From 855863c949df3ab626dbf5b1aeacad3a744d4505 Mon Sep 17 00:00:00 2001 From: awstools Date: Thu, 1 Sep 2022 18:40:49 +0000 Subject: [PATCH] feat(client-controltower): This release contains the first SDK for AWS Control Tower. It introduces a new set of APIs: EnableControl, DisableControl, GetControlOperation, and ListEnabledControls. --- clients/client-controltower/.gitignore | 9 + clients/client-controltower/LICENSE | 201 ++++++ clients/client-controltower/README.md | 275 ++++++++ clients/client-controltower/package.json | 99 +++ .../client-controltower/src/ControlTower.ts | 234 +++++++ .../src/ControlTowerClient.ts | 344 ++++++++++ .../src/commands/DisableControlCommand.ts | 103 +++ .../src/commands/EnableControlCommand.ts | 103 +++ .../commands/GetControlOperationCommand.ts | 103 +++ .../commands/ListEnabledControlsCommand.ts | 102 +++ .../client-controltower/src/commands/index.ts | 5 + clients/client-controltower/src/endpoints.ts | 174 +++++ clients/client-controltower/src/index.ts | 7 + .../models/ControlTowerServiceException.ts | 18 + .../client-controltower/src/models/index.ts | 2 + .../src/models/models_0.ts | 370 +++++++++++ .../src/pagination/Interfaces.ts | 9 + .../ListEnabledControlsPaginator.ts | 61 ++ .../src/pagination/index.ts | 3 + .../src/protocols/Aws_restJson1.ts | 587 +++++++++++++++++ .../src/runtimeConfig.browser.ts | 50 ++ .../src/runtimeConfig.native.ts | 18 + .../src/runtimeConfig.shared.ts | 18 + .../client-controltower/src/runtimeConfig.ts | 68 ++ clients/client-controltower/tsconfig.cjs.json | 8 + clients/client-controltower/tsconfig.es.json | 10 + clients/client-controltower/tsconfig.json | 13 + .../client-controltower/tsconfig.types.json | 10 + clients/client-controltower/typedoc.json | 3 + .../sdk-codegen/aws-models/controltower.json | 612 ++++++++++++++++++ 30 files changed, 3619 insertions(+) create mode 100644 clients/client-controltower/.gitignore create mode 100644 clients/client-controltower/LICENSE create mode 100644 clients/client-controltower/README.md create mode 100644 clients/client-controltower/package.json create mode 100644 clients/client-controltower/src/ControlTower.ts create mode 100644 clients/client-controltower/src/ControlTowerClient.ts create mode 100644 clients/client-controltower/src/commands/DisableControlCommand.ts create mode 100644 clients/client-controltower/src/commands/EnableControlCommand.ts create mode 100644 clients/client-controltower/src/commands/GetControlOperationCommand.ts create mode 100644 clients/client-controltower/src/commands/ListEnabledControlsCommand.ts create mode 100644 clients/client-controltower/src/commands/index.ts create mode 100644 clients/client-controltower/src/endpoints.ts create mode 100644 clients/client-controltower/src/index.ts create mode 100644 clients/client-controltower/src/models/ControlTowerServiceException.ts create mode 100644 clients/client-controltower/src/models/index.ts create mode 100644 clients/client-controltower/src/models/models_0.ts create mode 100644 clients/client-controltower/src/pagination/Interfaces.ts create mode 100644 clients/client-controltower/src/pagination/ListEnabledControlsPaginator.ts create mode 100644 clients/client-controltower/src/pagination/index.ts create mode 100644 clients/client-controltower/src/protocols/Aws_restJson1.ts create mode 100644 clients/client-controltower/src/runtimeConfig.browser.ts create mode 100644 clients/client-controltower/src/runtimeConfig.native.ts create mode 100644 clients/client-controltower/src/runtimeConfig.shared.ts create mode 100644 clients/client-controltower/src/runtimeConfig.ts create mode 100644 clients/client-controltower/tsconfig.cjs.json create mode 100644 clients/client-controltower/tsconfig.es.json create mode 100644 clients/client-controltower/tsconfig.json create mode 100644 clients/client-controltower/tsconfig.types.json create mode 100644 clients/client-controltower/typedoc.json create mode 100644 codegen/sdk-codegen/aws-models/controltower.json diff --git a/clients/client-controltower/.gitignore b/clients/client-controltower/.gitignore new file mode 100644 index 000000000000..54f14c9aef25 --- /dev/null +++ b/clients/client-controltower/.gitignore @@ -0,0 +1,9 @@ +/node_modules/ +/build/ +/coverage/ +/docs/ +/dist-* +*.tsbuildinfo +*.tgz +*.log +package-lock.json diff --git a/clients/client-controltower/LICENSE b/clients/client-controltower/LICENSE new file mode 100644 index 000000000000..8efcd8d5c5b7 --- /dev/null +++ b/clients/client-controltower/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/clients/client-controltower/README.md b/clients/client-controltower/README.md new file mode 100644 index 000000000000..7611957fe317 --- /dev/null +++ b/clients/client-controltower/README.md @@ -0,0 +1,275 @@ + + +# @aws-sdk/client-controltower + +[![NPM version](https://img.shields.io/npm/v/@aws-sdk/client-controltower/latest.svg)](https://www.npmjs.com/package/@aws-sdk/client-controltower) +[![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/client-controltower.svg)](https://www.npmjs.com/package/@aws-sdk/client-controltower) + +## Description + +AWS SDK for JavaScript ControlTower Client for Node.js, Browser and React Native. + +

These interfaces allow you to apply the AWS library of pre-defined controls to your +organizational units, programmatically. In this context, controls are the same as AWS Control Tower guardrails.

+

To call these APIs, you'll need to know:

+ +

+To get the ControlARN for your AWS Control Tower guardrail: +

+

The ControlARN contains the control name which is specified in each guardrail. For a list of control names for Strongly recommended and Elective guardrails, see Resource identifiers for APIs and guardrails in the Automating tasks section of the AWS Control Tower User Guide. Remember that Mandatory guardrails cannot be added or removed.

+ +

+ARN format: +arn:aws:controltower:{REGION}::control/{CONTROL_NAME} +

+

+Example: +

+

+arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED +

+ +

+To get the ARN for an OU: +

+

In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

+ +

+OU ARN format: +

+

+arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId} +

+ +

+Details and examples +

+ +

To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower +

+

+Recording API Requests +

+

AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its support for CloudTrail, see Logging AWS Control Tower Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.

