diff --git a/.changelog/4c48f347a9014b5c8f143db224436a86.json b/.changelog/4c48f347a9014b5c8f143db224436a86.json new file mode 100644 index 00000000000..e174a49a250 --- /dev/null +++ b/.changelog/4c48f347a9014b5c8f143db224436a86.json @@ -0,0 +1,8 @@ +{ + "id": "4c48f347-a901-4b5c-8f14-3db224436a86", + "type": "feature", + "description": "This release introduces ModifySamlProperties, a new API that allows control of SAML properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories API will now additionally return SAML properties in its responses.", + "modules": [ + "service/workspaces" + ] +} \ No newline at end of file diff --git a/.changelog/ac59a5beef244ca99e22b7cfff4b5031.json b/.changelog/ac59a5beef244ca99e22b7cfff4b5031.json new file mode 100644 index 00000000000..18e1def8834 --- /dev/null +++ b/.changelog/ac59a5beef244ca99e22b7cfff4b5031.json @@ -0,0 +1,8 @@ +{ + "id": "ac59a5be-ef24-4ca9-9e22-b7cfff4b5031", + "type": "documentation", + "description": "Documentation update for PutConfigRule and PutOrganizationConfigRule", + "modules": [ + "service/configservice" + ] +} \ No newline at end of file diff --git a/service/configservice/api_op_ListConformancePackComplianceScores.go b/service/configservice/api_op_ListConformancePackComplianceScores.go index b8dff69962f..bfa361a3435 100644 --- a/service/configservice/api_op_ListConformancePackComplianceScores.go +++ b/service/configservice/api_op_ListConformancePackComplianceScores.go @@ -17,8 +17,9 @@ import ( // conformance pack compared to the number of total possible rule-resource // combinations in the conformance pack. This metric provides you with a high-level // view of the compliance state of your conformance packs, and can be used to -// identify, investigate, and understand compliance deviations in your conformance -// packs. +// identify, investigate, and understand the level of compliance in your +// conformance packs. Conformance packs with no evaluation results will have a +// compliance score of INSUFFICIENT_DATA. func (c *Client) ListConformancePackComplianceScores(ctx context.Context, params *ListConformancePackComplianceScoresInput, optFns ...func(*Options)) (*ListConformancePackComplianceScoresOutput, error) { if params == nil { params = &ListConformancePackComplianceScoresInput{} @@ -47,11 +48,16 @@ type ListConformancePackComplianceScoresInput struct { NextToken *string // Sorts your conformance pack compliance scores in either ascending or descending - // order, depending on SortOrder. + // order, depending on SortOrder. By default, conformance pack compliance scores + // are sorted in ascending order by compliance score and alphabetically by name of + // the conformance pack if there is more than one conformance pack with the same + // compliance score. SortBy types.SortBy // Determines the order in which conformance pack compliance scores are sorted. - // Either in ascending or descending order. + // Either in ascending or descending order. Conformance packs with a compliance + // score of INSUFFICIENT_DATA will be first when sorting by ascending order and + // last when sorting by descending order. SortOrder types.SortOrder noSmithyDocumentSerde @@ -59,7 +65,7 @@ type ListConformancePackComplianceScoresInput struct { type ListConformancePackComplianceScoresOutput struct { - // A list of ConformancePackComplianceScore objects + // A list of ConformancePackComplianceScore objects. // // This member is required. ConformancePackComplianceScores []types.ConformancePackComplianceScore diff --git a/service/configservice/api_op_PutConfigRule.go b/service/configservice/api_op_PutConfigRule.go index 5f9b1529032..3de6623d721 100644 --- a/service/configservice/api_op_PutConfigRule.go +++ b/service/configservice/api_op_PutConfigRule.go @@ -11,31 +11,34 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Adds or updates an Config rule for evaluating whether your Amazon Web Services -// resources comply with your desired configurations. You can use this action for -// Config custom rules and Config managed rules. A Config custom rule is a rule -// that you develop and maintain. An Config managed rule is a customizable, -// predefined rule that Config provides. If you are adding a new Config custom -// rule, you must first create the Lambda function that the rule invokes to -// evaluate your resources. When you use the PutConfigRule action to add the rule -// to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns -// to the function. Specify the ARN for the SourceIdentifier key. This key is part -// of the Source object, which is part of the ConfigRule object. If you are adding -// an Config managed rule, specify the rule's identifier for the SourceIdentifier -// key. To reference Config managed rule identifiers, see About Config managed -// rules -// (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). -// For any new rule that you add, specify the ConfigRuleName in the ConfigRule -// object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are -// generated by Config for new rules. If you are updating a rule that you added -// previously, you can specify the rule by