncryption { + items.add(SmithyHTTPAPI.Header(name: "x-amz-server-side-encryption", value: Swift.String(serverSideEncryption.rawValue))) + } if let sessionMode = value.sessionMode { items.add(SmithyHTTPAPI.Header(name: "x-amz-create-session-mode", value: Swift.String(sessionMode.rawValue))) } @@ -16692,6 +16791,18 @@ extension CreateSessionOutput { let responseReader = try SmithyXML.Reader.from(data: data) let reader = responseReader var value = CreateSessionOutput() + if let bucketKeyEnabledHeaderValue = httpResponse.headers.value(for: "x-amz-server-side-encryption-bucket-key-enabled") { + value.bucketKeyEnabled = Swift.Bool(bucketKeyEnabledHeaderValue) ?? false + } + if let ssekmsEncryptionContextHeaderValue = httpResponse.headers.value(for: "x-amz-server-side-encryption-context") { + value.ssekmsEncryptionContext = ssekmsEncryptionContextHeaderValue + } + if let ssekmsKeyIdHeaderValue = httpResponse.headers.value(for: "x-amz-server-side-encryption-aws-kms-key-id") { + value.ssekmsKeyId = ssekmsKeyIdHeaderValue + } + if let serverSideEncryptionHeaderValue = httpResponse.headers.value(for: "x-amz-server-side-encryption") { + value.serverSideEncryption = S3ClientTypes.ServerSideEncryption(rawValue: serverSideEncryptionHeaderValue) + } value.credentials = try reader["Credentials"].readIfPresent(with: S3ClientTypes.SessionCredentials.read(from:)) return value } diff --git a/Sources/Services/AWSS3/Sources/AWSS3/S3Client.swift b/Sources/Services/AWSS3/Sources/AWSS3/S3Client.swift index 320f7eca942..5b49e9ac50b 100644 --- a/Sources/Services/AWSS3/Sources/AWSS3/S3Client.swift +++ b/Sources/Services/AWSS3/Sources/AWSS3/S3Client.swift @@ -326,11 +326,9 @@ extension S3Client { /// /// Completes a multipart upload by assembling previously uploaded parts. You first initiate the multipart upload and then upload all parts using the [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) operation or the [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) operation. After successfully uploading all relevant parts of an upload, you call this CompleteMultipartUpload operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the CompleteMultipartUpload request, you must provide the parts list and ensure that the parts list is complete. The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list, you must provide the PartNumber value and the ETag value that are returned after that part was uploaded. The processing of a CompleteMultipartUpload request could take several minutes to finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial 200 OK response has been sent. This means that a 200 OK response can contain either a success or an error. The error response might be embedded in the 200 OK response. If you call this API operation directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error). Note that if CompleteMultipartUpload fails, applications should be prepared to retry any failed requests (including 500 error responses). For more information, see [Amazon S3 Error Best Practices](https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload can still return a 200 OK response. For more information about multipart uploads, see [Uploading Objects Using Multipart Upload](https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see [Regional and Zonal endpoints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) in the Amazon S3 User Guide. Permissions /// - /// * General purpose bucket permissions - For information about permissions required to use the multipart upload API, see [Multipart Upload and Permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the Amazon S3 User Guide. - /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * General purpose bucket permissions - For information about permissions required to use the multipart upload API, see [Multipart Upload and Permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) in the Amazon S3 User Guide. If you provide an [additional checksum value](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) in your MultipartUpload requests and the object is encrypted with Key Management Service, you must have permission to use the kms:Decrypt action for the CompleteMultipartUpload request to succeed. /// - /// * If you provide an [additional checksum value](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html) in your MultipartUpload requests and the object is encrypted with Key Management Service, you must have permission to use the kms:Decrypt action for the CompleteMultipartUpload request to succeed. + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// /// Special errors @@ -477,7 +475,7 @@ extension S3Client { /// * If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket. /// /// - /// For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the Amazon S3 User Guide. + /// If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the Amazon S3 User Guide. /// /// /// Response and special errors When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds. @@ -724,7 +722,7 @@ extension S3Client { /// /// /// - /// * Directory buckets -For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket. When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), the encryption request headers must match the default encryption configuration of the directory bucket. For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket. /// /// /// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. The following operations are related to CreateMultipartUpload: @@ -802,16 +800,16 @@ extension S3Client { /// Performs the `CreateSession` operation on the `AmazonS3` service. /// - /// Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint APIs on directory buckets. For more information about Zonal endpoint APIs that include the Availability Zone in the request endpoint, see [S3 Express One Zone APIs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) in the Amazon S3 User Guide. To make Zonal endpoint API requests on a directory bucket, use the CreateSession API operation. Specifically, you grant s3express:CreateSession permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the CreateSession API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint APIs. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the x-amz-s3session-token request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a CreateSession API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval. If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see [Performance guidelines and design patterns](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) in the Amazon S3 User Guide. + /// Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets. For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see [S3 Express One Zone APIs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) in the Amazon S3 User Guide. To make Zonal endpoint API requests on a directory bucket, use the CreateSession API operation. Specifically, you grant s3express:CreateSession permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the CreateSession API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the x-amz-s3session-token request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a CreateSession API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval. If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see [Performance guidelines and design patterns](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) in the Amazon S3 User Guide. /// /// * You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com. Path-style requests are not supported. For more information, see [Regional and Zonal endpoints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) in the Amazon S3 User Guide. /// - /// * CopyObject API operation - Unlike other Zonal endpoint APIs, the CopyObject API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the CopyObject API operation on directory buckets, see [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). + /// * CopyObject API operation - Unlike other Zonal endpoint API operations, the CopyObject API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the CopyObject API operation on directory buckets, see [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). /// - /// * HeadBucket API operation - Unlike other Zonal endpoint APIs, the HeadBucket API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the HeadBucket API operation on directory buckets, see [HeadBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html). + /// * HeadBucket API operation - Unlike other Zonal endpoint API operations, the HeadBucket API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the HeadBucket API operation on directory buckets, see [HeadBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html). /// /// - /// Permissions To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants s3express:CreateSession permission to the bucket. In a policy, you can have the s3express:SessionMode condition key to control who can create a ReadWrite or ReadOnly session. For more information about ReadWrite or ReadOnly sessions, see [x-amz-create-session-mode](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters). For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the Amazon S3 User Guide. To grant cross-account access to Zonal endpoint APIs, the bucket policy should also grant both accounts the s3express:CreateSession permission. HTTP Host header syntax Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. + /// Permissions To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants s3express:CreateSession permission to the bucket. In a policy, you can have the s3express:SessionMode condition key to control who can create a ReadWrite or ReadOnly session. For more information about ReadWrite or ReadOnly sessions, see [x-amz-create-session-mode](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters). For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the Amazon S3 User Guide. To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the s3express:CreateSession permission. If you want to encrypt objects with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key. Encryption For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). For [Zonal endpoint (object-level) API operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-differences.html#s3-express-differences-api-operations) except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), you authenticate and authorize requests through [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) for low latency. To encrypt new objects in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk)). Then, when a session is created for Zonal endpoint API operations, new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys during the session. Only 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) is supported per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. After you specify SSE-KMS as your bucket's default encryption configuration with a customer managed key, you can't change the customer managed key for the bucket's SSE-KMS configuration. In the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)) using the REST API, you can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) from the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket. When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. Also, in the Zonal endpoint API calls (except [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html)), it's not supported to override the values of the encryption settings from the CreateSession request. HTTP Host header syntax Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. /// /// - Parameter CreateSessionInput : [no documentation found] /// @@ -1103,7 +1101,21 @@ extension S3Client { /// Performs the `DeleteBucketEncryption` operation on the `AmazonS3` service. /// - /// This operation is not supported by directory buckets. This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the Amazon S3 User Guide. To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the Amazon S3 User Guide. The following operations are related to DeleteBucketEncryption: + /// This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). + /// + /// * General purpose buckets - For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the Amazon S3 User Guide. + /// + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see [Setting default server-side encryption behavior for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html). + /// + /// + /// Permissions + /// + /// * General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + /// + /// * Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the Amazon S3 User Guide. + /// + /// + /// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. The following operations are related to DeleteBucketEncryption: /// /// * [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) /// @@ -2428,7 +2440,21 @@ extension S3Client { /// Performs the `GetBucketEncryption` operation on the `AmazonS3` service. /// - /// This operation is not supported by directory buckets. Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the Amazon S3 User Guide. To use this operation, you must have permission to perform the s3:GetEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). The following operations are related to GetBucketEncryption: + /// Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). + /// + /// * General purpose buckets - For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the Amazon S3 User Guide. + /// + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see [Setting default server-side encryption behavior for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html). + /// + /// + /// Permissions + /// + /// * General purpose bucket permissions - The s3:GetEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). + /// + /// * Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the Amazon S3 User Guide. + /// + /// + /// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. The following operations are related to GetBucketEncryption: /// /// * [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html) /// @@ -3583,10 +3609,10 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted using SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// - /// Storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request. Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. Overriding response header values through the request There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request. You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires. To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request. + /// Storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request. Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. Overriding response header values through the request There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request. You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires. To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request. /// /// * response-cache-control /// @@ -3756,7 +3782,7 @@ extension S3Client { /// /// Retrieves all the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata. GetObjectAttributes combines the functionality of HeadObject and ListParts. All of the data returned with each of those individual calls can be returned with a single call to GetObjectAttributes. Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see [Regional and Zonal endpoints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) in the Amazon S3 User Guide. Permissions /// - /// * General purpose bucket permissions - To use GetObjectAttributes, you must have READ access to the object. The permissions that you need to use this operation with depend on whether the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission. + /// * General purpose bucket permissions - To use GetObjectAttributes, you must have READ access to the object. The permissions that you need to use this operation depend on whether the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see [Specifying Permissions in a Policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission. /// /// * If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found ("no such key") error. /// @@ -3765,7 +3791,7 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// /// Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a GET request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object. If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are: @@ -3777,7 +3803,7 @@ extension S3Client { /// * x-amz-server-side-encryption-customer-key-MD5 /// /// - /// For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the Amazon S3 User Guide. Directory bucket permissions - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. Versioning Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request. Conditional request headers Consider the following when using request headers: + /// For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the Amazon S3 User Guide. Directory bucket permissions - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). Versioning Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request. Conditional request headers Consider the following when using request headers: /// /// * If both of the If-Match and If-Unmodified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 200 OK and the data requested: /// @@ -4382,7 +4408,7 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If you enable x-amz-checksum-mode in the request and the object is encrypted with Amazon Web Services Key Management Service (Amazon Web Services KMS), you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key to retrieve the checksum of the object. /// /// /// Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a HEAD request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object. If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are: @@ -4394,7 +4420,7 @@ extension S3Client { /// * x-amz-server-side-encryption-customer-key-MD5 /// /// - /// For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the Amazon S3 User Guide. Directory bucket permissions - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. Versioning + /// For more information about SSE-C, see [Server-Side Encryption (Using Customer-Provided Encryption Keys)](https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) in the Amazon S3 User Guide. Directory bucket - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. Versioning /// /// * If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response. /// @@ -5743,7 +5769,41 @@ extension S3Client { /// Performs the `PutBucketEncryption` operation on the `AmazonS3` service. /// - /// This operation is not supported by directory buckets. This action uses the encryption subresource to configure default encryption and Amazon S3 Bucket Keys for an existing bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html). If you use PutBucketEncryption to set your [default bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 does not validate the KMS key ID provided in PutBucketEncryption requests. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, this action requires Amazon Web Services Signature Version 4. For more information, see [ Authenticating Requests (Amazon Web Services Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). To use this operation, you must have permission to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Subresource Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the Amazon S3 User Guide. The following operations are related to PutBucketEncryption: + /// This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket. Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information, see [Regional and Zonal endpoints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) in the Amazon S3 User Guide. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). + /// + /// * General purpose buckets + /// + /// * You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html). For information about the bucket default encryption feature, see [Amazon S3 Bucket Default Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the Amazon S3 User Guide. + /// + /// * If you use PutBucketEncryption to set your [default bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests. + /// + /// + /// + /// + /// * Directory buckets - You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS). + /// + /// * We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see [Specifying server-side encryption with KMS for new object uploads](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html). + /// + /// * Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [Amazon Web Services managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (aws/s3) isn't supported. + /// + /// * S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html), [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html), [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops), or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job). In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. + /// + /// * When you specify an [KMS customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + /// + /// * For directory buckets, if you use PutBucketEncryption to set your [default bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests. + /// + /// + /// + /// + /// + /// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, this