+ +## Installing + +To install the this package, simply type add or install @aws-sdk/client-controltower +using your favorite package manager: + +- `npm install @aws-sdk/client-controltower` +- `yarn add @aws-sdk/client-controltower` +- `pnpm add @aws-sdk/client-controltower` + +## Getting Started + +### Import + +The AWS SDK is modulized by clients and commands. +To send a request, you only need to import the `ControlTowerClient` and +the commands you need, for example `DisableControlCommand`: + +```js +// ES5 example +const { ControlTowerClient, DisableControlCommand } = require("@aws-sdk/client-controltower"); +``` + +```ts +// ES6+ example +import { ControlTowerClient, DisableControlCommand } from "@aws-sdk/client-controltower"; +``` + +### Usage + +To send a request, you: + +- Initiate client with configuration (e.g. credentials, region). +- Initiate command with input parameters. +- Call `send` operation on client with command object as input. +- If you are using a custom http handler, you may call `destroy()` to close open connections. + +```js +// a client can be shared by different commands. +const client = new ControlTowerClient({ region: "REGION" }); + +const params = { + /** input parameters */ +}; +const command = new DisableControlCommand(params); +``` + +#### Async/await + +We recommend using [await](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/await) +operator to wait for the promise returned by send operation as follows: + +```js +// async/await. +try { + const data = await client.send(command); + // process data. +} catch (error) { + // error handling. +} finally { + // finally. +} +``` + +Async-await is clean, concise, intuitive, easy to debug and has better error handling +as compared to using Promise chains or callbacks. + +#### Promises + +You can also use [Promise chaining](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Using_promises#chaining) +to execute send operation. + +```js +client.send(command).then( + (data) => { + // process data. + }, + (error) => { + // error handling. + } +); +``` + +Promises can also be called using `.catch()` and `.finally()` as follows: + +```js +client + .send(command) + .then((data) => { + // process data. + }) + .catch((error) => { + // error handling. + }) + .finally(() => { + // finally. + }); +``` + +#### Callbacks + +We do not recommend using callbacks because of [callback hell](http://callbackhell.com/), +but they are supported by the send operation. + +```js +// callbacks. +client.send(command, (err, data) => { + // process err and data. +}); +``` + +#### v2 compatible style + +The client can also send requests using v2 compatible style. +However, it results in a bigger bundle size and may be dropped in next major version. More details in the blog post +on [modular packages in AWS SDK for JavaScript](https://aws.amazon.com/blogs/developer/modular-packages-in-aws-sdk-for-javascript/) + +```ts +import * as AWS from "@aws-sdk/client-controltower"; +const client = new AWS.ControlTower({ region: "REGION" }); + +// async/await. +try { + const data = await client.disableControl(params); + // process data. +} catch (error) { + // error handling. +} + +// Promises. +client + .disableControl(params) + .then((data) => { + // process data. + }) + .catch((error) => { + // error handling. + }); + +// callbacks. +client.disableControl(params, (err, data) => { + // process err and data. +}); +``` + +### Troubleshooting + +When the service returns an exception, the error will include the exception information, +as well as response metadata (e.g. request id). + +```js +try { + const data = await client.send(command); + // process data. +} catch (error) { + const { requestId, cfId, extendedRequestId } = error.$$metadata; + console.log({ requestId, cfId, extendedRequestId }); + /** + * The keys within exceptions are also parsed. + * You can access them by specifying exception names: + * if (error.name === 'SomeServiceException') { + * const value = error.specialKeyInException; + * } + */ +} +``` + +## Getting Help + +Please use these community resources for getting help. +We use the GitHub issues for tracking bugs and feature requests, but have limited bandwidth to address them. + +- Visit [Developer Guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/welcome.html) + or [API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html). +- Check out the blog posts tagged with [`aws-sdk-js`](https://aws.amazon.com/blogs/developer/tag/aws-sdk-js/) + on AWS Developer Blog. +- Ask a question on [StackOverflow](https://stackoverflow.com/questions/tagged/aws-sdk-js) and tag it with `aws-sdk-js`. +- Join the AWS JavaScript community on [gitter](https://gitter.im/aws/aws-sdk-js-v3). +- If it turns out that you may have found a bug, please [open an issue](https://github.com/aws/aws-sdk-js-v3/issues/new/choose). + +To test your universal JavaScript code in Node.js, browser and react-native environments, +visit our [code samples repo](https://github.com/aws-samples/aws-sdk-js-tests). + +## Contributing + +This client code is generated automatically. Any modifications will be overwritten the next time the `@aws-sdk/client-controltower` package is updated. +To contribute to client you can check our [generate clients scripts](https://github.com/aws/aws-sdk-js-v3/tree/main/scripts/generate-clients). + +## License + +This SDK is distributed under the +[Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), +see LICENSE for more information. diff --git a/clients/client-controltower/package.json b/clients/client-controltower/package.json new file mode 100644 index 000000000000..7cf92dc1af5d --- /dev/null +++ b/clients/client-controltower/package.json @@ -0,0 +1,99 @@ +{ + "name": "@aws-sdk/client-controltower", + "description": "AWS SDK for JavaScript Controltower Client for Node.js, Browser and React Native", + "version": "3.0.0", + "scripts": { + "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'", + "build:cjs": "tsc -p tsconfig.cjs.json", + "build:docs": "typedoc", + "build:es": "tsc -p tsconfig.es.json", + "build:types": "tsc -p tsconfig.types.json", + "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4", + "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo" + }, + "main": "./dist-cjs/index.js", + "types": "./dist-types/index.d.ts", + "module": "./dist-es/index.js", + "sideEffects": false, + "dependencies": { + "@aws-crypto/sha256-browser": "2.0.0", + "@aws-crypto/sha256-js": "2.0.0", + "@aws-sdk/client-sts": "*", + "@aws-sdk/config-resolver": "*", + "@aws-sdk/credential-provider-node": "*", + "@aws-sdk/fetch-http-handler": "*", + "@aws-sdk/hash-node": "*", + "@aws-sdk/invalid-dependency": "*", + "@aws-sdk/middleware-content-length": "*", + "@aws-sdk/middleware-host-header": "*", + "@aws-sdk/middleware-logger": "*", + "@aws-sdk/middleware-recursion-detection": "*", + "@aws-sdk/middleware-retry": "*", + "@aws-sdk/middleware-serde": "*", + "@aws-sdk/middleware-signing": "*", + "@aws-sdk/middleware-stack": "*", + "@aws-sdk/middleware-user-agent": "*", + "@aws-sdk/node-config-provider": "*", + "@aws-sdk/node-http-handler": "*", + "@aws-sdk/protocol-http": "*", + "@aws-sdk/smithy-client": "*", + "@aws-sdk/types": "*", + "@aws-sdk/url-parser": "*", + "@aws-sdk/util-base64-browser": "*", + "@aws-sdk/util-base64-node": "*", + "@aws-sdk/util-body-length-browser": "*", + "@aws-sdk/util-body-length-node": "*", + "@aws-sdk/util-defaults-mode-browser": "*", + "@aws-sdk/util-defaults-mode-node": "*", + "@aws-sdk/util-user-agent-browser": "*", + "@aws-sdk/util-user-agent-node": "*", + "@aws-sdk/util-utf8-browser": "*", + "@aws-sdk/util-utf8-node": "*", + "tslib": "^2.3.1" + }, + "devDependencies": { + "@aws-sdk/service-client-documentation-generator": "*", + "@tsconfig/recommended": "1.0.1", + "@types/node": "^12.7.5", + "concurrently": "7.0.0", + "downlevel-dts": "0.7.0", + "rimraf": "3.0.2", + "typedoc": "0.19.2", + "typescript": "~4.6.2" + }, + "overrides": { + "typedoc": { + "typescript": "~4.6.2" + } + }, + "engines": { + "node": ">=12.0.0" + }, + "typesVersions": { + "<4.0": { + "dist-types/*": [ + "dist-types/ts3.4/*" + ] + } + }, + "files": [ + "dist-*" + ], + "author": { + "name": "AWS SDK for JavaScript Team", + "url": "https://aws.amazon.com/javascript/" + }, + "license": "Apache-2.0", + "browser": { + "./dist-es/runtimeConfig": "./dist-es/runtimeConfig.browser" + }, + "react-native": { + "./dist-es/runtimeConfig": "./dist-es/runtimeConfig.native" + }, + "homepage": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-controltower", + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-sdk-js-v3.git", + "directory": "clients/client-controltower" + } +} diff --git a/clients/client-controltower/src/ControlTower.ts b/clients/client-controltower/src/ControlTower.ts new file mode 100644 index 000000000000..b7f964d625ff --- /dev/null +++ b/clients/client-controltower/src/ControlTower.ts @@ -0,0 +1,234 @@ +// smithy-typescript generated code +import { HttpHandlerOptions as __HttpHandlerOptions } from "@aws-sdk/types"; + +import { + DisableControlCommand, + DisableControlCommandInput, + DisableControlCommandOutput, +} from "./commands/DisableControlCommand"; +import { + EnableControlCommand, + EnableControlCommandInput, + EnableControlCommandOutput, +} from "./commands/EnableControlCommand"; +import { + GetControlOperationCommand, + GetControlOperationCommandInput, + GetControlOperationCommandOutput, +} from "./commands/GetControlOperationCommand"; +import { + ListEnabledControlsCommand, + ListEnabledControlsCommandInput, + ListEnabledControlsCommandOutput, +} from "./commands/ListEnabledControlsCommand"; +import { ControlTowerClient } from "./ControlTowerClient"; + +/** + *

These interfaces allow you to apply the AWS library of pre-defined controls to your + * organizational units, programmatically. In this context, controls are the same as AWS Control Tower guardrails.

+ *

To call these APIs, you'll need to know:

+ * + *

+ * To get the ControlARN for your AWS Control Tower guardrail: + *

+ *

The ControlARN contains the control name which is specified in each guardrail. For a list of control names for Strongly recommended and Elective guardrails, see Resource identifiers for APIs and guardrails in the Automating tasks section of the AWS Control Tower User Guide. Remember that Mandatory guardrails cannot be added or removed.

+ * + *

+ * ARN format: + * arn:aws:controltower:{REGION}::control/{CONTROL_NAME} + *

+ *

+ * Example: + *

+ *

+ * arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED + *

+ * + *

+ * To get the ARN for an OU: + *

+ *

In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

+ * + *

+ * OU ARN format: + *

+ *

+ * arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId} + *

+ * + *

+ * Details and examples + *

+ * + *

To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower + *

+ *

+ * Recording API Requests + *

+ *

AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its support for CloudTrail, see Logging AWS Control Tower Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.

+ */ +export class ControlTower extends ControlTowerClient { + /** + *

This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified + * organizational unit and the accounts it contains. The resources will vary according to the + * control that you specify.

+ */ + public disableControl( + args: DisableControlCommandInput, + options?: __HttpHandlerOptions + ): Promise; + public disableControl( + args: DisableControlCommandInput, + cb: (err: any, data?: DisableControlCommandOutput) => void + ): void; + public disableControl( + args: DisableControlCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: DisableControlCommandOutput) => void + ): void; + public disableControl( + args: DisableControlCommandInput, + optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: DisableControlCommandOutput) => void), + cb?: (err: any, data?: DisableControlCommandOutput) => void + ): Promise | void { + const command = new DisableControlCommand(args); + if (typeof optionsOrCb === "function") { + this.send(command, optionsOrCb); + } else if (typeof cb === "function") { + if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`); + this.send(command, optionsOrCb || {}, cb); + } else { + return this.send(command, optionsOrCb); + } + } + + /** + *

This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified + * organizational unit and the accounts it contains. The resources created will vary according to + * the control that you specify.

+ */ + public enableControl( + args: EnableControlCommandInput, + options?: __HttpHandlerOptions + ): Promise; + public enableControl( + args: EnableControlCommandInput, + cb: (err: any, data?: EnableControlCommandOutput) => void + ): void; + public enableControl( + args: EnableControlCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: EnableControlCommandOutput) => void + ): void; + public enableControl( + args: EnableControlCommandInput, + optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: EnableControlCommandOutput) => void), + cb?: (err: any, data?: EnableControlCommandOutput) => void + ): Promise | void { + const command = new EnableControlCommand(args); + if (typeof optionsOrCb === "function") { + this.send(command, optionsOrCb); + } else if (typeof cb === "function") { + if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`); + this.send(command, optionsOrCb || {}, cb); + } else { + return this.send(command, optionsOrCb); + } + } + + /** + *

Returns the status of a particular EnableControl or + * DisableControl operation. Displays a message in case of error. + * Details for an operation are available for 90 days.

+ */ + public getControlOperation( + args: GetControlOperationCommandInput, + options?: __HttpHandlerOptions + ): Promise; + public getControlOperation( + args: GetControlOperationCommandInput, + cb: (err: any, data?: GetControlOperationCommandOutput) => void + ): void; + public getControlOperation( + args: GetControlOperationCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: GetControlOperationCommandOutput) => void + ): void; + public getControlOperation( + args: GetControlOperationCommandInput, + optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: GetControlOperationCommandOutput) => void), + cb?: (err: any, data?: GetControlOperationCommandOutput) => void + ): Promise | void { + const command = new GetControlOperationCommand(args); + if (typeof optionsOrCb === "function") { + this.send(command, optionsOrCb); + } else if (typeof cb === "function") { + if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`); + this.send(command, optionsOrCb || {}, cb); + } else { + return this.send(command, optionsOrCb); + } + } + + /** + *

Lists the controls enabled by AWS Control Tower on the specified organizational unit and + * the accounts it contains.