ConfigRuleName, ConfigRuleId, or -// ConfigRuleArn in the ConfigRule data type that you use in this request. For -// information on how many Config rules you can have per account, see Service -// Limits +// Adds or updates an Config rule to evaluate if your Amazon Web Services resources +// comply with your desired configurations. For information on how many Config +// rules you can have per account, see Service Limits // (https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in -// the Config Developer Guide. For more information about developing and using -// Config rules, see Evaluating Amazon Web Services resource Configurations with -// Config +// the Config Developer Guide. There are two types of rules: Config Custom Rules +// and Config Managed Rules. You can use PutConfigRule to create both Config custom +// rules and Config managed rules. Custom rules are rules that you can create using +// either Guard or Lambda functions. Guard (Guard GitHub Repository +// (https://github.com/aws-cloudformation/cloudformation-guard)) is a +// policy-as-code language that allows you to write policies that are enforced by +// Config Custom Policy rules. Lambda uses custom code that you upload to evaluate +// a custom rule. If you are adding a new Custom Lambda rule, you first need to +// create an Lambda function that the rule invokes to evaluate your resources. When +// you use PutConfigRule to add a Custom Lambda rule to Config, you must specify +// the Amazon Resource Name (ARN) that Lambda assigns to the function. You specify +// the ARN in the SourceIdentifier key. This key is part of the Source object, +// which is part of the ConfigRule object. Managed rules are predefined, +// customizable rules created by Config. For a list of managed rules, see List of +// Config Managed Rules +// (https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). +// If you are adding an Config managed rule, you must specify the rule's identifier +// for the SourceIdentifier key. For any new rule that you add, specify the +// ConfigRuleName in the ConfigRule object. Do not specify the ConfigRuleArn or the +// ConfigRuleId. These values are generated by Config for new rules. If you are +// updating a rule that you added previously, you can specify the rule by +// ConfigRuleName, ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that +// you use in this request. For more information about developing and using Config +// rules, see Evaluating Amazon Web Services resource Configurations with Config // (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) // in the Config Developer Guide. func (c *Client) PutConfigRule(ctx context.Context, params *PutConfigRuleInput, optFns ...func(*Options)) (*PutConfigRuleOutput, error) { diff --git a/service/configservice/api_op_PutConformancePack.go b/service/configservice/api_op_PutConformancePack.go index 0d0d8a462bc..b09ae17ae7f 100644 --- a/service/configservice/api_op_PutConformancePack.go +++ b/service/configservice/api_op_PutConformancePack.go @@ -16,8 +16,8 @@ import ( // Amazon Web Services Organization. For information on how many conformance packs // you can have per account, see Service Limits // (https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in -// the Config Developer Guide. This API creates a service linked role -// AWSServiceRoleForConfigConforms in your account. The service linked role is +// the Config Developer Guide. This API creates a service-linked role +// AWSServiceRoleForConfigConforms in your account. The service-linked role is // created only when the role does not exist in your account. You must specify // either the TemplateS3Uri or the TemplateBody parameter, but not both. If you // provide both Config uses the TemplateS3Uri parameter and ignores the diff --git a/service/configservice/api_op_PutOrganizationConfigRule.go b/service/configservice/api_op_PutOrganizationConfigRule.go index 1a6f90e10e9..e00f154bfe8 100644 --- a/service/configservice/api_op_PutOrganizationConfigRule.go +++ b/service/configservice/api_op_PutOrganizationConfigRule.go @@ -11,34 +11,45 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Adds or updates organization Config rule for your entire organization evaluating -// whether your Amazon Web Services resources comply with your desired -// configurations. For information on how many organization Config rules you can -// have per account, see Service Limits +// Adds or updates an Config rule for your entire organization to evaluate if your +// Amazon Web Services resources comply with your desired configurations. For +// information on how many organization Config rules you can have per account, see +// Service Limits // (https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in // the Config Developer Guide. Only a master account and a delegated administrator // can create or update an organization Config rule. When calling this API with a // delegated administrator, you must ensure Organizations // ListDelegatedAdministrator permissions are added. An organization can have up to // 3 delegated administrators. This API enables organization service access