action requires Amazon Web Services Signature Version 4. For more information, see [ Authenticating Requests (Amazon Web Services Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). Permissions + /// + /// * General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see [Permissions Related to Bucket Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) and [Managing Access Permissions to Your Amazon S3 Resources](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the Amazon S3 User Guide. + /// + /// * Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) in the Amazon S3 User Guide. To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key. + /// + /// + /// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. The following operations are related to PutBucketEncryption: /// /// * [GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) /// @@ -6909,7 +6969,7 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// /// Data integrity with Content-MD5 @@ -7745,7 +7805,7 @@ extension S3Client { /// /// * General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see [Protecting data using server-side encryption with KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see [Multipart upload and permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) and [Multipart upload API and permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) in the Amazon S3 User Guide. /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// /// Data integrity General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see [Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity. Encryption @@ -7759,12 +7819,12 @@ extension S3Client { /// * x-amz-server-side-encryption-customer-key-MD5 /// /// + /// For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the Amazon S3 User Guide. /// + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). /// - /// * Directory bucket - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. /// - /// - /// For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the Amazon S3 User Guide. Special errors + /// Special errors /// /// * Error Code: NoSuchUpload /// @@ -7877,14 +7937,20 @@ extension S3Client { /// * If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination. /// /// - /// For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the Amazon S3 User Guide. + /// If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. For example policies, see [Example bucket policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) in the Amazon S3 User Guide. /// /// /// Encryption /// /// * General purpose buckets - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) and [UploadPart](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). /// - /// * Directory buckets - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, + /// + /// + /// the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets + /// + /// + /// to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html). In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. /// /// /// Special errors @@ -8068,10 +8134,10 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted using SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// - /// Storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request. Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. Overriding response header values through the request There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request. You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires. To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request. + /// Storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request. Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. Overriding response header values through the request There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request. You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires. To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request. /// /// * response-cache-control /// @@ -8139,7 +8205,7 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// /// Data integrity with Content-MD5 @@ -8184,10 +8250,10 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted using SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// - /// Storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request. Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. Overriding response header values through the request There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request. You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires. To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request. + /// Storage classes If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using [RestoreObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see [Restoring Archived Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request. Encryption Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see [Protecting data with server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html) in the Amazon S3 User Guide. Overriding response header values through the request There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request. You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires. To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request. /// /// * response-cache-control /// @@ -8255,7 +8321,7 @@ extension S3Client { /// /// /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// /// Data integrity with Content-MD5 @@ -8293,7 +8359,7 @@ extension S3Client { /// /// * General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see [Protecting data using server-side encryption with KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see [Multipart upload and permissions](https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) and [Multipart upload API and permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) in the Amazon S3 User Guide. /// - /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). + /// * Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see [CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key. /// /// /// Data integrity General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see [Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4)](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity. Encryption @@ -8307,12 +8373,12 @@ extension S3Client { /// * x-amz-server-side-encryption-customer-key-MD5 /// /// + /// For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the Amazon S3 User Guide. /// - /// - /// * Directory bucket - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported. + /// * Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). /// /// - /// For more information, see [Using Server-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the Amazon S3 User Guide. Special errors + /// Special errors /// /// * Error Code: NoSuchUpload /// diff --git a/packageDependencies.plist b/packageDependencies.plist index 6f145201801..efd027b1029 100644 --- a/packageDependencies.plist +++ b/packageDependencies.plist @@ -9,6 +9,6 @@ clientRuntimeBranch main clientRuntimeVersion - 0.71.0 + 0.72.0