+ */ + public listEnabledControls( + args: ListEnabledControlsCommandInput, + options?: __HttpHandlerOptions + ): Promise; + public listEnabledControls( + args: ListEnabledControlsCommandInput, + cb: (err: any, data?: ListEnabledControlsCommandOutput) => void + ): void; + public listEnabledControls( + args: ListEnabledControlsCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: ListEnabledControlsCommandOutput) => void + ): void; + public listEnabledControls( + args: ListEnabledControlsCommandInput, + optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: ListEnabledControlsCommandOutput) => void), + cb?: (err: any, data?: ListEnabledControlsCommandOutput) => void + ): Promise | void { + const command = new ListEnabledControlsCommand(args); + if (typeof optionsOrCb === "function") { + this.send(command, optionsOrCb); + } else if (typeof cb === "function") { + if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`); + this.send(command, optionsOrCb || {}, cb); + } else { + return this.send(command, optionsOrCb); + } + } +} diff --git a/clients/client-controltower/src/ControlTowerClient.ts b/clients/client-controltower/src/ControlTowerClient.ts new file mode 100644 index 000000000000..08e5b18bb3c9 --- /dev/null +++ b/clients/client-controltower/src/ControlTowerClient.ts @@ -0,0 +1,344 @@ +// smithy-typescript generated code +import { + EndpointsInputConfig, + EndpointsResolvedConfig, + RegionInputConfig, + RegionResolvedConfig, + resolveEndpointsConfig, + resolveRegionConfig, +} from "@aws-sdk/config-resolver"; +import { getContentLengthPlugin } from "@aws-sdk/middleware-content-length"; +import { + getHostHeaderPlugin, + HostHeaderInputConfig, + HostHeaderResolvedConfig, + resolveHostHeaderConfig, +} from "@aws-sdk/middleware-host-header"; +import { getLoggerPlugin } from "@aws-sdk/middleware-logger"; +import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection"; +import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@aws-sdk/middleware-retry"; +import { + AwsAuthInputConfig, + AwsAuthResolvedConfig, + getAwsAuthPlugin, + resolveAwsAuthConfig, +} from "@aws-sdk/middleware-signing"; +import { + getUserAgentPlugin, + resolveUserAgentConfig, + UserAgentInputConfig, + UserAgentResolvedConfig, +} from "@aws-sdk/middleware-user-agent"; +import { HttpHandler as __HttpHandler } from "@aws-sdk/protocol-http"; +import { + Client as __Client, + DefaultsMode, + SmithyConfiguration as __SmithyConfiguration, + SmithyResolvedConfiguration as __SmithyResolvedConfiguration, +} from "@aws-sdk/smithy-client"; +import { + BodyLengthCalculator as __BodyLengthCalculator, + Credentials as __Credentials, + Decoder as __Decoder, + Encoder as __Encoder, + Hash as __Hash, + HashConstructor as __HashConstructor, + HttpHandlerOptions as __HttpHandlerOptions, + Logger as __Logger, + Provider as __Provider, + Provider, + RegionInfoProvider, + StreamCollector as __StreamCollector, + UrlParser as __UrlParser, + UserAgent as __UserAgent, +} from "@aws-sdk/types"; + +import { DisableControlCommandInput, DisableControlCommandOutput } from "./commands/DisableControlCommand"; +import { EnableControlCommandInput, EnableControlCommandOutput } from "./commands/EnableControlCommand"; +import { + GetControlOperationCommandInput, + GetControlOperationCommandOutput, +} from "./commands/GetControlOperationCommand"; +import { + ListEnabledControlsCommandInput, + ListEnabledControlsCommandOutput, +} from "./commands/ListEnabledControlsCommand"; +import { getRuntimeConfig as __getRuntimeConfig } from "./runtimeConfig"; + +export type ServiceInputTypes = + | DisableControlCommandInput + | EnableControlCommandInput + | GetControlOperationCommandInput + | ListEnabledControlsCommandInput; + +export type ServiceOutputTypes = + | DisableControlCommandOutput + | EnableControlCommandOutput + | GetControlOperationCommandOutput + | ListEnabledControlsCommandOutput; + +export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__HttpHandlerOptions>> { + /** + * The HTTP handler to use. Fetch in browser and Https in Nodejs. + */ + requestHandler?: __HttpHandler; + + /** + * A constructor for a class implementing the {@link __Hash} interface + * that computes the SHA-256 HMAC or checksum of a string or binary buffer. + * @internal + */ + sha256?: __HashConstructor; + + /** + * The function that will be used to convert strings into HTTP endpoints. + * @internal + */ + urlParser?: __UrlParser; + + /** + * A function that can calculate the length of a request body. + * @internal + */ + bodyLengthChecker?: __BodyLengthCalculator; + + /** + * A function that converts a stream into an array of bytes. + * @internal + */ + streamCollector?: __StreamCollector; + + /** + * The function that will be used to convert a base64-encoded string to a byte array. + * @internal + */ + base64Decoder?: __Decoder; + + /** + * The function that will be used to convert binary data to a base64-encoded string. + * @internal + */ + base64Encoder?: __Encoder; + + /** + * The function that will be used to convert a UTF8-encoded string to a byte array. + * @internal + */ + utf8Decoder?: __Decoder; + + /** + * The function that will be used to convert binary data to a UTF-8 encoded string. + * @internal + */ + utf8Encoder?: __Encoder; + + /** + * The runtime environment. + * @internal + */ + runtime?: string; + + /** + * Disable dyanamically changing the endpoint of the client based on the hostPrefix + * trait of an operation. + */ + disableHostPrefix?: boolean; + + /** + * Value for how many times a request will be made at most in case of retry. + */ + maxAttempts?: number | __Provider; + + /** + * Specifies which retry algorithm to use. + */ + retryMode?: string | __Provider; + + /** + * Optional logger for logging debug/info/warn/error. + */ + logger?: __Logger; + + /** + * Enables IPv6/IPv4 dualstack endpoint. + */ + useDualstackEndpoint?: boolean | __Provider; + + /** + * Enables FIPS compatible endpoints. + */ + useFipsEndpoint?: boolean | __Provider; + + /** + * Unique service identifier. + * @internal + */ + serviceId?: string; + + /** + * The AWS region to which this client will send requests + */ + region?: string | __Provider; + + /** + * Default credentials provider; Not available in browser runtime. + * @internal + */ + credentialDefaultProvider?: (input: any) => __Provider<__Credentials>; + + /** + * Fetch related hostname, signing name or signing region with given region. + * @internal + */ + regionInfoProvider?: RegionInfoProvider; + + /** + * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header + * @internal + */ + defaultUserAgentProvider?: Provider<__UserAgent>; + + /** + * The {@link DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK. + */ + defaultsMode?: DefaultsMode | Provider; +} + +type ControlTowerClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & + ClientDefaults & + RegionInputConfig & + EndpointsInputConfig & + RetryInputConfig & + HostHeaderInputConfig & + AwsAuthInputConfig & + UserAgentInputConfig; +/** + * The configuration interface of ControlTowerClient class constructor that set the region, credentials and other options. + */ +export interface ControlTowerClientConfig extends ControlTowerClientConfigType {} + +type ControlTowerClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & + Required & + RegionResolvedConfig & + EndpointsResolvedConfig & + RetryResolvedConfig & + HostHeaderResolvedConfig & + AwsAuthResolvedConfig & + UserAgentResolvedConfig; +/** + * The resolved configuration interface of ControlTowerClient class. This is resolved and normalized from the {@link ControlTowerClientConfig | constructor configuration interface}. + */ +export interface ControlTowerClientResolvedConfig extends ControlTowerClientResolvedConfigType {} + +/** + *

These interfaces allow you to apply the AWS library of pre-defined controls to your + * organizational units, programmatically. In this context, controls are the same as AWS Control Tower guardrails.

+ *

To call these APIs, you'll need to know:

+ *
    + *
  • + *

    the ControlARN for the control--that is, the + * guardrail--you are targeting,

    + *
    • + *
  • + *

    and the ARN associated with the target organizational unit (OU).

    + *
    • + *
+ *

+ * To get the ControlARN for your AWS Control Tower guardrail: + *

+ *

The ControlARN contains the control name which is specified in each guardrail. For a list of control names for Strongly recommended and Elective guardrails, see Resource identifiers for APIs and guardrails in the Automating tasks section of the AWS Control Tower User Guide. Remember that Mandatory guardrails cannot be added or removed.

+ * + *

+ * ARN format: + * arn:aws:controltower:{REGION}::control/{CONTROL_NAME} + *

+ *

+ * Example: + *

+ *

+ * arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED + *

+ * + *

+ * To get the ARN for an OU: + *

+ *

In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

+ * + *

+ * OU ARN format: + *

+ *

+ * arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId} + *

+ * + *

+ * Details and examples + *

+ * + *

To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower + *

+ *

+ * Recording API Requests + *

+ *

AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its support for CloudTrail, see Logging AWS Control Tower Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.

+ */ +export class ControlTowerClient extends __Client< + __HttpHandlerOptions, + ServiceInputTypes, + ServiceOutputTypes, + ControlTowerClientResolvedConfig +> { + /** + * The resolved configuration of ControlTowerClient class. This is resolved and normalized from the {@link ControlTowerClientConfig | constructor configuration interface}. + */ + readonly config: ControlTowerClientResolvedConfig; + + constructor(configuration: ControlTowerClientConfig) { + const _config_0 = __getRuntimeConfig(configuration); + const _config_1 = resolveRegionConfig(_config_0); + const _config_2 = resolveEndpointsConfig(_config_1); + const _config_3 = resolveRetryConfig(_config_2); + const _config_4 = resolveHostHeaderConfig(_config_3); + const _config_5 = resolveAwsAuthConfig(_config_4); + const _config_6 = resolveUserAgentConfig(_config_5); + super(_config_6); + this.config = _config_6; + this.middlewareStack.use(getRetryPlugin(this.config)); + this.middlewareStack.use(getContentLengthPlugin(this.config)); + this.middlewareStack.use(getHostHeaderPlugin(this.config)); + this.middlewareStack.use(getLoggerPlugin(this.config)); + this.middlewareStack.use(getRecursionDetectionPlugin(this.config)); + this.middlewareStack.use(getAwsAuthPlugin(this.config)); + this.middlewareStack.use(getUserAgentPlugin(this.config)); + } + + /** + * Destroy underlying resources, like sockets. It's usually not necessary to do this. + * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. + * Otherwise, sockets might stay open for quite a long time before the server terminates them. + */ + destroy(): void { + super.destroy(); + } +} diff --git a/clients/client-controltower/src/commands/DisableControlCommand.ts b/clients/client-controltower/src/commands/DisableControlCommand.ts new file mode 100644 index 000000000000..ef9b67cf63d7 --- /dev/null +++ b/clients/client-controltower/src/commands/DisableControlCommand.ts @@ -0,0 +1,103 @@ +// smithy-typescript generated code +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { + DisableControlInput, + DisableControlInputFilterSensitiveLog, + DisableControlOutput, + DisableControlOutputFilterSensitiveLog, +} from "../models/models_0"; +import { + deserializeAws_restJson1DisableControlCommand, + serializeAws_restJson1DisableControlCommand, +} from "../protocols/Aws_restJson1"; + +export interface DisableControlCommandInput extends DisableControlInput {} +export interface DisableControlCommandOutput extends DisableControlOutput, __MetadataBearer {} + +/** + *

This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified + * organizational unit and the accounts it contains. The resources will vary according to the + * control that you specify.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, DisableControlCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, DisableControlCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const command = new DisableControlCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link DisableControlCommandInput} for command's `input` shape. + * @see {@link DisableControlCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + */ +export class DisableControlCommand extends $Command< + DisableControlCommandInput, + DisableControlCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: DisableControlCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "DisableControlCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: DisableControlInputFilterSensitiveLog, + outputFilterSensitiveLog: DisableControlOutputFilterSensitiveLog, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + private serialize(input: DisableControlCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return serializeAws_restJson1DisableControlCommand(input, context); + } + + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return deserializeAws_restJson1DisableControlCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-controltower/src/commands/EnableControlCommand.ts b/clients/client-controltower/src/commands/EnableControlCommand.ts new file mode 100644 index 000000000000..dc65e48916bd --- /dev/null +++ b/clients/client-controltower/src/commands/EnableControlCommand.ts @@ -0,0 +1,103 @@ +// smithy-typescript generated code +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { + EnableControlInput, + EnableControlInputFilterSensitiveLog, + EnableControlOutput, + EnableControlOutputFilterSensitiveLog, +} from "../models/models_0"; +import { + deserializeAws_restJson1EnableControlCommand, + serializeAws_restJson1EnableControlCommand, +} from "../protocols/Aws_restJson1"; + +export interface EnableControlCommandInput extends EnableControlInput {} +export interface EnableControlCommandOutput extends EnableControlOutput, __MetadataBearer {} + +/** + *

