diff --git a/apis/keda/v1alpha1/triggerauthentication_types.go b/apis/keda/v1alpha1/triggerauthentication_types.go index d97b827a5a7..cfde1a0a943 100644 --- a/apis/keda/v1alpha1/triggerauthentication_types.go +++ b/apis/keda/v1alpha1/triggerauthentication_types.go @@ -78,6 +78,9 @@ type TriggerAuthenticationSpec struct { // +optional AzureKeyVault *AzureKeyVault `json:"azureKeyVault,omitempty"` + + // +optional + AwsSecretManager *AwsSecretManager `json:"awsSecretManager,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -227,6 +230,40 @@ type AzureKeyVaultCloudInfo struct { ActiveDirectoryEndpoint string `json:"activeDirectoryEndpoint"` } +// AwsSecretManager is used to authenticate using AwsSecretManager +type AwsSecretManager struct { + Credentials *AwsSecretManagerCredentials `json:"credentials"` + Secrets []AwsSecretManagerSecret `json:"secrets"` + + // +optional + PodIdentity *AuthPodIdentity `json:"podIdentity"` + + Cloud *AwsSecretMangerCloudInfo `json:"cloud"` +} + +type AwsSecretManagerCredentials struct { + AccessKey ValueFromSecret `json:"accessKey"` + AccessSecretKey ValueFromSecret `json:"accessSecretKey"` + // +optional + AccessToken ValueFromSecret `json:"accessToken,omitempty"` +} + +type AwsSecretManagerSecret struct { + Parameter string `json:"parameter"` + Name string `json:"name"` + // +optional + VersionId string `json:"versionId,omitempty"` + // +optional + VersionStage string `json:"versionStage,omitempty"` +} + +type AwsSecretMangerCloudInfo struct { + // +optional + Region string `json:"region,omitempty"` + // +optional + Endpoint string `json:"endpoint,omitempty"` +} + func init() { SchemeBuilder.Register(&ClusterTriggerAuthentication{}, &ClusterTriggerAuthenticationList{}) SchemeBuilder.Register(&TriggerAuthentication{}, &TriggerAuthenticationList{}) diff --git a/apis/keda/v1alpha1/zz_generated.deepcopy.go b/apis/keda/v1alpha1/zz_generated.deepcopy.go index 07f8596249d..a8fea3494a6 100644 --- a/apis/keda/v1alpha1/zz_generated.deepcopy.go +++ b/apis/keda/v1alpha1/zz_generated.deepcopy.go @@ -92,6 +92,89 @@ func (in *AuthSecretTargetRef) DeepCopy() *AuthSecretTargetRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsSecretManager) DeepCopyInto(out *AwsSecretManager) { + *out = *in + if in.Credentials != nil { + in, out := &in.Credentials, &out.Credentials + *out = new(AwsSecretManagerCredentials) + **out = **in + } + if in.Secrets != nil { + in, out := &in.Secrets, &out.Secrets + *out = make([]AwsSecretManagerSecret, len(*in)) + copy(*out, *in) + } + if in.PodIdentity != nil { + in, out := &in.PodIdentity, &out.PodIdentity + *out = new(AuthPodIdentity) + **out = **in + } + if in.Cloud != nil { + in, out := &in.Cloud, &out.Cloud + *out = new(AwsSecretMangerCloudInfo) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsSecretManager. +func (in *AwsSecretManager) DeepCopy() *AwsSecretManager { + if in == nil { + return nil + } + out := new(AwsSecretManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsSecretManagerCredentials) DeepCopyInto(out *AwsSecretManagerCredentials) { + *out = *in + out.AccessKey = in.AccessKey + out.AccessSecretKey = in.AccessSecretKey + out.AccessToken = in.AccessToken +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsSecretManagerCredentials. +func (in *AwsSecretManagerCredentials) DeepCopy() *AwsSecretManagerCredentials { + if in == nil { + return nil + } + out := new(AwsSecretManagerCredentials) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsSecretManagerSecret) DeepCopyInto(out *AwsSecretManagerSecret) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsSecretManagerSecret. +func (in *AwsSecretManagerSecret) DeepCopy() *AwsSecretManagerSecret { + if in == nil { + return nil + } + out := new(AwsSecretManagerSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsSecretMangerCloudInfo) DeepCopyInto(out *AwsSecretMangerCloudInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsSecretMangerCloudInfo. +func (in *AwsSecretMangerCloudInfo) DeepCopy() *AwsSecretMangerCloudInfo { + if in == nil { + return nil + } + out := new(AwsSecretMangerCloudInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AzureKeyVault) DeepCopyInto(out *AzureKeyVault) { *out = *in @@ -907,6 +990,11 @@ func (in *TriggerAuthenticationSpec) DeepCopyInto(out *TriggerAuthenticationSpec *out = new(AzureKeyVault) (*in).DeepCopyInto(*out) } + if in.AwsSecretManager != nil { + in, out := &in.AwsSecretManager, &out.AwsSecretManager + *out = new(AwsSecretManager) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggerAuthenticationSpec. diff --git a/config/crd/bases/keda.sh_clustertriggerauthentications.yaml b/config/crd/bases/keda.sh_clustertriggerauthentications.yaml index 2e0c1e36523..e42fa3a3dbf 100644 --- a/config/crd/bases/keda.sh_clustertriggerauthentications.yaml +++ b/config/crd/bases/keda.sh_clustertriggerauthentications.yaml @@ -51,6 +51,100 @@ spec: spec: description: TriggerAuthenticationSpec defines the various ways to authenticate properties: + awsSecretManager: + description: AwsSecretManager is used to authenticate using AwsSecretManager + properties: + cloud: + properties: + endpoint: + type: string + region: + type: string + type: object + credentials: + properties: + accessKey: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + accessSecretKey: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + accessToken: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + required: + - accessKey + - accessSecretKey + type: object + podIdentity: + description: AuthPodIdentity allows users to select the platform + native identity mechanism + properties: + identityId: + type: string + provider: + description: PodIdentityProvider contains the list of providers + type: string + required: + - provider + type: object + secrets: + items: + properties: + name: + type: string + parameter: + type: string + versionId: + type: string + versionStage: + type: string + required: + - name + - parameter + type: object + type: array + required: + - cloud + - credentials + - secrets + type: object azureKeyVault: description: AzureKeyVault is used to authenticate using Azure Key Vault diff --git a/config/crd/bases/keda.sh_triggerauthentications.yaml b/config/crd/bases/keda.sh_triggerauthentications.yaml index e97e481f74d..3b344918dbb 100644 --- a/config/crd/bases/keda.sh_triggerauthentications.yaml +++ b/config/crd/bases/keda.sh_triggerauthentications.yaml @@ -50,6 +50,100 @@ spec: spec: description: TriggerAuthenticationSpec defines the various ways to authenticate properties: + awsSecretManager: + description: AwsSecretManager is used to authenticate using AwsSecretManager + properties: + cloud: + properties: + endpoint: + type: string + region: + type: string + type: object + credentials: + properties: + accessKey: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + accessSecretKey: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + accessToken: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + required: + - accessKey + - accessSecretKey + type: object + podIdentity: + description: AuthPodIdentity allows users to select the platform + native identity mechanism + properties: + identityId: + type: string + provider: + description: PodIdentityProvider contains the list of providers + type: string + required: + - provider + type: object + secrets: + items: + properties: + name: + type: string + parameter: + type: string + versionId: + type: string + versionStage: + type: string + required: + - name + - parameter + type: object + type: array + required: + - cloud + - credentials + - secrets + type: object azureKeyVault: description: AzureKeyVault is used to authenticate using Azure Key Vault diff --git a/pkg/scaling/resolver/aws_secretManager_handler.go b/pkg/scaling/resolver/aws_secretManager_handler.go new file mode 100644 index 00000000000..3435b5a81a5 --- /dev/null +++ b/pkg/scaling/resolver/aws_secretManager_handler.go @@ -0,0 +1,134 @@ +package resolver + +import ( + "context" + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/secretsmanager" + "github.com/go-logr/logr" + kedav1alpha1 "github.com/kedacore/keda/v2/apis/keda/v1alpha1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + corev1listers "k8s.io/client-go/listers/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +type AwsSecretManagerHandler struct { + secretManager *kedav1alpha1.AwsSecretManager + session *session.Session + secretclient *secretsmanager.SecretsManager +} + +func NewAwsSecretManagerHandler(a *kedav1alpha1.AwsSecretManager) *AwsSecretManagerHandler { + return &AwsSecretManagerHandler{ + secretManager: a, + } +} + +func (ash *AwsSecretManagerHandler) Read(ctx context.Context, secretName, versionId, versionStage string) (string, error) { + input := &secretsmanager.GetSecretValueInput{ + SecretId: aws.String(secretName), + } + if versionId != "" { + input.VersionId = aws.String(versionId) + } + if versionStage != "" { + input.VersionStage = aws.String(versionStage) + } + result, err := ash.secretclient.GetSecretValue(input) + if err != nil { + if aerr, ok := err.(awserr.Error); ok { + switch aerr.Code() { + case secretsmanager.ErrCodeResourceNotFoundException: + err = fmt.Errorf(secretsmanager.ErrCodeResourceNotFoundException+": %s", aerr.Error()) + return "", err + case secretsmanager.ErrCodeInvalidParameterException: + err = fmt.Errorf(secretsmanager.ErrCodeInvalidParameterException+": %s", aerr.Error()) + return "", err + case secretsmanager.ErrCodeInvalidRequestException: + err = fmt.Errorf(secretsmanager.ErrCodeInvalidRequestException+": %s", aerr.Error()) + return "", err + case secretsmanager.ErrCodeDecryptionFailure: + err = fmt.Errorf(secretsmanager.ErrCodeDecryptionFailure+": %s", aerr.Error()) + return "", err + case secretsmanager.ErrCodeInternalServiceError: + err = fmt.Errorf(secretsmanager.ErrCodeInternalServiceError+": %s", aerr.Error()) + return "", err + default: + err = fmt.Errorf(aerr.Error()) + return "", err + } + } else { + err = fmt.Errorf(err.Error()) + return "", err + } + } + return *result.SecretString, nil + +} + +func (ash *AwsSecretManagerHandler) Initialize(ctx context.Context, client client.Client, logger logr.Logger, triggerNamespace string, secretsLister corev1listers.SecretLister, podTemplateSpec *corev1.PodTemplateSpec) error { + config, err := ash.getcredentials(ctx, client, logger, triggerNamespace, secretsLister, podTemplateSpec) + if err != nil { + return err + } + if ash.secretManager.Cloud.Region != "" { + config.WithRegion(ash.secretManager.Cloud.Region) + } + if ash.secretManager.Cloud.Endpoint != "" { + config.WithEndpoint(ash.secretManager.Cloud.Endpoint) + } + ash.session = session.Must(session.NewSession()) + ash.secretclient = secretsmanager.New(ash.session, config) + return err +} + +func (ash *AwsSecretManagerHandler) getcredentials(ctx context.Context, client client.Client, logger logr.Logger, triggerNamespace string, secretsLister corev1listers.SecretLister, podTemplateSpec *corev1.PodTemplateSpec) (*aws.Config, error) { + config := aws.NewConfig() + + podIdentity := ash.secretManager.PodIdentity + if podIdentity == nil { + podIdentity = &kedav1alpha1.AuthPodIdentity{} + } + + switch podIdentity.Provider { + case "", kedav1alpha1.PodIdentityProviderNone: + accessKeyId := resolveAuthSecret(ctx, client, logger, ash.secretManager.Credentials.AccessKey.SecretKeyRef.Name, triggerNamespace, ash.secretManager.Credentials.AccessKey.SecretKeyRef.Key, secretsLister) + accessSecretKey := resolveAuthSecret(ctx, client, logger, ash.secretManager.Credentials.AccessSecretKey.SecretKeyRef.Name, triggerNamespace, ash.secretManager.Credentials.AccessSecretKey.SecretKeyRef.Key, secretsLister) + if accessKeyId == "" || accessSecretKey == "" { + return nil, fmt.Errorf("AccessKeyId and AccessSecretKey are expected when not using a pod identity provider") + } + config.WithCredentials(credentials.NewStaticCredentials(accessKeyId, accessSecretKey, "")) + return config, nil + + case kedav1alpha1.PodIdentityProviderAwsEKS: + awsRoleArn, err := ash.getRoleArnAwsEKS(ctx, client, logger, triggerNamespace, podTemplateSpec) + if err != nil { + return nil, fmt.Errorf("error resolving role arn for AwsEKS pod identity: %s", err) + } + config.WithCredentials(stscreds.NewCredentials(ash.session, awsRoleArn)) + return config, nil + case kedav1alpha1.PodIdentityProviderAwsKiam: + awsRoleArn := podTemplateSpec.ObjectMeta.Annotations[kedav1alpha1.PodIdentityAnnotationKiam] + config.WithCredentials(stscreds.NewCredentials(ash.session, awsRoleArn)) + return config, nil + default: + return nil, fmt.Errorf("pod identity provider %s not supported", podIdentity.Provider) + + } +} + +func (ash *AwsSecretManagerHandler) getRoleArnAwsEKS(ctx context.Context, client client.Client, logger logr.Logger, triggerNamespace string, podTemplateSpec *corev1.PodTemplateSpec) (string, error) { + serviceAccountName := podTemplateSpec.Spec.ServiceAccountName + serviceAccount := &corev1.ServiceAccount{} + err := client.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: triggerNamespace}, serviceAccount) + if err != nil { + return "", err + } + return serviceAccount.Annotations[kedav1alpha1.PodIdentityAnnotationEKS], nil +} diff --git a/pkg/scaling/resolver/scale_resolvers.go b/pkg/scaling/resolver/scale_resolvers.go index 22fe7e81d4e..de912b4cf0f 100644 --- a/pkg/scaling/resolver/scale_resolvers.go +++ b/pkg/scaling/resolver/scale_resolvers.go @@ -157,7 +157,7 @@ func ResolveAuthRefAndPodIdentity(ctx context.Context, client client.Client, log triggerAuthRef *kedav1alpha1.ScaledObjectAuthRef, podTemplateSpec *corev1.PodTemplateSpec, namespace string, secretsLister corev1listers.SecretLister) (map[string]string, kedav1alpha1.AuthPodIdentity, error) { if podTemplateSpec != nil { - authParams, podIdentity := resolveAuthRef(ctx, client, logger, triggerAuthRef, &podTemplateSpec.Spec, namespace, secretsLister) + authParams, podIdentity := resolveAuthRef(ctx, client, logger, triggerAuthRef, podTemplateSpec, namespace, secretsLister) if podIdentity.Provider == kedav1alpha1.PodIdentityProviderAwsEKS { serviceAccountName := podTemplateSpec.Spec.ServiceAccountName @@ -181,7 +181,7 @@ func ResolveAuthRefAndPodIdentity(ctx context.Context, client client.Client, log // resolveAuthRef provides authentication parameters needed authenticate scaler with the environment. // based on authentication method defined in TriggerAuthentication, authParams and podIdentity is returned func resolveAuthRef(ctx context.Context, client client.Client, logger logr.Logger, - triggerAuthRef *kedav1alpha1.ScaledObjectAuthRef, podSpec *corev1.PodSpec, + triggerAuthRef *kedav1alpha1.ScaledObjectAuthRef, podTemplateSpec *corev1.PodTemplateSpec, namespace string, secretsLister corev1listers.SecretLister) (map[string]string, kedav1alpha1.AuthPodIdentity) { result := make(map[string]string) var podIdentity kedav1alpha1.AuthPodIdentity @@ -196,11 +196,11 @@ func resolveAuthRef(ctx context.Context, client client.Client, logger logr.Logge } if triggerAuthSpec.Env != nil { for _, e := range triggerAuthSpec.Env { - if podSpec == nil { + if podTemplateSpec == nil { result[e.Parameter] = "" continue } - env, err := ResolveContainerEnv(ctx, client, logger, podSpec, e.ContainerName, namespace, secretsLister) + env, err := ResolveContainerEnv(ctx, client, logger, &podTemplateSpec.Spec, e.ContainerName, namespace, secretsLister) if err != nil { result[e.Parameter] = "" } else { @@ -255,6 +255,24 @@ func resolveAuthRef(ctx context.Context, client client.Client, logger logr.Logge } } } + if triggerAuthSpec.AwsSecretManager != nil && len(triggerAuthSpec.AwsSecretManager.Secrets) > 0 { + AwsSecretManagerHandler := NewAwsSecretManagerHandler(triggerAuthSpec.AwsSecretManager) + err := AwsSecretManagerHandler.Initialize(ctx, client, logger, triggerNamespace, secretsLister, podTemplateSpec) + if err != nil { + logger.Error(err, "error authenticating to Aws Secret Manager", "triggerAuthRef.Name", triggerAuthRef.Name) + } else { + for _, secret := range triggerAuthSpec.AwsSecretManager.Secrets { + res, err := AwsSecretManagerHandler.Read(ctx, secret.Name, secret.VersionId, secret.VersionStage) + if err != nil { + logger.Error(err, "error trying to read secret from Aws Secret Manager", "triggerAuthRef.Name", triggerAuthRef.Name, + "secret.Name", secret.Name, "secret.Version", secret.VersionId, "secret.VersionStage", secret.VersionStage) + } else { + result[secret.Parameter] = res + } + } + } + } + } } diff --git a/pkg/scaling/resolver/scale_resolvers_test.go b/pkg/scaling/resolver/scale_resolvers_test.go index fdcda134781..a00c6ff08c8 100644 --- a/pkg/scaling/resolver/scale_resolvers_test.go +++ b/pkg/scaling/resolver/scale_resolvers_test.go @@ -246,7 +246,7 @@ func TestResolveAuthRef(t *testing.T) { name string existing []runtime.Object soar *kedav1alpha1.ScaledObjectAuthRef - podSpec *corev1.PodSpec + podTemplateSpec *corev1.PodTemplateSpec expected map[string]string expectedPodIdentity kedav1alpha1.AuthPodIdentity }{ @@ -413,7 +413,7 @@ func TestResolveAuthRef(t *testing.T) { fake.NewClientBuilder().WithScheme(scheme.Scheme).WithRuntimeObjects(test.existing...).Build(), logf.Log.WithName("test"), test.soar, - test.podSpec, + test.podTemplateSpec, namespace, secretsLister) if diff := cmp.Diff(gotMap, test.expected); diff != "" { diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go new file mode 100644 index 00000000000..44b2f36afcd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go @@ -0,0 +1,7631 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package secretsmanager + +import ( + "fmt" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +const opCancelRotateSecret = "CancelRotateSecret" + +// CancelRotateSecretRequest generates a "aws/request.Request" representing the +// client's request for the CancelRotateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CancelRotateSecret for more information on using the CancelRotateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CancelRotateSecretRequest method. +// req, resp := client.CancelRotateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret +func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput) { + op := &request.Operation{ + Name: opCancelRotateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CancelRotateSecretInput{} + } + + output = &CancelRotateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// CancelRotateSecret API operation for AWS Secrets Manager. +// +// Turns off automatic rotation, and if a rotation is currently in progress, +// cancels the rotation. +// +// If you cancel a rotation in progress, it can leave the VersionStage labels +// in an unexpected state. You might need to remove the staging label AWSPENDING +// from the partially created version. You also need to determine whether to +// roll back to the previous version of the secret by moving the staging label +// AWSCURRENT to the version that has AWSPENDING. To determine which version +// has a specific staging label, call ListSecretVersionIds. Then use UpdateSecretVersionStage +// to change staging labels. For more information, see How rotation works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html). +// +// To turn on automatic rotation again, call RotateSecret. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:CancelRotateSecret. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation CancelRotateSecret for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret +func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error) { + req, out := c.CancelRotateSecretRequest(input) + return out, req.Send() +} + +// CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See CancelRotateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error) { + req, out := c.CancelRotateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateSecret = "CreateSecret" + +// CreateSecretRequest generates a "aws/request.Request" representing the +// client's request for the CreateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSecret for more information on using the CreateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateSecretRequest method. +// req, resp := client.CreateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret +func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput) { + op := &request.Operation{ + Name: opCreateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateSecretInput{} + } + + output = &CreateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSecret API operation for AWS Secrets Manager. +// +// Creates a new secret. A secret can be a password, a set of credentials such +// as a user name and password, an OAuth token, or other secret information +// that you store in an encrypted form in Secrets Manager. The secret also includes +// the connection information to access a database or other service, which Secrets +// Manager doesn't encrypt. A secret in Secrets Manager consists of both the +// protected secret data and the important information needed to manage the +// secret. +// +// For secrets that use managed rotation, you need to create the secret through +// the managing service. For more information, see Secrets Manager secrets managed +// by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// For information about creating a secret in the console, see Create a secret +// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). +// +// To create a secret, you can provide the secret value to be encrypted in either +// the SecretString parameter or the SecretBinary parameter, but not both. If +// you include SecretString or SecretBinary then Secrets Manager creates an +// initial secret version and automatically attaches the staging label AWSCURRENT +// to it. +// +// For database credentials you want to rotate, for Secrets Manager to be able +// to rotate the secret, you must make sure the JSON you store in the SecretString +// matches the JSON structure of a database secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html). +// +// If you don't specify an KMS encryption key, Secrets Manager uses the Amazon +// Web Services managed key aws/secretsmanager. If this key doesn't already +// exist in your account, then Secrets Manager creates it for you automatically. +// All users and roles in the Amazon Web Services account automatically have +// access to use aws/secretsmanager. Creating aws/secretsmanager can result +// in a one-time significant delay in returning the result. +// +// If the secret is in a different Amazon Web Services account from the credentials +// calling the API, then you can't use aws/secretsmanager to encrypt the secret, +// and you must create and use a customer managed KMS key. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters except SecretBinary +// or SecretString because it might be logged. For more information, see Logging +// Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:CreateSecret. If you include tags in +// the secret, you also need secretsmanager:TagResource. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// To encrypt the secret with a KMS key other than aws/secretsmanager, you need +// kms:GenerateDataKey and kms:Decrypt permission to the key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation CreateSecret for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - LimitExceededException +// The request failed because it would exceed one of the Secrets Manager quotas. +// +// - EncryptionFailure +// Secrets Manager can't encrypt the protected secret text using the provided +// KMS key. Check that the KMS key is available, enabled, and not in an invalid +// state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// +// - ResourceExistsException +// A resource with the ID you requested already exists. +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - MalformedPolicyDocumentException +// The resource policy has syntax errors. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - PreconditionNotMetException +// The request failed because you did not complete all the prerequisite steps. +// +// - DecryptionFailure +// Secrets Manager can't decrypt the protected secret text using the provided +// KMS key. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret +func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error) { + req, out := c.CreateSecretRequest(input) + return out, req.Send() +} + +// CreateSecretWithContext is the same as CreateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error) { + req, out := c.CreateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteResourcePolicy = "DeleteResourcePolicy" + +// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteResourcePolicyRequest method. +// req, resp := client.DeleteResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy +func (c *SecretsManager) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { + op := &request.Operation{ + Name: opDeleteResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteResourcePolicyInput{} + } + + output = &DeleteResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteResourcePolicy API operation for AWS Secrets Manager. +// +// Deletes the resource-based permission policy attached to the secret. To attach +// a policy to a secret, use PutResourcePolicy. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:DeleteResourcePolicy. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation DeleteResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy +func (c *SecretsManager) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) + return out, req.Send() +} + +// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteSecret = "DeleteSecret" + +// DeleteSecretRequest generates a "aws/request.Request" representing the +// client's request for the DeleteSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteSecret for more information on using the DeleteSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteSecretRequest method. +// req, resp := client.DeleteSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret +func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput) { + op := &request.Operation{ + Name: opDeleteSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteSecretInput{} + } + + output = &DeleteSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteSecret API operation for AWS Secrets Manager. +// +// Deletes a secret and all of its versions. You can specify a recovery window +// during which you can restore the secret. The minimum recovery window is 7 +// days. The default recovery window is 30 days. Secrets Manager attaches a +// DeletionDate stamp to the secret that specifies the end of the recovery window. +// At the end of the recovery window, Secrets Manager deletes the secret permanently. +// +// You can't delete a primary secret that is replicated to other Regions. You +// must first delete the replicas using RemoveRegionsFromReplication, and then +// delete the primary secret. When you delete a replica, it is deleted immediately. +// +// You can't directly delete a version of a secret. Instead, you remove all +// staging labels from the version using UpdateSecretVersionStage. This marks +// the version as deprecated, and then Secrets Manager can automatically delete +// the version in the background. +// +// To determine whether an application still uses a secret, you can create an +// Amazon CloudWatch alarm to alert you to any attempts to access a secret during +// the recovery window. For more information, see Monitor secrets scheduled +// for deletion (https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html). +// +// Secrets Manager performs the permanent secret deletion at the end of the +// waiting period as a background task with low priority. There is no guarantee +// of a specific time after the recovery window for the permanent delete to +// occur. +// +// At any time before recovery window ends, you can use RestoreSecret to remove +// the DeletionDate and cancel the deletion of the secret. +// +// When a secret is scheduled for deletion, you cannot retrieve the secret value. +// You must first cancel the deletion with RestoreSecret and then you can retrieve +// the secret. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:DeleteSecret. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation DeleteSecret for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret +func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error) { + req, out := c.DeleteSecretRequest(input) + return out, req.Send() +} + +// DeleteSecretWithContext is the same as DeleteSecret with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error) { + req, out := c.DeleteSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribeSecret = "DescribeSecret" + +// DescribeSecretRequest generates a "aws/request.Request" representing the +// client's request for the DescribeSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeSecret for more information on using the DescribeSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeSecretRequest method. +// req, resp := client.DescribeSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret +func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput) { + op := &request.Operation{ + Name: opDescribeSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeSecretInput{} + } + + output = &DescribeSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeSecret API operation for AWS Secrets Manager. +// +// Retrieves the details of a secret. It does not include the encrypted secret +// value. Secrets Manager only returns fields that have a value in the response. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:DescribeSecret. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation DescribeSecret for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret +func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error) { + req, out := c.DescribeSecretRequest(input) + return out, req.Send() +} + +// DescribeSecretWithContext is the same as DescribeSecret with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error) { + req, out := c.DescribeSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetRandomPassword = "GetRandomPassword" + +// GetRandomPasswordRequest generates a "aws/request.Request" representing the +// client's request for the GetRandomPassword operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetRandomPassword for more information on using the GetRandomPassword +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetRandomPasswordRequest method. +// req, resp := client.GetRandomPasswordRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword +func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput) { + op := &request.Operation{ + Name: opGetRandomPassword, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetRandomPasswordInput{} + } + + output = &GetRandomPasswordOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetRandomPassword API operation for AWS Secrets Manager. +// +// Generates a random password. We recommend that you specify the maximum length +// and include every character type that the system you are generating a password +// for can support. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:GetRandomPassword. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation GetRandomPassword for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword +func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error) { + req, out := c.GetRandomPasswordRequest(input) + return out, req.Send() +} + +// GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of +// the ability to pass a context and additional request options. +// +// See GetRandomPassword for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error) { + req, out := c.GetRandomPasswordRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetResourcePolicy = "GetResourcePolicy" + +// GetResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetResourcePolicy for more information on using the GetResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetResourcePolicyRequest method. +// req, resp := client.GetResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy +func (c *SecretsManager) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) { + op := &request.Operation{ + Name: opGetResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetResourcePolicyInput{} + } + + output = &GetResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetResourcePolicy API operation for AWS Secrets Manager. +// +// Retrieves the JSON text of the resource-based policy document attached to +// the secret. For more information about permissions policies attached to a +// secret, see Permissions policies attached to a secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html). +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:GetResourcePolicy. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation GetResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy +func (c *SecretsManager) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) { + req, out := c.GetResourcePolicyRequest(input) + return out, req.Send() +} + +// GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) { + req, out := c.GetResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetSecretValue = "GetSecretValue" + +// GetSecretValueRequest generates a "aws/request.Request" representing the +// client's request for the GetSecretValue operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSecretValue for more information on using the GetSecretValue +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetSecretValueRequest method. +// req, resp := client.GetSecretValueRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue +func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput) { + op := &request.Operation{ + Name: opGetSecretValue, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetSecretValueInput{} + } + + output = &GetSecretValueOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSecretValue API operation for AWS Secrets Manager. +// +// Retrieves the contents of the encrypted fields SecretString or SecretBinary +// from the specified version of a secret, whichever contains content. +// +// We recommend that you cache your secret values by using client-side caching. +// Caching secrets improves speed and reduces your costs. For more information, +// see Cache secrets for your applications (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html). +// +// To retrieve the previous version of a secret, use VersionStage and specify +// AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage +// (https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html). +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:GetSecretValue. If the secret is encrypted +// using a customer-managed key instead of the Amazon Web Services managed key +// aws/secretsmanager, then you also need kms:Decrypt permissions for that key. +// For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation GetSecretValue for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - DecryptionFailure +// Secrets Manager can't decrypt the protected secret text using the provided +// KMS key. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue +func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error) { + req, out := c.GetSecretValueRequest(input) + return out, req.Send() +} + +// GetSecretValueWithContext is the same as GetSecretValue with the addition of +// the ability to pass a context and additional request options. +// +// See GetSecretValue for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error) { + req, out := c.GetSecretValueRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListSecretVersionIds = "ListSecretVersionIds" + +// ListSecretVersionIdsRequest generates a "aws/request.Request" representing the +// client's request for the ListSecretVersionIds operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListSecretVersionIds for more information on using the ListSecretVersionIds +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListSecretVersionIdsRequest method. +// req, resp := client.ListSecretVersionIdsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds +func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput) { + op := &request.Operation{ + Name: opListSecretVersionIds, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListSecretVersionIdsInput{} + } + + output = &ListSecretVersionIdsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSecretVersionIds API operation for AWS Secrets Manager. +// +// Lists the versions of a secret. Secrets Manager uses staging labels to indicate +// the different versions of a secret. For more information, see Secrets Manager +// concepts: Versions (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version). +// +// To list the secrets in the account, use ListSecrets. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:ListSecretVersionIds. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation ListSecretVersionIds for usage and error information. +// +// Returned Error Types: +// +// - InvalidNextTokenException +// The NextToken value is invalid. +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds +func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error) { + req, out := c.ListSecretVersionIdsRequest(input) + return out, req.Send() +} + +// ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of +// the ability to pass a context and additional request options. +// +// See ListSecretVersionIds for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error) { + req, out := c.ListSecretVersionIdsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSecretVersionIds method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSecretVersionIds operation. +// pageNum := 0 +// err := client.ListSecretVersionIdsPages(params, +// func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error { + return c.ListSecretVersionIdsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSecretVersionIdsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSecretVersionIdsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListSecretVersionIdsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListSecrets = "ListSecrets" + +// ListSecretsRequest generates a "aws/request.Request" representing the +// client's request for the ListSecrets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListSecrets for more information on using the ListSecrets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListSecretsRequest method. +// req, resp := client.ListSecretsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets +func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput) { + op := &request.Operation{ + Name: opListSecrets, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListSecretsInput{} + } + + output = &ListSecretsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSecrets API operation for AWS Secrets Manager. +// +// Lists the secrets that are stored by Secrets Manager in the Amazon Web Services +// account, not including secrets that are marked for deletion. To see secrets +// marked for deletion, use the Secrets Manager console. +// +// ListSecrets is eventually consistent, however it might not reflect changes +// from the last five minutes. To get the latest information for a specific +// secret, use DescribeSecret. +// +// To list the versions of a secret, use ListSecretVersionIds. +// +// To get the secret value from SecretString or SecretBinary, call GetSecretValue. +// +// For information about finding secrets in the console, see Find secrets in +// Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html). +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:ListSecrets. For more information, see +// IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation ListSecrets for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidNextTokenException +// The NextToken value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets +func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error) { + req, out := c.ListSecretsRequest(input) + return out, req.Send() +} + +// ListSecretsWithContext is the same as ListSecrets with the addition of +// the ability to pass a context and additional request options. +// +// See ListSecrets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error) { + req, out := c.ListSecretsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListSecretsPages iterates over the pages of a ListSecrets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSecrets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSecrets operation. +// pageNum := 0 +// err := client.ListSecretsPages(params, +// func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error { + return c.ListSecretsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSecretsPagesWithContext same as ListSecretsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSecretsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSecretsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListSecretsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opPutResourcePolicy = "PutResourcePolicy" + +// PutResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutResourcePolicy for more information on using the PutResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutResourcePolicyRequest method. +// req, resp := client.PutResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy +func (c *SecretsManager) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { + op := &request.Operation{ + Name: opPutResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutResourcePolicyInput{} + } + + output = &PutResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutResourcePolicy API operation for AWS Secrets Manager. +// +// Attaches a resource-based permission policy to a secret. A resource-based +// policy is optional. For more information, see Authentication and access control +// for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html) +// +// For information about attaching a policy in the console, see Attach a permissions +// policy to a secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:PutResourcePolicy. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation PutResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - MalformedPolicyDocumentException +// The resource policy has syntax errors. +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - PublicPolicyException +// The BlockPublicPolicy parameter is set to true, and the resource policy did +// not prevent broad access to the secret. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy +func (c *SecretsManager) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + return out, req.Send() +} + +// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutSecretValue = "PutSecretValue" + +// PutSecretValueRequest generates a "aws/request.Request" representing the +// client's request for the PutSecretValue operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutSecretValue for more information on using the PutSecretValue +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the PutSecretValueRequest method. +// req, resp := client.PutSecretValueRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue +func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput) { + op := &request.Operation{ + Name: opPutSecretValue, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutSecretValueInput{} + } + + output = &PutSecretValueOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutSecretValue API operation for AWS Secrets Manager. +// +// Creates a new version with a new encrypted secret value and attaches it to +// the secret. The version can contain a new SecretString value or a new SecretBinary +// value. +// +// We recommend you avoid calling PutSecretValue at a sustained rate of more +// than once every 10 minutes. When you update the secret value, Secrets Manager +// creates a new version of the secret. Secrets Manager removes outdated versions +// when there are more than 100, but it does not remove versions created less +// than 24 hours ago. If you call PutSecretValue more than once every 10 minutes, +// you create more versions than Secrets Manager removes, and you will reach +// the quota for secret versions. +// +// You can specify the staging labels to attach to the new version in VersionStages. +// If you don't include VersionStages, then Secrets Manager automatically moves +// the staging label AWSCURRENT to this version. If this operation creates the +// first version for the secret, then Secrets Manager automatically attaches +// the staging label AWSCURRENT to it. If this operation moves the staging label +// AWSCURRENT from another version to this version, then Secrets Manager also +// automatically moves the staging label AWSPREVIOUS to the version that AWSCURRENT +// was removed from. +// +// This operation is idempotent. If you call this operation with a ClientRequestToken +// that matches an existing version's VersionId, and you specify the same secret +// data, the operation succeeds but does nothing. However, if the secret data +// is different, then the operation fails because you can't modify an existing +// version; you can only create new ones. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters except SecretBinary +// or SecretString because it might be logged. For more information, see Logging +// Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:PutSecretValue. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation PutSecretValue for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - LimitExceededException +// The request failed because it would exceed one of the Secrets Manager quotas. +// +// - EncryptionFailure +// Secrets Manager can't encrypt the protected secret text using the provided +// KMS key. Check that the KMS key is available, enabled, and not in an invalid +// state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// +// - ResourceExistsException +// A resource with the ID you requested already exists. +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - DecryptionFailure +// Secrets Manager can't decrypt the protected secret text using the provided +// KMS key. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue +func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error) { + req, out := c.PutSecretValueRequest(input) + return out, req.Send() +} + +// PutSecretValueWithContext is the same as PutSecretValue with the addition of +// the ability to pass a context and additional request options. +// +// See PutSecretValue for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error) { + req, out := c.PutSecretValueRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRemoveRegionsFromReplication = "RemoveRegionsFromReplication" + +// RemoveRegionsFromReplicationRequest generates a "aws/request.Request" representing the +// client's request for the RemoveRegionsFromReplication operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RemoveRegionsFromReplication for more information on using the RemoveRegionsFromReplication +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RemoveRegionsFromReplicationRequest method. +// req, resp := client.RemoveRegionsFromReplicationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication +func (c *SecretsManager) RemoveRegionsFromReplicationRequest(input *RemoveRegionsFromReplicationInput) (req *request.Request, output *RemoveRegionsFromReplicationOutput) { + op := &request.Operation{ + Name: opRemoveRegionsFromReplication, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RemoveRegionsFromReplicationInput{} + } + + output = &RemoveRegionsFromReplicationOutput{} + req = c.newRequest(op, input, output) + return +} + +// RemoveRegionsFromReplication API operation for AWS Secrets Manager. +// +// For a secret that is replicated to other Regions, deletes the secret replicas +// from the Regions you specify. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:RemoveRegionsFromReplication. For more +// information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation RemoveRegionsFromReplication for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication +func (c *SecretsManager) RemoveRegionsFromReplication(input *RemoveRegionsFromReplicationInput) (*RemoveRegionsFromReplicationOutput, error) { + req, out := c.RemoveRegionsFromReplicationRequest(input) + return out, req.Send() +} + +// RemoveRegionsFromReplicationWithContext is the same as RemoveRegionsFromReplication with the addition of +// the ability to pass a context and additional request options. +// +// See RemoveRegionsFromReplication for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) RemoveRegionsFromReplicationWithContext(ctx aws.Context, input *RemoveRegionsFromReplicationInput, opts ...request.Option) (*RemoveRegionsFromReplicationOutput, error) { + req, out := c.RemoveRegionsFromReplicationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opReplicateSecretToRegions = "ReplicateSecretToRegions" + +// ReplicateSecretToRegionsRequest generates a "aws/request.Request" representing the +// client's request for the ReplicateSecretToRegions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ReplicateSecretToRegions for more information on using the ReplicateSecretToRegions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ReplicateSecretToRegionsRequest method. +// req, resp := client.ReplicateSecretToRegionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions +func (c *SecretsManager) ReplicateSecretToRegionsRequest(input *ReplicateSecretToRegionsInput) (req *request.Request, output *ReplicateSecretToRegionsOutput) { + op := &request.Operation{ + Name: opReplicateSecretToRegions, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ReplicateSecretToRegionsInput{} + } + + output = &ReplicateSecretToRegionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ReplicateSecretToRegions API operation for AWS Secrets Manager. +// +// Replicates the secret to a new Regions. See Multi-Region secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html). +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:ReplicateSecretToRegions. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation ReplicateSecretToRegions for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions +func (c *SecretsManager) ReplicateSecretToRegions(input *ReplicateSecretToRegionsInput) (*ReplicateSecretToRegionsOutput, error) { + req, out := c.ReplicateSecretToRegionsRequest(input) + return out, req.Send() +} + +// ReplicateSecretToRegionsWithContext is the same as ReplicateSecretToRegions with the addition of +// the ability to pass a context and additional request options. +// +// See ReplicateSecretToRegions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ReplicateSecretToRegionsWithContext(ctx aws.Context, input *ReplicateSecretToRegionsInput, opts ...request.Option) (*ReplicateSecretToRegionsOutput, error) { + req, out := c.ReplicateSecretToRegionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRestoreSecret = "RestoreSecret" + +// RestoreSecretRequest generates a "aws/request.Request" representing the +// client's request for the RestoreSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RestoreSecret for more information on using the RestoreSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RestoreSecretRequest method. +// req, resp := client.RestoreSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret +func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput) { + op := &request.Operation{ + Name: opRestoreSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RestoreSecretInput{} + } + + output = &RestoreSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// RestoreSecret API operation for AWS Secrets Manager. +// +// Cancels the scheduled deletion of a secret by removing the DeletedDate time +// stamp. You can access a secret again after it has been restored. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:RestoreSecret. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation RestoreSecret for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret +func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error) { + req, out := c.RestoreSecretRequest(input) + return out, req.Send() +} + +// RestoreSecretWithContext is the same as RestoreSecret with the addition of +// the ability to pass a context and additional request options. +// +// See RestoreSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error) { + req, out := c.RestoreSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRotateSecret = "RotateSecret" + +// RotateSecretRequest generates a "aws/request.Request" representing the +// client's request for the RotateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RotateSecret for more information on using the RotateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RotateSecretRequest method. +// req, resp := client.RotateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret +func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput) { + op := &request.Operation{ + Name: opRotateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RotateSecretInput{} + } + + output = &RotateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// RotateSecret API operation for AWS Secrets Manager. +// +// Configures and starts the asynchronous process of rotating the secret. For +// information about rotation, see Rotate secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) +// in the Secrets Manager User Guide. If you include the configuration parameters, +// the operation sets the values for the secret and then immediately starts +// a rotation. If you don't include the configuration parameters, the operation +// starts a rotation with the values already stored in the secret. +// +// When rotation is successful, the AWSPENDING staging label might be attached +// to the same version as the AWSCURRENT version, or it might not be attached +// to any version. If the AWSPENDING staging label is present but not attached +// to the same version as AWSCURRENT, then any later invocation of RotateSecret +// assumes that a previous rotation request is still in progress and returns +// an error. When rotation is unsuccessful, the AWSPENDING staging label might +// be attached to an empty secret version. For more information, see Troubleshoot +// rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html) +// in the Secrets Manager User Guide. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:RotateSecret. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// You also need lambda:InvokeFunction permissions on the rotation function. +// For more information, see Permissions for rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation RotateSecret for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret +func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error) { + req, out := c.RotateSecretRequest(input) + return out, req.Send() +} + +// RotateSecretWithContext is the same as RotateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See RotateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error) { + req, out := c.RotateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStopReplicationToReplica = "StopReplicationToReplica" + +// StopReplicationToReplicaRequest generates a "aws/request.Request" representing the +// client's request for the StopReplicationToReplica operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StopReplicationToReplica for more information on using the StopReplicationToReplica +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StopReplicationToReplicaRequest method. +// req, resp := client.StopReplicationToReplicaRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica +func (c *SecretsManager) StopReplicationToReplicaRequest(input *StopReplicationToReplicaInput) (req *request.Request, output *StopReplicationToReplicaOutput) { + op := &request.Operation{ + Name: opStopReplicationToReplica, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StopReplicationToReplicaInput{} + } + + output = &StopReplicationToReplicaOutput{} + req = c.newRequest(op, input, output) + return +} + +// StopReplicationToReplica API operation for AWS Secrets Manager. +// +// Removes the link between the replica secret and the primary secret and promotes +// the replica to a primary secret in the replica Region. +// +// You must call this operation from the Region in which you want to promote +// the replica to a primary secret. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:StopReplicationToReplica. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation StopReplicationToReplica for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica +func (c *SecretsManager) StopReplicationToReplica(input *StopReplicationToReplicaInput) (*StopReplicationToReplicaOutput, error) { + req, out := c.StopReplicationToReplicaRequest(input) + return out, req.Send() +} + +// StopReplicationToReplicaWithContext is the same as StopReplicationToReplica with the addition of +// the ability to pass a context and additional request options. +// +// See StopReplicationToReplica for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) StopReplicationToReplicaWithContext(ctx aws.Context, input *StopReplicationToReplicaInput, opts ...request.Option) (*StopReplicationToReplicaOutput, error) { + req, out := c.StopReplicationToReplicaRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTagResource = "TagResource" + +// TagResourceRequest generates a "aws/request.Request" representing the +// client's request for the TagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagResource for more information on using the TagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource +func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { + op := &request.Operation{ + Name: opTagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &TagResourceInput{} + } + + output = &TagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagResource API operation for AWS Secrets Manager. +// +// Attaches tags to a secret. Tags consist of a key name and a value. Tags are +// part of the secret's metadata. They are not associated with specific versions +// of the secret. This operation appends tags to the existing list of tags. +// +// The following restrictions apply to tags: +// +// - Maximum number of tags per secret: 50 +// +// - Maximum key length: 127 Unicode characters in UTF-8 +// +// - Maximum value length: 255 Unicode characters in UTF-8 +// +// - Tag keys and values are case sensitive. +// +// - Do not use the aws: prefix in your tag names or values because Amazon +// Web Services reserves it for Amazon Web Services use. You can't edit or +// delete tag names or values with this prefix. Tags with this prefix do +// not count against your tags per secret limit. +// +// - If you use your tagging schema across multiple services and resources, +// other services might have restrictions on allowed characters. Generally +// allowed characters: letters, spaces, and numbers representable in UTF-8, +// plus the following special characters: + - = . _ : / @. +// +// If you use tags as part of your security strategy, then adding or removing +// a tag can change permissions. If successfully completing this operation would +// result in you losing your permissions for this secret, then the operation +// is blocked and returns an Access Denied error. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:TagResource. For more information, see +// IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation TagResource for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource +func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + return out, req.Send() +} + +// TagResourceWithContext is the same as TagResource with the addition of +// the ability to pass a context and additional request options. +// +// See TagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagResource = "UntagResource" + +// UntagResourceRequest generates a "aws/request.Request" representing the +// client's request for the UntagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagResource for more information on using the UntagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource +func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { + op := &request.Operation{ + Name: opUntagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UntagResourceInput{} + } + + output = &UntagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagResource API operation for AWS Secrets Manager. +// +// Removes specific tags from a secret. +// +// This operation is idempotent. If a requested tag is not attached to the secret, +// no error is returned and the secret metadata is unchanged. +// +// If you use tags as part of your security strategy, then removing a tag can +// change permissions. If successfully completing this operation would result +// in you losing your permissions for this secret, then the operation is blocked +// and returns an Access Denied error. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:UntagResource. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation UntagResource for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource +func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + return out, req.Send() +} + +// UntagResourceWithContext is the same as UntagResource with the addition of +// the ability to pass a context and additional request options. +// +// See UntagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateSecret = "UpdateSecret" + +// UpdateSecretRequest generates a "aws/request.Request" representing the +// client's request for the UpdateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateSecret for more information on using the UpdateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateSecretRequest method. +// req, resp := client.UpdateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret +func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput) { + op := &request.Operation{ + Name: opUpdateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateSecretInput{} + } + + output = &UpdateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateSecret API operation for AWS Secrets Manager. +// +// Modifies the details of a secret, including metadata and the secret value. +// To change the secret value, you can also use PutSecretValue. +// +// To change the rotation configuration of a secret, use RotateSecret instead. +// +// To change a secret so that it is managed by another service, you need to +// recreate the secret in that service. See Secrets Manager secrets managed +// by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// We recommend you avoid calling UpdateSecret at a sustained rate of more than +// once every 10 minutes. When you call UpdateSecret to update the secret value, +// Secrets Manager creates a new version of the secret. Secrets Manager removes +// outdated versions when there are more than 100, but it does not remove versions +// created less than 24 hours ago. If you update the secret value more than +// once every 10 minutes, you create more versions than Secrets Manager removes, +// and you will reach the quota for secret versions. +// +// If you include SecretString or SecretBinary to create a new secret version, +// Secrets Manager automatically moves the staging label AWSCURRENT to the new +// version. Then it attaches the label AWSPREVIOUS to the version that AWSCURRENT +// was removed from. +// +// If you call this operation with a ClientRequestToken that matches an existing +// version's VersionId, the operation results in an error. You can't modify +// an existing version, you can only create a new version. To remove a version, +// remove all staging labels from it. See UpdateSecretVersionStage. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters except SecretBinary +// or SecretString because it might be logged. For more information, see Logging +// Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:UpdateSecret. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// If you use a customer managed key, you must also have kms:GenerateDataKey +// and kms:Decrypt permissions on the key. For more information, see Secret +// encryption and decryption (https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation UpdateSecret for usage and error information. +// +// Returned Error Types: +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - LimitExceededException +// The request failed because it would exceed one of the Secrets Manager quotas. +// +// - EncryptionFailure +// Secrets Manager can't encrypt the protected secret text using the provided +// KMS key. Check that the KMS key is available, enabled, and not in an invalid +// state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// +// - ResourceExistsException +// A resource with the ID you requested already exists. +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - MalformedPolicyDocumentException +// The resource policy has syntax errors. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - PreconditionNotMetException +// The request failed because you did not complete all the prerequisite steps. +// +// - DecryptionFailure +// Secrets Manager can't decrypt the protected secret text using the provided +// KMS key. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret +func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error) { + req, out := c.UpdateSecretRequest(input) + return out, req.Send() +} + +// UpdateSecretWithContext is the same as UpdateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error) { + req, out := c.UpdateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateSecretVersionStage = "UpdateSecretVersionStage" + +// UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the +// client's request for the UpdateSecretVersionStage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateSecretVersionStageRequest method. +// req, resp := client.UpdateSecretVersionStageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage +func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput) { + op := &request.Operation{ + Name: opUpdateSecretVersionStage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateSecretVersionStageInput{} + } + + output = &UpdateSecretVersionStageOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateSecretVersionStage API operation for AWS Secrets Manager. +// +// Modifies the staging labels attached to a version of a secret. Secrets Manager +// uses staging labels to track a version as it progresses through the secret +// rotation process. Each staging label can be attached to only one version +// at a time. To add a staging label to a version when it is already attached +// to another version, Secrets Manager first removes it from the other version +// first and then attaches it to this one. For more information about versions +// and staging labels, see Concepts: Version (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version). +// +// The staging labels that you specify in the VersionStage parameter are added +// to the existing list of staging labels for the version. +// +// You can move the AWSCURRENT staging label to this version by including it +// in this call. +// +// Whenever you move AWSCURRENT, Secrets Manager automatically moves the label +// AWSPREVIOUS to the version that AWSCURRENT was removed from. +// +// If this action results in the last label being removed from a version, then +// the version is considered to be 'deprecated' and can be deleted by Secrets +// Manager. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:UpdateSecretVersionStage. For more information, +// see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation UpdateSecretVersionStage for usage and error information. +// +// Returned Error Types: +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// - LimitExceededException +// The request failed because it would exceed one of the Secrets Manager quotas. +// +// - InternalServiceError +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage +func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error) { + req, out := c.UpdateSecretVersionStageRequest(input) + return out, req.Send() +} + +// UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateSecretVersionStage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error) { + req, out := c.UpdateSecretVersionStageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opValidateResourcePolicy = "ValidateResourcePolicy" + +// ValidateResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the ValidateResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ValidateResourcePolicy for more information on using the ValidateResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ValidateResourcePolicyRequest method. +// req, resp := client.ValidateResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy +func (c *SecretsManager) ValidateResourcePolicyRequest(input *ValidateResourcePolicyInput) (req *request.Request, output *ValidateResourcePolicyOutput) { + op := &request.Operation{ + Name: opValidateResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ValidateResourcePolicyInput{} + } + + output = &ValidateResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ValidateResourcePolicy API operation for AWS Secrets Manager. +// +// Validates that a resource policy does not grant a wide range of principals +// access to your secret. A resource-based policy is optional for secrets. +// +// The API performs three checks when validating the policy: +// +// - Sends a call to Zelkova (https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/), +// an automated reasoning engine, to ensure your resource policy does not +// allow broad access to your secret, for example policies that use a wildcard +// for the principal. +// +// - Checks for correct syntax in a policy. +// +// - Verifies the policy does not lock out a caller. +// +// Secrets Manager generates a CloudTrail log entry when you call this action. +// Do not include sensitive information in request parameters because it might +// be logged. For more information, see Logging Secrets Manager events with +// CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). +// +// Required permissions: secretsmanager:ValidateResourcePolicy and secretsmanager:PutResourcePolicy. +// For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) +// and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation ValidateResourcePolicy for usage and error information. +// +// Returned Error Types: +// +// - MalformedPolicyDocumentException +// The resource policy has syntax errors. +// +// - ResourceNotFoundException +// Secrets Manager can't find the resource that you asked for. +// +// - InvalidParameterException +// The parameter name or value is invalid. +// +// - InternalServiceError +// An error occurred on the server side. +// +// - InvalidRequestException +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy +func (c *SecretsManager) ValidateResourcePolicy(input *ValidateResourcePolicyInput) (*ValidateResourcePolicyOutput, error) { + req, out := c.ValidateResourcePolicyRequest(input) + return out, req.Send() +} + +// ValidateResourcePolicyWithContext is the same as ValidateResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See ValidateResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ValidateResourcePolicyWithContext(ctx aws.Context, input *ValidateResourcePolicyInput, opts ...request.Option) (*ValidateResourcePolicyOutput, error) { + req, out := c.ValidateResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +type CancelRotateSecretInput struct { + _ struct{} `type:"structure"` + + // The ARN or name of the secret. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelRotateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelRotateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CancelRotateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CancelRotateSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *CancelRotateSecretInput) SetSecretId(v string) *CancelRotateSecretInput { + s.SecretId = &v + return s +} + +type CancelRotateSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The name of the secret. + Name *string `min:"1" type:"string"` + + // The unique identifier of the version of the secret created during the rotation. + // This version might not be complete, and should be evaluated for possible + // deletion. We recommend that you remove the VersionStage value AWSPENDING + // from this version so that Secrets Manager can delete it. Failing to clean + // up a cancelled rotation can block you from starting future rotations. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelRotateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CancelRotateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *CancelRotateSecretOutput) SetARN(v string) *CancelRotateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *CancelRotateSecretOutput) SetName(v string) *CancelRotateSecretOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *CancelRotateSecretOutput) SetVersionId(v string) *CancelRotateSecretOutput { + s.VersionId = &v + return s +} + +type CreateSecretInput struct { + _ struct{} `type:"structure"` + + // A list of Regions and KMS keys to replicate secrets. + AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list"` + + // If you include SecretString or SecretBinary, then Secrets Manager creates + // an initial version for the secret, and this parameter specifies the unique + // identifier for the new version. + // + // If you use the Amazon Web Services CLI or one of the Amazon Web Services + // SDKs to call this operation, then you can leave this parameter empty. The + // CLI or SDK generates a random UUID for you and includes it as the value for + // this parameter in the request. If you don't use the SDK and instead generate + // a raw HTTP request to the Secrets Manager service endpoint, then you must + // generate a ClientRequestToken yourself for the new version and include the + // value in the request. + // + // This value helps ensure idempotency. Secrets Manager uses this value to prevent + // the accidental creation of duplicate versions if there are failures and retries + // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) + // value to ensure uniqueness of your versions within the specified secret. + // + // * If the ClientRequestToken value isn't already associated with a version + // of the secret then a new version of the secret is created. + // + // * If a version with this value already exists and the version SecretString + // and SecretBinary values are the same as those in the request, then the + // request is ignored. + // + // * If a version with this value already exists and that version's SecretString + // and SecretBinary values are different from those in the request, then + // the request fails because you cannot modify an existing version. Instead, + // use PutSecretValue to create a new version. + // + // This value becomes the VersionId of the new version. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // The description of the secret. + Description *string `type:"string"` + + // Specifies whether to overwrite a secret with the same name in the destination + // Region. By default, secrets aren't overwritten. + ForceOverwriteReplicaSecret *bool `type:"boolean"` + + // The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt + // the secret value in the secret. An alias is always prefixed by alias/, for + // example alias/aws/secretsmanager. For more information, see About aliases + // (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). + // + // To use a KMS key in a different account, use the key ARN or the alias ARN. + // + // If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. + // If that key doesn't yet exist, then Secrets Manager creates it for you automatically + // the first time it encrypts the secret value. + // + // If the secret is in a different Amazon Web Services account from the credentials + // calling the API, then you can't use aws/secretsmanager to encrypt the secret, + // and you must create and use a customer managed KMS key. + KmsKeyId *string `type:"string"` + + // The name of the new secret. + // + // The secret name can contain ASCII letters, numbers, and the following characters: + // /_+=.@- + // + // Do not end your secret name with a hyphen followed by six characters. If + // you do so, you risk confusion and unexpected results when searching for a + // secret by partial ARN. Secrets Manager automatically adds a hyphen and six + // random characters after the secret name at the end of the ARN. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` + + // The binary data to encrypt and store in the new version of the secret. We + // recommend that you store your binary data in a file and then pass the contents + // of the file as a parameter. + // + // Either SecretString or SecretBinary must have a value, but not both. + // + // This parameter is not available in the Secrets Manager console. + // + // SecretBinary is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateSecretInput's + // String and GoString methods. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` + + // The text data to encrypt and store in this new version of the secret. We + // recommend you use a JSON structure of key/value pairs for your secret value. + // + // Either SecretString or SecretBinary must have a value, but not both. + // + // If you create a secret by using the Secrets Manager console then Secrets + // Manager puts the protected secret text in only the SecretString parameter. + // The Secrets Manager console stores the information as a JSON structure of + // key/value pairs that a Lambda rotation function can parse. + // + // SecretString is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateSecretInput's + // String and GoString methods. + SecretString *string `min:"1" type:"string" sensitive:"true"` + + // A list of tags to attach to the secret. Each tag is a key and value pair + // of strings in a JSON text string, for example: + // + // [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] + // + // Secrets Manager tag key names are case sensitive. A tag with the key "ABC" + // is a different tag from one with key "abc". + // + // If you check tags in permissions policies as part of your security strategy, + // then adding or removing a tag can change permissions. If the completion of + // this operation would result in you losing your permissions for this secret, + // then Secrets Manager blocks the operation and returns an Access Denied error. + // For more information, see Control access to secrets using tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) + // and Limit access to identities with tags that match secrets' tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2). + // + // For information about how to format a JSON parameter for the various command + // line tool environments, see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). + // If your command-line tool or SDK requires quotation marks around the parameter, + // you should use single quotes to avoid confusion with the double quotes required + // in the JSON text. + // + // The following restrictions apply to tags: + // + // * Maximum number of tags per secret: 50 + // + // * Maximum key length: 127 Unicode characters in UTF-8 + // + // * Maximum value length: 255 Unicode characters in UTF-8 + // + // * Tag keys and values are case sensitive. + // + // * Do not use the aws: prefix in your tag names or values because Amazon + // Web Services reserves it for Amazon Web Services use. You can't edit or + // delete tag names or values with this prefix. Tags with this prefix do + // not count against your tags per secret limit. + // + // * If you use your tagging schema across multiple services and resources, + // other services might have restrictions on allowed characters. Generally + // allowed characters: letters, spaces, and numbers representable in UTF-8, + // plus the following special characters: + - = . _ : / @. + Tags []*Tag `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSecretInput"} + if s.AddReplicaRegions != nil && len(s.AddReplicaRegions) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AddReplicaRegions", 1)) + } + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.SecretBinary != nil && len(s.SecretBinary) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) + } + if s.SecretString != nil && len(*s.SecretString) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) + } + if s.AddReplicaRegions != nil { + for i, v := range s.AddReplicaRegions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AddReplicaRegions", i), err.(request.ErrInvalidParams)) + } + } + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAddReplicaRegions sets the AddReplicaRegions field's value. +func (s *CreateSecretInput) SetAddReplicaRegions(v []*ReplicaRegionType) *CreateSecretInput { + s.AddReplicaRegions = v + return s +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput { + s.ClientRequestToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput { + s.Description = &v + return s +} + +// SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value. +func (s *CreateSecretInput) SetForceOverwriteReplicaSecret(v bool) *CreateSecretInput { + s.ForceOverwriteReplicaSecret = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput { + s.KmsKeyId = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateSecretInput) SetName(v string) *CreateSecretInput { + s.Name = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput { + s.SecretBinary = v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput { + s.SecretString = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput { + s.Tags = v + return s +} + +type CreateSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the new secret. The ARN includes the name of the secret followed + // by six random characters. This ensures that if you create a new secret with + // the same name as a deleted secret, then users with access to the old secret + // don't get access to the new secret because the ARNs are different. + ARN *string `min:"20" type:"string"` + + // The name of the new secret. + Name *string `min:"1" type:"string"` + + // A list of the replicas of this secret and their status: + // + // * Failed, which indicates that the replica was not created. + // + // * InProgress, which indicates that Secrets Manager is in the process of + // creating the replica. + // + // * InSync, which indicates that the replica was created. + ReplicationStatus []*ReplicationStatusType `type:"list"` + + // The unique identifier associated with the version of the new secret. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *CreateSecretOutput) SetARN(v string) *CreateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateSecretOutput) SetName(v string) *CreateSecretOutput { + s.Name = &v + return s +} + +// SetReplicationStatus sets the ReplicationStatus field's value. +func (s *CreateSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *CreateSecretOutput { + s.ReplicationStatus = v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput { + s.VersionId = &v + return s +} + +// Secrets Manager can't decrypt the protected secret text using the provided +// KMS key. +type DecryptionFailure struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DecryptionFailure) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DecryptionFailure) GoString() string { + return s.String() +} + +func newErrorDecryptionFailure(v protocol.ResponseMetadata) error { + return &DecryptionFailure{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *DecryptionFailure) Code() string { + return "DecryptionFailure" +} + +// Message returns the exception's message. +func (s *DecryptionFailure) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *DecryptionFailure) OrigErr() error { + return nil +} + +func (s *DecryptionFailure) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *DecryptionFailure) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *DecryptionFailure) RequestID() string { + return s.RespMetadata.RequestID +} + +type DeleteResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // The ARN or name of the secret to delete the attached resource-based policy + // for. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *DeleteResourcePolicyInput) SetSecretId(v string) *DeleteResourcePolicyInput { + s.SecretId = &v + return s +} + +type DeleteResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that the resource-based policy was deleted for. + ARN *string `min:"20" type:"string"` + + // The name of the secret that the resource-based policy was deleted for. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *DeleteResourcePolicyOutput) SetARN(v string) *DeleteResourcePolicyOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeleteResourcePolicyOutput) SetName(v string) *DeleteResourcePolicyOutput { + s.Name = &v + return s +} + +type DeleteSecretInput struct { + _ struct{} `type:"structure"` + + // Specifies whether to delete the secret without any recovery window. You can't + // use both this parameter and RecoveryWindowInDays in the same call. If you + // don't use either, then by default Secrets Manager uses a 30 day recovery + // window. + // + // Secrets Manager performs the actual deletion with an asynchronous background + // process, so there might be a short delay before the secret is permanently + // deleted. If you delete a secret and then immediately create a secret with + // the same name, use appropriate back off and retry logic. + // + // If you forcibly delete an already deleted or nonexistent secret, the operation + // does not return ResourceNotFoundException. + // + // Use this parameter with caution. This parameter causes the operation to skip + // the normal recovery window before the permanent deletion that Secrets Manager + // would normally impose with the RecoveryWindowInDays parameter. If you delete + // a secret with the ForceDeleteWithoutRecovery parameter, then you have no + // opportunity to recover the secret. You lose the secret permanently. + ForceDeleteWithoutRecovery *bool `type:"boolean"` + + // The number of days from 7 to 30 that Secrets Manager waits before permanently + // deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery + // in the same call. If you don't use either, then by default Secrets Manager + // uses a 30 day recovery window. + RecoveryWindowInDays *int64 `type:"long"` + + // The ARN or name of the secret to delete. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetForceDeleteWithoutRecovery sets the ForceDeleteWithoutRecovery field's value. +func (s *DeleteSecretInput) SetForceDeleteWithoutRecovery(v bool) *DeleteSecretInput { + s.ForceDeleteWithoutRecovery = &v + return s +} + +// SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value. +func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput { + s.RecoveryWindowInDays = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput { + s.SecretId = &v + return s +} + +type DeleteSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The date and time after which this secret Secrets Manager can permanently + // delete this secret, and it can no longer be restored. This value is the date + // and time of the delete request plus the number of days in RecoveryWindowInDays. + DeletionDate *time.Time `type:"timestamp"` + + // The name of the secret. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *DeleteSecretOutput) SetARN(v string) *DeleteSecretOutput { + s.ARN = &v + return s +} + +// SetDeletionDate sets the DeletionDate field's value. +func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput { + s.DeletionDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeleteSecretOutput) SetName(v string) *DeleteSecretOutput { + s.Name = &v + return s +} + +type DescribeSecretInput struct { + _ struct{} `type:"structure"` + + // The ARN or name of the secret. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput { + s.SecretId = &v + return s +} + +type DescribeSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The date the secret was created. + CreatedDate *time.Time `type:"timestamp"` + + // The date the secret is scheduled for deletion. If it is not scheduled for + // deletion, this field is omitted. When you delete a secret, Secrets Manager + // requires a recovery window of at least 7 days before deleting the secret. + // Some time after the deleted date, Secrets Manager deletes the secret, including + // all of its versions. + // + // If a secret is scheduled for deletion, then its details, including the encrypted + // secret value, is not accessible. To cancel a scheduled deletion and restore + // access to the secret, use RestoreSecret. + DeletedDate *time.Time `type:"timestamp"` + + // The description of the secret. + Description *string `type:"string"` + + // The key ID or alias ARN of the KMS key that Secrets Manager uses to encrypt + // the secret value. If the secret is encrypted with the Amazon Web Services + // managed key aws/secretsmanager, this field is omitted. Secrets created using + // the console use an KMS key ID. + KmsKeyId *string `type:"string"` + + // The date that the secret was last accessed in the Region. This field is omitted + // if the secret has never been retrieved in the Region. + LastAccessedDate *time.Time `type:"timestamp"` + + // The last date and time that this secret was modified in any way. + LastChangedDate *time.Time `type:"timestamp"` + + // The last date and time that Secrets Manager rotated the secret. If the secret + // isn't configured for rotation, Secrets Manager returns null. + LastRotatedDate *time.Time `type:"timestamp"` + + // The name of the secret. + Name *string `min:"1" type:"string"` + + // The next rotation is scheduled to occur on or before this date. If the secret + // isn't configured for rotation, Secrets Manager returns null. + NextRotationDate *time.Time `type:"timestamp"` + + // The ID of the service that created this secret. For more information, see + // Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). + OwningService *string `min:"1" type:"string"` + + // The Region the secret is in. If a secret is replicated to other Regions, + // the replicas are listed in ReplicationStatus. + PrimaryRegion *string `min:"1" type:"string"` + + // A list of the replicas of this secret and their status: + // + // * Failed, which indicates that the replica was not created. + // + // * InProgress, which indicates that Secrets Manager is in the process of + // creating the replica. + // + // * InSync, which indicates that the replica was created. + ReplicationStatus []*ReplicationStatusType `type:"list"` + + // Specifies whether automatic rotation is turned on for this secret. + // + // To turn on rotation, use RotateSecret. To turn off rotation, use CancelRotateSecret. + RotationEnabled *bool `type:"boolean"` + + // The ARN of the Lambda function that Secrets Manager invokes to rotate the + // secret. + RotationLambdaARN *string `type:"string"` + + // The rotation schedule and Lambda function for this secret. If the secret + // previously had rotation turned on, but it is now turned off, this field shows + // the previous rotation schedule and rotation function. If the secret never + // had rotation turned on, this field is omitted. + RotationRules *RotationRulesType `type:"structure"` + + // The list of tags attached to the secret. To add tags to a secret, use TagResource. + // To remove tags, use UntagResource. + Tags []*Tag `type:"list"` + + // A list of the versions of the secret that have staging labels attached. Versions + // that don't have staging labels are considered deprecated and Secrets Manager + // can delete them. + // + // Secrets Manager uses staging labels to indicate the status of a secret version + // during rotation. The three staging labels for rotation are: + // + // * AWSCURRENT, which indicates the current version of the secret. + // + // * AWSPENDING, which indicates the version of the secret that contains + // new secret information that will become the next current version when + // rotation finishes. During rotation, Secrets Manager creates an AWSPENDING + // version ID before creating the new secret version. To check if a secret + // version exists, call GetSecretValue. + // + // * AWSPREVIOUS, which indicates the previous current version of the secret. + // You can use this as the last known good version. + // + // For more information about rotation and staging labels, see How rotation + // works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html). + VersionIdsToStages map[string][]*string `type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *DescribeSecretOutput) SetARN(v string) *DescribeSecretOutput { + s.ARN = &v + return s +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *DescribeSecretOutput) SetCreatedDate(v time.Time) *DescribeSecretOutput { + s.CreatedDate = &v + return s +} + +// SetDeletedDate sets the DeletedDate field's value. +func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput { + s.DeletedDate = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *DescribeSecretOutput) SetKmsKeyId(v string) *DescribeSecretOutput { + s.KmsKeyId = &v + return s +} + +// SetLastAccessedDate sets the LastAccessedDate field's value. +func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput { + s.LastAccessedDate = &v + return s +} + +// SetLastChangedDate sets the LastChangedDate field's value. +func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput { + s.LastChangedDate = &v + return s +} + +// SetLastRotatedDate sets the LastRotatedDate field's value. +func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput { + s.LastRotatedDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *DescribeSecretOutput) SetName(v string) *DescribeSecretOutput { + s.Name = &v + return s +} + +// SetNextRotationDate sets the NextRotationDate field's value. +func (s *DescribeSecretOutput) SetNextRotationDate(v time.Time) *DescribeSecretOutput { + s.NextRotationDate = &v + return s +} + +// SetOwningService sets the OwningService field's value. +func (s *DescribeSecretOutput) SetOwningService(v string) *DescribeSecretOutput { + s.OwningService = &v + return s +} + +// SetPrimaryRegion sets the PrimaryRegion field's value. +func (s *DescribeSecretOutput) SetPrimaryRegion(v string) *DescribeSecretOutput { + s.PrimaryRegion = &v + return s +} + +// SetReplicationStatus sets the ReplicationStatus field's value. +func (s *DescribeSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *DescribeSecretOutput { + s.ReplicationStatus = v + return s +} + +// SetRotationEnabled sets the RotationEnabled field's value. +func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput { + s.RotationEnabled = &v + return s +} + +// SetRotationLambdaARN sets the RotationLambdaARN field's value. +func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput { + s.RotationLambdaARN = &v + return s +} + +// SetRotationRules sets the RotationRules field's value. +func (s *DescribeSecretOutput) SetRotationRules(v *RotationRulesType) *DescribeSecretOutput { + s.RotationRules = v + return s +} + +// SetTags sets the Tags field's value. +func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput { + s.Tags = v + return s +} + +// SetVersionIdsToStages sets the VersionIdsToStages field's value. +func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput { + s.VersionIdsToStages = v + return s +} + +// Secrets Manager can't encrypt the protected secret text using the provided +// KMS key. Check that the KMS key is available, enabled, and not in an invalid +// state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +type EncryptionFailure struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptionFailure) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptionFailure) GoString() string { + return s.String() +} + +func newErrorEncryptionFailure(v protocol.ResponseMetadata) error { + return &EncryptionFailure{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *EncryptionFailure) Code() string { + return "EncryptionFailure" +} + +// Message returns the exception's message. +func (s *EncryptionFailure) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *EncryptionFailure) OrigErr() error { + return nil +} + +func (s *EncryptionFailure) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *EncryptionFailure) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *EncryptionFailure) RequestID() string { + return s.RespMetadata.RequestID +} + +// Allows you to add filters when you use the search function in Secrets Manager. +// For more information, see Find secrets in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html). +type Filter struct { + _ struct{} `type:"structure"` + + // The following are keys you can use: + // + // * description: Prefix match, not case-sensitive. + // + // * name: Prefix match, case-sensitive. + // + // * tag-key: Prefix match, case-sensitive. + // + // * tag-value: Prefix match, case-sensitive. + // + // * primary-region: Prefix match, case-sensitive. + // + // * owning-service: Prefix match, case-sensitive. + // + // * all: Breaks the filter value string into words and then searches all + // attributes for matches. Not case-sensitive. + Key *string `type:"string" enum:"FilterNameStringType"` + + // The keyword to filter for. + // + // You can prefix your search value with an exclamation mark (!) in order to + // perform negation filters. + Values []*string `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Filter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Filter) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Filter) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Filter"} + if s.Values != nil && len(s.Values) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Values", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKey sets the Key field's value. +func (s *Filter) SetKey(v string) *Filter { + s.Key = &v + return s +} + +// SetValues sets the Values field's value. +func (s *Filter) SetValues(v []*string) *Filter { + s.Values = v + return s +} + +type GetRandomPasswordInput struct { + _ struct{} `type:"structure"` + + // A string of the characters that you don't want in the password. + ExcludeCharacters *string `type:"string"` + + // Specifies whether to exclude lowercase letters from the password. If you + // don't include this switch, the password can contain lowercase letters. + ExcludeLowercase *bool `type:"boolean"` + + // Specifies whether to exclude numbers from the password. If you don't include + // this switch, the password can contain numbers. + ExcludeNumbers *bool `type:"boolean"` + + // Specifies whether to exclude the following punctuation characters from the + // password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~. + // If you don't include this switch, the password can contain punctuation. + ExcludePunctuation *bool `type:"boolean"` + + // Specifies whether to exclude uppercase letters from the password. If you + // don't include this switch, the password can contain uppercase letters. + ExcludeUppercase *bool `type:"boolean"` + + // Specifies whether to include the space character. If you include this switch, + // the password can contain space characters. + IncludeSpace *bool `type:"boolean"` + + // The length of the password. If you don't include this parameter, the default + // length is 32 characters. + PasswordLength *int64 `min:"1" type:"long"` + + // Specifies whether to include at least one upper and lowercase letter, one + // number, and one punctuation. If you don't include this switch, the password + // contains at least one of every character type. + RequireEachIncludedType *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRandomPasswordInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRandomPasswordInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetRandomPasswordInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetRandomPasswordInput"} + if s.PasswordLength != nil && *s.PasswordLength < 1 { + invalidParams.Add(request.NewErrParamMinValue("PasswordLength", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetExcludeCharacters sets the ExcludeCharacters field's value. +func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput { + s.ExcludeCharacters = &v + return s +} + +// SetExcludeLowercase sets the ExcludeLowercase field's value. +func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput { + s.ExcludeLowercase = &v + return s +} + +// SetExcludeNumbers sets the ExcludeNumbers field's value. +func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput { + s.ExcludeNumbers = &v + return s +} + +// SetExcludePunctuation sets the ExcludePunctuation field's value. +func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput { + s.ExcludePunctuation = &v + return s +} + +// SetExcludeUppercase sets the ExcludeUppercase field's value. +func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput { + s.ExcludeUppercase = &v + return s +} + +// SetIncludeSpace sets the IncludeSpace field's value. +func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput { + s.IncludeSpace = &v + return s +} + +// SetPasswordLength sets the PasswordLength field's value. +func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput { + s.PasswordLength = &v + return s +} + +// SetRequireEachIncludedType sets the RequireEachIncludedType field's value. +func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput { + s.RequireEachIncludedType = &v + return s +} + +type GetRandomPasswordOutput struct { + _ struct{} `type:"structure"` + + // A string with the password. + // + // RandomPassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetRandomPasswordOutput's + // String and GoString methods. + RandomPassword *string `type:"string" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRandomPasswordOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetRandomPasswordOutput) GoString() string { + return s.String() +} + +// SetRandomPassword sets the RandomPassword field's value. +func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput { + s.RandomPassword = &v + return s +} + +type GetResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // The ARN or name of the secret to retrieve the attached resource-based policy + // for. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *GetResourcePolicyInput) SetSecretId(v string) *GetResourcePolicyInput { + s.SecretId = &v + return s +} + +type GetResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that the resource-based policy was retrieved for. + ARN *string `min:"20" type:"string"` + + // The name of the secret that the resource-based policy was retrieved for. + Name *string `min:"1" type:"string"` + + // A JSON-formatted string that contains the permissions policy attached to + // the secret. For more information about permissions policies, see Authentication + // and access control for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). + ResourcePolicy *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *GetResourcePolicyOutput) SetARN(v string) *GetResourcePolicyOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *GetResourcePolicyOutput) SetName(v string) *GetResourcePolicyOutput { + s.Name = &v + return s +} + +// SetResourcePolicy sets the ResourcePolicy field's value. +func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicyOutput { + s.ResourcePolicy = &v + return s +} + +type GetSecretValueInput struct { + _ struct{} `type:"structure"` + + // The ARN or name of the secret to retrieve. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // The unique identifier of the version of the secret to retrieve. If you include + // both this parameter and VersionStage, the two parameters must refer to the + // same secret version. If you don't specify either a VersionStage or VersionId, + // then Secrets Manager returns the AWSCURRENT version. + // + // This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) + // value with 32 hexadecimal digits. + VersionId *string `min:"32" type:"string"` + + // The staging label of the version of the secret to retrieve. + // + // Secrets Manager uses staging labels to keep track of different versions during + // the rotation process. If you include both this parameter and VersionId, the + // two parameters must refer to the same secret version. If you don't specify + // either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT + // version. + VersionStage *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecretValueInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecretValueInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetSecretValueInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetSecretValueInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.VersionId != nil && len(*s.VersionId) < 32 { + invalidParams.Add(request.NewErrParamMinLen("VersionId", 32)) + } + if s.VersionStage != nil && len(*s.VersionStage) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput { + s.SecretId = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput { + s.VersionId = &v + return s +} + +// SetVersionStage sets the VersionStage field's value. +func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput { + s.VersionStage = &v + return s +} + +type GetSecretValueOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The date and time that this version of the secret was created. If you don't + // specify which version in VersionId or VersionStage, then Secrets Manager + // uses the AWSCURRENT version. + CreatedDate *time.Time `type:"timestamp"` + + // The friendly name of the secret. + Name *string `min:"1" type:"string"` + + // The decrypted secret value, if the secret value was originally provided as + // binary data in the form of a byte array. The response parameter represents + // the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4) + // string. + // + // If the secret was created by using the Secrets Manager console, or if the + // secret value was originally provided as a string, then this field is omitted. + // The secret value appears in SecretString instead. + // + // SecretBinary is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetSecretValueOutput's + // String and GoString methods. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` + + // The decrypted secret value, if the secret value was originally provided as + // a string or through the Secrets Manager console. + // + // If this secret was created by using the console, then Secrets Manager stores + // the information as a JSON structure of key/value pairs. + // + // SecretString is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetSecretValueOutput's + // String and GoString methods. + SecretString *string `min:"1" type:"string" sensitive:"true"` + + // The unique identifier of this version of the secret. + VersionId *string `min:"32" type:"string"` + + // A list of all of the staging labels currently attached to this version of + // the secret. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecretValueOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSecretValueOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *GetSecretValueOutput) SetARN(v string) *GetSecretValueOutput { + s.ARN = &v + return s +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput { + s.CreatedDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *GetSecretValueOutput) SetName(v string) *GetSecretValueOutput { + s.Name = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput { + s.SecretBinary = v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput { + s.SecretString = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput { + s.VersionId = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput { + s.VersionStages = v + return s +} + +// An error occurred on the server side. +type InternalServiceError struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServiceError) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServiceError) GoString() string { + return s.String() +} + +func newErrorInternalServiceError(v protocol.ResponseMetadata) error { + return &InternalServiceError{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InternalServiceError) Code() string { + return "InternalServiceError" +} + +// Message returns the exception's message. +func (s *InternalServiceError) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InternalServiceError) OrigErr() error { + return nil +} + +func (s *InternalServiceError) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InternalServiceError) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InternalServiceError) RequestID() string { + return s.RespMetadata.RequestID +} + +// The NextToken value is invalid. +type InvalidNextTokenException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidNextTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidNextTokenException) GoString() string { + return s.String() +} + +func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { + return &InvalidNextTokenException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidNextTokenException) Code() string { + return "InvalidNextTokenException" +} + +// Message returns the exception's message. +func (s *InvalidNextTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidNextTokenException) OrigErr() error { + return nil +} + +func (s *InvalidNextTokenException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidNextTokenException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidNextTokenException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The parameter name or value is invalid. +type InvalidParameterException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidParameterException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidParameterException) GoString() string { + return s.String() +} + +func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { + return &InvalidParameterException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidParameterException) Code() string { + return "InvalidParameterException" +} + +// Message returns the exception's message. +func (s *InvalidParameterException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidParameterException) OrigErr() error { + return nil +} + +func (s *InvalidParameterException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidParameterException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidParameterException) RequestID() string { + return s.RespMetadata.RequestID +} + +// A parameter value is not valid for the current state of the resource. +// +// Possible causes: +// +// - The secret is scheduled for deletion. +// +// - You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// - The secret is managed by another service, and you must use that service +// to update it. For more information, see Secrets managed by other Amazon +// Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). +type InvalidRequestException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { + return &InvalidRequestException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestException) Code() string { + return "InvalidRequestException" +} + +// Message returns the exception's message. +func (s *InvalidRequestException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestException) OrigErr() error { + return nil +} + +func (s *InvalidRequestException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request failed because it would exceed one of the Secrets Manager quotas. +type LimitExceededException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LimitExceededException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LimitExceededException) GoString() string { + return s.String() +} + +func newErrorLimitExceededException(v protocol.ResponseMetadata) error { + return &LimitExceededException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *LimitExceededException) Code() string { + return "LimitExceededException" +} + +// Message returns the exception's message. +func (s *LimitExceededException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *LimitExceededException) OrigErr() error { + return nil +} + +func (s *LimitExceededException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *LimitExceededException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *LimitExceededException) RequestID() string { + return s.RespMetadata.RequestID +} + +type ListSecretVersionIdsInput struct { + _ struct{} `type:"structure"` + + // Specifies whether to include versions of secrets that don't have any staging + // labels attached to them. Versions without staging labels are considered deprecated + // and are subject to deletion by Secrets Manager. By default, versions without + // staging labels aren't included. + IncludeDeprecated *bool `type:"boolean"` + + // The number of results to include in the response. + // + // If there are more results available, in the response, Secrets Manager includes + // NextToken. To get the next results, call ListSecretVersionIds again with + // the value from NextToken. + MaxResults *int64 `min:"1" type:"integer"` + + // A token that indicates where the output should continue from, if a previous + // call did not show all results. To get the next results, call ListSecretVersionIds + // again with this value. + NextToken *string `min:"1" type:"string"` + + // The ARN or name of the secret whose versions you want to list. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretVersionIdsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretVersionIdsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListSecretVersionIdsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListSecretVersionIdsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIncludeDeprecated sets the IncludeDeprecated field's value. +func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput { + s.IncludeDeprecated = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListSecretVersionIdsInput) SetMaxResults(v int64) *ListSecretVersionIdsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretVersionIdsInput) SetNextToken(v string) *ListSecretVersionIdsInput { + s.NextToken = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *ListSecretVersionIdsInput) SetSecretId(v string) *ListSecretVersionIdsInput { + s.SecretId = &v + return s +} + +type ListSecretVersionIdsOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The name of the secret. + Name *string `min:"1" type:"string"` + + // Secrets Manager includes this value if there's more output available than + // what is included in the current response. This can occur even when the response + // includes no values at all, such as when you ask for a filtered view of a + // long list. To get the next results, call ListSecretVersionIds again with + // this value. + NextToken *string `min:"1" type:"string"` + + // A list of the versions of the secret. + Versions []*SecretVersionsListEntry `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretVersionIdsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretVersionIdsOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *ListSecretVersionIdsOutput) SetARN(v string) *ListSecretVersionIdsOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *ListSecretVersionIdsOutput) SetName(v string) *ListSecretVersionIdsOutput { + s.Name = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretVersionIdsOutput) SetNextToken(v string) *ListSecretVersionIdsOutput { + s.NextToken = &v + return s +} + +// SetVersions sets the Versions field's value. +func (s *ListSecretVersionIdsOutput) SetVersions(v []*SecretVersionsListEntry) *ListSecretVersionIdsOutput { + s.Versions = v + return s +} + +type ListSecretsInput struct { + _ struct{} `type:"structure"` + + // The filters to apply to the list of secrets. + Filters []*Filter `type:"list"` + + // Specifies whether to include secrets scheduled for deletion. By default, + // secrets scheduled for deletion aren't included. + IncludePlannedDeletion *bool `type:"boolean"` + + // The number of results to include in the response. + // + // If there are more results available, in the response, Secrets Manager includes + // NextToken. To get the next results, call ListSecrets again with the value + // from NextToken. + MaxResults *int64 `min:"1" type:"integer"` + + // A token that indicates where the output should continue from, if a previous + // call did not show all results. To get the next results, call ListSecrets + // again with this value. + NextToken *string `min:"1" type:"string"` + + // Secrets are listed by CreatedDate. + SortOrder *string `type:"string" enum:"SortOrderType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListSecretsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListSecretsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.Filters != nil { + for i, v := range s.Filters { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFilters sets the Filters field's value. +func (s *ListSecretsInput) SetFilters(v []*Filter) *ListSecretsInput { + s.Filters = v + return s +} + +// SetIncludePlannedDeletion sets the IncludePlannedDeletion field's value. +func (s *ListSecretsInput) SetIncludePlannedDeletion(v bool) *ListSecretsInput { + s.IncludePlannedDeletion = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput { + s.NextToken = &v + return s +} + +// SetSortOrder sets the SortOrder field's value. +func (s *ListSecretsInput) SetSortOrder(v string) *ListSecretsInput { + s.SortOrder = &v + return s +} + +type ListSecretsOutput struct { + _ struct{} `type:"structure"` + + // Secrets Manager includes this value if there's more output available than + // what is included in the current response. This can occur even when the response + // includes no values at all, such as when you ask for a filtered view of a + // long list. To get the next results, call ListSecrets again with this value. + NextToken *string `min:"1" type:"string"` + + // A list of the secrets in the account. + SecretList []*SecretListEntry `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecretsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput { + s.NextToken = &v + return s +} + +// SetSecretList sets the SecretList field's value. +func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput { + s.SecretList = v + return s +} + +// The resource policy has syntax errors. +type MalformedPolicyDocumentException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MalformedPolicyDocumentException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MalformedPolicyDocumentException) GoString() string { + return s.String() +} + +func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error { + return &MalformedPolicyDocumentException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *MalformedPolicyDocumentException) Code() string { + return "MalformedPolicyDocumentException" +} + +// Message returns the exception's message. +func (s *MalformedPolicyDocumentException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *MalformedPolicyDocumentException) OrigErr() error { + return nil +} + +func (s *MalformedPolicyDocumentException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *MalformedPolicyDocumentException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *MalformedPolicyDocumentException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request failed because you did not complete all the prerequisite steps. +type PreconditionNotMetException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PreconditionNotMetException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PreconditionNotMetException) GoString() string { + return s.String() +} + +func newErrorPreconditionNotMetException(v protocol.ResponseMetadata) error { + return &PreconditionNotMetException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *PreconditionNotMetException) Code() string { + return "PreconditionNotMetException" +} + +// Message returns the exception's message. +func (s *PreconditionNotMetException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *PreconditionNotMetException) OrigErr() error { + return nil +} + +func (s *PreconditionNotMetException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *PreconditionNotMetException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *PreconditionNotMetException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The BlockPublicPolicy parameter is set to true, and the resource policy did +// not prevent broad access to the secret. +type PublicPolicyException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PublicPolicyException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PublicPolicyException) GoString() string { + return s.String() +} + +func newErrorPublicPolicyException(v protocol.ResponseMetadata) error { + return &PublicPolicyException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *PublicPolicyException) Code() string { + return "PublicPolicyException" +} + +// Message returns the exception's message. +func (s *PublicPolicyException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *PublicPolicyException) OrigErr() error { + return nil +} + +func (s *PublicPolicyException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *PublicPolicyException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *PublicPolicyException) RequestID() string { + return s.RespMetadata.RequestID +} + +type PutResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // Specifies whether to block resource-based policies that allow broad access + // to the secret, for example those that use a wildcard for the principal. By + // default, public policies aren't blocked. + BlockPublicPolicy *bool `type:"boolean"` + + // A JSON-formatted string for an Amazon Web Services resource-based policy. + // For example policies, see Permissions policy examples (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html). + // + // ResourcePolicy is a required field + ResourcePolicy *string `min:"1" type:"string" required:"true"` + + // The ARN or name of the secret to attach the resource-based policy. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} + if s.ResourcePolicy == nil { + invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) + } + if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBlockPublicPolicy sets the BlockPublicPolicy field's value. +func (s *PutResourcePolicyInput) SetBlockPublicPolicy(v bool) *PutResourcePolicyInput { + s.BlockPublicPolicy = &v + return s +} + +// SetResourcePolicy sets the ResourcePolicy field's value. +func (s *PutResourcePolicyInput) SetResourcePolicy(v string) *PutResourcePolicyInput { + s.ResourcePolicy = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *PutResourcePolicyInput) SetSecretId(v string) *PutResourcePolicyInput { + s.SecretId = &v + return s +} + +type PutResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The name of the secret. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *PutResourcePolicyOutput) SetARN(v string) *PutResourcePolicyOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *PutResourcePolicyOutput) SetName(v string) *PutResourcePolicyOutput { + s.Name = &v + return s +} + +type PutSecretValueInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the new version of the secret. + // + // If you use the Amazon Web Services CLI or one of the Amazon Web Services + // SDKs to call this operation, then you can leave this parameter empty because + // they generate a random UUID for you. If you don't use the SDK and instead + // generate a raw HTTP request to the Secrets Manager service endpoint, then + // you must generate a ClientRequestToken yourself for new versions and include + // that value in the request. + // + // This value helps ensure idempotency. Secrets Manager uses this value to prevent + // the accidental creation of duplicate versions if there are failures and retries + // during the Lambda rotation function processing. We recommend that you generate + // a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value + // to ensure uniqueness within the specified secret. + // + // * If the ClientRequestToken value isn't already associated with a version + // of the secret then a new version of the secret is created. + // + // * If a version with this value already exists and that version's SecretString + // or SecretBinary values are the same as those in the request then the request + // is ignored. The operation is idempotent. + // + // * If a version with this value already exists and the version of the SecretString + // and SecretBinary values are different from those in the request, then + // the request fails because you can't modify a secret version. You can only + // create new versions to store new secret values. + // + // This value becomes the VersionId of the new version. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // The binary data to encrypt and store in the new version of the secret. To + // use this parameter in the command-line tools, we recommend that you store + // your binary data in a file and then pass the contents of the file as a parameter. + // + // You must include SecretBinary or SecretString, but not both. + // + // You can't access this value from the Secrets Manager console. + // + // SecretBinary is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PutSecretValueInput's + // String and GoString methods. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` + + // The ARN or name of the secret to add a new version to. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // If the secret doesn't already exist, use CreateSecret instead. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // The text to encrypt and store in the new version of the secret. + // + // You must include SecretBinary or SecretString, but not both. + // + // We recommend you create the secret string as JSON key/value pairs, as shown + // in the example. + // + // SecretString is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PutSecretValueInput's + // String and GoString methods. + SecretString *string `min:"1" type:"string" sensitive:"true"` + + // A list of staging labels to attach to this version of the secret. Secrets + // Manager uses staging labels to track versions of a secret through the rotation + // process. + // + // If you specify a staging label that's already associated with a different + // version of the same secret, then Secrets Manager removes the label from the + // other version and attaches it to this version. If you specify AWSCURRENT, + // and it is already attached to another version, then Secrets Manager also + // moves the staging label AWSPREVIOUS to the version that AWSCURRENT was removed + // from. + // + // If you don't include VersionStages, then Secrets Manager automatically moves + // the staging label AWSCURRENT to this version. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSecretValueInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSecretValueInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutSecretValueInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutSecretValueInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.SecretBinary != nil && len(s.SecretBinary) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.SecretString != nil && len(*s.SecretString) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) + } + if s.VersionStages != nil && len(s.VersionStages) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput { + s.ClientRequestToken = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput { + s.SecretBinary = v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput { + s.SecretId = &v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput { + s.SecretString = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput { + s.VersionStages = v + return s +} + +type PutSecretValueOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The name of the secret. + Name *string `min:"1" type:"string"` + + // The unique identifier of the version of the secret. + VersionId *string `min:"32" type:"string"` + + // The list of staging labels that are currently attached to this version of + // the secret. Secrets Manager uses staging labels to track a version as it + // progresses through the secret rotation process. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSecretValueOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PutSecretValueOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *PutSecretValueOutput) SetARN(v string) *PutSecretValueOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *PutSecretValueOutput) SetName(v string) *PutSecretValueOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput { + s.VersionId = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput { + s.VersionStages = v + return s +} + +type RemoveRegionsFromReplicationInput struct { + _ struct{} `type:"structure"` + + // The Regions of the replicas to remove. + // + // RemoveReplicaRegions is a required field + RemoveReplicaRegions []*string `min:"1" type:"list" required:"true"` + + // The ARN or name of the secret. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveRegionsFromReplicationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveRegionsFromReplicationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RemoveRegionsFromReplicationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RemoveRegionsFromReplicationInput"} + if s.RemoveReplicaRegions == nil { + invalidParams.Add(request.NewErrParamRequired("RemoveReplicaRegions")) + } + if s.RemoveReplicaRegions != nil && len(s.RemoveReplicaRegions) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RemoveReplicaRegions", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetRemoveReplicaRegions sets the RemoveReplicaRegions field's value. +func (s *RemoveRegionsFromReplicationInput) SetRemoveReplicaRegions(v []*string) *RemoveRegionsFromReplicationInput { + s.RemoveReplicaRegions = v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *RemoveRegionsFromReplicationInput) SetSecretId(v string) *RemoveRegionsFromReplicationInput { + s.SecretId = &v + return s +} + +type RemoveRegionsFromReplicationOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the primary secret. + ARN *string `min:"20" type:"string"` + + // The status of replicas for this secret after you remove Regions. + ReplicationStatus []*ReplicationStatusType `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveRegionsFromReplicationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RemoveRegionsFromReplicationOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *RemoveRegionsFromReplicationOutput) SetARN(v string) *RemoveRegionsFromReplicationOutput { + s.ARN = &v + return s +} + +// SetReplicationStatus sets the ReplicationStatus field's value. +func (s *RemoveRegionsFromReplicationOutput) SetReplicationStatus(v []*ReplicationStatusType) *RemoveRegionsFromReplicationOutput { + s.ReplicationStatus = v + return s +} + +// A custom type that specifies a Region and the KmsKeyId for a replica secret. +type ReplicaRegionType struct { + _ struct{} `type:"structure"` + + // The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't + // include this field, Secrets Manager uses aws/secretsmanager. + KmsKeyId *string `type:"string"` + + // A Region code. For a list of Region codes, see Name and code of Regions (https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). + Region *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicaRegionType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicaRegionType) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReplicaRegionType) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReplicaRegionType"} + if s.Region != nil && len(*s.Region) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Region", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *ReplicaRegionType) SetKmsKeyId(v string) *ReplicaRegionType { + s.KmsKeyId = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *ReplicaRegionType) SetRegion(v string) *ReplicaRegionType { + s.Region = &v + return s +} + +type ReplicateSecretToRegionsInput struct { + _ struct{} `type:"structure"` + + // A list of Regions in which to replicate the secret. + // + // AddReplicaRegions is a required field + AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list" required:"true"` + + // Specifies whether to overwrite a secret with the same name in the destination + // Region. By default, secrets aren't overwritten. + ForceOverwriteReplicaSecret *bool `type:"boolean"` + + // The ARN or name of the secret to replicate. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateSecretToRegionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateSecretToRegionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReplicateSecretToRegionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReplicateSecretToRegionsInput"} + if s.AddReplicaRegions == nil { + invalidParams.Add(request.NewErrParamRequired("AddReplicaRegions")) + } + if s.AddReplicaRegions != nil && len(s.AddReplicaRegions) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AddReplicaRegions", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.AddReplicaRegions != nil { + for i, v := range s.AddReplicaRegions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AddReplicaRegions", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAddReplicaRegions sets the AddReplicaRegions field's value. +func (s *ReplicateSecretToRegionsInput) SetAddReplicaRegions(v []*ReplicaRegionType) *ReplicateSecretToRegionsInput { + s.AddReplicaRegions = v + return s +} + +// SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value. +func (s *ReplicateSecretToRegionsInput) SetForceOverwriteReplicaSecret(v bool) *ReplicateSecretToRegionsInput { + s.ForceOverwriteReplicaSecret = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *ReplicateSecretToRegionsInput) SetSecretId(v string) *ReplicateSecretToRegionsInput { + s.SecretId = &v + return s +} + +type ReplicateSecretToRegionsOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the primary secret. + ARN *string `min:"20" type:"string"` + + // The status of replication. + ReplicationStatus []*ReplicationStatusType `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateSecretToRegionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicateSecretToRegionsOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *ReplicateSecretToRegionsOutput) SetARN(v string) *ReplicateSecretToRegionsOutput { + s.ARN = &v + return s +} + +// SetReplicationStatus sets the ReplicationStatus field's value. +func (s *ReplicateSecretToRegionsOutput) SetReplicationStatus(v []*ReplicationStatusType) *ReplicateSecretToRegionsOutput { + s.ReplicationStatus = v + return s +} + +// A replication object consisting of a RegionReplicationStatus object and includes +// a Region, KMSKeyId, status, and status message. +type ReplicationStatusType struct { + _ struct{} `type:"structure"` + + // Can be an ARN, Key ID, or Alias. + KmsKeyId *string `type:"string"` + + // The date that the secret was last accessed in the Region. This field is omitted + // if the secret has never been retrieved in the Region. + LastAccessedDate *time.Time `type:"timestamp"` + + // The Region where replication occurs. + Region *string `min:"1" type:"string"` + + // The status can be InProgress, Failed, or InSync. + Status *string `type:"string" enum:"StatusType"` + + // Status message such as "Secret with this name already exists in this region". + StatusMessage *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicationStatusType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReplicationStatusType) GoString() string { + return s.String() +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *ReplicationStatusType) SetKmsKeyId(v string) *ReplicationStatusType { + s.KmsKeyId = &v + return s +} + +// SetLastAccessedDate sets the LastAccessedDate field's value. +func (s *ReplicationStatusType) SetLastAccessedDate(v time.Time) *ReplicationStatusType { + s.LastAccessedDate = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *ReplicationStatusType) SetRegion(v string) *ReplicationStatusType { + s.Region = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ReplicationStatusType) SetStatus(v string) *ReplicationStatusType { + s.Status = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *ReplicationStatusType) SetStatusMessage(v string) *ReplicationStatusType { + s.StatusMessage = &v + return s +} + +// A resource with the ID you requested already exists. +type ResourceExistsException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceExistsException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceExistsException) GoString() string { + return s.String() +} + +func newErrorResourceExistsException(v protocol.ResponseMetadata) error { + return &ResourceExistsException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceExistsException) Code() string { + return "ResourceExistsException" +} + +// Message returns the exception's message. +func (s *ResourceExistsException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceExistsException) OrigErr() error { + return nil +} + +func (s *ResourceExistsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceExistsException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceExistsException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Secrets Manager can't find the resource that you asked for. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +type RestoreSecretInput struct { + _ struct{} `type:"structure"` + + // The ARN or name of the secret to restore. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RestoreSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RestoreSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput { + s.SecretId = &v + return s +} + +type RestoreSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that was restored. + ARN *string `min:"20" type:"string"` + + // The name of the secret that was restored. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *RestoreSecretOutput) SetARN(v string) *RestoreSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *RestoreSecretOutput) SetName(v string) *RestoreSecretOutput { + s.Name = &v + return s +} + +type RotateSecretInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the new version of the secret that helps ensure idempotency. + // Secrets Manager uses this value to prevent the accidental creation of duplicate + // versions if there are failures and retries during rotation. This value becomes + // the VersionId of the new version. + // + // If you use the Amazon Web Services CLI or one of the Amazon Web Services + // SDK to call this operation, then you can leave this parameter empty. The + // CLI or SDK generates a random UUID for you and includes that in the request + // for this parameter. If you don't use the SDK and instead generate a raw HTTP + // request to the Secrets Manager service endpoint, then you must generate a + // ClientRequestToken yourself for new versions and include that value in the + // request. + // + // You only need to specify this value if you implement your own retry logic + // and you want to ensure that Secrets Manager doesn't attempt to create a secret + // version twice. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) + // value to ensure uniqueness within the specified secret. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // Specifies whether to rotate the secret immediately or wait until the next + // scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules. + // + // For secrets that use a Lambda rotation function to rotate, if you don't immediately + // rotate the secret, Secrets Manager tests the rotation configuration by running + // the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html) + // of the Lambda rotation function. The test creates an AWSPENDING version of + // the secret and then removes it. + // + // By default, Secrets Manager rotates the secret immediately. + RotateImmediately *bool `type:"boolean"` + + // For secrets that use a Lambda rotation function to rotate, the ARN of the + // Lambda rotation function. + // + // For secrets that use managed rotation, omit this field. For more information, + // see Managed rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html) + // in the Secrets Manager User Guide. + RotationLambdaARN *string `type:"string"` + + // A structure that defines the rotation configuration for this secret. + RotationRules *RotationRulesType `type:"structure"` + + // The ARN or name of the secret to rotate. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RotateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RotateSecretInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.RotationRules != nil { + if err := s.RotationRules.Validate(); err != nil { + invalidParams.AddNested("RotationRules", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput { + s.ClientRequestToken = &v + return s +} + +// SetRotateImmediately sets the RotateImmediately field's value. +func (s *RotateSecretInput) SetRotateImmediately(v bool) *RotateSecretInput { + s.RotateImmediately = &v + return s +} + +// SetRotationLambdaARN sets the RotationLambdaARN field's value. +func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput { + s.RotationLambdaARN = &v + return s +} + +// SetRotationRules sets the RotationRules field's value. +func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput { + s.RotationRules = v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput { + s.SecretId = &v + return s +} + +type RotateSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The name of the secret. + Name *string `min:"1" type:"string"` + + // The ID of the new version of the secret. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *RotateSecretOutput) SetARN(v string) *RotateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *RotateSecretOutput) SetName(v string) *RotateSecretOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput { + s.VersionId = &v + return s +} + +// A structure that defines the rotation configuration for the secret. +type RotationRulesType struct { + _ struct{} `type:"structure"` + + // The number of days between rotations of the secret. You can use this value + // to check that your secret meets your compliance guidelines for how often + // secrets must be rotated. If you use this field to set the rotation schedule, + // Secrets Manager calculates the next rotation date based on the previous rotation. + // Manually updating the secret value by calling PutSecretValue or UpdateSecret + // is considered a valid rotation. + // + // In DescribeSecret and ListSecrets, this value is calculated from the rotation + // schedule after every successful rotation. In RotateSecret, you can set the + // rotation schedule in RotationRules with AutomaticallyAfterDays or ScheduleExpression, + // but not both. To set a rotation schedule in hours, use ScheduleExpression. + AutomaticallyAfterDays *int64 `min:"1" type:"long"` + + // The length of the rotation window in hours, for example 3h for a three hour + // window. Secrets Manager rotates your secret at any time during this window. + // The window must not extend into the next rotation window or the next UTC + // day. The window starts according to the ScheduleExpression. If you don't + // specify a Duration, for a ScheduleExpression in hours, the window automatically + // closes after one hour. For a ScheduleExpression in days, the window automatically + // closes at the end of the UTC day. For more information, including examples, + // see Schedule expressions in Secrets Manager rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html) + // in the Secrets Manager Users Guide. + Duration *string `min:"2" type:"string"` + + // A cron() or rate() expression that defines the schedule for rotating your + // secret. Secrets Manager rotation schedules use UTC time zone. Secrets Manager + // rotates your secret any time during a rotation window. + // + // Secrets Manager rate() expressions represent the interval in hours or days + // that you want to rotate your secret, for example rate(12 hours) or rate(10 + // days). You can rotate a secret as often as every four hours. If you use a + // rate() expression, the rotation window starts at midnight. For a rate in + // hours, the default rotation window closes after one hour. For a rate in days, + // the default rotation window closes at the end of the day. You can set the + // Duration to change the rotation window. The rotation window must not extend + // into the next UTC day or into the next rotation window. + // + // You can use a cron() expression to create a rotation schedule that is more + // detailed than a rotation interval. For more information, including examples, + // see Schedule expressions in Secrets Manager rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html) + // in the Secrets Manager Users Guide. For a cron expression that represents + // a schedule in hours, the default rotation window closes after one hour. For + // a cron expression that represents a schedule in days, the default rotation + // window closes at the end of the day. You can set the Duration to change the + // rotation window. The rotation window must not extend into the next UTC day + // or into the next rotation window. + ScheduleExpression *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotationRulesType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RotationRulesType) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RotationRulesType) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RotationRulesType"} + if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 { + invalidParams.Add(request.NewErrParamMinValue("AutomaticallyAfterDays", 1)) + } + if s.Duration != nil && len(*s.Duration) < 2 { + invalidParams.Add(request.NewErrParamMinLen("Duration", 2)) + } + if s.ScheduleExpression != nil && len(*s.ScheduleExpression) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ScheduleExpression", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value. +func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType { + s.AutomaticallyAfterDays = &v + return s +} + +// SetDuration sets the Duration field's value. +func (s *RotationRulesType) SetDuration(v string) *RotationRulesType { + s.Duration = &v + return s +} + +// SetScheduleExpression sets the ScheduleExpression field's value. +func (s *RotationRulesType) SetScheduleExpression(v string) *RotationRulesType { + s.ScheduleExpression = &v + return s +} + +// A structure that contains the details about a secret. It does not include +// the encrypted SecretString and SecretBinary values. To get those values, +// use GetSecretValue (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) . +type SecretListEntry struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the secret. + ARN *string `min:"20" type:"string"` + + // The date and time when a secret was created. + CreatedDate *time.Time `type:"timestamp"` + + // The date and time the deletion of the secret occurred. Not present on active + // secrets. The secret can be recovered until the number of days in the recovery + // window has passed, as specified in the RecoveryWindowInDays parameter of + // the DeleteSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html) + // operation. + DeletedDate *time.Time `type:"timestamp"` + + // The user-provided description of the secret. + Description *string `type:"string"` + + // The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. + // If the secret is encrypted with the Amazon Web Services managed key aws/secretsmanager, + // this field is omitted. + KmsKeyId *string `type:"string"` + + // The date that the secret was last accessed in the Region. This field is omitted + // if the secret has never been retrieved in the Region. + LastAccessedDate *time.Time `type:"timestamp"` + + // The last date and time that this secret was modified in any way. + LastChangedDate *time.Time `type:"timestamp"` + + // The most recent date and time that the Secrets Manager rotation process was + // successfully completed. This value is null if the secret hasn't ever rotated. + LastRotatedDate *time.Time `type:"timestamp"` + + // The friendly name of the secret. You can use forward slashes in the name + // to represent a path hierarchy. For example, /prod/databases/dbserver1 could + // represent the secret for a server named dbserver1 in the folder databases + // in the folder prod. + Name *string `min:"1" type:"string"` + + // The next rotation is scheduled to occur on or before this date. If the secret + // isn't configured for rotation, Secrets Manager returns null. + NextRotationDate *time.Time `type:"timestamp"` + + // Returns the name of the service that created the secret. + OwningService *string `min:"1" type:"string"` + + // The Region where Secrets Manager originated the secret. + PrimaryRegion *string `min:"1" type:"string"` + + // Indicates whether automatic, scheduled rotation is enabled for this secret. + RotationEnabled *bool `type:"boolean"` + + // The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager + // to rotate and expire the secret either automatically per the schedule or + // manually by a call to RotateSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html). + RotationLambdaARN *string `type:"string"` + + // A structure that defines the rotation configuration for the secret. + RotationRules *RotationRulesType `type:"structure"` + + // A list of all of the currently assigned SecretVersionStage staging labels + // and the SecretVersionId attached to each one. Staging labels are used to + // keep track of the different versions during the rotation process. + // + // A version that does not have any SecretVersionStage is considered deprecated + // and subject to deletion. Such versions are not included in this list. + SecretVersionsToStages map[string][]*string `type:"map"` + + // The list of user-defined tags associated with the secret. To add tags to + // a secret, use TagResource (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html). + // To remove tags, use UntagResource (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html). + Tags []*Tag `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecretListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecretListEntry) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *SecretListEntry) SetARN(v string) *SecretListEntry { + s.ARN = &v + return s +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *SecretListEntry) SetCreatedDate(v time.Time) *SecretListEntry { + s.CreatedDate = &v + return s +} + +// SetDeletedDate sets the DeletedDate field's value. +func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry { + s.DeletedDate = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecretListEntry) SetDescription(v string) *SecretListEntry { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry { + s.KmsKeyId = &v + return s +} + +// SetLastAccessedDate sets the LastAccessedDate field's value. +func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry { + s.LastAccessedDate = &v + return s +} + +// SetLastChangedDate sets the LastChangedDate field's value. +func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry { + s.LastChangedDate = &v + return s +} + +// SetLastRotatedDate sets the LastRotatedDate field's value. +func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry { + s.LastRotatedDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *SecretListEntry) SetName(v string) *SecretListEntry { + s.Name = &v + return s +} + +// SetNextRotationDate sets the NextRotationDate field's value. +func (s *SecretListEntry) SetNextRotationDate(v time.Time) *SecretListEntry { + s.NextRotationDate = &v + return s +} + +// SetOwningService sets the OwningService field's value. +func (s *SecretListEntry) SetOwningService(v string) *SecretListEntry { + s.OwningService = &v + return s +} + +// SetPrimaryRegion sets the PrimaryRegion field's value. +func (s *SecretListEntry) SetPrimaryRegion(v string) *SecretListEntry { + s.PrimaryRegion = &v + return s +} + +// SetRotationEnabled sets the RotationEnabled field's value. +func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry { + s.RotationEnabled = &v + return s +} + +// SetRotationLambdaARN sets the RotationLambdaARN field's value. +func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry { + s.RotationLambdaARN = &v + return s +} + +// SetRotationRules sets the RotationRules field's value. +func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry { + s.RotationRules = v + return s +} + +// SetSecretVersionsToStages sets the SecretVersionsToStages field's value. +func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry { + s.SecretVersionsToStages = v + return s +} + +// SetTags sets the Tags field's value. +func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry { + s.Tags = v + return s +} + +// A structure that contains information about one version of a secret. +type SecretVersionsListEntry struct { + _ struct{} `type:"structure"` + + // The date and time this version of the secret was created. + CreatedDate *time.Time `type:"timestamp"` + + // The KMS keys used to encrypt the secret version. + KmsKeyIds []*string `type:"list"` + + // The date that this version of the secret was last accessed. Note that the + // resolution of this field is at the date level and does not include the time. + LastAccessedDate *time.Time `type:"timestamp"` + + // The unique version identifier of this version of the secret. + VersionId *string `min:"32" type:"string"` + + // An array of staging labels that are currently associated with this version + // of the secret. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecretVersionsListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecretVersionsListEntry) GoString() string { + return s.String() +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *SecretVersionsListEntry) SetCreatedDate(v time.Time) *SecretVersionsListEntry { + s.CreatedDate = &v + return s +} + +// SetKmsKeyIds sets the KmsKeyIds field's value. +func (s *SecretVersionsListEntry) SetKmsKeyIds(v []*string) *SecretVersionsListEntry { + s.KmsKeyIds = v + return s +} + +// SetLastAccessedDate sets the LastAccessedDate field's value. +func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry { + s.LastAccessedDate = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *SecretVersionsListEntry) SetVersionId(v string) *SecretVersionsListEntry { + s.VersionId = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry { + s.VersionStages = v + return s +} + +type StopReplicationToReplicaInput struct { + _ struct{} `type:"structure"` + + // The ARN of the primary secret. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopReplicationToReplicaInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopReplicationToReplicaInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StopReplicationToReplicaInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StopReplicationToReplicaInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *StopReplicationToReplicaInput) SetSecretId(v string) *StopReplicationToReplicaInput { + s.SecretId = &v + return s +} + +type StopReplicationToReplicaOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the promoted secret. The ARN is the same as the original primary + // secret except the Region is changed. + ARN *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopReplicationToReplicaOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopReplicationToReplicaOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *StopReplicationToReplicaOutput) SetARN(v string) *StopReplicationToReplicaOutput { + s.ARN = &v + return s +} + +// A structure that contains information about a tag. +type Tag struct { + _ struct{} `type:"structure"` + + // The key identifier, or name, of the tag. + Key *string `min:"1" type:"string"` + + // The string value associated with the key of the tag. + Value *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.Key != nil && len(*s.Key) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Key", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKey sets the Key field's value. +func (s *Tag) SetKey(v string) *Tag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *Tag) SetValue(v string) *Tag { + s.Value = &v + return s +} + +type TagResourceInput struct { + _ struct{} `type:"structure"` + + // The identifier for the secret to attach tags to. You can specify either the + // Amazon Resource Name (ARN) or the friendly name of the secret. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // The tags to attach to the secret as a JSON text string argument. Each element + // in the list consists of a Key and a Value. + // + // For storing multiple values, we recommend that you use a JSON text string + // argument and specify key/value pairs. For more information, see Specifying + // parameter values for the Amazon Web Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html) + // in the Amazon Web Services CLI User Guide. + // + // Tags is a required field + Tags []*Tag `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput { + s.SecretId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { + s.Tags = v + return s +} + +type TagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) GoString() string { + return s.String() +} + +type UntagResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN or name of the secret. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // A list of tag key names to remove from the secret. You don't specify the + // value. Both the key and its associated value are removed. + // + // This parameter requires a JSON text string argument. + // + // For storing multiple values, we recommend that you use a JSON text string + // argument and specify key/value pairs. For more information, see Specifying + // parameter values for the Amazon Web Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html) + // in the Amazon Web Services CLI User Guide. + // + // TagKeys is a required field + TagKeys []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput { + s.SecretId = &v + return s +} + +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} + +type UntagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) GoString() string { + return s.String() +} + +type UpdateSecretInput struct { + _ struct{} `type:"structure"` + + // If you include SecretString or SecretBinary, then Secrets Manager creates + // a new version for the secret, and this parameter specifies the unique identifier + // for the new version. + // + // If you use the Amazon Web Services CLI or one of the Amazon Web Services + // SDKs to call this operation, then you can leave this parameter empty. The + // CLI or SDK generates a random UUID for you and includes it as the value for + // this parameter in the request. If you don't use the SDK and instead generate + // a raw HTTP request to the Secrets Manager service endpoint, then you must + // generate a ClientRequestToken yourself for the new version and include the + // value in the request. + // + // This value becomes the VersionId of the new version. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // The description of the secret. + Description *string `type:"string"` + + // The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt + // new secret versions as well as any existing versions with the staging labels + // AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about versions + // and staging labels, see Concepts: Version (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version). + // + // A key alias is always prefixed by alias/, for example alias/aws/secretsmanager. + // For more information, see About aliases (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). + // + // If you set this to an empty string, Secrets Manager uses the Amazon Web Services + // managed key aws/secretsmanager. If this key doesn't already exist in your + // account, then Secrets Manager creates it for you automatically. All users + // and roles in the Amazon Web Services account automatically have access to + // use aws/secretsmanager. Creating aws/secretsmanager can result in a one-time + // significant delay in returning the result. + // + // You can only use the Amazon Web Services managed key aws/secretsmanager if + // you call this operation using credentials from the same Amazon Web Services + // account that owns the secret. If the secret is in a different account, then + // you must use a customer managed key and provide the ARN of that KMS key in + // this field. The user making the call must have permissions to both the secret + // and the KMS key in their respective accounts. + KmsKeyId *string `type:"string"` + + // The binary data to encrypt and store in the new version of the secret. We + // recommend that you store your binary data in a file and then pass the contents + // of the file as a parameter. + // + // Either SecretBinary or SecretString must have a value, but not both. + // + // You can't access this parameter in the Secrets Manager console. + // + // SecretBinary is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateSecretInput's + // String and GoString methods. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` + + // The ARN or name of the secret. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // The text data to encrypt and store in the new version of the secret. We recommend + // you use a JSON structure of key/value pairs for your secret value. + // + // Either SecretBinary or SecretString must have a value, but not both. + // + // SecretString is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by UpdateSecretInput's + // String and GoString methods. + SecretString *string `min:"1" type:"string" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateSecretInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.SecretBinary != nil && len(s.SecretBinary) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.SecretString != nil && len(*s.SecretString) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput { + s.ClientRequestToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput { + s.KmsKeyId = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput { + s.SecretBinary = v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput { + s.SecretId = &v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput { + s.SecretString = &v + return s +} + +type UpdateSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that was updated. + ARN *string `min:"20" type:"string"` + + // The name of the secret that was updated. + Name *string `min:"1" type:"string"` + + // If Secrets Manager created a new version of the secret during this operation, + // then VersionId contains the unique identifier of the new version. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *UpdateSecretOutput) SetARN(v string) *UpdateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *UpdateSecretOutput) SetName(v string) *UpdateSecretOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput { + s.VersionId = &v + return s +} + +type UpdateSecretVersionStageInput struct { + _ struct{} `type:"structure"` + + // The ID of the version to add the staging label to. To remove a label from + // a version, then do not specify this parameter. + // + // If the staging label is already attached to a different version of the secret, + // then you must also specify the RemoveFromVersionId parameter. + MoveToVersionId *string `min:"32" type:"string"` + + // The ID of the version that the staging label is to be removed from. If the + // staging label you are trying to attach to one version is already attached + // to a different version, then you must include this parameter and specify + // the version that the label is to be removed from. If the label is attached + // and you either do not specify this parameter, or the version ID does not + // match, then the operation fails. + RemoveFromVersionId *string `min:"32" type:"string"` + + // The ARN or the name of the secret with the version and staging labelsto modify. + // + // For an ARN, we recommend that you specify a complete ARN rather than a partial + // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // The staging label to add to this version. + // + // VersionStage is a required field + VersionStage *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretVersionStageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretVersionStageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateSecretVersionStageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"} + if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 { + invalidParams.Add(request.NewErrParamMinLen("MoveToVersionId", 32)) + } + if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 { + invalidParams.Add(request.NewErrParamMinLen("RemoveFromVersionId", 32)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.VersionStage == nil { + invalidParams.Add(request.NewErrParamRequired("VersionStage")) + } + if s.VersionStage != nil && len(*s.VersionStage) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMoveToVersionId sets the MoveToVersionId field's value. +func (s *UpdateSecretVersionStageInput) SetMoveToVersionId(v string) *UpdateSecretVersionStageInput { + s.MoveToVersionId = &v + return s +} + +// SetRemoveFromVersionId sets the RemoveFromVersionId field's value. +func (s *UpdateSecretVersionStageInput) SetRemoveFromVersionId(v string) *UpdateSecretVersionStageInput { + s.RemoveFromVersionId = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *UpdateSecretVersionStageInput) SetSecretId(v string) *UpdateSecretVersionStageInput { + s.SecretId = &v + return s +} + +// SetVersionStage sets the VersionStage field's value. +func (s *UpdateSecretVersionStageInput) SetVersionStage(v string) *UpdateSecretVersionStageInput { + s.VersionStage = &v + return s +} + +type UpdateSecretVersionStageOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that was updated. + ARN *string `min:"20" type:"string"` + + // The name of the secret that was updated. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretVersionStageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateSecretVersionStageOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *UpdateSecretVersionStageOutput) SetARN(v string) *UpdateSecretVersionStageOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *UpdateSecretVersionStageOutput) SetName(v string) *UpdateSecretVersionStageOutput { + s.Name = &v + return s +} + +type ValidateResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // A JSON-formatted string that contains an Amazon Web Services resource-based + // policy. The policy in the string identifies who can access or manage this + // secret and its versions. For example policies, see Permissions policy examples + // (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html). + // + // ResourcePolicy is a required field + ResourcePolicy *string `min:"1" type:"string" required:"true"` + + // This field is reserved for internal use. + SecretId *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidateResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidateResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ValidateResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ValidateResourcePolicyInput"} + if s.ResourcePolicy == nil { + invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) + } + if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourcePolicy sets the ResourcePolicy field's value. +func (s *ValidateResourcePolicyInput) SetResourcePolicy(v string) *ValidateResourcePolicyInput { + s.ResourcePolicy = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *ValidateResourcePolicyInput) SetSecretId(v string) *ValidateResourcePolicyInput { + s.SecretId = &v + return s +} + +type ValidateResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // True if your policy passes validation, otherwise false. + PolicyValidationPassed *bool `type:"boolean"` + + // Validation errors if your policy didn't pass validation. + ValidationErrors []*ValidationErrorsEntry `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidateResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidateResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyValidationPassed sets the PolicyValidationPassed field's value. +func (s *ValidateResourcePolicyOutput) SetPolicyValidationPassed(v bool) *ValidateResourcePolicyOutput { + s.PolicyValidationPassed = &v + return s +} + +// SetValidationErrors sets the ValidationErrors field's value. +func (s *ValidateResourcePolicyOutput) SetValidationErrors(v []*ValidationErrorsEntry) *ValidateResourcePolicyOutput { + s.ValidationErrors = v + return s +} + +// Displays errors that occurred during validation of the resource policy. +type ValidationErrorsEntry struct { + _ struct{} `type:"structure"` + + // Checks the name of the policy. + CheckName *string `min:"1" type:"string"` + + // Displays error messages if validation encounters problems during validation + // of the resource policy. + ErrorMessage *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationErrorsEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationErrorsEntry) GoString() string { + return s.String() +} + +// SetCheckName sets the CheckName field's value. +func (s *ValidationErrorsEntry) SetCheckName(v string) *ValidationErrorsEntry { + s.CheckName = &v + return s +} + +// SetErrorMessage sets the ErrorMessage field's value. +func (s *ValidationErrorsEntry) SetErrorMessage(v string) *ValidationErrorsEntry { + s.ErrorMessage = &v + return s +} + +const ( + // FilterNameStringTypeDescription is a FilterNameStringType enum value + FilterNameStringTypeDescription = "description" + + // FilterNameStringTypeName is a FilterNameStringType enum value + FilterNameStringTypeName = "name" + + // FilterNameStringTypeTagKey is a FilterNameStringType enum value + FilterNameStringTypeTagKey = "tag-key" + + // FilterNameStringTypeTagValue is a FilterNameStringType enum value + FilterNameStringTypeTagValue = "tag-value" + + // FilterNameStringTypePrimaryRegion is a FilterNameStringType enum value + FilterNameStringTypePrimaryRegion = "primary-region" + + // FilterNameStringTypeOwningService is a FilterNameStringType enum value + FilterNameStringTypeOwningService = "owning-service" + + // FilterNameStringTypeAll is a FilterNameStringType enum value + FilterNameStringTypeAll = "all" +) + +// FilterNameStringType_Values returns all elements of the FilterNameStringType enum +func FilterNameStringType_Values() []string { + return []string{ + FilterNameStringTypeDescription, + FilterNameStringTypeName, + FilterNameStringTypeTagKey, + FilterNameStringTypeTagValue, + FilterNameStringTypePrimaryRegion, + FilterNameStringTypeOwningService, + FilterNameStringTypeAll, + } +} + +const ( + // SortOrderTypeAsc is a SortOrderType enum value + SortOrderTypeAsc = "asc" + + // SortOrderTypeDesc is a SortOrderType enum value + SortOrderTypeDesc = "desc" +) + +// SortOrderType_Values returns all elements of the SortOrderType enum +func SortOrderType_Values() []string { + return []string{ + SortOrderTypeAsc, + SortOrderTypeDesc, + } +} + +const ( + // StatusTypeInSync is a StatusType enum value + StatusTypeInSync = "InSync" + + // StatusTypeFailed is a StatusType enum value + StatusTypeFailed = "Failed" + + // StatusTypeInProgress is a StatusType enum value + StatusTypeInProgress = "InProgress" +) + +// StatusType_Values returns all elements of the StatusType enum +func StatusType_Values() []string { + return []string{ + StatusTypeInSync, + StatusTypeFailed, + StatusTypeInProgress, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go new file mode 100644 index 00000000000..402a2dd6e55 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go @@ -0,0 +1,63 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package secretsmanager provides the client and types for making API +// requests to AWS Secrets Manager. +// +// Amazon Web Services Secrets Manager provides a service to enable you to store, +// manage, and retrieve, secrets. +// +// This guide provides descriptions of the Secrets Manager API. For more information +// about using this service, see the Amazon Web Services Secrets Manager User +// Guide (https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html). +// +// # API Version +// +// This version of the Secrets Manager API Reference documents the Secrets Manager +// API version 2017-10-17. +// +// For a list of endpoints, see Amazon Web Services Secrets Manager endpoints +// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints). +// +// # Support and Feedback for Amazon Web Services Secrets Manager +// +// We welcome your feedback. Send your comments to awssecretsmanager-feedback@amazon.com +// (mailto:awssecretsmanager-feedback@amazon.com), or post your feedback and +// questions in the Amazon Web Services Secrets Manager Discussion Forum (http://forums.aws.amazon.com/forum.jspa?forumID=296). +// For more information about the Amazon Web Services Discussion Forums, see +// Forums Help (http://forums.aws.amazon.com/help.jspa). +// +// # Logging API Requests +// +// Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, +// a service that records Amazon Web Services API calls for your Amazon Web +// Services account and delivers log files to an Amazon S3 bucket. By using +// information that's collected by Amazon Web Services CloudTrail, you can determine +// the requests successfully made to Secrets Manager, who made the request, +// when it was made, and so on. For more about Amazon Web Services Secrets Manager +// and support for Amazon Web Services CloudTrail, see Logging Amazon Web Services +// Secrets Manager Events with Amazon Web Services CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail) +// in the Amazon Web Services Secrets Manager User Guide. To learn more about +// CloudTrail, including enabling it and find your log files, see the Amazon +// Web Services CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). +// +// See https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17 for more information on this service. +// +// See secretsmanager package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/ +// +// # Using the Client +// +// To contact AWS Secrets Manager with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the AWS Secrets Manager client SecretsManager for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/#New +package secretsmanager diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go new file mode 100644 index 00000000000..ca1b83e3036 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go @@ -0,0 +1,113 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package secretsmanager + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeDecryptionFailure for service response error code + // "DecryptionFailure". + // + // Secrets Manager can't decrypt the protected secret text using the provided + // KMS key. + ErrCodeDecryptionFailure = "DecryptionFailure" + + // ErrCodeEncryptionFailure for service response error code + // "EncryptionFailure". + // + // Secrets Manager can't encrypt the protected secret text using the provided + // KMS key. Check that the KMS key is available, enabled, and not in an invalid + // state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). + ErrCodeEncryptionFailure = "EncryptionFailure" + + // ErrCodeInternalServiceError for service response error code + // "InternalServiceError". + // + // An error occurred on the server side. + ErrCodeInternalServiceError = "InternalServiceError" + + // ErrCodeInvalidNextTokenException for service response error code + // "InvalidNextTokenException". + // + // The NextToken value is invalid. + ErrCodeInvalidNextTokenException = "InvalidNextTokenException" + + // ErrCodeInvalidParameterException for service response error code + // "InvalidParameterException". + // + // The parameter name or value is invalid. + ErrCodeInvalidParameterException = "InvalidParameterException" + + // ErrCodeInvalidRequestException for service response error code + // "InvalidRequestException". + // + // A parameter value is not valid for the current state of the resource. + // + // Possible causes: + // + // * The secret is scheduled for deletion. + // + // * You tried to enable rotation on a secret that doesn't already have a + // Lambda function ARN configured and you didn't include such an ARN as a + // parameter in this call. + // + // * The secret is managed by another service, and you must use that service + // to update it. For more information, see Secrets managed by other Amazon + // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). + ErrCodeInvalidRequestException = "InvalidRequestException" + + // ErrCodeLimitExceededException for service response error code + // "LimitExceededException". + // + // The request failed because it would exceed one of the Secrets Manager quotas. + ErrCodeLimitExceededException = "LimitExceededException" + + // ErrCodeMalformedPolicyDocumentException for service response error code + // "MalformedPolicyDocumentException". + // + // The resource policy has syntax errors. + ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocumentException" + + // ErrCodePreconditionNotMetException for service response error code + // "PreconditionNotMetException". + // + // The request failed because you did not complete all the prerequisite steps. + ErrCodePreconditionNotMetException = "PreconditionNotMetException" + + // ErrCodePublicPolicyException for service response error code + // "PublicPolicyException". + // + // The BlockPublicPolicy parameter is set to true, and the resource policy did + // not prevent broad access to the secret. + ErrCodePublicPolicyException = "PublicPolicyException" + + // ErrCodeResourceExistsException for service response error code + // "ResourceExistsException". + // + // A resource with the ID you requested already exists. + ErrCodeResourceExistsException = "ResourceExistsException" + + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // Secrets Manager can't find the resource that you asked for. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "DecryptionFailure": newErrorDecryptionFailure, + "EncryptionFailure": newErrorEncryptionFailure, + "InternalServiceError": newErrorInternalServiceError, + "InvalidNextTokenException": newErrorInvalidNextTokenException, + "InvalidParameterException": newErrorInvalidParameterException, + "InvalidRequestException": newErrorInvalidRequestException, + "LimitExceededException": newErrorLimitExceededException, + "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, + "PreconditionNotMetException": newErrorPreconditionNotMetException, + "PublicPolicyException": newErrorPublicPolicyException, + "ResourceExistsException": newErrorResourceExistsException, + "ResourceNotFoundException": newErrorResourceNotFoundException, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/service.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/service.go new file mode 100644 index 00000000000..ade1e668867 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/service.go @@ -0,0 +1,108 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package secretsmanager + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +// SecretsManager provides the API operation methods for making requests to +// AWS Secrets Manager. See this package's package overview docs +// for details on the service. +// +// SecretsManager methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type SecretsManager struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "secretsmanager" // Name of service. + EndpointsID = ServiceName // ID to lookup a service endpoint with. + ServiceID = "Secrets Manager" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the SecretsManager client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// +// mySession := session.Must(session.NewSession()) +// +// // Create a SecretsManager client from just a session. +// svc := secretsmanager.New(mySession) +// +// // Create a SecretsManager client with additional configuration +// svc := secretsmanager.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *SecretsManager { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "secretsmanager" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SecretsManager { + svc := &SecretsManager{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2017-10-17", + ResolvedRegion: resolvedRegion, + JSONVersion: "1.1", + TargetPrefix: "secretsmanager", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a SecretsManager operation and runs any +// custom request initialization. +func (c *SecretsManager) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 9d60a72bb77..11f7957f5f6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -308,6 +308,7 @@ github.com/aws/aws-sdk-go/service/dynamodbstreams github.com/aws/aws-sdk-go/service/dynamodbstreams/dynamodbstreamsiface github.com/aws/aws-sdk-go/service/kinesis github.com/aws/aws-sdk-go/service/kinesis/kinesisiface +github.com/aws/aws-sdk-go/service/secretsmanager github.com/aws/aws-sdk-go/service/sqs github.com/aws/aws-sdk-go/service/sqs/sqsiface github.com/aws/aws-sdk-go/service/sso