through -// the EnableAWSServiceAccess action and creates a service linked role +// the EnableAWSServiceAccess action and creates a service-linked role // AWSServiceRoleForConfigMultiAccountSetup in the master or delegated -// administrator account of your organization. The service linked role is created +// administrator account of your organization. The service-linked role is created // only when the role does not exist in the caller account. Config verifies the // existence of role with GetRole action. To use this API with delegated // administrator, register a delegated administrator by calling Amazon Web Services // Organization register-delegated-administrator for -// config-multiaccountsetup.amazonaws.com. You can use this action to create both -// Config custom rules and Config managed rules. If you are adding a new Config -// custom rule, you must first create Lambda function in the master account or a -// delegated administrator that the rule invokes to evaluate your resources. You -// also need to create an IAM role in the managed-account that can be assumed by -// the Lambda function. When you use the PutOrganizationConfigRule action to add -// the rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda -// assigns to the function. If you are adding an Config managed rule, specify the -// rule's identifier for the RuleIdentifier key. Prerequisite: Ensure you call -// EnableAllFeatures API to enable all features in an organization. Specify either -// OrganizationCustomRuleMetadata or OrganizationManagedRuleMetadata. +// config-multiaccountsetup.amazonaws.com. There are two types of rules: Config +// Custom Rules and Config Managed Rules. You can use PutOrganizationConfigRule to +// create both Config custom rules and Config managed rules. Custom rules are rules +// that you can create using either Guard or Lambda functions. Guard (Guard GitHub +// Repository (https://github.com/aws-cloudformation/cloudformation-guard)) is a +// policy-as-code language that allows you to write policies that are enforced by +// Config Custom Policy rules. Lambda uses custom code that you upload to evaluate +// a custom rule. If you are adding a new Custom Lambda rule, you first need to +// create an Lambda function in the master account or a delegated administrator +// that the rule invokes to evaluate your resources. You also need to create an IAM +// role in the managed account that can be assumed by the Lambda function. When you +// use PutOrganizationConfigRule to add a Custom Lambda rule to Config, you must +// specify the Amazon Resource Name (ARN) that Lambda assigns to the function. +// Managed rules are predefined, customizable rules created by Config. For a list +// of managed rules, see List of Config Managed Rules +// (https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). +// If you are adding an Config managed rule, you must specify the rule's identifier +// for the RuleIdentifier key. Prerequisite: Ensure you call EnableAllFeatures API +// to enable all features in an organization. Make sure to specify one of either +// OrganizationCustomPolicyRuleMetadata for Custom Policy rules, +// OrganizationCustomRuleMetadata for Custom Lambda rules, or +// OrganizationManagedRuleMetadata for managed rules. func (c *Client) PutOrganizationConfigRule(ctx context.Context, params *PutOrganizationConfigRuleInput, optFns ...func(*Options)) (*PutOrganizationConfigRuleOutput, error) { if params == nil { params = &PutOrganizationConfigRuleInput{} @@ -65,17 +76,27 @@ type PutOrganizationConfigRuleInput struct { // Config rule. ExcludedAccounts []string - // An object that specifies metadata for your organization's Config Custom Policy - // rule. The metadata includes the runtime system in use, which accounts have debug - // logging enabled, and other custom rule metadata, such as resource type, resource - // ID of Amazon Web Services resource, and organization trigger types that initiate - // Config to evaluate Amazon Web Services resources against a rule. + // An OrganizationCustomPolicyRuleMetadata object. This object specifies metadata + // for your organization's Config Custom Policy rule. The metadata includes the + // runtime system in use, which accounts have debug logging enabled, and other + // custom rule metadata, such as resource type, resource ID of Amazon Web Services + // resource, and organization trigger types that initiate Config to evaluate Amazon + // Web Services resources against a rule. OrganizationCustomPolicyRuleMetadata *types.OrganizationCustomPolicyRuleMetadata - // An OrganizationCustomRuleMetadata object. + // An OrganizationCustomRuleMetadata object. This object specifies organization + // custom rule metadata such as resource type, resource ID of Amazon Web Services + // resource, Lambda function ARN, and organization trigger types that trigger + // Config to evaluate your Amazon Web Services resources against a rule. It also + // provides the frequency with which you want Config to run evaluations for the + // rule if the trigger type is periodic. OrganizationCustomRuleMetadata *types.OrganizationCustomRuleMetadata - // An OrganizationManagedRuleMetadata object. + // An OrganizationManagedRuleMetadata object. This object specifies organization + // managed rule metadata such as resource type and ID of Amazon Web Services + // resource along with the rule identifier. It also provides the frequency with + // which you want Config to run evaluations for the rule if the trigger type is + // periodic. OrganizationManagedRuleMetadata *types.OrganizationManagedRuleMetadata noSmithyDocumentSerde diff --git a/service/configservice/api_op_PutOrganizationConformancePack.go b/service/configservice/api_op_PutOrganizationConformancePack.go index 32cfb538758..1e262714a12 100644 --- a/service/configservice/api_op_PutOrganizationConformancePack.go +++ b/service/configservice/api_op_PutOrganizationConformancePack.go @@ -20,9 +20,9 @@ import ( // must ensure Organizations ListDelegatedAdministrator permissions are added. An // organization can have up to 3 delegated administrators. This API enables // organization service access for config-multiaccountsetup.amazonaws.com through -// the EnableAWSServiceAccess action and creates a service linked role +// the EnableAWSServiceAccess action and creates a service-linked role // AWSServiceRoleForConfigMultiAccountSetup in the master or delegated -// administrator account of your organization. The service linked role is created +// administrator account of your organization. The service-linked role is created // only when the role does not exist in the caller account. To use this API with // delegated administrator, register a delegated administrator by calling Amazon // Web Services Organization register-delegate-admin for diff --git a/service/configservice/types/errors.go b/service/configservice/types/errors.go index fe9fc6f0f75..a3e117a702e 100644 --- a/service/configservice/types/errors.go +++ b/service/configservice/types/errors.go @@ -64,17 +64,17 @@ func (e *InsufficientDeliveryPolicyException) ErrorFault() smithy.ErrorFault { // // * For // PutOrganizationConfigRule, organization Config rule cannot be created because -// you do not have permissions to call IAM GetRole action or create a service -// linked role. +// you do not have permissions to call IAM GetRole action or create a +// service-linked role. // -// * For PutConformancePack and PutOrganizationConformancePack, a -// conformance pack cannot be created because you do not have permissions: +// * For PutConformancePack and +// PutOrganizationConformancePack, a conformance pack cannot be created because you +// do not have permissions: // -// * To -// call IAM GetRole action or create a service linked role. +// * To call IAM GetRole action or create a +// service-linked role. // -// * To read Amazon S3 -// bucket. +// * To read Amazon S3 bucket. type InsufficientPermissionsException struct { Message *string diff --git a/service/configservice/types/types.go b/service/configservice/types/types.go index 6ad02aad7c1..9f49ebfb20c 100644 --- a/service/configservice/types/types.go +++ b/service/configservice/types/types.go @@ -485,24 +485,33 @@ type ConfigExportDeliveryInfo struct { noSmithyDocumentSerde } -// An Config rule represents an Lambda function that you create for a custom rule -// or a predefined function for an Config managed rule. The function evaluates -// configuration items to assess whether your Amazon Web Services resources comply -// with your desired configurations. This function can run when Config detects a -// configuration change to an Amazon Web Services resource and at a periodic -// frequency that you choose (for example, every 24 hours). You can use the Amazon -// Web Services CLI and Amazon Web Services SDKs if you want to create a rule that -// triggers evaluations for your resources when Config delivers the configuration -// snapshot. For more information, see ConfigSnapshotDeliveryProperties. For more +// Config rules evaluate the configuration settings of your Amazon Web Services +// resources. A rule can run when Config detects a configuration change to an +// Amazon Web Services resource or at a periodic frequency that you choose (for +// example, every 24 hours). There are two types of rules: Config Managed Rules and +// Config Custom Rules. Managed rules are predefined, customizable rules created by +// Config. For a list of managed rules, see List of Config Managed Rules +// (https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). +// Custom rules are rules that you can create using either Guard or Lambda +// functions. Guard (Guard GitHub Repository +// (https://github.com/aws-cloudformation/cloudformation-guard)) is a +// policy-as-code language that allows you to write policies that are enforced by +// Config Custom Policy rules. Lambda uses custom code that you upload to evaluate +// a custom rule. It is invoked by events that are published to it by an event +// source, which Config invokes when the custom rule is initiated. For more // information about developing and using Config rules, see Evaluating Amazon Web // Services resource Configurations with Config // (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) -// in the