This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified + * organizational unit and the accounts it contains. The resources created will vary according to + * the control that you specify.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, EnableControlCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, EnableControlCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const command = new EnableControlCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link EnableControlCommandInput} for command's `input` shape. + * @see {@link EnableControlCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + */ +export class EnableControlCommand extends $Command< + EnableControlCommandInput, + EnableControlCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: EnableControlCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "EnableControlCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: EnableControlInputFilterSensitiveLog, + outputFilterSensitiveLog: EnableControlOutputFilterSensitiveLog, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + private serialize(input: EnableControlCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return serializeAws_restJson1EnableControlCommand(input, context); + } + + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return deserializeAws_restJson1EnableControlCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-controltower/src/commands/GetControlOperationCommand.ts b/clients/client-controltower/src/commands/GetControlOperationCommand.ts new file mode 100644 index 000000000000..112b6633b0ec --- /dev/null +++ b/clients/client-controltower/src/commands/GetControlOperationCommand.ts @@ -0,0 +1,103 @@ +// smithy-typescript generated code +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { + GetControlOperationInput, + GetControlOperationInputFilterSensitiveLog, + GetControlOperationOutput, + GetControlOperationOutputFilterSensitiveLog, +} from "../models/models_0"; +import { + deserializeAws_restJson1GetControlOperationCommand, + serializeAws_restJson1GetControlOperationCommand, +} from "../protocols/Aws_restJson1"; + +export interface GetControlOperationCommandInput extends GetControlOperationInput {} +export interface GetControlOperationCommandOutput extends GetControlOperationOutput, __MetadataBearer {} + +/** + *

Returns the status of a particular EnableControl or + * DisableControl operation. Displays a message in case of error. + * Details for an operation are available for 90 days.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, GetControlOperationCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, GetControlOperationCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const command = new GetControlOperationCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link GetControlOperationCommandInput} for command's `input` shape. + * @see {@link GetControlOperationCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + */ +export class GetControlOperationCommand extends $Command< + GetControlOperationCommandInput, + GetControlOperationCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: GetControlOperationCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "GetControlOperationCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: GetControlOperationInputFilterSensitiveLog, + outputFilterSensitiveLog: GetControlOperationOutputFilterSensitiveLog, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + private serialize(input: GetControlOperationCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return serializeAws_restJson1GetControlOperationCommand(input, context); + } + + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return deserializeAws_restJson1GetControlOperationCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts new file mode 100644 index 000000000000..2a256ffa1d65 --- /dev/null +++ b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts @@ -0,0 +1,102 @@ +// smithy-typescript generated code +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { + ListEnabledControlsInput, + ListEnabledControlsInputFilterSensitiveLog, + ListEnabledControlsOutput, + ListEnabledControlsOutputFilterSensitiveLog, +} from "../models/models_0"; +import { + deserializeAws_restJson1ListEnabledControlsCommand, + serializeAws_restJson1ListEnabledControlsCommand, +} from "../protocols/Aws_restJson1"; + +export interface ListEnabledControlsCommandInput extends ListEnabledControlsInput {} +export interface ListEnabledControlsCommandOutput extends ListEnabledControlsOutput, __MetadataBearer {} + +/** + *

Lists the controls enabled by AWS Control Tower on the specified organizational unit and + * the accounts it contains.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, ListEnabledControlsCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, ListEnabledControlsCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const command = new ListEnabledControlsCommand(input); + * const response = await client.send(command); + * ``` + * + * @see {@link ListEnabledControlsCommandInput} for command's `input` shape. + * @see {@link ListEnabledControlsCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + */ +export class ListEnabledControlsCommand extends $Command< + ListEnabledControlsCommandInput, + ListEnabledControlsCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + constructor(readonly input: ListEnabledControlsCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "ListEnabledControlsCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: ListEnabledControlsInputFilterSensitiveLog, + outputFilterSensitiveLog: ListEnabledControlsOutputFilterSensitiveLog, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + private serialize(input: ListEnabledControlsCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return serializeAws_restJson1ListEnabledControlsCommand(input, context); + } + + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return deserializeAws_restJson1ListEnabledControlsCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-controltower/src/commands/index.ts b/clients/client-controltower/src/commands/index.ts new file mode 100644 index 000000000000..70adfe8a2290 --- /dev/null +++ b/clients/client-controltower/src/commands/index.ts @@ -0,0 +1,5 @@ +// smithy-typescript generated code +export * from "./DisableControlCommand"; +export * from "./EnableControlCommand"; +export * from "./GetControlOperationCommand"; +export * from "./ListEnabledControlsCommand"; diff --git a/clients/client-controltower/src/endpoints.ts b/clients/client-controltower/src/endpoints.ts new file mode 100644 index 000000000000..5d8b7d391dc7 --- /dev/null +++ b/clients/client-controltower/src/endpoints.ts @@ -0,0 +1,174 @@ +// smithy-typescript generated code +import { getRegionInfo, PartitionHash, RegionHash } from "@aws-sdk/config-resolver"; +import { RegionInfoProvider, RegionInfoProviderOptions } from "@aws-sdk/types"; + +const regionHash: RegionHash = { + "ca-central-1": { + variants: [ + { + hostname: "controltower-fips.ca-central-1.amazonaws.com", + tags: ["fips"], + }, + ], + }, + "us-east-1": { + variants: [ + { + hostname: "controltower-fips.us-east-1.amazonaws.com", + tags: ["fips"], + }, + ], + }, + "us-east-2": { + variants: [ + { + hostname: "controltower-fips.us-east-2.amazonaws.com", + tags: ["fips"], + }, + ], + }, + "us-west-2": { + variants: [ + { + hostname: "controltower-fips.us-west-2.amazonaws.com", + tags: ["fips"], + }, + ], + }, +}; + +const partitionHash: PartitionHash = { + aws: { + regions: [ + "af-south-1", + "ap-east-1", + "ap-northeast-1", + "ap-northeast-2", + "ap-northeast-3", + "ap-south-1", + "ap-southeast-1", + "ap-southeast-2", + "ap-southeast-3", + "ca-central-1", + "ca-central-1-fips", + "eu-central-1", + "eu-north-1", + "eu-south-1", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "me-central-1", + "me-south-1", + "sa-east-1", + "us-east-1", + "us-east-1-fips", + "us-east-2", + "us-east-2-fips", + "us-west-1", + "us-west-2", + "us-west-2-fips", + ], + regionRegex: "^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$", + variants: [ + { + hostname: "controltower.{region}.amazonaws.com", + tags: [], + }, + { + hostname: "controltower-fips.{region}.amazonaws.com", + tags: ["fips"], + }, + { + hostname: "controltower-fips.{region}.api.aws", + tags: ["dualstack", "fips"], + }, + { + hostname: "controltower.{region}.api.aws", + tags: ["dualstack"], + }, + ], + }, + "aws-cn": { + regions: ["cn-north-1", "cn-northwest-1"], + regionRegex: "^cn\\-\\w+\\-\\d+$", + variants: [ + { + hostname: "controltower.{region}.amazonaws.com.cn", + tags: [], + }, + { + hostname: "controltower-fips.{region}.amazonaws.com.cn", + tags: ["fips"], + }, + { + hostname: "controltower-fips.{region}.api.amazonwebservices.com.cn", + tags: ["dualstack", "fips"], + }, + { + hostname: "controltower.{region}.api.amazonwebservices.com.cn", + tags: ["dualstack"], + }, + ], + }, + "aws-iso": { + regions: ["us-iso-east-1", "us-iso-west-1"], + regionRegex: "^us\\-iso\\-\\w+\\-\\d+$", + variants: [ + { + hostname: "controltower.{region}.c2s.ic.gov", + tags: [], + }, + { + hostname: "controltower-fips.{region}.c2s.ic.gov", + tags: ["fips"], + }, + ], + }, + "aws-iso-b": { + regions: ["us-isob-east-1"], + regionRegex: "^us\\-isob\\-\\w+\\-\\d+$", + variants: [ + { + hostname: "controltower.{region}.sc2s.sgov.gov", + tags: [], + }, + { + hostname: "controltower-fips.{region}.sc2s.sgov.gov", + tags: ["fips"], + }, + ], + }, + "aws-us-gov": { + regions: ["us-gov-east-1", "us-gov-west-1"], + regionRegex: "^us\\-gov\\-\\w+\\-\\d+$", + variants: [ + { + hostname: "controltower.{region}.amazonaws.com", + tags: [], + }, + { + hostname: "controltower-fips.{region}.amazonaws.com", + tags: ["fips"], + }, + { + hostname: "controltower-fips.{region}.api.aws", + tags: ["dualstack", "fips"], + }, + { + hostname: "controltower.{region}.api.aws", + tags: ["dualstack"], + }, + ], + }, +}; + +export const defaultRegionInfoProvider: RegionInfoProvider = async ( + region: string, + options?: RegionInfoProviderOptions +) => + getRegionInfo(region, { + ...options, + signingService: "controltower", + regionHash, + partitionHash, + }); diff --git a/clients/client-controltower/src/index.ts b/clients/client-controltower/src/index.ts new file mode 100644 index 000000000000..60901be0e094 --- /dev/null +++ b/clients/client-controltower/src/index.ts @@ -0,0 +1,7 @@ +export * from "./ControlTower"; +// smithy-typescript generated code +export * from "./ControlTowerClient"; +export * from "./commands"; +export * from "./models"; +export * from "./pagination"; +export { ControlTowerServiceException } from "./models/ControlTowerServiceException"; diff --git a/clients/client-controltower/src/models/ControlTowerServiceException.ts b/clients/client-controltower/src/models/ControlTowerServiceException.ts new file mode 100644 index 000000000000..516db8ead2d8 --- /dev/null +++ b/clients/client-controltower/src/models/ControlTowerServiceException.ts @@ -0,0 +1,18 @@ +// smithy-typescript generated code +import { + ServiceException as __ServiceException, + ServiceExceptionOptions as __ServiceExceptionOptions, +} from "@aws-sdk/smithy-client"; + +/** + * Base exception class for all service exceptions from ControlTower service. + */ +export class ControlTowerServiceException extends __ServiceException { + /** + * @internal + */ + constructor(options: __ServiceExceptionOptions) { + super(options); + Object.setPrototypeOf(this, ControlTowerServiceException.prototype); + } +} diff --git a/clients/client-controltower/src/models/index.ts b/clients/client-controltower/src/models/index.ts new file mode 100644 index 000000000000..9eaceb12865f --- /dev/null +++ b/clients/client-controltower/src/models/index.ts @@ -0,0 +1,2 @@ +// smithy-typescript generated code +export * from "./models_0"; diff --git a/clients/client-controltower/src/models/models_0.ts b/clients/client-controltower/src/models/models_0.ts new file mode 100644 index 000000000000..18d3d72928c7 --- /dev/null +++ b/clients/client-controltower/src/models/models_0.ts @@ -0,0 +1,370 @@ +// smithy-typescript generated code +import { ExceptionOptionType as __ExceptionOptionType } from "@aws-sdk/smithy-client"; + +import { ControlTowerServiceException as __BaseException } from "./ControlTowerServiceException"; + +/** + *

User does not have sufficient access to perform this action. + *

+ */ +export class AccessDeniedException extends __BaseException { + readonly name: "AccessDeniedException" = "AccessDeniedException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "AccessDeniedException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, AccessDeniedException.prototype); + } +} + +/** + *

Updating or deleting a resource can cause an inconsistent state.

+ */ +export class ConflictException extends __BaseException { + readonly name: "ConflictException" = "ConflictException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ConflictException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ConflictException.prototype); + } +} + +export interface DisableControlInput { + /** + *

The ARN of the control. Only Strongly recommended and Elective controls are permitted, + * with the exception of the Region deny guardrail.

+ */ + controlIdentifier: string | undefined; + + /** + *

The ARN of the organizational unit.

+ */ + targetIdentifier: string | undefined; +} + +export interface DisableControlOutput { + /** + *

The ID of the asynchronous operation, which is used to track status. The operation is + * available for 90 days.

+ */ + operationIdentifier: string | undefined; +} + +/** + *

Unexpected error during processing of request.

+ */ +export class InternalServerException extends __BaseException { + readonly name: "InternalServerException" = "InternalServerException"; + readonly $fault: "server" = "server"; + $retryable = {}; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "InternalServerException", + $fault: "server", + ...opts, + }); + Object.setPrototypeOf(this, InternalServerException.prototype); + } +} + +/** + *

Request references a resource which does not exist.

+ */ +export class ResourceNotFoundException extends __BaseException { + readonly name: "ResourceNotFoundException" = "ResourceNotFoundException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ResourceNotFoundException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ResourceNotFoundException.prototype); + } +} + +/** + *

Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

+ */ +export class ServiceQuotaExceededException extends __BaseException { + readonly name: "ServiceQuotaExceededException" = "ServiceQuotaExceededException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ServiceQuotaExceededException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ServiceQuotaExceededException.prototype); + } +} + +/** + *

Request was denied due to request throttling.

+ */ +export class ThrottlingException extends __BaseException { + readonly name: "ThrottlingException" = "ThrottlingException"; + readonly $fault: "client" = "client"; + $retryable = { + throttling: true, + }; + /** + *

The ID of the service that is associated with the error.

+ */ + serviceCode?: string; + + /** + *

The ID of the service quota that was exceeded.

+ */ + quotaCode?: string; + + /** + *

The number of seconds the caller should wait before retrying.

+ */ + retryAfterSeconds?: number; + + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ThrottlingException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ThrottlingException.prototype); + this.serviceCode = opts.serviceCode; + this.quotaCode = opts.quotaCode; + this.retryAfterSeconds = opts.retryAfterSeconds; + } +} + +/** + *

The input fails to satisfy the constraints specified by an AWS service.

+ */ +export class ValidationException extends __BaseException { + readonly name: "ValidationException" = "ValidationException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ValidationException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ValidationException.prototype); + } +} + +export interface EnableControlInput { + /** + *

The ARN of the control. Only Strongly recommended and Elective controls are permitted, + * with the exception of the Region deny guardrail.

+ */ + controlIdentifier: string | undefined; + + /** + *

The ARN of the organizational unit.

+ */ + targetIdentifier: string | undefined; +} + +export interface EnableControlOutput { + /** + *

The ID of the asynchronous operation, which is used to track status. The operation is + * available for 90 days.

+ */ + operationIdentifier: string | undefined; +} + +export interface GetControlOperationInput { + /** + *

The ID of the asynchronous operation, which is used to track status. The operation is + * available for 90 days.

+ */ + operationIdentifier: string | undefined; +} + +export enum ControlOperationType { + DISABLE_CONTROL = "DISABLE_CONTROL", + ENABLE_CONTROL = "ENABLE_CONTROL", +} + +export enum ControlOperationStatus { + FAILED = "FAILED", + IN_PROGRESS = "IN_PROGRESS", + SUCCEEDED = "SUCCEEDED", +} + +/** + *

An operation performed by the control.

+ */ +export interface ControlOperation { + /** + *

One of ENABLE_CONTROL or DISABLE_CONTROL.

+ */ + operationType?: ControlOperationType | string; + + /** + *

The time that the operation began.

+ */ + startTime?: Date; + + /** + *

The time that the operation finished.

+ */ + endTime?: Date; + + /** + *

One of IN_PROGRESS, SUCEEDED, or FAILED.

+ */ + status?: ControlOperationStatus | string; + + /** + *

If the operation result is FAILED, this string contains a message explaining why the operation failed.

+ */ + statusMessage?: string; +} + +export interface GetControlOperationOutput { + /** + *

+ */ + controlOperation: ControlOperation | undefined; +} + +export interface ListEnabledControlsInput { + /** + *

The ARN of the organizational unit.

+ */ + targetIdentifier: string | undefined; + + /** + *

The token to continue the list from a previous API call with the same parameters.

+ */ + nextToken?: string; + + /** + *

How many results to return per API call.

+ */ + maxResults?: number; +} + +/** + *

A summary of enabled controls.

+ */ +export interface EnabledControlSummary { + /** + *

The ARN of the control. Only Strongly recommended and Elective controls are permitted, + * with the exception of the Region deny guardrail.

+ */ + controlIdentifier?: string; +} + +export interface ListEnabledControlsOutput { + /** + *

Lists the controls enabled by AWS Control Tower on the specified organizational unit and + * the accounts it contains.

+ */ + enabledControls: EnabledControlSummary[] | undefined; + + /** + *

Retrieves the next page of results. If the string is empty, the current response is the + * end of the results.