Config Developer Guide. +// in the Config Developer Guide. You can use the Amazon Web Services CLI and +// Amazon Web Services SDKs if you want to create a rule that triggers evaluations +// for your resources when Config delivers the configuration snapshot. For more +// information, see ConfigSnapshotDeliveryProperties. type ConfigRule struct { - // Provides the rule owner (Amazon Web Services or customer), the rule identifier, - // and the notifications that cause the function to evaluate your Amazon Web - // Services resources. + // Provides the rule owner (Amazon Web Services for managed rules, CUSTOM_POLICY + // for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule + // identifier, and the notifications that cause the function to evaluate your + // Amazon Web Services resources. // // This member is required. Source *Source @@ -530,7 +539,7 @@ type ConfigRule struct { ConfigRuleState ConfigRuleState // Service principal name of the service that created the rule. The field is - // populated only if the service linked rule is created by a service. The field is + // populated only if the service-linked rule is created by a service. The field is // empty if you create your own rule. CreatedBy *string @@ -923,7 +932,7 @@ type ConformancePackComplianceFilters struct { // combinations in a conformance pack compared to the number of total possible // rule-resource combinations in the conformance pack. This metric provides you // with a high-level view of the compliance state of your conformance packs, and -// can be used to identify, investigate, and understand compliance deviations in +// can be used to identify, investigate, and understand the level of compliance in // your conformance packs. type ConformancePackComplianceScore struct { @@ -933,7 +942,8 @@ type ConformancePackComplianceScore struct { // The time that the conformance pack compliance score was last updated. LastUpdatedTime *time.Time - // Compliance score for the conformance pack. + // Compliance score for the conformance pack. Conformance packs with no evaluation + // results will have a compliance score of INSUFFICIENT_DATA. Score *string noSmithyDocumentSerde @@ -942,8 +952,10 @@ type ConformancePackComplianceScore struct { // A list of filters to apply to the conformance pack compliance score result set. type ConformancePackComplianceScoresFilters struct { - // The name of a conformance pack whose score should be included in the compliance - // score result. + // The names of the conformance packs whose compliance scores you want to include + // in the conformance pack compliance score result set. You can include up to 25 + // conformance packs in the ConformancePackNames array of strings, each with a + // character limit of 256 characters for the conformance pack name. // // This member is required. ConformancePackNames []string @@ -2219,7 +2231,7 @@ type RemediationConfiguration struct { // The remediation is triggered automatically. Automatic bool - // Name of the service that owns the service linked rule, if applicable. + // Name of the service that owns the service-linked rule, if applicable. CreatedByService *string // An ExecutionControls object. @@ -2492,9 +2504,10 @@ type Scope struct { noSmithyDocumentSerde } -// Provides the CustomPolicyDetails, the rule owner (Amazon Web Services or -// customer), the rule identifier, and the events that cause the evaluation of your -// Amazon Web Services resources. +// Provides the CustomPolicyDetails, the rule owner (Amazon Web Services for +// managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for +// Custom Lambda rules), the rule identifier, and the events that cause the +// evaluation of your Amazon Web Services resources. type Source struct { // Indicates whether Amazon Web Services or the customer owns and manages the diff --git a/service/workspaces/api_op_ModifySamlProperties.go b/service/workspaces/api_op_ModifySamlProperties.go new file mode 100644 index 00000000000..9f7bee26459 --- /dev/null +++ b/service/workspaces/api_op_ModifySamlProperties.go @@ -0,0 +1,132 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package workspaces + +import ( + "context" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/service/workspaces/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Modifies multiple properties related to SAML 2.0 authentication, including the +// enablement status, user access URL, and relay state parameter name that are used +// for configuring federation with an SAML 2.0 identity provider. +func (c *Client) ModifySamlProperties(ctx context.Context, params *ModifySamlPropertiesInput, optFns ...func(*Options)) (*ModifySamlPropertiesOutput, error) { + if params == nil { + params = &ModifySamlPropertiesInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "ModifySamlProperties", params, optFns, c.addOperationModifySamlPropertiesMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*ModifySamlPropertiesOutput) + out.ResultMetadata = metadata + return out, nil +} + +type ModifySamlPropertiesInput struct { + + // The directory identifier for which you want to configure SAML properties. + // + // This