+ */ + nextToken?: string; +} + +/** + * @internal + */ +export const DisableControlInputFilterSensitiveLog = (obj: DisableControlInput): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const DisableControlOutputFilterSensitiveLog = (obj: DisableControlOutput): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const EnableControlInputFilterSensitiveLog = (obj: EnableControlInput): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const EnableControlOutputFilterSensitiveLog = (obj: EnableControlOutput): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const GetControlOperationInputFilterSensitiveLog = (obj: GetControlOperationInput): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const ControlOperationFilterSensitiveLog = (obj: ControlOperation): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const GetControlOperationOutputFilterSensitiveLog = (obj: GetControlOperationOutput): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const ListEnabledControlsInputFilterSensitiveLog = (obj: ListEnabledControlsInput): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const EnabledControlSummaryFilterSensitiveLog = (obj: EnabledControlSummary): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const ListEnabledControlsOutputFilterSensitiveLog = (obj: ListEnabledControlsOutput): any => ({ + ...obj, +}); diff --git a/clients/client-controltower/src/pagination/Interfaces.ts b/clients/client-controltower/src/pagination/Interfaces.ts new file mode 100644 index 000000000000..943f11bc3401 --- /dev/null +++ b/clients/client-controltower/src/pagination/Interfaces.ts @@ -0,0 +1,9 @@ +// smithy-typescript generated code +import { PaginationConfiguration } from "@aws-sdk/types"; + +import { ControlTower } from "../ControlTower"; +import { ControlTowerClient } from "../ControlTowerClient"; + +export interface ControlTowerPaginationConfiguration extends PaginationConfiguration { + client: ControlTower | ControlTowerClient; +} diff --git a/clients/client-controltower/src/pagination/ListEnabledControlsPaginator.ts b/clients/client-controltower/src/pagination/ListEnabledControlsPaginator.ts new file mode 100644 index 000000000000..d44d4f0742f5 --- /dev/null +++ b/clients/client-controltower/src/pagination/ListEnabledControlsPaginator.ts @@ -0,0 +1,61 @@ +// smithy-typescript generated code +import { Paginator } from "@aws-sdk/types"; + +import { + ListEnabledControlsCommand, + ListEnabledControlsCommandInput, + ListEnabledControlsCommandOutput, +} from "../commands/ListEnabledControlsCommand"; +import { ControlTower } from "../ControlTower"; +import { ControlTowerClient } from "../ControlTowerClient"; +import { ControlTowerPaginationConfiguration } from "./Interfaces"; + +/** + * @private + */ +const makePagedClientRequest = async ( + client: ControlTowerClient, + input: ListEnabledControlsCommandInput, + ...args: any +): Promise => { + // @ts-ignore + return await client.send(new ListEnabledControlsCommand(input), ...args); +}; +/** + * @private + */ +const makePagedRequest = async ( + client: ControlTower, + input: ListEnabledControlsCommandInput, + ...args: any +): Promise => { + // @ts-ignore + return await client.listEnabledControls(input, ...args); +}; +export async function* paginateListEnabledControls( + config: ControlTowerPaginationConfiguration, + input: ListEnabledControlsCommandInput, + ...additionalArguments: any +): Paginator { + // ToDo: replace with actual type instead of typeof input.nextToken + let token: typeof input.nextToken | undefined = config.startingToken || undefined; + let hasNext = true; + let page: ListEnabledControlsCommandOutput; + while (hasNext) { + input.nextToken = token; + input["maxResults"] = config.pageSize; + if (config.client instanceof ControlTower) { + page = await makePagedRequest(config.client, input, ...additionalArguments); + } else if (config.client instanceof ControlTowerClient) { + page = await makePagedClientRequest(config.client, input, ...additionalArguments); + } else { + throw new Error("Invalid client, expected ControlTower | ControlTowerClient"); + } + yield page; + const prevToken = token; + token = page.nextToken; + hasNext = !!(token && (!config.stopOnSameToken || token !== prevToken)); + } + // @ts-ignore + return undefined; +} diff --git a/clients/client-controltower/src/pagination/index.ts b/clients/client-controltower/src/pagination/index.ts new file mode 100644 index 000000000000..650627bd5739 --- /dev/null +++ b/clients/client-controltower/src/pagination/index.ts @@ -0,0 +1,3 @@ +// smithy-typescript generated code +export * from "./Interfaces"; +export * from "./ListEnabledControlsPaginator"; diff --git a/clients/client-controltower/src/protocols/Aws_restJson1.ts b/clients/client-controltower/src/protocols/Aws_restJson1.ts new file mode 100644 index 000000000000..9fa90018bc5e --- /dev/null +++ b/clients/client-controltower/src/protocols/Aws_restJson1.ts @@ -0,0 +1,587 @@ +// smithy-typescript generated code +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; +import { + decorateServiceException as __decorateServiceException, + expectNonNull as __expectNonNull, + expectObject as __expectObject, + expectString as __expectString, + map as __map, + parseRfc3339DateTime as __parseRfc3339DateTime, + strictParseInt32 as __strictParseInt32, + throwDefaultError, +} from "@aws-sdk/smithy-client"; +import { + Endpoint as __Endpoint, + ResponseMetadata as __ResponseMetadata, + SerdeContext as __SerdeContext, +} from "@aws-sdk/types"; + +import { DisableControlCommandInput, DisableControlCommandOutput } from "../commands/DisableControlCommand"; +import { EnableControlCommandInput, EnableControlCommandOutput } from "../commands/EnableControlCommand"; +import { + GetControlOperationCommandInput, + GetControlOperationCommandOutput, +} from "../commands/GetControlOperationCommand"; +import { + ListEnabledControlsCommandInput, + ListEnabledControlsCommandOutput, +} from "../commands/ListEnabledControlsCommand"; +import { ControlTowerServiceException as __BaseException } from "../models/ControlTowerServiceException"; +import { + AccessDeniedException, + ConflictException, + ControlOperation, + EnabledControlSummary, + InternalServerException, + ResourceNotFoundException, + ServiceQuotaExceededException, + ThrottlingException, + ValidationException, +} from "../models/models_0"; + +export const serializeAws_restJson1DisableControlCommand = async ( + input: DisableControlCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/disable-control"; + let body: any; + body = JSON.stringify({ + ...(input.controlIdentifier != null && { controlIdentifier: input.controlIdentifier }), + ...(input.targetIdentifier != null && { targetIdentifier: input.targetIdentifier }), + }); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + +export const serializeAws_restJson1EnableControlCommand = async ( + input: EnableControlCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/enable-control"; + let body: any; + body = JSON.stringify({ + ...(input.controlIdentifier != null && { controlIdentifier: input.controlIdentifier }), + ...(input.targetIdentifier != null && { targetIdentifier: input.targetIdentifier }), + }); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + +export const serializeAws_restJson1GetControlOperationCommand = async ( + input: GetControlOperationCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/get-control-operation"; + let body: any; + body = JSON.stringify({ + ...(input.operationIdentifier != null && { operationIdentifier: input.operationIdentifier }), + }); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + +export const serializeAws_restJson1ListEnabledControlsCommand = async ( + input: ListEnabledControlsCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/list-enabled-controls"; + let body: any; + body = JSON.stringify({ + ...(input.maxResults != null && { maxResults: input.maxResults }), + ...(input.nextToken != null && { nextToken: input.nextToken }), + ...(input.targetIdentifier != null && { targetIdentifier: input.targetIdentifier }), + }); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + +export const deserializeAws_restJson1DisableControlCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return deserializeAws_restJson1DisableControlCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + if (data.operationIdentifier != null) { + contents.operationIdentifier = __expectString(data.operationIdentifier); + } + return contents; +}; + +const deserializeAws_restJson1DisableControlCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.controltower#AccessDeniedException": + throw await deserializeAws_restJson1AccessDeniedExceptionResponse(parsedOutput, context); + case "ConflictException": + case "com.amazonaws.controltower#ConflictException": + throw await deserializeAws_restJson1ConflictExceptionResponse(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await deserializeAws_restJson1InternalServerExceptionResponse(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await deserializeAws_restJson1ResourceNotFoundExceptionResponse(parsedOutput, context); + case "ServiceQuotaExceededException": + case "com.amazonaws.controltower#ServiceQuotaExceededException": + throw await deserializeAws_restJson1ServiceQuotaExceededExceptionResponse(parsedOutput, context); + case "ThrottlingException": + case "com.amazonaws.controltower#ThrottlingException": + throw await deserializeAws_restJson1ThrottlingExceptionResponse(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await deserializeAws_restJson1ValidationExceptionResponse(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + throwDefaultError({ + output, + parsedBody, + exceptionCtor: __BaseException, + errorCode, + }); + } +}; + +export const deserializeAws_restJson1EnableControlCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return deserializeAws_restJson1EnableControlCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + if (data.operationIdentifier != null) { + contents.operationIdentifier = __expectString(data.operationIdentifier); + } + return contents; +}; + +const deserializeAws_restJson1EnableControlCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.controltower#AccessDeniedException": + throw await deserializeAws_restJson1AccessDeniedExceptionResponse(parsedOutput, context); + case "ConflictException": + case "com.amazonaws.controltower#ConflictException": + throw await deserializeAws_restJson1ConflictExceptionResponse(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await deserializeAws_restJson1InternalServerExceptionResponse(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await deserializeAws_restJson1ResourceNotFoundExceptionResponse(parsedOutput, context); + case "ServiceQuotaExceededException": + case "com.amazonaws.controltower#ServiceQuotaExceededException": + throw await deserializeAws_restJson1ServiceQuotaExceededExceptionResponse(parsedOutput, context); + case "ThrottlingException": + case "com.amazonaws.controltower#ThrottlingException": + throw await deserializeAws_restJson1ThrottlingExceptionResponse(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await deserializeAws_restJson1ValidationExceptionResponse(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + throwDefaultError({ + output, + parsedBody, + exceptionCtor: __BaseException, + errorCode, + }); + } +}; + +export const deserializeAws_restJson1GetControlOperationCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return deserializeAws_restJson1GetControlOperationCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + if (data.controlOperation != null) { + contents.controlOperation = deserializeAws_restJson1ControlOperation(data.controlOperation, context); + } + return contents; +}; + +const deserializeAws_restJson1GetControlOperationCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.controltower#AccessDeniedException": + throw await deserializeAws_restJson1AccessDeniedExceptionResponse(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await deserializeAws_restJson1InternalServerExceptionResponse(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await deserializeAws_restJson1ResourceNotFoundExceptionResponse(parsedOutput, context); + case "ThrottlingException": + case "com.amazonaws.controltower#ThrottlingException": + throw await deserializeAws_restJson1ThrottlingExceptionResponse(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await deserializeAws_restJson1ValidationExceptionResponse(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + throwDefaultError({ + output, + parsedBody, + exceptionCtor: __BaseException, + errorCode, + }); + } +}; + +export const deserializeAws_restJson1ListEnabledControlsCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return deserializeAws_restJson1ListEnabledControlsCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + if (data.enabledControls != null) { + contents.enabledControls = deserializeAws_restJson1EnabledControls(data.enabledControls, context); + } + if (data.nextToken != null) { + contents.nextToken = __expectString(data.nextToken); + } + return contents; +}; + +const deserializeAws_restJson1ListEnabledControlsCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.controltower#AccessDeniedException": + throw await deserializeAws_restJson1AccessDeniedExceptionResponse(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await deserializeAws_restJson1InternalServerExceptionResponse(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await deserializeAws_restJson1ResourceNotFoundExceptionResponse(parsedOutput, context); + case "ThrottlingException": + case "com.amazonaws.controltower#ThrottlingException": + throw await deserializeAws_restJson1ThrottlingExceptionResponse(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await deserializeAws_restJson1ValidationExceptionResponse(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + throwDefaultError({ + output, + parsedBody, + exceptionCtor: __BaseException, + errorCode, + }); + } +}; + +const map = __map; +const deserializeAws_restJson1AccessDeniedExceptionResponse = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + if (data.message != null) { + contents.message = __expectString(data.message); + } + const exception = new AccessDeniedException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +const deserializeAws_restJson1ConflictExceptionResponse = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + if (data.message != null) { + contents.message = __expectString(data.message); + } + const exception = new ConflictException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +const deserializeAws_restJson1InternalServerExceptionResponse = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + if (data.message != null) { + contents.message = __expectString(data.message); + } + const exception = new InternalServerException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +const deserializeAws_restJson1ResourceNotFoundExceptionResponse = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + if (data.message != null) { + contents.message = __expectString(data.message); + } + const exception = new ResourceNotFoundException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +const deserializeAws_restJson1ServiceQuotaExceededExceptionResponse = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + if (data.message != null) { + contents.message = __expectString(data.message); + } + const exception = new ServiceQuotaExceededException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +const deserializeAws_restJson1ThrottlingExceptionResponse = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({ + retryAfterSeconds: [ + () => void 0 !== parsedOutput.headers["retry-after"], + () => __strictParseInt32(parsedOutput.headers["retry-after"]), + ], + }); + const data: any = parsedOutput.body; + if (data.message != null) { + contents.message = __expectString(data.message); + } + if (data.quotaCode != null) { + contents.quotaCode = __expectString(data.quotaCode); + } + if (data.serviceCode != null) { + contents.serviceCode = __expectString(data.serviceCode); + } + const exception = new ThrottlingException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +const deserializeAws_restJson1ValidationExceptionResponse = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + if (data.message != null) { + contents.message = __expectString(data.message); + } + const exception = new ValidationException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +const deserializeAws_restJson1ControlOperation = (output: any, context: __SerdeContext): ControlOperation => { + return { + endTime: output.endTime != null ? __expectNonNull(__parseRfc3339DateTime(output.endTime)) : undefined, + operationType: __expectString(output.operationType), + startTime: output.startTime != null ? __expectNonNull(__parseRfc3339DateTime(output.startTime)) : undefined, + status: __expectString(output.status), + statusMessage: __expectString(output.statusMessage), + } as any; +}; + +const deserializeAws_restJson1EnabledControls = (output: any, context: __SerdeContext): EnabledControlSummary[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + if (entry === null) { + return null as any; + } + return deserializeAws_restJson1EnabledControlSummary(entry, context); + }); + return retVal; +}; + +const deserializeAws_restJson1EnabledControlSummary = (output: any, context: __SerdeContext): EnabledControlSummary => { + return { + controlIdentifier: __expectString(output.controlIdentifier), + } as any; +}; + +const deserializeMetadata = (output: __HttpResponse): __ResponseMetadata => ({ + httpStatusCode: output.statusCode, + requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"], +}); + +// Collect low-level response body stream to Uint8Array. +const collectBody = (streamBody: any = new Uint8Array(), context: __SerdeContext): Promise => { + if (streamBody instanceof Uint8Array) { + return Promise.resolve(streamBody); + } + return context.streamCollector(streamBody) || Promise.resolve(new Uint8Array()); +}; + +// Encode Uint8Array data into string with utf-8. +const collectBodyString = (streamBody: any, context: __SerdeContext): Promise => + collectBody(streamBody, context).then((body) => context.utf8Encoder(body)); + +const isSerializableHeaderValue = (value: any): boolean => + value !== undefined && + value !== null && + value !== "" && + (!Object.getOwnPropertyNames(value).includes("length") || value.length != 0) && + (!Object.getOwnPropertyNames(value).includes("size") || value.size != 0); + +const parseBody = (streamBody: any, context: __SerdeContext): any => + collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + return JSON.parse(encoded); + } + return {}; + }); + +/** + * Load an error code for the aws.rest-json-1.1 protocol. + */ +const loadRestJsonErrorCode = (output: __HttpResponse, data: any): string | undefined => { + const findKey = (object: any, key: string) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()); + + const sanitizeErrorCode = (rawValue: string | number): string => { + let cleanValue = rawValue; + if (typeof cleanValue === "number") { + cleanValue = cleanValue.toString(); + } + if (cleanValue.indexOf(":") >= 0) { + cleanValue = cleanValue.split(":")[0]; + } + if (cleanValue.indexOf("#") >= 0) { + cleanValue = cleanValue.split("#")[1]; + } + return cleanValue; + }; + + const headerKey = findKey(output.headers, "x-amzn-errortype"); + if (headerKey !== undefined) { + return sanitizeErrorCode(output.headers[headerKey]); + } + + if (data.code !== undefined) { + return sanitizeErrorCode(data.code); + } + + if (data["__type"] !== undefined) { + return sanitizeErrorCode(data["__type"]); + } +}; diff --git a/clients/client-controltower/src/runtimeConfig.browser.ts b/clients/client-controltower/src/runtimeConfig.browser.ts new file mode 100644 index 000000000000..d0d8f5fc741f --- /dev/null +++ b/clients/client-controltower/src/runtimeConfig.browser.ts @@ -0,0 +1,50 @@ +// smithy-typescript generated code +// @ts-ignore: package.json will be imported from dist folders +import packageInfo from "../package.json"; // eslint-disable-line + +import { Sha256 } from "@aws-crypto/sha256-browser"; +import { DEFAULT_USE_DUALSTACK_ENDPOINT, DEFAULT_USE_FIPS_ENDPOINT } from "@aws-sdk/config-resolver"; +import { FetchHttpHandler as RequestHandler, streamCollector } from "@aws-sdk/fetch-http-handler"; +import { invalidProvider } from "@aws-sdk/invalid-dependency"; +import { DEFAULT_MAX_ATTEMPTS, DEFAULT_RETRY_MODE } from "@aws-sdk/middleware-retry"; +import { fromBase64, toBase64 } from "@aws-sdk/util-base64-browser"; +import { calculateBodyLength } from "@aws-sdk/util-body-length-browser"; +import { defaultUserAgent } from "@aws-sdk/util-user-agent-browser"; +import { fromUtf8, toUtf8 } from "@aws-sdk/util-utf8-browser"; +import { ControlTowerClientConfig } from "./ControlTowerClient"; +import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared"; +import { loadConfigsForDefaultMode } from "@aws-sdk/smithy-client"; +import { resolveDefaultsModeConfig } from "@aws-sdk/util-defaults-mode-browser"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: ControlTowerClientConfig) => { + const defaultsMode = resolveDefaultsModeConfig(config); + const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode); + const clientSharedValues = getSharedRuntimeConfig(config); + return { + ...clientSharedValues, + ...config, + runtime: "browser", + defaultsMode, + base64Decoder: config?.base64Decoder ?? fromBase64, + base64Encoder: config?.base64Encoder ?? toBase64, + bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength, + credentialDefaultProvider: + config?.credentialDefaultProvider ?? ((_: unknown) => () => Promise.reject(new Error("Credential is missing"))), + defaultUserAgentProvider: + config?.defaultUserAgentProvider ?? + defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), + maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS, + region: config?.region ?? invalidProvider("Region is missing"), + requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider), + retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE), + sha256: config?.sha256 ?? Sha256, + streamCollector: config?.streamCollector ?? streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (() => Promise.resolve(DEFAULT_USE_DUALSTACK_ENDPOINT)), + useFipsEndpoint: config?.useFipsEndpoint ?? (() => Promise.resolve(DEFAULT_USE_FIPS_ENDPOINT)), + utf8Decoder: config?.utf8Decoder ?? fromUtf8, + utf8Encoder: config?.utf8Encoder ?? toUtf8, + }; +}; diff --git a/clients/client-controltower/src/runtimeConfig.native.ts b/clients/client-controltower/src/runtimeConfig.native.ts new file mode 100644 index 000000000000..e7c68dcfba42 --- /dev/null +++ b/clients/client-controltower/src/runtimeConfig.native.ts @@ -0,0 +1,18 @@ +// smithy-typescript generated code +import { Sha256 } from "@aws-crypto/sha256-js"; + +import { ControlTowerClientConfig } from "./ControlTowerClient"; +import { getRuntimeConfig as getBrowserRuntimeConfig } from "./runtimeConfig.browser"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: ControlTowerClientConfig) => { + const browserDefaults = getBrowserRuntimeConfig(config); + return { + ...browserDefaults, + ...config, + runtime: "react-native", + sha256: config?.sha256 ?? Sha256, + }; +}; diff --git a/clients/client-controltower/src/runtimeConfig.shared.ts b/clients/client-controltower/src/runtimeConfig.shared.ts new file mode 100644 index 000000000000..4fcb8ee68c9a --- /dev/null +++ b/clients/client-controltower/src/runtimeConfig.shared.ts @@ -0,0 +1,18 @@ +// smithy-typescript generated code +import { Logger as __Logger } from "@aws-sdk/types"; +import { parseUrl } from "@aws-sdk/url-parser"; + +import { ControlTowerClientConfig } from "./ControlTowerClient"; +import { defaultRegionInfoProvider } from "./endpoints"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: ControlTowerClientConfig) => ({ + apiVersion: "2018-05-10", + disableHostPrefix: config?.disableHostPrefix ?? false, + logger: config?.logger ?? ({} as __Logger), + regionInfoProvider: config?.regionInfoProvider ?? defaultRegionInfoProvider, + serviceId: config?.serviceId ?? "ControlTower", + urlParser: config?.urlParser ?? parseUrl, +}); diff --git a/clients/client-controltower/src/runtimeConfig.ts b/clients/client-controltower/src/runtimeConfig.ts new file mode 100644 index 000000000000..2ec6b8aeef12 --- /dev/null +++ b/clients/client-controltower/src/runtimeConfig.ts @@ -0,0 +1,68 @@ +// smithy-typescript generated code +// @ts-ignore: package.json will be imported from dist folders +import packageInfo from "../package.json"; // eslint-disable-line + +import { decorateDefaultCredentialProvider } from "@aws-sdk/client-sts"; +import { + NODE_REGION_CONFIG_FILE_OPTIONS, + NODE_REGION_CONFIG_OPTIONS, + NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, + NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, +} from "@aws-sdk/config-resolver"; +import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node"; +import { Hash } from "@aws-sdk/hash-node"; +import { + DEFAULT_RETRY_MODE, + NODE_MAX_ATTEMPT_CONFIG_OPTIONS, + NODE_RETRY_MODE_CONFIG_OPTIONS, +} from "@aws-sdk/middleware-retry"; +import { loadConfig as loadNodeConfig } from "@aws-sdk/node-config-provider"; +import { NodeHttpHandler as RequestHandler, streamCollector } from "@aws-sdk/node-http-handler"; +import { fromBase64, toBase64 } from "@aws-sdk/util-base64-node"; +import { calculateBodyLength } from "@aws-sdk/util-body-length-node"; +import { defaultUserAgent } from "@aws-sdk/util-user-agent-node"; +import { fromUtf8, toUtf8 } from "@aws-sdk/util-utf8-node"; +import { ControlTowerClientConfig } from "./ControlTowerClient"; +import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared"; +import { loadConfigsForDefaultMode } from "@aws-sdk/smithy-client"; +import { resolveDefaultsModeConfig } from "@aws-sdk/util-defaults-mode-node"; +import { emitWarningIfUnsupportedVersion } from "@aws-sdk/smithy-client"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: ControlTowerClientConfig) => { + emitWarningIfUnsupportedVersion(process.version); + const defaultsMode = resolveDefaultsModeConfig(config); + const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode); + const clientSharedValues = getSharedRuntimeConfig(config); + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + base64Decoder: config?.base64Decoder ?? fromBase64, + base64Encoder: config?.base64Encoder ?? toBase64, + bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength, + credentialDefaultProvider: + config?.credentialDefaultProvider ?? decorateDefaultCredentialProvider(credentialDefaultProvider), + defaultUserAgentProvider: + config?.defaultUserAgentProvider ?? + defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), + maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS), + region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS), + requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider), + retryMode: + config?.retryMode ?? + loadNodeConfig({ + ...NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE, + }), + sha256: config?.sha256 ?? Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS), + useFipsEndpoint: config?.useFipsEndpoint ?? loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS), + utf8Decoder: config?.utf8Decoder ?? fromUtf8, + utf8Encoder: config?.utf8Encoder ?? toUtf8, + }; +}; diff --git a/clients/client-controltower/tsconfig.cjs.json b/clients/client-controltower/tsconfig.cjs.json new file mode 100644 index 000000000000..3bf80b3f4ae5 --- /dev/null +++ b/clients/client-controltower/tsconfig.cjs.json @@ -0,0 +1,8 @@ +{ + "extends": "./tsconfig", + "compilerOptions": { + "target": "ES2018", + "module": "commonjs", + "outDir": "dist-cjs" + } +} diff --git a/clients/client-controltower/tsconfig.es.json b/clients/client-controltower/tsconfig.es.json new file mode 100644 index 000000000000..4c72364cd1a0 --- /dev/null +++ b/clients/client-controltower/tsconfig.es.json @@ -0,0 +1,10 @@ +{ + "extends": "./tsconfig", + "compilerOptions": { + "target": "es5", + "module": "esnext", + "moduleResolution": "node", + "lib": ["dom", "es5", "es2015.promise", "es2015.collection", "es2015.iterable", "es2015.symbol.wellknown"], + "outDir": "dist-es" + } +} diff --git a/clients/client-controltower/tsconfig.json b/clients/client-controltower/tsconfig.json new file mode 100644 index 000000000000..f4c05b21a62c --- /dev/null +++ b/clients/client-controltower/tsconfig.json @@ -0,0 +1,13 @@ +{ + "extends": "@tsconfig/recommended/tsconfig.json", + "compilerOptions": { + "downlevelIteration": true, + "importHelpers": true, + "incremental": true, + "removeComments": true, + "resolveJsonModule": true, + "rootDir": "src", + "useUnknownInCatchVariables": false + }, + "exclude": ["test/"] +} diff --git a/clients/client-controltower/tsconfig.types.json b/clients/client-controltower/tsconfig.types.json new file mode 100644 index 000000000000..4c3dfa7b3d25 --- /dev/null +++ b/clients/client-controltower/tsconfig.types.json @@ -0,0 +1,10 @@ +{ + "extends": "./tsconfig", + "compilerOptions": { + "removeComments": false, + "declaration": true, + "declarationDir": "dist-types", + "emitDeclarationOnly": true + }, + "exclude": ["test/**/*", "dist-types/**/*"] +} diff --git a/clients/client-controltower/typedoc.json b/clients/client-controltower/typedoc.json new file mode 100644 index 000000000000..1b5cb0146719 --- /dev/null +++ b/clients/client-controltower/typedoc.json @@ -0,0 +1,3 @@ +{ + "extends": "../../typedoc.client.json" +} diff --git a/codegen/sdk-codegen/aws-models/controltower.json b/codegen/sdk-codegen/aws-models/controltower.json new file mode 100644 index 000000000000..7614309d1e52 --- /dev/null +++ b/codegen/sdk-codegen/aws-models/controltower.json @@ -0,0 +1,612 @@ +{ + "smithy": "1.0", + "shapes": { + "com.amazonaws.controltower#AWSControlTowerApis": { + "type": "service", + "traits": { + "aws.api#service": { + "sdkId": "ControlTower", + "arnNamespace": "controltower", + "endpointPrefix": "controltower", + "cloudTrailEventSource": "controltower.amazonaws.com" + }, + "aws.auth#sigv4": { + "name": "controltower" + }, + "aws.protocols#restJson1": {}, + "smithy.api#cors": { + "additionalAllowedHeaders": [ + "*", + "content-type", + "x-amz-content-sha256", + "x-amz-user-agent", + "x-amzn-platform-id", + "x-amzn-trace-id", + "content-length", + "x-api-key", + "authorization", + "x-amz-date", + "x-amz-security-token" + ], + "additionalExposedHeaders": ["x-amzn-errortype", "x-amzn-requestid", "x-amzn-trace-id"] + }, + "smithy.api#documentation": "