member is required. + ResourceId *string + + // The SAML properties to delete as part of your request. Specify one of the + // following options: + // + // * SAML_PROPERTIES_USER_ACCESS_URL to delete the user access + // URL. + // + // * SAML_PROPERTIES_RELAY_STATE_PARAMETER_NAME to delete the relay state + // parameter name. + PropertiesToDelete []types.DeletableSamlProperty + + // The properties for configuring SAML 2.0 authentication. + SamlProperties *types.SamlProperties + + noSmithyDocumentSerde +} + +type ModifySamlPropertiesOutput struct { + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationModifySamlPropertiesMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsAwsjson11_serializeOpModifySamlProperties{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpModifySamlProperties{}, middleware.After) + if err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { + return err + } + if err = addRetryMiddlewares(stack, options); err != nil { + return err + } + if err = addHTTPSignerV4Middleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addOpModifySamlPropertiesValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opModifySamlProperties(options.Region), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opModifySamlProperties(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + SigningName: "workspaces", + OperationName: "ModifySamlProperties", + } +} diff --git a/service/workspaces/deserializers.go b/service/workspaces/deserializers.go index 2c8c7e3fdcf..a8f08493d9e 100644 --- a/service/workspaces/deserializers.go +++ b/service/workspaces/deserializers.go @@ -5260,6 +5260,126 @@ func awsAwsjson11_deserializeOpErrorModifyClientProperties(response *smithyhttp. } } +type awsAwsjson11_deserializeOpModifySamlProperties struct { +} + +func (*awsAwsjson11_deserializeOpModifySamlProperties) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsjson11_deserializeOpModifySamlProperties) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsjson11_deserializeOpErrorModifySamlProperties(response, &metadata) + } + output := &ModifySamlPropertiesOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsAwsjson11_deserializeOpDocumentModifySamlPropertiesOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + return out, metadata, err +} + +func awsAwsjson11_deserializeOpErrorModifySamlProperties(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + code := response.Header.Get("X-Amzn-ErrorType") + if len(code) != 0 { + errorCode = restjson.SanitizeErrorCode(code) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + code, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(code) != 0 { + errorCode = restjson.SanitizeErrorCode(code) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsAwsjson11_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InvalidParameterValuesException", errorCode): + return awsAwsjson11_deserializeErrorInvalidParameterValuesException(response, errorBody) + + case strings.EqualFold("OperationNotSupportedException", errorCode): + return awsAwsjson11_deserializeErrorOperationNotSupportedException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsAwsjson11_deserializeErrorResourceNotFoundException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + type awsAwsjson11_deserializeOpModifySelfservicePermissions struct { } @@ -10106,6 +10226,64 @@ func awsAwsjson11_deserializeDocumentRootStorage(v **types.RootStorage, value in return nil } +func awsAwsjson11_deserializeDocumentSamlProperties(v **types.SamlProperties, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.SamlProperties + if *v == nil { + sv = &types.SamlProperties{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "RelayStateParameterName": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected NonEmptyString to be of type string, got %T instead", value) + } + sv.RelayStateParameterName = ptr.String(jtv) + } + + case "Status": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected SamlStatusEnum to be of type string, got %T instead", value) + } + sv.Status = types.SamlStatusEnum(jtv) + } + + case "UserAccessUrl": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected SamlUserAccessUrl to be of type string, got %T instead", value) + } + sv.UserAccessUrl = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentSelfservicePermissions(v **types.SelfservicePermissions, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -11145,6 +11323,11 @@ func awsAwsjson11_deserializeDocumentWorkspaceDirectory(v **types.WorkspaceDirec sv.RegistrationCode = ptr.String(jtv) } + case "SamlProperties": + if err := awsAwsjson11_deserializeDocumentSamlProperties(&sv.SamlProperties, value); err != nil { + return err + } + case "SelfservicePermissions": if err := awsAwsjson11_deserializeDocumentSelfservicePermissions(&sv.SelfservicePermissions, value); err != nil { return err @@ -13537,6 +13720,37 @@ func awsAwsjson11_deserializeOpDocumentModifyClientPropertiesOutput(v **ModifyCl return nil } +func awsAwsjson11_deserializeOpDocumentModifySamlPropertiesOutput(v **ModifySamlPropertiesOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *ModifySamlPropertiesOutput + if *v == nil { + sv = &ModifySamlPropertiesOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeOpDocumentModifySelfservicePermissionsOutput(v **ModifySelfservicePermissionsOutput, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/service/workspaces/generated.json b/service/workspaces/generated.json index 7dd5e508307..464bee5ae43 100644 --- a/service/workspaces/generated.json +++ b/service/workspaces/generated.json @@ -52,6 +52,7 @@ "api_op_MigrateWorkspace.go", "api_op_ModifyAccount.go", "api_op_ModifyClientProperties.go", + "api_op_ModifySamlProperties.go", "api_op_ModifySelfservicePermissions.go", "api_op_ModifyWorkspaceAccessProperties.go", "api_op_ModifyWorkspaceCreationProperties.go", diff --git a/service/workspaces/serializers.go b/service/workspaces/serializers.go index 5a4f7958d21..8e9925652c4 100644 --- a/service/workspaces/serializers.go +++ b/service/workspaces/serializers.go @@ -2435,6 +2435,61 @@ func (m *awsAwsjson11_serializeOpModifyClientProperties) HandleSerialize(ctx con return next.HandleSerialize(ctx, in) } +type awsAwsjson11_serializeOpModifySamlProperties struct { +} + +func (*awsAwsjson11_serializeOpModifySamlProperties) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsjson11_serializeOpModifySamlProperties) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*ModifySamlPropertiesInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-amz-json-1.1") + httpBindingEncoder.SetHeader("X-Amz-Target").String("WorkspacesService.ModifySamlProperties") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsAwsjson11_serializeOpDocumentModifySamlPropertiesInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} + type awsAwsjson11_serializeOpModifySelfservicePermissions struct { } @@ -3543,6 +3598,17 @@ func awsAwsjson11_serializeDocumentDefaultImportClientBrandingAttributes(v *type return nil } +func awsAwsjson11_serializeDocumentDeletableSamlPropertiesList(v []types.DeletableSamlProperty, value smithyjson.Value) error { + array := value.Array() + defer array.Close() + + for i := range v { + av := array.Value() + av.String(string(v[i])) + } + return nil +} + func awsAwsjson11_serializeDocumentDirectoryIdList(v []string, value smithyjson.Value) error { array := value.Array() defer array.Close() @@ -3734,6 +3800,28 @@ func awsAwsjson11_serializeDocumentRootStorage(v *types.RootStorage, value smith return nil } +func awsAwsjson11_serializeDocumentSamlProperties(v *types.SamlProperties, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.RelayStateParameterName != nil { + ok := object.Key("RelayStateParameterName") + ok.String(*v.RelayStateParameterName) + } + + if len(v.Status) > 0 { + ok := object.Key("Status") + ok.String(string(v.Status)) + } + + if v.UserAccessUrl != nil { + ok := object.Key("UserAccessUrl") + ok.String(*v.UserAccessUrl) + } + + return nil +} + func awsAwsjson11_serializeDocumentSelfservicePermissions(v *types.SelfservicePermissions, value smithyjson.Value) error { object := value.Object() defer object.Close() @@ -5048,6 +5136,32 @@ func awsAwsjson11_serializeOpDocumentModifyClientPropertiesInput(v *ModifyClient return nil } +func awsAwsjson11_serializeOpDocumentModifySamlPropertiesInput(v *ModifySamlPropertiesInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.PropertiesToDelete != nil { + ok := object.Key("PropertiesToDelete") + if err := awsAwsjson11_serializeDocumentDeletableSamlPropertiesList(v.PropertiesToDelete, ok); err != nil { + return err + } + } + + if v.ResourceId != nil { + ok := object.Key("ResourceId") + ok.String(*v.ResourceId) + } + + if v.SamlProperties != nil { + ok := object.Key("SamlProperties") + if err := awsAwsjson11_serializeDocumentSamlProperties(v.SamlProperties, ok); err != nil { + return err + } + } + + return nil +} + func awsAwsjson11_serializeOpDocumentModifySelfservicePermissionsInput(v *ModifySelfservicePermissionsInput, value smithyjson.Value) error { object := value.Object() defer object.Close() diff --git a/service/workspaces/types/enums.go b/service/workspaces/types/enums.go index 0d7ec9d635a..ce6bcd43424 100644 --- a/service/workspaces/types/enums.go +++ b/service/workspaces/types/enums.go @@ -216,6 +216,24 @@ func (DedicatedTenancySupportResultEnum) Values() []DedicatedTenancySupportResul } } +type DeletableSamlProperty string + +// Enum values for DeletableSamlProperty +const ( + DeletableSamlPropertySamlPropertiesUserAccessUrl DeletableSamlProperty = "SAML_PROPERTIES_USER_ACCESS_URL" + DeletableSamlPropertySamlPropertiesRelayStateParameterName DeletableSamlProperty = "SAML_PROPERTIES_RELAY_STATE_PARAMETER_NAME" +) + +// Values returns all known values for DeletableSamlProperty. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (DeletableSamlProperty) Values() []DeletableSamlProperty { + return []DeletableSamlProperty{ + "SAML_PROPERTIES_USER_ACCESS_URL", + "SAML_PROPERTIES_RELAY_STATE_PARAMETER_NAME", + } +} + type ImageType string // Enum values for ImageType @@ -326,6 +344,26 @@ func (RunningMode) Values() []RunningMode { } } +type SamlStatusEnum string + +// Enum values for SamlStatusEnum +const ( + SamlStatusEnumDisabled SamlStatusEnum = "DISABLED" + SamlStatusEnumEnabled SamlStatusEnum = "ENABLED" + SamlStatusEnumEnabledWithDirectoryLoginFallback SamlStatusEnum = "ENABLED_WITH_DIRECTORY_LOGIN_FALLBACK" +) + +// Values returns all known values for SamlStatusEnum. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (SamlStatusEnum) Values() []SamlStatusEnum { + return []SamlStatusEnum{ + "DISABLED", + "ENABLED", + "ENABLED_WITH_DIRECTORY_LOGIN_FALLBACK", + } +} + type TargetWorkspaceState string // Enum values for TargetWorkspaceState diff --git a/service/workspaces/types/types.go b/service/workspaces/types/types.go index 4dddf829ddf..9329a063970 100644 --- a/service/workspaces/types/types.go +++ b/service/workspaces/types/types.go @@ -513,6 +513,45 @@ type RootStorage struct { noSmithyDocumentSerde } +// Describes the enablement status, user access URL, and relay state parameter name +// that are used for configuring federation with an SAML 2.0 identity provider. +type SamlProperties struct { + + // The relay state parameter name supported by the SAML 2.0 identity provider + // (IdP). When the end user is redirected to the user access URL from the + // WorkSpaces client application, this relay state parameter name is appended as a + // query parameter to the URL along with the relay state endpoint to return the + // user to the client application session. To use SAML 2.0 authentication with + // WorkSpaces, the IdP must support IdP-initiated deep linking for the relay state + // URL. Consult your IdP documentation for more information. + RelayStateParameterName *string + + // Indicates the status of SAML 2.0 authentication. These statuses include the + // following. + // + // * If the setting is DISABLED, end users will be directed to login + // with their directory credentials. + // + // * If the setting is ENABLED, end users will + // be directed to login via the user access URL. Users attempting to connect to + // WorkSpaces from a client application that does not support SAML 2.0 + // authentication will not be able to connect. + // + // * If the setting is + // ENABLED_WITH_DIRECTORY_LOGIN_FALLBACK, end users will be directed to login via + // the user access URL on supported client applications, but will not prevent + // clients that do not support SAML 2.0 authentication from connecting as if SAML + // 2.0 authentication was disabled. + Status SamlStatusEnum + + // The SAML 2.0 identity provider (IdP) user access URL is the URL a user would + // navigate to in their web browser in order to federate from the IdP and directly + // access the application, without any SAML 2.0 service provider (SP) bindings. + UserAccessUrl *string + + noSmithyDocumentSerde +} + // Describes the self-service permissions for a directory. For more information, // see Enable Self-Service WorkSpace Management Capabilities for Your Users // (https://docs.aws.amazon.com/workspaces/latest/adminguide/enable-user-self-service-workspace-management.html). @@ -853,6 +892,10 @@ type WorkspaceDirectory struct { // their Amazon WorkSpaces client application to connect to the directory. RegistrationCode *string + // Describes the enablement status, user access URL, and relay state parameter name + // that are used for configuring federation with an SAML 2.0 identity provider. + SamlProperties *SamlProperties + // The default self-service permissions for WorkSpaces in the directory. SelfservicePermissions *SelfservicePermissions diff --git a/service/workspaces/validators.go b/service/workspaces/validators.go index 3b1faf5ab8d..8d044991325 100644 --- a/service/workspaces/validators.go +++ b/service/workspaces/validators.go @@ -670,6 +670,26 @@ func (m *validateOpModifyClientProperties) HandleInitialize(ctx context.Context, return next.HandleInitialize(ctx, in) } +type validateOpModifySamlProperties struct { +} + +func (*validateOpModifySamlProperties) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpModifySamlProperties) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*ModifySamlPropertiesInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpModifySamlPropertiesInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpModifySelfservicePermissions struct { } @@ -1142,6 +1162,10 @@ func addOpModifyClientPropertiesValidationMiddleware(stack *middleware.Stack) er return stack.Initialize.Add(&validateOpModifyClientProperties{}, middleware.After) } +func addOpModifySamlPropertiesValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpModifySamlProperties{}, middleware.After) +} + func addOpModifySelfservicePermissionsValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpModifySelfservicePermissions{}, middleware.After) } @@ -2012,6 +2036,21 @@ func validateOpModifyClientPropertiesInput(v *ModifyClientPropertiesInput) error } } +func validateOpModifySamlPropertiesInput(v *ModifySamlPropertiesInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ModifySamlPropertiesInput"} + if v.ResourceId == nil { + invalidParams.Add(smithy.NewErrParamRequired("ResourceId")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpModifySelfservicePermissionsInput(v *ModifySelfservicePermissionsInput) error { if v == nil { return nil