These interfaces allow you to apply the AWS library of pre-defined controls to your\norganizational units, programmatically. In this context, controls are the same as AWS Control Tower guardrails.

\n

To call these APIs, you'll need to know:

\n
    \n
  • \n

    the ControlARN for the control--that is, the\n guardrail--you are targeting,

    \n
    • \n
  • \n

    and the ARN associated with the target organizational unit (OU).

    \n
    • \n
\n

\n To get the ControlARN for your AWS Control Tower guardrail:\n

\n

The ControlARN contains the control name which is specified in each guardrail. For a list of control names for Strongly recommended and Elective guardrails, see Resource identifiers for APIs and guardrails in the Automating tasks section of the AWS Control Tower User Guide. Remember that Mandatory guardrails cannot be added or removed.

\n \n

\n ARN format: \n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}\n

\n

\n Example:\n

\n

\n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED\n

\n \n

\n To get the ARN for an OU:\n

\n

In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

\n \n

\n OU ARN format:\n

\n

\n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}\n

\n \n

\n Details and examples\n

\n \n

To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n

\n

\n Recording API Requests\n

\n

AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its support for CloudTrail, see Logging AWS Control Tower Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.

", + "smithy.api#title": "AWS Control Tower" + }, + "version": "2018-05-10", + "operations": [ + { + "target": "com.amazonaws.controltower#DisableControl" + }, + { + "target": "com.amazonaws.controltower#EnableControl" + }, + { + "target": "com.amazonaws.controltower#GetControlOperation" + }, + { + "target": "com.amazonaws.controltower#ListEnabledControls" + } + ] + }, + "com.amazonaws.controltower#AccessDeniedException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

User does not have sufficient access to perform this action. \n

", + "smithy.api#error": "client", + "smithy.api#httpError": 403 + } + }, + "com.amazonaws.controltower#ConflictException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Updating or deleting a resource can cause an inconsistent state.

", + "smithy.api#error": "client", + "smithy.api#httpError": 409 + } + }, + "com.amazonaws.controltower#ControlIdentifier": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 20, + "max": 2048 + }, + "smithy.api#pattern": "^arn:aws[0-9a-zA-Z_\\-:\\/]+$" + } + }, + "com.amazonaws.controltower#ControlOperation": { + "type": "structure", + "members": { + "operationType": { + "target": "com.amazonaws.controltower#ControlOperationType", + "traits": { + "smithy.api#documentation": "

One of ENABLE_CONTROL or DISABLE_CONTROL.

" + } + }, + "startTime": { + "target": "com.amazonaws.controltower#Timestamp", + "traits": { + "smithy.api#documentation": "

The time that the operation began.

", + "smithy.api#timestampFormat": "date-time" + } + }, + "endTime": { + "target": "com.amazonaws.controltower#Timestamp", + "traits": { + "smithy.api#documentation": "

The time that the operation finished.

", + "smithy.api#timestampFormat": "date-time" + } + }, + "status": { + "target": "com.amazonaws.controltower#ControlOperationStatus", + "traits": { + "smithy.api#documentation": "

One of IN_PROGRESS, SUCEEDED, or FAILED.

" + } + }, + "statusMessage": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

If the operation result is FAILED, this string contains a message explaining why the operation failed.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

An operation performed by the control.

" + } + }, + "com.amazonaws.controltower#ControlOperationStatus": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "name": "SUCCEEDED", + "value": "SUCCEEDED" + }, + { + "name": "FAILED", + "value": "FAILED" + }, + { + "name": "IN_PROGRESS", + "value": "IN_PROGRESS" + } + ] + } + }, + "com.amazonaws.controltower#ControlOperationType": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "name": "ENABLE_CONTROL", + "value": "ENABLE_CONTROL" + }, + { + "name": "DISABLE_CONTROL", + "value": "DISABLE_CONTROL" + } + ] + } + }, + "com.amazonaws.controltower#DisableControl": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#DisableControlInput" + }, + "output": { + "target": "com.amazonaws.controltower#DisableControlOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#AccessDeniedException" + }, + { + "target": "com.amazonaws.controltower#ConflictException" + }, + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.controltower#ThrottlingException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified\n organizational unit and the accounts it contains. The resources will vary according to the\n control that you specify.

", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/disable-control" + } + } + }, + "com.amazonaws.controltower#DisableControlInput": { + "type": "structure", + "members": { + "controlIdentifier": { + "target": "com.amazonaws.controltower#ControlIdentifier", + "traits": { + "smithy.api#documentation": "

The ARN of the control. Only Strongly recommended and Elective controls are permitted,\n with the exception of the Region deny guardrail.

", + "smithy.api#required": {} + } + }, + "targetIdentifier": { + "target": "com.amazonaws.controltower#TargetIdentifier", + "traits": { + "smithy.api#documentation": "

The ARN of the organizational unit.

", + "smithy.api#required": {} + } + } + } + }, + "com.amazonaws.controltower#DisableControlOutput": { + "type": "structure", + "members": { + "operationIdentifier": { + "target": "com.amazonaws.controltower#OperationIdentifier", + "traits": { + "smithy.api#documentation": "

The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

", + "smithy.api#required": {} + } + } + } + }, + "com.amazonaws.controltower#EnableControl": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#EnableControlInput" + }, + "output": { + "target": "com.amazonaws.controltower#EnableControlOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#AccessDeniedException" + }, + { + "target": "com.amazonaws.controltower#ConflictException" + }, + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.controltower#ThrottlingException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified\n organizational unit and the accounts it contains. The resources created will vary according to\n the control that you specify.

", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/enable-control" + } + } + }, + "com.amazonaws.controltower#EnableControlInput": { + "type": "structure", + "members": { + "controlIdentifier": { + "target": "com.amazonaws.controltower#ControlIdentifier", + "traits": { + "smithy.api#documentation": "

The ARN of the control. Only Strongly recommended and Elective controls are permitted,\n with the exception of the Region deny guardrail.

", + "smithy.api#required": {} + } + }, + "targetIdentifier": { + "target": "com.amazonaws.controltower#TargetIdentifier", + "traits": { + "smithy.api#documentation": "

The ARN of the organizational unit.

", + "smithy.api#required": {} + } + } + } + }, + "com.amazonaws.controltower#EnableControlOutput": { + "type": "structure", + "members": { + "operationIdentifier": { + "target": "com.amazonaws.controltower#OperationIdentifier", + "traits": { + "smithy.api#documentation": "

The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

", + "smithy.api#required": {} + } + } + } + }, + "com.amazonaws.controltower#EnabledControlSummary": { + "type": "structure", + "members": { + "controlIdentifier": { + "target": "com.amazonaws.controltower#ControlIdentifier", + "traits": { + "smithy.api#documentation": "

The ARN of the control. Only Strongly recommended and Elective controls are permitted,\n with the exception of the Region deny guardrail.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

A summary of enabled controls.

" + } + }, + "com.amazonaws.controltower#EnabledControls": { + "type": "list", + "member": { + "target": "com.amazonaws.controltower#EnabledControlSummary" + } + }, + "com.amazonaws.controltower#GetControlOperation": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#GetControlOperationInput" + }, + "output": { + "target": "com.amazonaws.controltower#GetControlOperationOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#AccessDeniedException" + }, + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ThrottlingException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

Returns the status of a particular EnableControl or\n DisableControl operation. Displays a message in case of error.\n Details for an operation are available for 90 days.

", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/get-control-operation" + }, + "smithy.api#readonly": {} + } + }, + "com.amazonaws.controltower#GetControlOperationInput": { + "type": "structure", + "members": { + "operationIdentifier": { + "target": "com.amazonaws.controltower#OperationIdentifier", + "traits": { + "smithy.api#documentation": "

The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

", + "smithy.api#required": {} + } + } + } + }, + "com.amazonaws.controltower#GetControlOperationOutput": { + "type": "structure", + "members": { + "controlOperation": { + "target": "com.amazonaws.controltower#ControlOperation", + "traits": { + "smithy.api#documentation": "

", + "smithy.api#required": {} + } + } + } + }, + "com.amazonaws.controltower#InternalServerException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Unexpected error during processing of request.

", + "smithy.api#error": "server", + "smithy.api#httpError": 500, + "smithy.api#retryable": {} + } + }, + "com.amazonaws.controltower#ListEnabledControls": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#ListEnabledControlsInput" + }, + "output": { + "target": "com.amazonaws.controltower#ListEnabledControlsOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#AccessDeniedException" + }, + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ThrottlingException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.

", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/list-enabled-controls" + }, + "smithy.api#paginated": { + "inputToken": "nextToken", + "outputToken": "nextToken", + "pageSize": "maxResults", + "items": "enabledControls" + }, + "smithy.api#readonly": {} + } + }, + "com.amazonaws.controltower#ListEnabledControlsInput": { + "type": "structure", + "members": { + "targetIdentifier": { + "target": "com.amazonaws.controltower#TargetIdentifier", + "traits": { + "smithy.api#documentation": "

The ARN of the organizational unit.

", + "smithy.api#required": {} + } + }, + "nextToken": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The token to continue the list from a previous API call with the same parameters.

" + } + }, + "maxResults": { + "target": "com.amazonaws.controltower#MaxResults", + "traits": { + "smithy.api#documentation": "

How many results to return per API call.

" + } + } + } + }, + "com.amazonaws.controltower#ListEnabledControlsOutput": { + "type": "structure", + "members": { + "enabledControls": { + "target": "com.amazonaws.controltower#EnabledControls", + "traits": { + "smithy.api#documentation": "

Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.

", + "smithy.api#required": {} + } + }, + "nextToken": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.

" + } + } + } + }, + "com.amazonaws.controltower#MaxResults": { + "type": "integer", + "traits": { + "smithy.api#box": {}, + "smithy.api#range": { + "min": 1, + "max": 100 + } + } + }, + "com.amazonaws.controltower#OperationIdentifier": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 36, + "max": 36 + }, + "smithy.api#pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + } + }, + "com.amazonaws.controltower#ResourceNotFoundException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Request references a resource which does not exist.

", + "smithy.api#error": "client", + "smithy.api#httpError": 404 + } + }, + "com.amazonaws.controltower#ServiceQuotaExceededException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

", + "smithy.api#error": "client", + "smithy.api#httpError": 402 + } + }, + "com.amazonaws.controltower#TargetIdentifier": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 20, + "max": 2048 + }, + "smithy.api#pattern": "^arn:aws[0-9a-zA-Z_\\-:\\/]+$" + } + }, + "com.amazonaws.controltower#ThrottlingException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#required": {} + } + }, + "serviceCode": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The ID of the service that is associated with the error.

" + } + }, + "quotaCode": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The ID of the service quota that was exceeded.

" + } + }, + "retryAfterSeconds": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "

The number of seconds the caller should wait before retrying.

", + "smithy.api#httpHeader": "Retry-After" + } + } + }, + "traits": { + "smithy.api#documentation": "

Request was denied due to request throttling.

", + "smithy.api#error": "client", + "smithy.api#httpError": 429, + "smithy.api#retryable": { + "throttling": true + } + } + }, + "com.amazonaws.controltower#Timestamp": { + "type": "timestamp", + "traits": { + "smithy.api#timestampFormat": "date-time" + } + }, + "com.amazonaws.controltower#ValidationException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

The input fails to satisfy the constraints specified by an AWS service.

", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + } + } +}