From 346ba0cf25f743936c18ffeef3441f9b15a68fd8 Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 2 Dec 2022 06:08:36 +0000 Subject: [PATCH] Update dependencies --- go.mod | 12 +- go.sum | 26 +- tests/e2e/go.mod | 6 +- tests/e2e/go.sum | 12 +- .../go/compute/metadata/CHANGES.md | 7 + .../go/compute/metadata/metadata.go | 1 + .../Masterminds/semver/v3/.golangci.yml | 24 +- .../Masterminds/semver/v3/CHANGELOG.md | 20 + .../Masterminds/semver/v3/constraints.go | 30 +- .../github.com/Masterminds/semver/v3/doc.go | 178 +- .../Masterminds/semver/v3/version.go | 47 +- .../Masterminds/sprig/v3/CHANGELOG.md | 15 +- .../github.com/Masterminds/sprig/v3/README.md | 9 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 304 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/ec2/api.go | 8886 ++++++++++++++++- .../service/ec2/ec2iface/interface.go | 137 + .../aws/aws-sdk-go/service/kms/api.go | 3659 +++++-- .../aws/aws-sdk-go/service/kms/doc.go | 4 +- .../aws/aws-sdk-go/service/kms/errors.go | 293 +- vendor/github.com/huandu/xstrings/.travis.yml | 7 - vendor/github.com/huandu/xstrings/README.md | 182 +- vendor/github.com/huandu/xstrings/convert.go | 2 +- vendor/k8s.io/utils/net/ipfamily.go | 181 + vendor/k8s.io/utils/net/net.go | 126 +- vendor/k8s.io/utils/net/port.go | 18 +- vendor/modules.txt | 14 +- 27 files changed, 12899 insertions(+), 1303 deletions(-) delete mode 100644 vendor/github.com/huandu/xstrings/.travis.yml create mode 100644 vendor/k8s.io/utils/net/ipfamily.go diff --git a/go.mod b/go.mod index b97e9fe6c3be3..de742f161b488 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module k8s.io/kops go 1.19 require ( - cloud.google.com/go/compute/metadata v0.2.1 + cloud.google.com/go/compute/metadata v0.2.2 github.com/Azure/azure-pipeline-go v0.2.3 github.com/Azure/azure-sdk-for-go v67.1.0+incompatible github.com/Azure/azure-storage-blob-go v0.15.0 @@ -11,10 +11,10 @@ require ( github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 github.com/Azure/go-autorest/autorest/to v0.4.0 github.com/MakeNowJust/heredoc/v2 v2.0.1 - github.com/Masterminds/sprig/v3 v3.2.2 + github.com/Masterminds/sprig/v3 v3.2.3 github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-ec2-instance-selector/v2 v2.4.0 - github.com/aws/aws-sdk-go v1.44.145 + github.com/aws/aws-sdk-go v1.44.151 github.com/blang/semver/v4 v4.0.0 github.com/cert-manager/cert-manager v1.10.1 github.com/digitalocean/godo v1.91.1 @@ -68,7 +68,7 @@ require ( k8s.io/kubectl v0.25.4 k8s.io/kubelet v0.25.4 k8s.io/mount-utils v0.25.4 - k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 + k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 sigs.k8s.io/controller-runtime v0.13.1 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 sigs.k8s.io/yaml v1.3.0 @@ -87,7 +87,7 @@ require ( github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.1.1 // indirect + github.com/Masterminds/semver/v3 v3.2.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/agext/levenshtein v1.2.1 // indirect @@ -143,7 +143,7 @@ require ( github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/memberlist v0.3.1 // indirect - github.com/huandu/xstrings v1.3.2 // indirect + github.com/huandu/xstrings v1.3.3 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/go.sum b/go.sum index 9d5bf0ab39d3a..ba3de56648cf1 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,8 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0= cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= -cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48= -cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= +cloud.google.com/go/compute/metadata v0.2.2 h1:aWKAjYaBaOSrpKl57+jnS/3fJRQnxL7TvR/u1VVbt6k= +cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/longrunning v0.1.1 h1:y50CXG4j0+qvEukslYFBCrzaXX0qpFbBzc3PchSu/LE= @@ -97,10 +97,10 @@ github.com/MakeNowJust/heredoc/v2 v2.0.1 h1:rlCHh70XXXv7toz95ajQWOWQnN4WNLt0TdpZ github.com/MakeNowJust/heredoc/v2 v2.0.1/go.mod h1:6/2Abh5s+hc3g9nbWLe9ObDIOhaRrqsyY9MWy+4JdRM= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= -github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= -github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= +github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -131,8 +131,8 @@ github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aws/amazon-ec2-instance-selector/v2 v2.4.0 h1:9l68/pwVYm6EOAeBmoVUL4ekw6VlbwtPyX9/F+IpMxQ= github.com/aws/amazon-ec2-instance-selector/v2 v2.4.0/go.mod h1:AEJrtkLkCkfIBIazidrVrgZqaXl+9dxI/wRgjdw+7G0= -github.com/aws/aws-sdk-go v1.44.145 h1:KMVRrIyjBsNz3xGPuHIRnhIuKlb5h3Ii5e5jbi3cgnc= -github.com/aws/aws-sdk-go v1.44.145/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.151 h1:2FrJZm3kTcyTtfpE7LEQT9XW+jkoi4KEvBhFWqHEZmo= +github.com/aws/aws-sdk-go v1.44.151/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -443,9 +443,8 @@ github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1 github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hetznercloud/hcloud-go v1.37.0 h1:Uwu7OKfZvar86LfJuzItStoO1AL7DVDCqWzRGzrvdEw= github.com/hetznercloud/hcloud-go v1.37.0/go.mod h1:mepQwR6va27S3UQthaEPGS86jtzSY9xWL1e9dyxXpgA= -github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= -github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= @@ -781,7 +780,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1323,8 +1321,8 @@ k8s.io/kubelet v0.25.4 h1:24MmTTQGBHr08UkMYFC/RaLjuiMREM53HfRgJKWRquI= k8s.io/kubelet v0.25.4/go.mod h1:dWAxzvWR7B6LrSgE+6H6Dc7bOzNOzm+O+W6zLic9daA= k8s.io/mount-utils v0.25.4 h1:+j1GBo6rH6sM1GvOI4jcu1IpjA5WssuwW7UEkQevaTU= k8s.io/mount-utils v0.25.4/go.mod h1:odpFnGwJfFjN3SRnjfGS0902ubcj/W6hDOrNDmSSINo= -k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= -k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4= oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/tests/e2e/go.mod b/tests/e2e/go.mod index 011cf4e98650e..9fa3cb3b3ad9b 100644 --- a/tests/e2e/go.mod +++ b/tests/e2e/go.mod @@ -25,7 +25,7 @@ require ( require ( cloud.google.com/go v0.105.0 // indirect cloud.google.com/go/compute v1.12.1 // indirect - cloud.google.com/go/compute/metadata v0.2.1 // indirect + cloud.google.com/go/compute/metadata v0.2.2 // indirect cloud.google.com/go/iam v0.6.0 // indirect cloud.google.com/go/storage v1.27.0 // indirect github.com/Azure/azure-pipeline-go v0.2.3 // indirect @@ -37,7 +37,7 @@ require ( github.com/StackExchange/wmi v1.2.1 // indirect github.com/acomagu/bufpipe v1.0.3 // indirect github.com/apparentlymart/go-cidr v1.1.0 // indirect - github.com/aws/aws-sdk-go v1.44.145 // indirect + github.com/aws/aws-sdk-go v1.44.151 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -138,7 +138,7 @@ require ( k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect k8s.io/release v0.7.1-0.20210204090829-09fb5e3883b8 // indirect k8s.io/test-infra v0.0.0-20210730160938-8ad9b8c53bd8 // indirect - k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect + k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum index e7662fe42dc76..7a2ad5f67ce73 100644 --- a/tests/e2e/go.sum +++ b/tests/e2e/go.sum @@ -43,8 +43,8 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0= cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= -cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48= -cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= +cloud.google.com/go/compute/metadata v0.2.2 h1:aWKAjYaBaOSrpKl57+jnS/3fJRQnxL7TvR/u1VVbt6k= +cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= @@ -307,8 +307,8 @@ github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.37.22/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.44.145 h1:KMVRrIyjBsNz3xGPuHIRnhIuKlb5h3Ii5e5jbi3cgnc= -github.com/aws/aws-sdk-go v1.44.145/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.151 h1:2FrJZm3kTcyTtfpE7LEQT9XW+jkoi4KEvBhFWqHEZmo= +github.com/aws/aws-sdk-go v1.44.151/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/bazelbuild/buildtools v0.0.0-20190917191645-69366ca98f89/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU= github.com/bazelbuild/buildtools v0.0.0-20200922170545-10384511ce98/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU= @@ -2989,8 +2989,8 @@ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8= -k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/caching v0.0.0-20190719140829-2032732871ff/go.mod h1:dHXFU6CGlLlbzaWc32g80cR92iuBSpsslDNBWI8C7eg= knative.dev/caching v0.0.0-20200116200605-67bca2c83dfa/go.mod h1:dHXFU6CGlLlbzaWc32g80cR92iuBSpsslDNBWI8C7eg= knative.dev/eventing-contrib v0.6.1-0.20190723221543-5ce18048c08b/go.mod h1:SnXZgSGgMSMLNFTwTnpaOH7hXDzTFtw0J8OmHflNx3g= diff --git a/vendor/cloud.google.com/go/compute/metadata/CHANGES.md b/vendor/cloud.google.com/go/compute/metadata/CHANGES.md index 8631b6d6d2c85..6e3ee8d6ab1ca 100644 --- a/vendor/cloud.google.com/go/compute/metadata/CHANGES.md +++ b/vendor/cloud.google.com/go/compute/metadata/CHANGES.md @@ -1,5 +1,12 @@ # Changes +## [0.2.2](https://github.com/googleapis/google-cloud-go/compare/compute/metadata/v0.2.1...compute/metadata/v0.2.2) (2022-12-01) + + +### Bug Fixes + +* **compute/metadata:** Set IdleConnTimeout for http.Client ([#7084](https://github.com/googleapis/google-cloud-go/issues/7084)) ([766516a](https://github.com/googleapis/google-cloud-go/commit/766516aaf3816bfb3159efeea65aa3d1d205a3e2)), refs [#5430](https://github.com/googleapis/google-cloud-go/issues/5430) + ## [0.1.0] (2022-10-26) Initial release of metadata being it's own module. diff --git a/vendor/cloud.google.com/go/compute/metadata/metadata.go b/vendor/cloud.google.com/go/compute/metadata/metadata.go index 50538b1d343e9..d4aad9bf395f7 100644 --- a/vendor/cloud.google.com/go/compute/metadata/metadata.go +++ b/vendor/cloud.google.com/go/compute/metadata/metadata.go @@ -70,6 +70,7 @@ func newDefaultHTTPClient() *http.Client { Timeout: 2 * time.Second, KeepAlive: 30 * time.Second, }).Dial, + IdleConnTimeout: 60 * time.Second, }, Timeout: 5 * time.Second, } diff --git a/vendor/github.com/Masterminds/semver/v3/.golangci.yml b/vendor/github.com/Masterminds/semver/v3/.golangci.yml index fdbdf1448c366..c87d1c4b90e86 100644 --- a/vendor/github.com/Masterminds/semver/v3/.golangci.yml +++ b/vendor/github.com/Masterminds/semver/v3/.golangci.yml @@ -4,23 +4,27 @@ run: linters: disable-all: true enable: + - misspell + - structcheck + - govet + - staticcheck - deadcode - - dupl - errcheck - - gofmt - - goimports - - golint - - gosimple - - govet + - varcheck + - unparam - ineffassign - - misspell - nakedret - - structcheck + - gocyclo + - dupl + - goimports + - revive + - gosec + - gosimple + - typecheck - unused - - varcheck linters-settings: gofmt: simplify: true dupl: - threshold: 400 + threshold: 600 diff --git a/vendor/github.com/Masterminds/semver/v3/CHANGELOG.md b/vendor/github.com/Masterminds/semver/v3/CHANGELOG.md index 1f90c38d260d0..f12626423a3e4 100644 --- a/vendor/github.com/Masterminds/semver/v3/CHANGELOG.md +++ b/vendor/github.com/Masterminds/semver/v3/CHANGELOG.md @@ -1,5 +1,25 @@ # Changelog +## 3.2.0 (2022-11-28) + +### Added + +- #190: Added text marshaling and unmarshaling +- #167: Added JSON marshalling for constraints (thanks @SimonTheLeg) +- #173: Implement encoding.TextMarshaler and encoding.TextUnmarshaler on Version (thanks @MarkRosemaker) +- #179: Added New() version constructor (thanks @kazhuravlev) + +### Changed + +- #182/#183: Updated CI testing setup + +### Fixed + +- #186: Fixing issue where validation of constraint section gave false positives +- #176: Fix constraints check with *-0 (thanks @mtt0) +- #181: Fixed Caret operator (^) gives unexpected results when the minor version in constraint is 0 (thanks @arshchimni) +- #161: Fixed godoc (thanks @afirth) + ## 3.1.1 (2020-11-23) ### Fixed diff --git a/vendor/github.com/Masterminds/semver/v3/constraints.go b/vendor/github.com/Masterminds/semver/v3/constraints.go index 547613f044f21..203072e464685 100644 --- a/vendor/github.com/Masterminds/semver/v3/constraints.go +++ b/vendor/github.com/Masterminds/semver/v3/constraints.go @@ -134,6 +134,23 @@ func (cs Constraints) String() string { return strings.Join(buf, " || ") } +// UnmarshalText implements the encoding.TextUnmarshaler interface. +func (cs *Constraints) UnmarshalText(text []byte) error { + temp, err := NewConstraint(string(text)) + if err != nil { + return err + } + + *cs = *temp + + return nil +} + +// MarshalText implements the encoding.TextMarshaler interface. +func (cs Constraints) MarshalText() ([]byte, error) { + return []byte(cs.String()), nil +} + var constraintOps map[string]cfunc var constraintRegex *regexp.Regexp var constraintRangeRegex *regexp.Regexp @@ -180,8 +197,13 @@ func init() { ops, cvRegex)) + // The first time a constraint shows up will look slightly different from + // future times it shows up due to a leading space or comma in a given + // string. validConstraintRegex = regexp.MustCompile(fmt.Sprintf( - `^(\s*(%s)\s*(%s)\s*\,?)+$`, + `^(\s*(%s)\s*(%s)\s*)((?:\s+|,\s*)(%s)\s*(%s)\s*)*$`, + ops, + cvRegex, ops, cvRegex)) } @@ -233,7 +255,7 @@ func parseConstraint(c string) (*constraint, error) { patchDirty := false dirty := false if isX(m[3]) || m[3] == "" { - ver = "0.0.0" + ver = fmt.Sprintf("0.0.0%s", m[6]) dirty = true } else if isX(strings.TrimPrefix(m[4], ".")) || m[4] == "" { minorDirty = true @@ -534,6 +556,10 @@ func constraintCaret(v *Version, c *constraint) (bool, error) { } return false, fmt.Errorf("%s does not have same minor version as %s. Expected minor versions to match when constraint major version is 0", v, c.orig) } + // ^ when the minor is 0 and minor > 0 is =0.0.z + if c.con.Minor() == 0 && v.Minor() > 0 { + return false, fmt.Errorf("%s does not have same minor version as %s", v, c.orig) + } // At this point the major is 0 and the minor is 0 and not dirty. The patch // is not dirty so we need to check if they are equal. If they are not equal diff --git a/vendor/github.com/Masterminds/semver/v3/doc.go b/vendor/github.com/Masterminds/semver/v3/doc.go index 391aa46b76df8..74f97caa57f80 100644 --- a/vendor/github.com/Masterminds/semver/v3/doc.go +++ b/vendor/github.com/Masterminds/semver/v3/doc.go @@ -3,12 +3,12 @@ Package semver provides the ability to work with Semantic Versions (http://semve Specifically it provides the ability to: - * Parse semantic versions - * Sort semantic versions - * Check if a semantic version fits within a set of constraints - * Optionally work with a `v` prefix + - Parse semantic versions + - Sort semantic versions + - Check if a semantic version fits within a set of constraints + - Optionally work with a `v` prefix -Parsing Semantic Versions +# Parsing Semantic Versions There are two functions that can parse semantic versions. The `StrictNewVersion` function only parses valid version 2 semantic versions as outlined in the @@ -21,48 +21,48 @@ that can be sorted, compared, and used in constraints. When parsing a version an optional error can be returned if there is an issue parsing the version. For example, - v, err := semver.NewVersion("1.2.3-beta.1+b345") + v, err := semver.NewVersion("1.2.3-beta.1+b345") The version object has methods to get the parts of the version, compare it to other versions, convert the version back into a string, and get the original string. For more details please see the documentation at https://godoc.org/github.com/Masterminds/semver. -Sorting Semantic Versions +# Sorting Semantic Versions A set of versions can be sorted using the `sort` package from the standard library. For example, - raw := []string{"1.2.3", "1.0", "1.3", "2", "0.4.2",} - vs := make([]*semver.Version, len(raw)) - for i, r := range raw { - v, err := semver.NewVersion(r) - if err != nil { - t.Errorf("Error parsing version: %s", err) - } + raw := []string{"1.2.3", "1.0", "1.3", "2", "0.4.2",} + vs := make([]*semver.Version, len(raw)) + for i, r := range raw { + v, err := semver.NewVersion(r) + if err != nil { + t.Errorf("Error parsing version: %s", err) + } - vs[i] = v - } + vs[i] = v + } - sort.Sort(semver.Collection(vs)) + sort.Sort(semver.Collection(vs)) -Checking Version Constraints and Comparing Versions +# Checking Version Constraints and Comparing Versions There are two methods for comparing versions. One uses comparison methods on `Version` instances and the other is using Constraints. There are some important differences to notes between these two methods of comparison. -1. When two versions are compared using functions such as `Compare`, `LessThan`, - and others it will follow the specification and always include prereleases - within the comparison. It will provide an answer valid with the comparison - spec section at https://semver.org/#spec-item-11 -2. When constraint checking is used for checks or validation it will follow a - different set of rules that are common for ranges with tools like npm/js - and Rust/Cargo. This includes considering prereleases to be invalid if the - ranges does not include on. If you want to have it include pre-releases a - simple solution is to include `-0` in your range. -3. Constraint ranges can have some complex rules including the shorthard use of - ~ and ^. For more details on those see the options below. + 1. When two versions are compared using functions such as `Compare`, `LessThan`, + and others it will follow the specification and always include prereleases + within the comparison. It will provide an answer valid with the comparison + spec section at https://semver.org/#spec-item-11 + 2. When constraint checking is used for checks or validation it will follow a + different set of rules that are common for ranges with tools like npm/js + and Rust/Cargo. This includes considering prereleases to be invalid if the + ranges does not include on. If you want to have it include pre-releases a + simple solution is to include `-0` in your range. + 3. Constraint ranges can have some complex rules including the shorthard use of + ~ and ^. For more details on those see the options below. There are differences between the two methods or checking versions because the comparison methods on `Version` follow the specification while comparison ranges @@ -76,19 +76,19 @@ patters with their versions. Checking a version against version constraints is one of the most featureful parts of the package. - c, err := semver.NewConstraint(">= 1.2.3") - if err != nil { - // Handle constraint not being parsable. - } + c, err := semver.NewConstraint(">= 1.2.3") + if err != nil { + // Handle constraint not being parsable. + } - v, err := semver.NewVersion("1.3") - if err != nil { - // Handle version not being parsable. - } - // Check if the version meets the constraints. The a variable will be true. - a := c.Check(v) + v, err := semver.NewVersion("1.3") + if err != nil { + // Handle version not being parsable. + } + // Check if the version meets the constraints. The a variable will be true. + a := c.Check(v) -Basic Comparisons +# Basic Comparisons There are two elements to the comparisons. First, a comparison string is a list of comma or space separated AND comparisons. These are then separated by || (OR) @@ -99,31 +99,31 @@ greater than or equal to 4.2.3. This can also be written as The basic comparisons are: - * `=`: equal (aliased to no operator) - * `!=`: not equal - * `>`: greater than - * `<`: less than - * `>=`: greater than or equal to - * `<=`: less than or equal to + - `=`: equal (aliased to no operator) + - `!=`: not equal + - `>`: greater than + - `<`: less than + - `>=`: greater than or equal to + - `<=`: less than or equal to -Hyphen Range Comparisons +# Hyphen Range Comparisons There are multiple methods to handle ranges and the first is hyphens ranges. These look like: - * `1.2 - 1.4.5` which is equivalent to `>= 1.2, <= 1.4.5` - * `2.3.4 - 4.5` which is equivalent to `>= 2.3.4 <= 4.5` + - `1.2 - 1.4.5` which is equivalent to `>= 1.2, <= 1.4.5` + - `2.3.4 - 4.5` which is equivalent to `>= 2.3.4 <= 4.5` -Wildcards In Comparisons +# Wildcards In Comparisons The `x`, `X`, and `*` characters can be used as a wildcard character. This works for all comparison operators. When used on the `=` operator it falls back to the tilde operation. For example, - * `1.2.x` is equivalent to `>= 1.2.0 < 1.3.0` - * `>= 1.2.x` is equivalent to `>= 1.2.0` - * `<= 2.x` is equivalent to `<= 3` - * `*` is equivalent to `>= 0.0.0` + - `1.2.x` is equivalent to `>= 1.2.0 < 1.3.0` + - `>= 1.2.x` is equivalent to `>= 1.2.0` + - `<= 2.x` is equivalent to `<= 3` + - `*` is equivalent to `>= 0.0.0` Tilde Range Comparisons (Patch) @@ -131,11 +131,11 @@ The tilde (`~`) comparison operator is for patch level ranges when a minor version is specified and major level changes when the minor number is missing. For example, - * `~1.2.3` is equivalent to `>= 1.2.3 < 1.3.0` - * `~1` is equivalent to `>= 1, < 2` - * `~2.3` is equivalent to `>= 2.3 < 2.4` - * `~1.2.x` is equivalent to `>= 1.2.0 < 1.3.0` - * `~1.x` is equivalent to `>= 1 < 2` + - `~1.2.3` is equivalent to `>= 1.2.3 < 1.3.0` + - `~1` is equivalent to `>= 1, < 2` + - `~2.3` is equivalent to `>= 2.3 < 2.4` + - `~1.2.x` is equivalent to `>= 1.2.0 < 1.3.0` + - `~1.x` is equivalent to `>= 1 < 2` Caret Range Comparisons (Major) @@ -144,41 +144,41 @@ The caret (`^`) comparison operator is for major level changes once a stable as the API stability level. This is useful when comparisons of API versions as a major change is API breaking. For example, - * `^1.2.3` is equivalent to `>= 1.2.3, < 2.0.0` - * `^1.2.x` is equivalent to `>= 1.2.0, < 2.0.0` - * `^2.3` is equivalent to `>= 2.3, < 3` - * `^2.x` is equivalent to `>= 2.0.0, < 3` - * `^0.2.3` is equivalent to `>=0.2.3 <0.3.0` - * `^0.2` is equivalent to `>=0.2.0 <0.3.0` - * `^0.0.3` is equivalent to `>=0.0.3 <0.0.4` - * `^0.0` is equivalent to `>=0.0.0 <0.1.0` - * `^0` is equivalent to `>=0.0.0 <1.0.0` + - `^1.2.3` is equivalent to `>= 1.2.3, < 2.0.0` + - `^1.2.x` is equivalent to `>= 1.2.0, < 2.0.0` + - `^2.3` is equivalent to `>= 2.3, < 3` + - `^2.x` is equivalent to `>= 2.0.0, < 3` + - `^0.2.3` is equivalent to `>=0.2.3 <0.3.0` + - `^0.2` is equivalent to `>=0.2.0 <0.3.0` + - `^0.0.3` is equivalent to `>=0.0.3 <0.0.4` + - `^0.0` is equivalent to `>=0.0.0 <0.1.0` + - `^0` is equivalent to `>=0.0.0 <1.0.0` -Validation +# Validation In addition to testing a version against a constraint, a version can be validated against a constraint. When validation fails a slice of errors containing why a version didn't meet the constraint is returned. For example, - c, err := semver.NewConstraint("<= 1.2.3, >= 1.4") - if err != nil { - // Handle constraint not being parseable. - } - - v, _ := semver.NewVersion("1.3") - if err != nil { - // Handle version not being parseable. - } - - // Validate a version against a constraint. - a, msgs := c.Validate(v) - // a is false - for _, m := range msgs { - fmt.Println(m) - - // Loops over the errors which would read - // "1.3 is greater than 1.2.3" - // "1.3 is less than 1.4" - } + c, err := semver.NewConstraint("<= 1.2.3, >= 1.4") + if err != nil { + // Handle constraint not being parseable. + } + + v, _ := semver.NewVersion("1.3") + if err != nil { + // Handle version not being parseable. + } + + // Validate a version against a constraint. + a, msgs := c.Validate(v) + // a is false + for _, m := range msgs { + fmt.Println(m) + + // Loops over the errors which would read + // "1.3 is greater than 1.2.3" + // "1.3 is less than 1.4" + } */ package semver diff --git a/vendor/github.com/Masterminds/semver/v3/version.go b/vendor/github.com/Masterminds/semver/v3/version.go index d6b9cda3eeb70..7c4bed33474cf 100644 --- a/vendor/github.com/Masterminds/semver/v3/version.go +++ b/vendor/github.com/Masterminds/semver/v3/version.go @@ -55,14 +55,16 @@ func init() { versionRegex = regexp.MustCompile("^" + semVerRegex + "$") } -const num string = "0123456789" -const allowed string = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-" + num +const ( + num string = "0123456789" + allowed string = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-" + num +) // StrictNewVersion parses a given version and returns an instance of Version or // an error if unable to parse the version. Only parses valid semantic versions. // Performs checking that can find errors within the version. -// If you want to coerce a version, such as 1 or 1.2, and perse that as the 1.x -// releases of semver provided use the NewSemver() function. +// If you want to coerce a version such as 1 or 1.2 and parse it as the 1.x +// releases of semver did, use the NewVersion() function. func StrictNewVersion(v string) (*Version, error) { // Parsing here does not use RegEx in order to increase performance and reduce // allocations. @@ -207,6 +209,23 @@ func NewVersion(v string) (*Version, error) { return sv, nil } +// New creates a new instance of Version with each of the parts passed in as +// arguments instead of parsing a version string. +func New(major, minor, patch uint64, pre, metadata string) *Version { + v := Version{ + major: major, + minor: minor, + patch: patch, + pre: pre, + metadata: metadata, + original: "", + } + + v.original = v.String() + + return &v +} + // MustParse parses a given version and panics on error. func MustParse(v string) *Version { sv, err := NewVersion(v) @@ -267,7 +286,6 @@ func (v Version) Metadata() string { // originalVPrefix returns the original 'v' prefix if any. func (v Version) originalVPrefix() string { - // Note, only lowercase v is supported as a prefix by the parser. if v.original != "" && v.original[:1] == "v" { return v.original[:1] @@ -436,6 +454,23 @@ func (v Version) MarshalJSON() ([]byte, error) { return json.Marshal(v.String()) } +// UnmarshalText implements the encoding.TextUnmarshaler interface. +func (v *Version) UnmarshalText(text []byte) error { + temp, err := NewVersion(string(text)) + if err != nil { + return err + } + + *v = *temp + + return nil +} + +// MarshalText implements the encoding.TextMarshaler interface. +func (v Version) MarshalText() ([]byte, error) { + return []byte(v.String()), nil +} + // Scan implements the SQL.Scanner interface. func (v *Version) Scan(value interface{}) error { var s string @@ -470,7 +505,6 @@ func compareSegment(v, o uint64) int { } func comparePrerelease(v, o string) int { - // split the prelease versions by their part. The separator, per the spec, // is a . sparts := strings.Split(v, ".") @@ -562,7 +596,6 @@ func comparePrePart(s, o string) int { return 1 } return -1 - } // Like strings.ContainsAny but does an only instead of any. diff --git a/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md b/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md index fcdd4e88aed41..2ce45dd4eca63 100644 --- a/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md +++ b/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md @@ -1,8 +1,21 @@ # Changelog +## Release 3.2.3 (2022-11-29) + +### Changed + +- Updated docs (thanks @book987 @aJetHorn @neelayu @pellizzetti @apricote @SaigyoujiYuyuko233 @AlekSi) +- #348: Updated huandu/xstrings which fixed a snake case bug (thanks @yxxhero) +- #353: Updated masterminds/semver which included bug fixes +- #354: Updated golang.org/x/crypto which included bug fixes + +## Release 3.2.2 (2021-02-04) + +This is a re-release of 3.2.1 to satisfy something with the Go module system. + ## Release 3.2.1 (2021-02-04) -### Changed +### Changed - Upgraded `Masterminds/goutils` to `v1.1.1`. see the [Security Advisory](https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr) diff --git a/vendor/github.com/Masterminds/sprig/v3/README.md b/vendor/github.com/Masterminds/sprig/v3/README.md index c37ba01c2162b..3e22c60e1a01e 100644 --- a/vendor/github.com/Masterminds/sprig/v3/README.md +++ b/vendor/github.com/Masterminds/sprig/v3/README.md @@ -17,10 +17,9 @@ JavaScript libraries, such as [underscore.js](http://underscorejs.org/). ## IMPORTANT NOTES Sprig leverages [mergo](https://github.com/imdario/mergo) to handle merges. In -its v0.3.9 release there was a behavior change that impacts merging template -functions in sprig. It is currently recommended to use v0.3.8 of that package. -Using v0.3.9 will cause sprig tests to fail. The issue in mergo is tracked at -https://github.com/imdario/mergo/issues/139. +its v0.3.9 release, there was a behavior change that impacts merging template +functions in sprig. It is currently recommended to use v0.3.10 or later of that package. +Using v0.3.9 will cause sprig tests to fail. ## Package Versions @@ -51,7 +50,7 @@ To load the Sprig `FuncMap`: ```go import ( - "github.com/Masterminds/sprig" + "github.com/Masterminds/sprig/v3" "html/template" ) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 3fc271a56759d..76cba0656ec1b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -1456,6 +1456,26 @@ var awsPartition = partition{ }, }, }, + "api.ecr-public": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "api.ecr-public.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "api.ecr-public.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, "api.elastic-inference": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -3123,6 +3143,37 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -4909,6 +4960,17 @@ var awsPartition = partition{ }, }, }, + "codecatalyst": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-global", + }: endpoint{ + Hostname: "codecatalyst.global.api.aws", + }, + }, + }, "codecommit": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -12057,22 +12119,6 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, - endpointKey{ - Region: "dataplane-ap-south-1", - }: endpoint{ - Hostname: "greengrass-ats.iot.ap-south-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ap-south-1", - }, - }, - endpointKey{ - Region: "dataplane-us-east-2", - }: endpoint{ - Hostname: "greengrass-ats.iot.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, - }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -17316,6 +17362,88 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "oam": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "oidc": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -18051,6 +18179,79 @@ var awsPartition = partition{ }, }, }, + "pipes": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "polly": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -21577,6 +21778,13 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "sagemaker-geospatial": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "savingsplans": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, @@ -22000,6 +22208,31 @@ var awsPartition = partition{ }, }, }, + "securitylake": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "serverlessrepo": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -22744,6 +22977,34 @@ var awsPartition = partition{ }, }, }, + "simspaceweaver": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "sms": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -27981,14 +28242,6 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, - endpointKey{ - Region: "dataplane-cn-north-1", - }: endpoint{ - Hostname: "greengrass.ats.iot.cn-north-1.amazonaws.com.cn", - CredentialScope: credentialScope{ - Region: "cn-north-1", - }, - }, }, }, "guardduty": service{ @@ -34549,6 +34802,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "glacier": service{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 2608904171153..227d0f911d4e7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.145" +const SDKVersion = "1.44.151" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 026aa70cc71bb..750e0e8180cfa 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -2450,6 +2450,81 @@ func (c *EC2) AttachNetworkInterfaceWithContext(ctx aws.Context, input *AttachNe return out, req.Send() } +const opAttachVerifiedAccessTrustProvider = "AttachVerifiedAccessTrustProvider" + +// AttachVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the AttachVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AttachVerifiedAccessTrustProvider for more information on using the AttachVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the AttachVerifiedAccessTrustProviderRequest method. +// req, resp := client.AttachVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachVerifiedAccessTrustProvider +func (c *EC2) AttachVerifiedAccessTrustProviderRequest(input *AttachVerifiedAccessTrustProviderInput) (req *request.Request, output *AttachVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opAttachVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AttachVerifiedAccessTrustProviderInput{} + } + + output = &AttachVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// AttachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// A trust provider is a third-party entity that creates, maintains, and manages +// identity information for users and devices. One or more trust providers can +// be attached to an Amazon Web Services Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AttachVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AttachVerifiedAccessTrustProvider +func (c *EC2) AttachVerifiedAccessTrustProvider(input *AttachVerifiedAccessTrustProviderInput) (*AttachVerifiedAccessTrustProviderOutput, error) { + req, out := c.AttachVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// AttachVerifiedAccessTrustProviderWithContext is the same as AttachVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See AttachVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AttachVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *AttachVerifiedAccessTrustProviderInput, opts ...request.Option) (*AttachVerifiedAccessTrustProviderOutput, error) { + req, out := c.AttachVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAttachVolume = "AttachVolume" // AttachVolumeRequest generates a "aws/request.Request" representing the @@ -7304,7 +7379,7 @@ func (c *EC2) CreateReplaceRootVolumeTaskRequest(input *CreateReplaceRootVolumeT // to a specific snapshot taken from the original root volume, or that is restored // from an AMI that has the same key characteristics as that of the instance. // -// For more information, see Replace a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) +// For more information, see Replace a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replace-root.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -9563,6 +9638,311 @@ func (c *EC2) CreateTransitGatewayVpcAttachmentWithContext(ctx aws.Context, inpu return out, req.Send() } +const opCreateVerifiedAccessEndpoint = "CreateVerifiedAccessEndpoint" + +// CreateVerifiedAccessEndpointRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessEndpoint for more information on using the CreateVerifiedAccessEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessEndpointRequest method. +// req, resp := client.CreateVerifiedAccessEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessEndpoint +func (c *EC2) CreateVerifiedAccessEndpointRequest(input *CreateVerifiedAccessEndpointInput) (req *request.Request, output *CreateVerifiedAccessEndpointOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessEndpointInput{} + } + + output = &CreateVerifiedAccessEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. +// +// An Amazon Web Services Verified Access endpoint is where you define your +// application along with an optional endpoint-level access policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessEndpoint +func (c *EC2) CreateVerifiedAccessEndpoint(input *CreateVerifiedAccessEndpointInput) (*CreateVerifiedAccessEndpointOutput, error) { + req, out := c.CreateVerifiedAccessEndpointRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessEndpointWithContext is the same as CreateVerifiedAccessEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessEndpointWithContext(ctx aws.Context, input *CreateVerifiedAccessEndpointInput, opts ...request.Option) (*CreateVerifiedAccessEndpointOutput, error) { + req, out := c.CreateVerifiedAccessEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateVerifiedAccessGroup = "CreateVerifiedAccessGroup" + +// CreateVerifiedAccessGroupRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessGroup for more information on using the CreateVerifiedAccessGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessGroupRequest method. +// req, resp := client.CreateVerifiedAccessGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessGroup +func (c *EC2) CreateVerifiedAccessGroupRequest(input *CreateVerifiedAccessGroupInput) (req *request.Request, output *CreateVerifiedAccessGroupOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessGroupInput{} + } + + output = &CreateVerifiedAccessGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. +// +// An Amazon Web Services Verified Access group is a collection of Amazon Web +// Services Verified Access endpoints who's associated applications have similar +// security requirements. Each instance within an Amazon Web Services Verified +// Access group shares an Amazon Web Services Verified Access policy. For example, +// you can group all Amazon Web Services Verified Access instances associated +// with “sales” applications together and use one common Amazon Web Services +// Verified Access policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessGroup for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessGroup +func (c *EC2) CreateVerifiedAccessGroup(input *CreateVerifiedAccessGroupInput) (*CreateVerifiedAccessGroupOutput, error) { + req, out := c.CreateVerifiedAccessGroupRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessGroupWithContext is the same as CreateVerifiedAccessGroup with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessGroupWithContext(ctx aws.Context, input *CreateVerifiedAccessGroupInput, opts ...request.Option) (*CreateVerifiedAccessGroupOutput, error) { + req, out := c.CreateVerifiedAccessGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateVerifiedAccessInstance = "CreateVerifiedAccessInstance" + +// CreateVerifiedAccessInstanceRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessInstance operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessInstance for more information on using the CreateVerifiedAccessInstance +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessInstanceRequest method. +// req, resp := client.CreateVerifiedAccessInstanceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessInstance +func (c *EC2) CreateVerifiedAccessInstanceRequest(input *CreateVerifiedAccessInstanceInput) (req *request.Request, output *CreateVerifiedAccessInstanceOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessInstance, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessInstanceInput{} + } + + output = &CreateVerifiedAccessInstanceOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. +// +// An Amazon Web Services Verified Access instance is a regional entity that +// evaluates application requests and grants access only when your security +// requirements are met. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessInstance for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessInstance +func (c *EC2) CreateVerifiedAccessInstance(input *CreateVerifiedAccessInstanceInput) (*CreateVerifiedAccessInstanceOutput, error) { + req, out := c.CreateVerifiedAccessInstanceRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessInstanceWithContext is the same as CreateVerifiedAccessInstance with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessInstance for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessInstanceWithContext(ctx aws.Context, input *CreateVerifiedAccessInstanceInput, opts ...request.Option) (*CreateVerifiedAccessInstanceOutput, error) { + req, out := c.CreateVerifiedAccessInstanceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateVerifiedAccessTrustProvider = "CreateVerifiedAccessTrustProvider" + +// CreateVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the CreateVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateVerifiedAccessTrustProvider for more information on using the CreateVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateVerifiedAccessTrustProviderRequest method. +// req, resp := client.CreateVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessTrustProvider +func (c *EC2) CreateVerifiedAccessTrustProviderRequest(input *CreateVerifiedAccessTrustProviderInput) (req *request.Request, output *CreateVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opCreateVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateVerifiedAccessTrustProviderInput{} + } + + output = &CreateVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// A trust provider is a third-party entity that creates, maintains, and manages +// identity information for users and devices. When an application request is +// made, the identity information sent by the trust provider will be evaluated +// by Amazon Web Services Verified Access, before allowing or denying the application +// request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessTrustProvider +func (c *EC2) CreateVerifiedAccessTrustProvider(input *CreateVerifiedAccessTrustProviderInput) (*CreateVerifiedAccessTrustProviderOutput, error) { + req, out := c.CreateVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// CreateVerifiedAccessTrustProviderWithContext is the same as CreateVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See CreateVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *CreateVerifiedAccessTrustProviderInput, opts ...request.Option) (*CreateVerifiedAccessTrustProviderOutput, error) { + req, out := c.CreateVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateVolume = "CreateVolume" // CreateVolumeRequest generates a "aws/request.Request" representing the @@ -14764,6 +15144,298 @@ func (c *EC2) DeleteTransitGatewayVpcAttachmentWithContext(ctx aws.Context, inpu return out, req.Send() } +const opDeleteVerifiedAccessEndpoint = "DeleteVerifiedAccessEndpoint" + +// DeleteVerifiedAccessEndpointRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessEndpoint for more information on using the DeleteVerifiedAccessEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessEndpointRequest method. +// req, resp := client.DeleteVerifiedAccessEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessEndpoint +func (c *EC2) DeleteVerifiedAccessEndpointRequest(input *DeleteVerifiedAccessEndpointInput) (req *request.Request, output *DeleteVerifiedAccessEndpointOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessEndpointInput{} + } + + output = &DeleteVerifiedAccessEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessEndpoint +func (c *EC2) DeleteVerifiedAccessEndpoint(input *DeleteVerifiedAccessEndpointInput) (*DeleteVerifiedAccessEndpointOutput, error) { + req, out := c.DeleteVerifiedAccessEndpointRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessEndpointWithContext is the same as DeleteVerifiedAccessEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessEndpointWithContext(ctx aws.Context, input *DeleteVerifiedAccessEndpointInput, opts ...request.Option) (*DeleteVerifiedAccessEndpointOutput, error) { + req, out := c.DeleteVerifiedAccessEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteVerifiedAccessGroup = "DeleteVerifiedAccessGroup" + +// DeleteVerifiedAccessGroupRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessGroup for more information on using the DeleteVerifiedAccessGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessGroupRequest method. +// req, resp := client.DeleteVerifiedAccessGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessGroup +func (c *EC2) DeleteVerifiedAccessGroupRequest(input *DeleteVerifiedAccessGroupInput) (req *request.Request, output *DeleteVerifiedAccessGroupOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessGroupInput{} + } + + output = &DeleteVerifiedAccessGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessGroup for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessGroup +func (c *EC2) DeleteVerifiedAccessGroup(input *DeleteVerifiedAccessGroupInput) (*DeleteVerifiedAccessGroupOutput, error) { + req, out := c.DeleteVerifiedAccessGroupRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessGroupWithContext is the same as DeleteVerifiedAccessGroup with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessGroupWithContext(ctx aws.Context, input *DeleteVerifiedAccessGroupInput, opts ...request.Option) (*DeleteVerifiedAccessGroupOutput, error) { + req, out := c.DeleteVerifiedAccessGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteVerifiedAccessInstance = "DeleteVerifiedAccessInstance" + +// DeleteVerifiedAccessInstanceRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessInstance operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessInstance for more information on using the DeleteVerifiedAccessInstance +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessInstanceRequest method. +// req, resp := client.DeleteVerifiedAccessInstanceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessInstance +func (c *EC2) DeleteVerifiedAccessInstanceRequest(input *DeleteVerifiedAccessInstanceInput) (req *request.Request, output *DeleteVerifiedAccessInstanceOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessInstance, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessInstanceInput{} + } + + output = &DeleteVerifiedAccessInstanceOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessInstance for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessInstance +func (c *EC2) DeleteVerifiedAccessInstance(input *DeleteVerifiedAccessInstanceInput) (*DeleteVerifiedAccessInstanceOutput, error) { + req, out := c.DeleteVerifiedAccessInstanceRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessInstanceWithContext is the same as DeleteVerifiedAccessInstance with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessInstance for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessInstanceWithContext(ctx aws.Context, input *DeleteVerifiedAccessInstanceInput, opts ...request.Option) (*DeleteVerifiedAccessInstanceOutput, error) { + req, out := c.DeleteVerifiedAccessInstanceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteVerifiedAccessTrustProvider = "DeleteVerifiedAccessTrustProvider" + +// DeleteVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the DeleteVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteVerifiedAccessTrustProvider for more information on using the DeleteVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteVerifiedAccessTrustProviderRequest method. +// req, resp := client.DeleteVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessTrustProvider +func (c *EC2) DeleteVerifiedAccessTrustProviderRequest(input *DeleteVerifiedAccessTrustProviderInput) (req *request.Request, output *DeleteVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opDeleteVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteVerifiedAccessTrustProviderInput{} + } + + output = &DeleteVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// Delete an Amazon Web Services Verified Access trust provider. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteVerifiedAccessTrustProvider +func (c *EC2) DeleteVerifiedAccessTrustProvider(input *DeleteVerifiedAccessTrustProviderInput) (*DeleteVerifiedAccessTrustProviderOutput, error) { + req, out := c.DeleteVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// DeleteVerifiedAccessTrustProviderWithContext is the same as DeleteVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *DeleteVerifiedAccessTrustProviderInput, opts ...request.Option) (*DeleteVerifiedAccessTrustProviderOutput, error) { + req, out := c.DeleteVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteVolume = "DeleteVolume" // DeleteVolumeRequest generates a "aws/request.Request" representing the @@ -16628,6 +17300,136 @@ func (c *EC2) DescribeAvailabilityZonesWithContext(ctx aws.Context, input *Descr return out, req.Send() } +const opDescribeAwsNetworkPerformanceMetricSubscriptions = "DescribeAwsNetworkPerformanceMetricSubscriptions" + +// DescribeAwsNetworkPerformanceMetricSubscriptionsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeAwsNetworkPerformanceMetricSubscriptions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeAwsNetworkPerformanceMetricSubscriptions for more information on using the DescribeAwsNetworkPerformanceMetricSubscriptions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeAwsNetworkPerformanceMetricSubscriptionsRequest method. +// req, resp := client.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAwsNetworkPerformanceMetricSubscriptions +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) (req *request.Request, output *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) { + op := &request.Operation{ + Name: opDescribeAwsNetworkPerformanceMetricSubscriptions, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeAwsNetworkPerformanceMetricSubscriptionsInput{} + } + + output = &DescribeAwsNetworkPerformanceMetricSubscriptionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeAwsNetworkPerformanceMetricSubscriptions API operation for Amazon Elastic Compute Cloud. +// +// Describes the curent Infrastructure Performance metric subscriptions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeAwsNetworkPerformanceMetricSubscriptions for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeAwsNetworkPerformanceMetricSubscriptions +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptions(input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) (*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, error) { + req, out := c.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(input) + return out, req.Send() +} + +// DescribeAwsNetworkPerformanceMetricSubscriptionsWithContext is the same as DescribeAwsNetworkPerformanceMetricSubscriptions with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeAwsNetworkPerformanceMetricSubscriptions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsWithContext(ctx aws.Context, input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput, opts ...request.Option) (*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, error) { + req, out := c.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeAwsNetworkPerformanceMetricSubscriptionsPages iterates over the pages of a DescribeAwsNetworkPerformanceMetricSubscriptions operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeAwsNetworkPerformanceMetricSubscriptions method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeAwsNetworkPerformanceMetricSubscriptions operation. +// pageNum := 0 +// err := client.DescribeAwsNetworkPerformanceMetricSubscriptionsPages(params, +// func(page *ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsPages(input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput, fn func(*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, bool) bool) error { + return c.DescribeAwsNetworkPerformanceMetricSubscriptionsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeAwsNetworkPerformanceMetricSubscriptionsPagesWithContext same as DescribeAwsNetworkPerformanceMetricSubscriptionsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeAwsNetworkPerformanceMetricSubscriptionsPagesWithContext(ctx aws.Context, input *DescribeAwsNetworkPerformanceMetricSubscriptionsInput, fn func(*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeAwsNetworkPerformanceMetricSubscriptionsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeAwsNetworkPerformanceMetricSubscriptionsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeBundleTasks = "DescribeBundleTasks" // DescribeBundleTasksRequest generates a "aws/request.Request" representing the @@ -25642,7 +26444,7 @@ func (c *EC2) DescribeReplaceRootVolumeTasksRequest(input *DescribeReplaceRootVo // DescribeReplaceRootVolumeTasks API operation for Amazon Elastic Compute Cloud. // // Describes a root volume replacement task. For more information, see Replace -// a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-restoring-volume.html#replace-root) +// a root volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replace-root.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -30329,6 +31131,657 @@ func (c *EC2) DescribeTrunkInterfaceAssociationsPagesWithContext(ctx aws.Context return p.Err() } +const opDescribeVerifiedAccessEndpoints = "DescribeVerifiedAccessEndpoints" + +// DescribeVerifiedAccessEndpointsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessEndpoints operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessEndpoints for more information on using the DescribeVerifiedAccessEndpoints +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessEndpointsRequest method. +// req, resp := client.DescribeVerifiedAccessEndpointsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessEndpoints +func (c *EC2) DescribeVerifiedAccessEndpointsRequest(input *DescribeVerifiedAccessEndpointsInput) (req *request.Request, output *DescribeVerifiedAccessEndpointsOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessEndpoints, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessEndpointsInput{} + } + + output = &DescribeVerifiedAccessEndpointsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessEndpoints API operation for Amazon Elastic Compute Cloud. +// +// Describe Amazon Web Services Verified Access endpoints. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessEndpoints for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessEndpoints +func (c *EC2) DescribeVerifiedAccessEndpoints(input *DescribeVerifiedAccessEndpointsInput) (*DescribeVerifiedAccessEndpointsOutput, error) { + req, out := c.DescribeVerifiedAccessEndpointsRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessEndpointsWithContext is the same as DescribeVerifiedAccessEndpoints with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessEndpoints for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessEndpointsWithContext(ctx aws.Context, input *DescribeVerifiedAccessEndpointsInput, opts ...request.Option) (*DescribeVerifiedAccessEndpointsOutput, error) { + req, out := c.DescribeVerifiedAccessEndpointsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessEndpointsPages iterates over the pages of a DescribeVerifiedAccessEndpoints operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessEndpoints method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessEndpoints operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessEndpointsPages(params, +// func(page *ec2.DescribeVerifiedAccessEndpointsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessEndpointsPages(input *DescribeVerifiedAccessEndpointsInput, fn func(*DescribeVerifiedAccessEndpointsOutput, bool) bool) error { + return c.DescribeVerifiedAccessEndpointsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessEndpointsPagesWithContext same as DescribeVerifiedAccessEndpointsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessEndpointsPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessEndpointsInput, fn func(*DescribeVerifiedAccessEndpointsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessEndpointsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessEndpointsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessEndpointsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessGroups = "DescribeVerifiedAccessGroups" + +// DescribeVerifiedAccessGroupsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessGroups operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessGroups for more information on using the DescribeVerifiedAccessGroups +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessGroupsRequest method. +// req, resp := client.DescribeVerifiedAccessGroupsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessGroups +func (c *EC2) DescribeVerifiedAccessGroupsRequest(input *DescribeVerifiedAccessGroupsInput) (req *request.Request, output *DescribeVerifiedAccessGroupsOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessGroups, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessGroupsInput{} + } + + output = &DescribeVerifiedAccessGroupsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessGroups API operation for Amazon Elastic Compute Cloud. +// +// Describe details of existing Verified Access groups. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessGroups for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessGroups +func (c *EC2) DescribeVerifiedAccessGroups(input *DescribeVerifiedAccessGroupsInput) (*DescribeVerifiedAccessGroupsOutput, error) { + req, out := c.DescribeVerifiedAccessGroupsRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessGroupsWithContext is the same as DescribeVerifiedAccessGroups with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessGroups for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessGroupsWithContext(ctx aws.Context, input *DescribeVerifiedAccessGroupsInput, opts ...request.Option) (*DescribeVerifiedAccessGroupsOutput, error) { + req, out := c.DescribeVerifiedAccessGroupsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessGroupsPages iterates over the pages of a DescribeVerifiedAccessGroups operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessGroups method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessGroups operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessGroupsPages(params, +// func(page *ec2.DescribeVerifiedAccessGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessGroupsPages(input *DescribeVerifiedAccessGroupsInput, fn func(*DescribeVerifiedAccessGroupsOutput, bool) bool) error { + return c.DescribeVerifiedAccessGroupsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessGroupsPagesWithContext same as DescribeVerifiedAccessGroupsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessGroupsPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessGroupsInput, fn func(*DescribeVerifiedAccessGroupsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessGroupsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessGroupsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessGroupsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessInstanceLoggingConfigurations = "DescribeVerifiedAccessInstanceLoggingConfigurations" + +// DescribeVerifiedAccessInstanceLoggingConfigurationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessInstanceLoggingConfigurations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessInstanceLoggingConfigurations for more information on using the DescribeVerifiedAccessInstanceLoggingConfigurations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessInstanceLoggingConfigurationsRequest method. +// req, resp := client.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstanceLoggingConfigurations +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) (req *request.Request, output *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessInstanceLoggingConfigurations, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessInstanceLoggingConfigurationsInput{} + } + + output = &DescribeVerifiedAccessInstanceLoggingConfigurationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessInstanceLoggingConfigurations API operation for Amazon Elastic Compute Cloud. +// +// Describes the current logging configuration for the Amazon Web Services Verified +// Access instances. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessInstanceLoggingConfigurations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstanceLoggingConfigurations +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurations(input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) (*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, error) { + req, out := c.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessInstanceLoggingConfigurationsWithContext is the same as DescribeVerifiedAccessInstanceLoggingConfigurations with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessInstanceLoggingConfigurations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput, opts ...request.Option) (*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, error) { + req, out := c.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessInstanceLoggingConfigurationsPages iterates over the pages of a DescribeVerifiedAccessInstanceLoggingConfigurations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessInstanceLoggingConfigurations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessInstanceLoggingConfigurations operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessInstanceLoggingConfigurationsPages(params, +// func(page *ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsPages(input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput, fn func(*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, bool) bool) error { + return c.DescribeVerifiedAccessInstanceLoggingConfigurationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessInstanceLoggingConfigurationsPagesWithContext same as DescribeVerifiedAccessInstanceLoggingConfigurationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstanceLoggingConfigurationsPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstanceLoggingConfigurationsInput, fn func(*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessInstanceLoggingConfigurationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessInstanceLoggingConfigurationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessInstances = "DescribeVerifiedAccessInstances" + +// DescribeVerifiedAccessInstancesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessInstances operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessInstances for more information on using the DescribeVerifiedAccessInstances +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessInstancesRequest method. +// req, resp := client.DescribeVerifiedAccessInstancesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstances +func (c *EC2) DescribeVerifiedAccessInstancesRequest(input *DescribeVerifiedAccessInstancesInput) (req *request.Request, output *DescribeVerifiedAccessInstancesOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessInstances, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessInstancesInput{} + } + + output = &DescribeVerifiedAccessInstancesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessInstances API operation for Amazon Elastic Compute Cloud. +// +// Describe Verified Access instances. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessInstances for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessInstances +func (c *EC2) DescribeVerifiedAccessInstances(input *DescribeVerifiedAccessInstancesInput) (*DescribeVerifiedAccessInstancesOutput, error) { + req, out := c.DescribeVerifiedAccessInstancesRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessInstancesWithContext is the same as DescribeVerifiedAccessInstances with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessInstances for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstancesWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstancesInput, opts ...request.Option) (*DescribeVerifiedAccessInstancesOutput, error) { + req, out := c.DescribeVerifiedAccessInstancesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessInstancesPages iterates over the pages of a DescribeVerifiedAccessInstances operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessInstances method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessInstances operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessInstancesPages(params, +// func(page *ec2.DescribeVerifiedAccessInstancesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessInstancesPages(input *DescribeVerifiedAccessInstancesInput, fn func(*DescribeVerifiedAccessInstancesOutput, bool) bool) error { + return c.DescribeVerifiedAccessInstancesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessInstancesPagesWithContext same as DescribeVerifiedAccessInstancesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessInstancesPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessInstancesInput, fn func(*DescribeVerifiedAccessInstancesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessInstancesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessInstancesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessInstancesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeVerifiedAccessTrustProviders = "DescribeVerifiedAccessTrustProviders" + +// DescribeVerifiedAccessTrustProvidersRequest generates a "aws/request.Request" representing the +// client's request for the DescribeVerifiedAccessTrustProviders operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeVerifiedAccessTrustProviders for more information on using the DescribeVerifiedAccessTrustProviders +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeVerifiedAccessTrustProvidersRequest method. +// req, resp := client.DescribeVerifiedAccessTrustProvidersRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessTrustProviders +func (c *EC2) DescribeVerifiedAccessTrustProvidersRequest(input *DescribeVerifiedAccessTrustProvidersInput) (req *request.Request, output *DescribeVerifiedAccessTrustProvidersOutput) { + op := &request.Operation{ + Name: opDescribeVerifiedAccessTrustProviders, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeVerifiedAccessTrustProvidersInput{} + } + + output = &DescribeVerifiedAccessTrustProvidersOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeVerifiedAccessTrustProviders API operation for Amazon Elastic Compute Cloud. +// +// Describe details of existing Verified Access trust providers. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeVerifiedAccessTrustProviders for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVerifiedAccessTrustProviders +func (c *EC2) DescribeVerifiedAccessTrustProviders(input *DescribeVerifiedAccessTrustProvidersInput) (*DescribeVerifiedAccessTrustProvidersOutput, error) { + req, out := c.DescribeVerifiedAccessTrustProvidersRequest(input) + return out, req.Send() +} + +// DescribeVerifiedAccessTrustProvidersWithContext is the same as DescribeVerifiedAccessTrustProviders with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeVerifiedAccessTrustProviders for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessTrustProvidersWithContext(ctx aws.Context, input *DescribeVerifiedAccessTrustProvidersInput, opts ...request.Option) (*DescribeVerifiedAccessTrustProvidersOutput, error) { + req, out := c.DescribeVerifiedAccessTrustProvidersRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeVerifiedAccessTrustProvidersPages iterates over the pages of a DescribeVerifiedAccessTrustProviders operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeVerifiedAccessTrustProviders method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeVerifiedAccessTrustProviders operation. +// pageNum := 0 +// err := client.DescribeVerifiedAccessTrustProvidersPages(params, +// func(page *ec2.DescribeVerifiedAccessTrustProvidersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) DescribeVerifiedAccessTrustProvidersPages(input *DescribeVerifiedAccessTrustProvidersInput, fn func(*DescribeVerifiedAccessTrustProvidersOutput, bool) bool) error { + return c.DescribeVerifiedAccessTrustProvidersPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeVerifiedAccessTrustProvidersPagesWithContext same as DescribeVerifiedAccessTrustProvidersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeVerifiedAccessTrustProvidersPagesWithContext(ctx aws.Context, input *DescribeVerifiedAccessTrustProvidersInput, fn func(*DescribeVerifiedAccessTrustProvidersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeVerifiedAccessTrustProvidersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeVerifiedAccessTrustProvidersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeVerifiedAccessTrustProvidersOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeVolumeAttribute = "DescribeVolumeAttribute" // DescribeVolumeAttributeRequest generates a "aws/request.Request" representing the @@ -32517,6 +33970,79 @@ func (c *EC2) DetachNetworkInterfaceWithContext(ctx aws.Context, input *DetachNe return out, req.Send() } +const opDetachVerifiedAccessTrustProvider = "DetachVerifiedAccessTrustProvider" + +// DetachVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the DetachVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DetachVerifiedAccessTrustProvider for more information on using the DetachVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DetachVerifiedAccessTrustProviderRequest method. +// req, resp := client.DetachVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachVerifiedAccessTrustProvider +func (c *EC2) DetachVerifiedAccessTrustProviderRequest(input *DetachVerifiedAccessTrustProviderInput) (req *request.Request, output *DetachVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opDetachVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DetachVerifiedAccessTrustProviderInput{} + } + + output = &DetachVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// DetachVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// Detach a trust provider from an Amazon Web Services Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DetachVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DetachVerifiedAccessTrustProvider +func (c *EC2) DetachVerifiedAccessTrustProvider(input *DetachVerifiedAccessTrustProviderInput) (*DetachVerifiedAccessTrustProviderOutput, error) { + req, out := c.DetachVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// DetachVerifiedAccessTrustProviderWithContext is the same as DetachVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See DetachVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DetachVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *DetachVerifiedAccessTrustProviderInput, opts ...request.Option) (*DetachVerifiedAccessTrustProviderOutput, error) { + req, out := c.DetachVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDetachVolume = "DetachVolume" // DetachVolumeRequest generates a "aws/request.Request" representing the @@ -32759,6 +34285,79 @@ func (c *EC2) DisableAddressTransferWithContext(ctx aws.Context, input *DisableA return out, req.Send() } +const opDisableAwsNetworkPerformanceMetricSubscription = "DisableAwsNetworkPerformanceMetricSubscription" + +// DisableAwsNetworkPerformanceMetricSubscriptionRequest generates a "aws/request.Request" representing the +// client's request for the DisableAwsNetworkPerformanceMetricSubscription operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableAwsNetworkPerformanceMetricSubscription for more information on using the DisableAwsNetworkPerformanceMetricSubscription +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DisableAwsNetworkPerformanceMetricSubscriptionRequest method. +// req, resp := client.DisableAwsNetworkPerformanceMetricSubscriptionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableAwsNetworkPerformanceMetricSubscription +func (c *EC2) DisableAwsNetworkPerformanceMetricSubscriptionRequest(input *DisableAwsNetworkPerformanceMetricSubscriptionInput) (req *request.Request, output *DisableAwsNetworkPerformanceMetricSubscriptionOutput) { + op := &request.Operation{ + Name: opDisableAwsNetworkPerformanceMetricSubscription, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableAwsNetworkPerformanceMetricSubscriptionInput{} + } + + output = &DisableAwsNetworkPerformanceMetricSubscriptionOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableAwsNetworkPerformanceMetricSubscription API operation for Amazon Elastic Compute Cloud. +// +// Disables Infrastructure Performance metric subscriptions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableAwsNetworkPerformanceMetricSubscription for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableAwsNetworkPerformanceMetricSubscription +func (c *EC2) DisableAwsNetworkPerformanceMetricSubscription(input *DisableAwsNetworkPerformanceMetricSubscriptionInput) (*DisableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.DisableAwsNetworkPerformanceMetricSubscriptionRequest(input) + return out, req.Send() +} + +// DisableAwsNetworkPerformanceMetricSubscriptionWithContext is the same as DisableAwsNetworkPerformanceMetricSubscription with the addition of +// the ability to pass a context and additional request options. +// +// See DisableAwsNetworkPerformanceMetricSubscription for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableAwsNetworkPerformanceMetricSubscriptionWithContext(ctx aws.Context, input *DisableAwsNetworkPerformanceMetricSubscriptionInput, opts ...request.Option) (*DisableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.DisableAwsNetworkPerformanceMetricSubscriptionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableEbsEncryptionByDefault = "DisableEbsEncryptionByDefault" // DisableEbsEncryptionByDefaultRequest generates a "aws/request.Request" representing the @@ -34533,6 +36132,79 @@ func (c *EC2) EnableAddressTransferWithContext(ctx aws.Context, input *EnableAdd return out, req.Send() } +const opEnableAwsNetworkPerformanceMetricSubscription = "EnableAwsNetworkPerformanceMetricSubscription" + +// EnableAwsNetworkPerformanceMetricSubscriptionRequest generates a "aws/request.Request" representing the +// client's request for the EnableAwsNetworkPerformanceMetricSubscription operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableAwsNetworkPerformanceMetricSubscription for more information on using the EnableAwsNetworkPerformanceMetricSubscription +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableAwsNetworkPerformanceMetricSubscriptionRequest method. +// req, resp := client.EnableAwsNetworkPerformanceMetricSubscriptionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableAwsNetworkPerformanceMetricSubscription +func (c *EC2) EnableAwsNetworkPerformanceMetricSubscriptionRequest(input *EnableAwsNetworkPerformanceMetricSubscriptionInput) (req *request.Request, output *EnableAwsNetworkPerformanceMetricSubscriptionOutput) { + op := &request.Operation{ + Name: opEnableAwsNetworkPerformanceMetricSubscription, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableAwsNetworkPerformanceMetricSubscriptionInput{} + } + + output = &EnableAwsNetworkPerformanceMetricSubscriptionOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableAwsNetworkPerformanceMetricSubscription API operation for Amazon Elastic Compute Cloud. +// +// Enables Infrastructure Performance subscriptions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableAwsNetworkPerformanceMetricSubscription for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableAwsNetworkPerformanceMetricSubscription +func (c *EC2) EnableAwsNetworkPerformanceMetricSubscription(input *EnableAwsNetworkPerformanceMetricSubscriptionInput) (*EnableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.EnableAwsNetworkPerformanceMetricSubscriptionRequest(input) + return out, req.Send() +} + +// EnableAwsNetworkPerformanceMetricSubscriptionWithContext is the same as EnableAwsNetworkPerformanceMetricSubscription with the addition of +// the ability to pass a context and additional request options. +// +// See EnableAwsNetworkPerformanceMetricSubscription for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableAwsNetworkPerformanceMetricSubscriptionWithContext(ctx aws.Context, input *EnableAwsNetworkPerformanceMetricSubscriptionInput, opts ...request.Option) (*EnableAwsNetworkPerformanceMetricSubscriptionOutput, error) { + req, out := c.EnableAwsNetworkPerformanceMetricSubscriptionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableEbsEncryptionByDefault = "EnableEbsEncryptionByDefault" // EnableEbsEncryptionByDefaultRequest generates a "aws/request.Request" representing the @@ -34935,6 +36607,77 @@ func (c *EC2) EnableIpamOrganizationAdminAccountWithContext(ctx aws.Context, inp return out, req.Send() } +const opEnableReachabilityAnalyzerOrganizationSharing = "EnableReachabilityAnalyzerOrganizationSharing" + +// EnableReachabilityAnalyzerOrganizationSharingRequest generates a "aws/request.Request" representing the +// client's request for the EnableReachabilityAnalyzerOrganizationSharing operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableReachabilityAnalyzerOrganizationSharing for more information on using the EnableReachabilityAnalyzerOrganizationSharing +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EnableReachabilityAnalyzerOrganizationSharingRequest method. +// req, resp := client.EnableReachabilityAnalyzerOrganizationSharingRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableReachabilityAnalyzerOrganizationSharing +func (c *EC2) EnableReachabilityAnalyzerOrganizationSharingRequest(input *EnableReachabilityAnalyzerOrganizationSharingInput) (req *request.Request, output *EnableReachabilityAnalyzerOrganizationSharingOutput) { + op := &request.Operation{ + Name: opEnableReachabilityAnalyzerOrganizationSharing, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableReachabilityAnalyzerOrganizationSharingInput{} + } + + output = &EnableReachabilityAnalyzerOrganizationSharingOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableReachabilityAnalyzerOrganizationSharing API operation for Amazon Elastic Compute Cloud. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableReachabilityAnalyzerOrganizationSharing for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableReachabilityAnalyzerOrganizationSharing +func (c *EC2) EnableReachabilityAnalyzerOrganizationSharing(input *EnableReachabilityAnalyzerOrganizationSharingInput) (*EnableReachabilityAnalyzerOrganizationSharingOutput, error) { + req, out := c.EnableReachabilityAnalyzerOrganizationSharingRequest(input) + return out, req.Send() +} + +// EnableReachabilityAnalyzerOrganizationSharingWithContext is the same as EnableReachabilityAnalyzerOrganizationSharing with the addition of +// the ability to pass a context and additional request options. +// +// See EnableReachabilityAnalyzerOrganizationSharing for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableReachabilityAnalyzerOrganizationSharingWithContext(ctx aws.Context, input *EnableReachabilityAnalyzerOrganizationSharingInput, opts ...request.Option) (*EnableReachabilityAnalyzerOrganizationSharingOutput, error) { + req, out := c.EnableReachabilityAnalyzerOrganizationSharingRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableSerialConsoleAccess = "EnableSerialConsoleAccess" // EnableSerialConsoleAccessRequest generates a "aws/request.Request" representing the @@ -35916,6 +37659,136 @@ func (c *EC2) GetAssociatedIpv6PoolCidrsPagesWithContext(ctx aws.Context, input return p.Err() } +const opGetAwsNetworkPerformanceData = "GetAwsNetworkPerformanceData" + +// GetAwsNetworkPerformanceDataRequest generates a "aws/request.Request" representing the +// client's request for the GetAwsNetworkPerformanceData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetAwsNetworkPerformanceData for more information on using the GetAwsNetworkPerformanceData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetAwsNetworkPerformanceDataRequest method. +// req, resp := client.GetAwsNetworkPerformanceDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAwsNetworkPerformanceData +func (c *EC2) GetAwsNetworkPerformanceDataRequest(input *GetAwsNetworkPerformanceDataInput) (req *request.Request, output *GetAwsNetworkPerformanceDataOutput) { + op := &request.Operation{ + Name: opGetAwsNetworkPerformanceData, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &GetAwsNetworkPerformanceDataInput{} + } + + output = &GetAwsNetworkPerformanceDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetAwsNetworkPerformanceData API operation for Amazon Elastic Compute Cloud. +// +// Gets network performance data. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetAwsNetworkPerformanceData for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAwsNetworkPerformanceData +func (c *EC2) GetAwsNetworkPerformanceData(input *GetAwsNetworkPerformanceDataInput) (*GetAwsNetworkPerformanceDataOutput, error) { + req, out := c.GetAwsNetworkPerformanceDataRequest(input) + return out, req.Send() +} + +// GetAwsNetworkPerformanceDataWithContext is the same as GetAwsNetworkPerformanceData with the addition of +// the ability to pass a context and additional request options. +// +// See GetAwsNetworkPerformanceData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetAwsNetworkPerformanceDataWithContext(ctx aws.Context, input *GetAwsNetworkPerformanceDataInput, opts ...request.Option) (*GetAwsNetworkPerformanceDataOutput, error) { + req, out := c.GetAwsNetworkPerformanceDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// GetAwsNetworkPerformanceDataPages iterates over the pages of a GetAwsNetworkPerformanceData operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetAwsNetworkPerformanceData method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetAwsNetworkPerformanceData operation. +// pageNum := 0 +// err := client.GetAwsNetworkPerformanceDataPages(params, +// func(page *ec2.GetAwsNetworkPerformanceDataOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *EC2) GetAwsNetworkPerformanceDataPages(input *GetAwsNetworkPerformanceDataInput, fn func(*GetAwsNetworkPerformanceDataOutput, bool) bool) error { + return c.GetAwsNetworkPerformanceDataPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetAwsNetworkPerformanceDataPagesWithContext same as GetAwsNetworkPerformanceDataPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetAwsNetworkPerformanceDataPagesWithContext(ctx aws.Context, input *GetAwsNetworkPerformanceDataInput, fn func(*GetAwsNetworkPerformanceDataOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetAwsNetworkPerformanceDataInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetAwsNetworkPerformanceDataRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetAwsNetworkPerformanceDataOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetCapacityReservationUsage = "GetCapacityReservationUsage" // GetCapacityReservationUsageRequest generates a "aws/request.Request" representing the @@ -39308,6 +41181,152 @@ func (c *EC2) GetTransitGatewayRouteTablePropagationsPagesWithContext(ctx aws.Co return p.Err() } +const opGetVerifiedAccessEndpointPolicy = "GetVerifiedAccessEndpointPolicy" + +// GetVerifiedAccessEndpointPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetVerifiedAccessEndpointPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetVerifiedAccessEndpointPolicy for more information on using the GetVerifiedAccessEndpointPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetVerifiedAccessEndpointPolicyRequest method. +// req, resp := client.GetVerifiedAccessEndpointPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessEndpointPolicy +func (c *EC2) GetVerifiedAccessEndpointPolicyRequest(input *GetVerifiedAccessEndpointPolicyInput) (req *request.Request, output *GetVerifiedAccessEndpointPolicyOutput) { + op := &request.Operation{ + Name: opGetVerifiedAccessEndpointPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetVerifiedAccessEndpointPolicyInput{} + } + + output = &GetVerifiedAccessEndpointPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetVerifiedAccessEndpointPolicy API operation for Amazon Elastic Compute Cloud. +// +// Get the Verified Access policy associated with the endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetVerifiedAccessEndpointPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessEndpointPolicy +func (c *EC2) GetVerifiedAccessEndpointPolicy(input *GetVerifiedAccessEndpointPolicyInput) (*GetVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.GetVerifiedAccessEndpointPolicyRequest(input) + return out, req.Send() +} + +// GetVerifiedAccessEndpointPolicyWithContext is the same as GetVerifiedAccessEndpointPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetVerifiedAccessEndpointPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetVerifiedAccessEndpointPolicyWithContext(ctx aws.Context, input *GetVerifiedAccessEndpointPolicyInput, opts ...request.Option) (*GetVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.GetVerifiedAccessEndpointPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetVerifiedAccessGroupPolicy = "GetVerifiedAccessGroupPolicy" + +// GetVerifiedAccessGroupPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetVerifiedAccessGroupPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetVerifiedAccessGroupPolicy for more information on using the GetVerifiedAccessGroupPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetVerifiedAccessGroupPolicyRequest method. +// req, resp := client.GetVerifiedAccessGroupPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessGroupPolicy +func (c *EC2) GetVerifiedAccessGroupPolicyRequest(input *GetVerifiedAccessGroupPolicyInput) (req *request.Request, output *GetVerifiedAccessGroupPolicyOutput) { + op := &request.Operation{ + Name: opGetVerifiedAccessGroupPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetVerifiedAccessGroupPolicyInput{} + } + + output = &GetVerifiedAccessGroupPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetVerifiedAccessGroupPolicy API operation for Amazon Elastic Compute Cloud. +// +// Shows the contents of the Verified Access policy associated with the group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetVerifiedAccessGroupPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetVerifiedAccessGroupPolicy +func (c *EC2) GetVerifiedAccessGroupPolicy(input *GetVerifiedAccessGroupPolicyInput) (*GetVerifiedAccessGroupPolicyOutput, error) { + req, out := c.GetVerifiedAccessGroupPolicyRequest(input) + return out, req.Send() +} + +// GetVerifiedAccessGroupPolicyWithContext is the same as GetVerifiedAccessGroupPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetVerifiedAccessGroupPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetVerifiedAccessGroupPolicyWithContext(ctx aws.Context, input *GetVerifiedAccessGroupPolicyInput, opts ...request.Option) (*GetVerifiedAccessGroupPolicyOutput, error) { + req, out := c.GetVerifiedAccessGroupPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetVpnConnectionDeviceSampleConfiguration = "GetVpnConnectionDeviceSampleConfiguration" // GetVpnConnectionDeviceSampleConfigurationRequest generates a "aws/request.Request" representing the @@ -43642,6 +45661,519 @@ func (c *EC2) ModifyTransitGatewayVpcAttachmentWithContext(ctx aws.Context, inpu return out, req.Send() } +const opModifyVerifiedAccessEndpoint = "ModifyVerifiedAccessEndpoint" + +// ModifyVerifiedAccessEndpointRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessEndpoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessEndpoint for more information on using the ModifyVerifiedAccessEndpoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessEndpointRequest method. +// req, resp := client.ModifyVerifiedAccessEndpointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpoint +func (c *EC2) ModifyVerifiedAccessEndpointRequest(input *ModifyVerifiedAccessEndpointInput) (req *request.Request, output *ModifyVerifiedAccessEndpointOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessEndpoint, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessEndpointInput{} + } + + output = &ModifyVerifiedAccessEndpointOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessEndpoint API operation for Amazon Elastic Compute Cloud. +// +// Modifies the configuration of an Amazon Web Services Verified Access endpoint. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessEndpoint for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpoint +func (c *EC2) ModifyVerifiedAccessEndpoint(input *ModifyVerifiedAccessEndpointInput) (*ModifyVerifiedAccessEndpointOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessEndpointWithContext is the same as ModifyVerifiedAccessEndpoint with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessEndpoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessEndpointWithContext(ctx aws.Context, input *ModifyVerifiedAccessEndpointInput, opts ...request.Option) (*ModifyVerifiedAccessEndpointOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessEndpointPolicy = "ModifyVerifiedAccessEndpointPolicy" + +// ModifyVerifiedAccessEndpointPolicyRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessEndpointPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessEndpointPolicy for more information on using the ModifyVerifiedAccessEndpointPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessEndpointPolicyRequest method. +// req, resp := client.ModifyVerifiedAccessEndpointPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpointPolicy +func (c *EC2) ModifyVerifiedAccessEndpointPolicyRequest(input *ModifyVerifiedAccessEndpointPolicyInput) (req *request.Request, output *ModifyVerifiedAccessEndpointPolicyOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessEndpointPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessEndpointPolicyInput{} + } + + output = &ModifyVerifiedAccessEndpointPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessEndpointPolicy API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified Verified Access endpoint policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessEndpointPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessEndpointPolicy +func (c *EC2) ModifyVerifiedAccessEndpointPolicy(input *ModifyVerifiedAccessEndpointPolicyInput) (*ModifyVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointPolicyRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessEndpointPolicyWithContext is the same as ModifyVerifiedAccessEndpointPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessEndpointPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessEndpointPolicyWithContext(ctx aws.Context, input *ModifyVerifiedAccessEndpointPolicyInput, opts ...request.Option) (*ModifyVerifiedAccessEndpointPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessEndpointPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessGroup = "ModifyVerifiedAccessGroup" + +// ModifyVerifiedAccessGroupRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessGroup for more information on using the ModifyVerifiedAccessGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessGroupRequest method. +// req, resp := client.ModifyVerifiedAccessGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroup +func (c *EC2) ModifyVerifiedAccessGroupRequest(input *ModifyVerifiedAccessGroupInput) (req *request.Request, output *ModifyVerifiedAccessGroupOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessGroupInput{} + } + + output = &ModifyVerifiedAccessGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessGroup API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified Verified Access group configuration. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessGroup for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroup +func (c *EC2) ModifyVerifiedAccessGroup(input *ModifyVerifiedAccessGroupInput) (*ModifyVerifiedAccessGroupOutput, error) { + req, out := c.ModifyVerifiedAccessGroupRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessGroupWithContext is the same as ModifyVerifiedAccessGroup with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessGroupWithContext(ctx aws.Context, input *ModifyVerifiedAccessGroupInput, opts ...request.Option) (*ModifyVerifiedAccessGroupOutput, error) { + req, out := c.ModifyVerifiedAccessGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessGroupPolicy = "ModifyVerifiedAccessGroupPolicy" + +// ModifyVerifiedAccessGroupPolicyRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessGroupPolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessGroupPolicy for more information on using the ModifyVerifiedAccessGroupPolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessGroupPolicyRequest method. +// req, resp := client.ModifyVerifiedAccessGroupPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroupPolicy +func (c *EC2) ModifyVerifiedAccessGroupPolicyRequest(input *ModifyVerifiedAccessGroupPolicyInput) (req *request.Request, output *ModifyVerifiedAccessGroupPolicyOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessGroupPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessGroupPolicyInput{} + } + + output = &ModifyVerifiedAccessGroupPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessGroupPolicy API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified Verified Access group policy. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessGroupPolicy for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessGroupPolicy +func (c *EC2) ModifyVerifiedAccessGroupPolicy(input *ModifyVerifiedAccessGroupPolicyInput) (*ModifyVerifiedAccessGroupPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessGroupPolicyRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessGroupPolicyWithContext is the same as ModifyVerifiedAccessGroupPolicy with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessGroupPolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessGroupPolicyWithContext(ctx aws.Context, input *ModifyVerifiedAccessGroupPolicyInput, opts ...request.Option) (*ModifyVerifiedAccessGroupPolicyOutput, error) { + req, out := c.ModifyVerifiedAccessGroupPolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessInstance = "ModifyVerifiedAccessInstance" + +// ModifyVerifiedAccessInstanceRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessInstance operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessInstance for more information on using the ModifyVerifiedAccessInstance +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessInstanceRequest method. +// req, resp := client.ModifyVerifiedAccessInstanceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstance +func (c *EC2) ModifyVerifiedAccessInstanceRequest(input *ModifyVerifiedAccessInstanceInput) (req *request.Request, output *ModifyVerifiedAccessInstanceOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessInstance, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessInstanceInput{} + } + + output = &ModifyVerifiedAccessInstanceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessInstance API operation for Amazon Elastic Compute Cloud. +// +// Modifies the configuration of the specified Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessInstance for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstance +func (c *EC2) ModifyVerifiedAccessInstance(input *ModifyVerifiedAccessInstanceInput) (*ModifyVerifiedAccessInstanceOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessInstanceWithContext is the same as ModifyVerifiedAccessInstance with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessInstance for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessInstanceWithContext(ctx aws.Context, input *ModifyVerifiedAccessInstanceInput, opts ...request.Option) (*ModifyVerifiedAccessInstanceOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessInstanceLoggingConfiguration = "ModifyVerifiedAccessInstanceLoggingConfiguration" + +// ModifyVerifiedAccessInstanceLoggingConfigurationRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessInstanceLoggingConfiguration operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessInstanceLoggingConfiguration for more information on using the ModifyVerifiedAccessInstanceLoggingConfiguration +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessInstanceLoggingConfigurationRequest method. +// req, resp := client.ModifyVerifiedAccessInstanceLoggingConfigurationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstanceLoggingConfiguration +func (c *EC2) ModifyVerifiedAccessInstanceLoggingConfigurationRequest(input *ModifyVerifiedAccessInstanceLoggingConfigurationInput) (req *request.Request, output *ModifyVerifiedAccessInstanceLoggingConfigurationOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessInstanceLoggingConfiguration, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessInstanceLoggingConfigurationInput{} + } + + output = &ModifyVerifiedAccessInstanceLoggingConfigurationOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessInstanceLoggingConfiguration API operation for Amazon Elastic Compute Cloud. +// +// Modifies the logging configuration for the specified Amazon Web Services +// Verified Access instance. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessInstanceLoggingConfiguration for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessInstanceLoggingConfiguration +func (c *EC2) ModifyVerifiedAccessInstanceLoggingConfiguration(input *ModifyVerifiedAccessInstanceLoggingConfigurationInput) (*ModifyVerifiedAccessInstanceLoggingConfigurationOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceLoggingConfigurationRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessInstanceLoggingConfigurationWithContext is the same as ModifyVerifiedAccessInstanceLoggingConfiguration with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessInstanceLoggingConfiguration for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessInstanceLoggingConfigurationWithContext(ctx aws.Context, input *ModifyVerifiedAccessInstanceLoggingConfigurationInput, opts ...request.Option) (*ModifyVerifiedAccessInstanceLoggingConfigurationOutput, error) { + req, out := c.ModifyVerifiedAccessInstanceLoggingConfigurationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVerifiedAccessTrustProvider = "ModifyVerifiedAccessTrustProvider" + +// ModifyVerifiedAccessTrustProviderRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVerifiedAccessTrustProvider operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVerifiedAccessTrustProvider for more information on using the ModifyVerifiedAccessTrustProvider +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ModifyVerifiedAccessTrustProviderRequest method. +// req, resp := client.ModifyVerifiedAccessTrustProviderRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessTrustProvider +func (c *EC2) ModifyVerifiedAccessTrustProviderRequest(input *ModifyVerifiedAccessTrustProviderInput) (req *request.Request, output *ModifyVerifiedAccessTrustProviderOutput) { + op := &request.Operation{ + Name: opModifyVerifiedAccessTrustProvider, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVerifiedAccessTrustProviderInput{} + } + + output = &ModifyVerifiedAccessTrustProviderOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVerifiedAccessTrustProvider API operation for Amazon Elastic Compute Cloud. +// +// Modifies the configuration of the specified Amazon Web Services Verified +// Access trust provider. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVerifiedAccessTrustProvider for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessTrustProvider +func (c *EC2) ModifyVerifiedAccessTrustProvider(input *ModifyVerifiedAccessTrustProviderInput) (*ModifyVerifiedAccessTrustProviderOutput, error) { + req, out := c.ModifyVerifiedAccessTrustProviderRequest(input) + return out, req.Send() +} + +// ModifyVerifiedAccessTrustProviderWithContext is the same as ModifyVerifiedAccessTrustProvider with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVerifiedAccessTrustProvider for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVerifiedAccessTrustProviderWithContext(ctx aws.Context, input *ModifyVerifiedAccessTrustProviderInput, opts ...request.Option) (*ModifyVerifiedAccessTrustProviderOutput, error) { + req, out := c.ModifyVerifiedAccessTrustProviderRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyVolume = "ModifyVolume" // ModifyVolumeRequest generates a "aws/request.Request" representing the @@ -50721,7 +53253,7 @@ func (s *AcceptTransitGatewayMulticastDomainAssociationsInput) SetTransitGateway type AcceptTransitGatewayMulticastDomainAssociationsOutput struct { _ struct{} `type:"structure"` - // Describes the multicast domain associations. + // Information about the multicast domain associations. Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` } @@ -55561,6 +58093,10 @@ type AttachNetworkInterfaceInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // Configures ENA Express for the network interface that this action attaches + // to the instance. + EnaSrdSpecification *EnaSrdSpecification `type:"structure"` + // The ID of the instance. // // InstanceId is a required field @@ -55626,6 +58162,12 @@ func (s *AttachNetworkInterfaceInput) SetDryRun(v bool) *AttachNetworkInterfaceI return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *AttachNetworkInterfaceInput) SetEnaSrdSpecification(v *EnaSrdSpecification) *AttachNetworkInterfaceInput { + s.EnaSrdSpecification = v + return s +} + // SetInstanceId sets the InstanceId field's value. func (s *AttachNetworkInterfaceInput) SetInstanceId(v string) *AttachNetworkInterfaceInput { s.InstanceId = &v @@ -55685,6 +58227,129 @@ func (s *AttachNetworkInterfaceOutput) SetNetworkCardIndex(v int64) *AttachNetwo return s } +type AttachVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AttachVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AttachVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetClientToken(v string) *AttachVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetDryRun(v bool) *AttachVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetVerifiedAccessInstanceId(v string) *AttachVerifiedAccessTrustProviderInput { + s.VerifiedAccessInstanceId = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *AttachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *AttachVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +type AttachVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *AttachVerifiedAccessTrustProviderOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *AttachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessInstance = v + return s +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *AttachVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *AttachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type AttachVolumeInput struct { _ struct{} `type:"structure"` @@ -55877,6 +58542,83 @@ func (s *AttachVpnGatewayOutput) SetVpcAttachment(v *VpcAttachment) *AttachVpnGa return s } +// Describes the ENA Express configuration for the network interface that's +// attached to the instance. +type AttachmentEnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface that's + // attached to the instance. + EnaSrdEnabled *bool `locationName:"enaSrdEnabled" type:"boolean"` + + // ENA Express configuration for UDP network traffic. + EnaSrdUdpSpecification *AttachmentEnaSrdUdpSpecification `locationName:"enaSrdUdpSpecification" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *AttachmentEnaSrdSpecification) SetEnaSrdEnabled(v bool) *AttachmentEnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *AttachmentEnaSrdSpecification) SetEnaSrdUdpSpecification(v *AttachmentEnaSrdUdpSpecification) *AttachmentEnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// Describes the ENA Express configuration for UDP traffic on the network interface +// that's attached to the instance. +type AttachmentEnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic to and from the instance uses ENA Express. + // To specify this setting, you must first enable ENA Express. + EnaSrdUdpEnabled *bool `locationName:"enaSrdUdpEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AttachmentEnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *AttachmentEnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *AttachmentEnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + // Describes a value for a resource attribute that is a Boolean value. type AttributeBooleanValue struct { _ struct{} `type:"structure"` @@ -63469,7 +66211,7 @@ func (s *CreateCoipPoolInput) SetTagSpecifications(v []*TagSpecification) *Creat type CreateCoipPoolOutput struct { _ struct{} `type:"structure"` - // Describes a customer-owned address pool. + // Information about the CoIP address pool. CoipPool *CoipPool `locationName:"coipPool" type:"structure"` } @@ -66525,7 +69267,7 @@ func (s *CreateLocalGatewayRouteTableInput) SetTagSpecifications(v []*TagSpecifi type CreateLocalGatewayRouteTableOutput struct { _ struct{} `type:"structure"` - // Describes a local gateway route table. + // Information about the local gateway route table. LocalGatewayRouteTable *LocalGatewayRouteTable `locationName:"localGatewayRouteTable" type:"structure"` } @@ -66638,8 +69380,7 @@ func (s *CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociationInput) SetT type CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociationOutput struct { _ struct{} `type:"structure"` - // Describes an association between a local gateway route table and a virtual - // interface group. + // Information about the local gateway route table virtual interface group association. LocalGatewayRouteTableVirtualInterfaceGroupAssociation *LocalGatewayRouteTableVirtualInterfaceGroupAssociation `locationName:"localGatewayRouteTableVirtualInterfaceGroupAssociation" type:"structure"` } @@ -72138,6 +74879,891 @@ func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } +// Options for a network interface-type endpoint. +type CreateVerifiedAccessEndpointEniOptions struct { + _ struct{} `type:"structure"` + + // The ID of the network interface. + NetworkInterfaceId *string `type:"string"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointEniOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointEniOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessEndpointEniOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessEndpointEniOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *CreateVerifiedAccessEndpointEniOptions) SetNetworkInterfaceId(v string) *CreateVerifiedAccessEndpointEniOptions { + s.NetworkInterfaceId = &v + return s +} + +// SetPort sets the Port field's value. +func (s *CreateVerifiedAccessEndpointEniOptions) SetPort(v int64) *CreateVerifiedAccessEndpointEniOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *CreateVerifiedAccessEndpointEniOptions) SetProtocol(v string) *CreateVerifiedAccessEndpointEniOptions { + s.Protocol = &v + return s +} + +type CreateVerifiedAccessEndpointInput struct { + _ struct{} `type:"structure"` + + // The DNS name for users to reach your application. + // + // ApplicationDomain is a required field + ApplicationDomain *string `type:"string" required:"true"` + + // The Amazon Web Services network component Verified Access attaches to. + // + // AttachmentType is a required field + AttachmentType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointAttachmentType"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access endpoint. + Description *string `type:"string"` + + // The ARN of the public TLS/SSL certificate in Amazon Web Services Certificate + // Manager to associate with the endpoint. The CN in the certificate must match + // the DNS name your end users will use to reach your application. + // + // DomainCertificateArn is a required field + DomainCertificateArn *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // A custom identifier that gets prepended to a DNS name that is generated for + // the endpoint. + // + // EndpointDomainPrefix is a required field + EndpointDomainPrefix *string `type:"string" required:"true"` + + // The type of Amazon Web Services Verified Access endpoint to create. + // + // EndpointType is a required field + EndpointType *string `type:"string" required:"true" enum:"VerifiedAccessEndpointType"` + + // The load balancer details if creating the Amazon Web Services Verified Access + // endpoint as load-balancertype. + LoadBalancerOptions *CreateVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` + + // The network interface details if creating the Amazon Web Services Verified + // Access endpoint as network-interfacetype. + NetworkInterfaceOptions *CreateVerifiedAccessEndpointEniOptions `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The Amazon EC2 security groups to associate with the Amazon Web Services + // Verified Access endpoint. + SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` + + // The tags to assign to the Amazon Web Services Verified Access endpoint. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the Verified Access group to associate the endpoint with. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessEndpointInput"} + if s.ApplicationDomain == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationDomain")) + } + if s.AttachmentType == nil { + invalidParams.Add(request.NewErrParamRequired("AttachmentType")) + } + if s.DomainCertificateArn == nil { + invalidParams.Add(request.NewErrParamRequired("DomainCertificateArn")) + } + if s.EndpointDomainPrefix == nil { + invalidParams.Add(request.NewErrParamRequired("EndpointDomainPrefix")) + } + if s.EndpointType == nil { + invalidParams.Add(request.NewErrParamRequired("EndpointType")) + } + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + if s.LoadBalancerOptions != nil { + if err := s.LoadBalancerOptions.Validate(); err != nil { + invalidParams.AddNested("LoadBalancerOptions", err.(request.ErrInvalidParams)) + } + } + if s.NetworkInterfaceOptions != nil { + if err := s.NetworkInterfaceOptions.Validate(); err != nil { + invalidParams.AddNested("NetworkInterfaceOptions", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationDomain sets the ApplicationDomain field's value. +func (s *CreateVerifiedAccessEndpointInput) SetApplicationDomain(v string) *CreateVerifiedAccessEndpointInput { + s.ApplicationDomain = &v + return s +} + +// SetAttachmentType sets the AttachmentType field's value. +func (s *CreateVerifiedAccessEndpointInput) SetAttachmentType(v string) *CreateVerifiedAccessEndpointInput { + s.AttachmentType = &v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessEndpointInput) SetClientToken(v string) *CreateVerifiedAccessEndpointInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessEndpointInput) SetDescription(v string) *CreateVerifiedAccessEndpointInput { + s.Description = &v + return s +} + +// SetDomainCertificateArn sets the DomainCertificateArn field's value. +func (s *CreateVerifiedAccessEndpointInput) SetDomainCertificateArn(v string) *CreateVerifiedAccessEndpointInput { + s.DomainCertificateArn = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessEndpointInput) SetDryRun(v bool) *CreateVerifiedAccessEndpointInput { + s.DryRun = &v + return s +} + +// SetEndpointDomainPrefix sets the EndpointDomainPrefix field's value. +func (s *CreateVerifiedAccessEndpointInput) SetEndpointDomainPrefix(v string) *CreateVerifiedAccessEndpointInput { + s.EndpointDomainPrefix = &v + return s +} + +// SetEndpointType sets the EndpointType field's value. +func (s *CreateVerifiedAccessEndpointInput) SetEndpointType(v string) *CreateVerifiedAccessEndpointInput { + s.EndpointType = &v + return s +} + +// SetLoadBalancerOptions sets the LoadBalancerOptions field's value. +func (s *CreateVerifiedAccessEndpointInput) SetLoadBalancerOptions(v *CreateVerifiedAccessEndpointLoadBalancerOptions) *CreateVerifiedAccessEndpointInput { + s.LoadBalancerOptions = v + return s +} + +// SetNetworkInterfaceOptions sets the NetworkInterfaceOptions field's value. +func (s *CreateVerifiedAccessEndpointInput) SetNetworkInterfaceOptions(v *CreateVerifiedAccessEndpointEniOptions) *CreateVerifiedAccessEndpointInput { + s.NetworkInterfaceOptions = v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *CreateVerifiedAccessEndpointInput) SetPolicyDocument(v string) *CreateVerifiedAccessEndpointInput { + s.PolicyDocument = &v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *CreateVerifiedAccessEndpointInput) SetSecurityGroupIds(v []*string) *CreateVerifiedAccessEndpointInput { + s.SecurityGroupIds = v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessEndpointInput { + s.TagSpecifications = v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *CreateVerifiedAccessEndpointInput) SetVerifiedAccessGroupId(v string) *CreateVerifiedAccessEndpointInput { + s.VerifiedAccessGroupId = &v + return s +} + +// Describes a load balancer when creating an Amazon Web Services Verified Access +// endpoint using the load-balancer type. +type CreateVerifiedAccessEndpointLoadBalancerOptions struct { + _ struct{} `type:"structure"` + + // The ARN of the load balancer. + LoadBalancerArn *string `type:"string"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` + + // The IDs of the subnets. + SubnetIds []*string `locationName:"SubnetId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointLoadBalancerOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointLoadBalancerOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessEndpointLoadBalancerOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetLoadBalancerArn(v string) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.LoadBalancerArn = &v + return s +} + +// SetPort sets the Port field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetPort(v int64) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetProtocol(v string) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.Protocol = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *CreateVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*string) *CreateVerifiedAccessEndpointLoadBalancerOptions { + s.SubnetIds = v + return s +} + +type CreateVerifiedAccessEndpointOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessEndpointOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessEndpoint sets the VerifiedAccessEndpoint field's value. +func (s *CreateVerifiedAccessEndpointOutput) SetVerifiedAccessEndpoint(v *VerifiedAccessEndpoint) *CreateVerifiedAccessEndpointOutput { + s.VerifiedAccessEndpoint = v + return s +} + +type CreateVerifiedAccessGroupInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access group. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The tags to assign to the Amazon Web Services Verified Access group. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessGroupInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessGroupInput) SetClientToken(v string) *CreateVerifiedAccessGroupInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessGroupInput) SetDescription(v string) *CreateVerifiedAccessGroupInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessGroupInput) SetDryRun(v bool) *CreateVerifiedAccessGroupInput { + s.DryRun = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *CreateVerifiedAccessGroupInput) SetPolicyDocument(v string) *CreateVerifiedAccessGroupInput { + s.PolicyDocument = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessGroupInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessGroupInput { + s.TagSpecifications = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *CreateVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) *CreateVerifiedAccessGroupInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type CreateVerifiedAccessGroupOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Verified Access group. + VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessGroupOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessGroup sets the VerifiedAccessGroup field's value. +func (s *CreateVerifiedAccessGroupOutput) SetVerifiedAccessGroup(v *VerifiedAccessGroup) *CreateVerifiedAccessGroupOutput { + s.VerifiedAccessGroup = v + return s +} + +type CreateVerifiedAccessInstanceInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access instance. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The tags to assign to the Amazon Web Services Verified Access instance. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceInput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessInstanceInput) SetClientToken(v string) *CreateVerifiedAccessInstanceInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessInstanceInput) SetDescription(v string) *CreateVerifiedAccessInstanceInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessInstanceInput) SetDryRun(v bool) *CreateVerifiedAccessInstanceInput { + s.DryRun = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessInstanceInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessInstanceInput { + s.TagSpecifications = v + return s +} + +type CreateVerifiedAccessInstanceOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessInstanceOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *CreateVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *CreateVerifiedAccessInstanceOutput { + s.VerifiedAccessInstance = v + return s +} + +// Options for a device-identity type trust provider. +type CreateVerifiedAccessTrustProviderDeviceOptions struct { + _ struct{} `type:"structure"` + + // The ID of the tenant application with the device-identity provider. + TenantId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderDeviceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderDeviceOptions) GoString() string { + return s.String() +} + +// SetTenantId sets the TenantId field's value. +func (s *CreateVerifiedAccessTrustProviderDeviceOptions) SetTenantId(v string) *CreateVerifiedAccessTrustProviderDeviceOptions { + s.TenantId = &v + return s +} + +type CreateVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access trust provider. + Description *string `type:"string"` + + // The options for device identity based trust providers. + DeviceOptions *CreateVerifiedAccessTrustProviderDeviceOptions `type:"structure"` + + // The type of device-based trust provider. + DeviceTrustProviderType *string `type:"string" enum:"DeviceTrustProviderType"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The OpenID Connect details for an oidc-type, user-identity based trust provider. + OidcOptions *CreateVerifiedAccessTrustProviderOidcOptions `type:"structure"` + + // The identifier to be used when working with policy rules. + // + // PolicyReferenceName is a required field + PolicyReferenceName *string `type:"string" required:"true"` + + // The tags to assign to the Amazon Web Services Verified Access trust provider. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The type of trust provider can be either user or device-based. + // + // TrustProviderType is a required field + TrustProviderType *string `type:"string" required:"true" enum:"TrustProviderType"` + + // The type of user-based trust provider. + UserTrustProviderType *string `type:"string" enum:"UserTrustProviderType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateVerifiedAccessTrustProviderInput"} + if s.PolicyReferenceName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyReferenceName")) + } + if s.TrustProviderType == nil { + invalidParams.Add(request.NewErrParamRequired("TrustProviderType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetClientToken(v string) *CreateVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDescription(v string) *CreateVerifiedAccessTrustProviderInput { + s.Description = &v + return s +} + +// SetDeviceOptions sets the DeviceOptions field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDeviceOptions(v *CreateVerifiedAccessTrustProviderDeviceOptions) *CreateVerifiedAccessTrustProviderInput { + s.DeviceOptions = v + return s +} + +// SetDeviceTrustProviderType sets the DeviceTrustProviderType field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDeviceTrustProviderType(v string) *CreateVerifiedAccessTrustProviderInput { + s.DeviceTrustProviderType = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetDryRun(v bool) *CreateVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetOidcOptions sets the OidcOptions field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetOidcOptions(v *CreateVerifiedAccessTrustProviderOidcOptions) *CreateVerifiedAccessTrustProviderInput { + s.OidcOptions = v + return s +} + +// SetPolicyReferenceName sets the PolicyReferenceName field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetPolicyReferenceName(v string) *CreateVerifiedAccessTrustProviderInput { + s.PolicyReferenceName = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetTagSpecifications(v []*TagSpecification) *CreateVerifiedAccessTrustProviderInput { + s.TagSpecifications = v + return s +} + +// SetTrustProviderType sets the TrustProviderType field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetTrustProviderType(v string) *CreateVerifiedAccessTrustProviderInput { + s.TrustProviderType = &v + return s +} + +// SetUserTrustProviderType sets the UserTrustProviderType field's value. +func (s *CreateVerifiedAccessTrustProviderInput) SetUserTrustProviderType(v string) *CreateVerifiedAccessTrustProviderInput { + s.UserTrustProviderType = &v + return s +} + +// Options for an OIDC-based, user-identity type trust provider. +type CreateVerifiedAccessTrustProviderOidcOptions struct { + _ struct{} `type:"structure"` + + // The OIDC authorization endpoint. + AuthorizationEndpoint *string `type:"string"` + + // The client identifier. + ClientId *string `type:"string"` + + // The client secret. + ClientSecret *string `type:"string"` + + // The OIDC issuer. + Issuer *string `type:"string"` + + // OpenID Connect (OIDC) scopes are used by an application during authentication + // to authorize access to a user's details. Each scope returns a specific set + // of user attributes. + Scope *string `type:"string"` + + // The OIDC token endpoint. + TokenEndpoint *string `type:"string"` + + // The OIDC user info endpoint. + UserInfoEndpoint *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOidcOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOidcOptions) GoString() string { + return s.String() +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetAuthorizationEndpoint(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetClientId(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetClientSecret(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetIssuer(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.Issuer = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetScope(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.Scope = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetTokenEndpoint(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.TokenEndpoint = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *CreateVerifiedAccessTrustProviderOidcOptions) SetUserInfoEndpoint(v string) *CreateVerifiedAccessTrustProviderOidcOptions { + s.UserInfoEndpoint = &v + return s +} + +type CreateVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *CreateVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *CreateVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type CreateVolumeInput struct { _ struct{} `type:"structure"` @@ -73811,6 +77437,182 @@ func (s *CustomerGateway) SetType(v string) *CustomerGateway { return s } +// A query used for retrieving network health data. +type DataQuery struct { + _ struct{} `type:"structure"` + + // The Region or Availability Zone that's the target for the data query. For + // example, eu-north-1. + Destination *string `type:"string"` + + // A user-defined ID associated with a data query that's returned in the dataResponse + // identifying the query. For example, if you set the Id to MyQuery01in the + // query, the dataResponse identifies the query as MyQuery01. + Id *string `type:"string"` + + // The aggregation metric used for the data query. Currently only aggregation-latency + // is supported, indicating network latency. + Metric *string `type:"string" enum:"MetricType"` + + // The aggregation period used for the data query. + Period *string `type:"string" enum:"PeriodType"` + + // The Region or Availability Zone that's the source for the data query. For + // example, us-east-1. + Source *string `type:"string"` + + // Metric data aggregations over specified periods of time. The following are + // the supported Infrastructure Performance statistics: + // + // * p50 - The median value of the metric aggregated over a specified start + // and end time. For example, a metric of five_minutes is the median of all + // the data points gathered within those five minutes. + Statistic *string `type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataQuery) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataQuery) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *DataQuery) SetDestination(v string) *DataQuery { + s.Destination = &v + return s +} + +// SetId sets the Id field's value. +func (s *DataQuery) SetId(v string) *DataQuery { + s.Id = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *DataQuery) SetMetric(v string) *DataQuery { + s.Metric = &v + return s +} + +// SetPeriod sets the Period field's value. +func (s *DataQuery) SetPeriod(v string) *DataQuery { + s.Period = &v + return s +} + +// SetSource sets the Source field's value. +func (s *DataQuery) SetSource(v string) *DataQuery { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *DataQuery) SetStatistic(v string) *DataQuery { + s.Statistic = &v + return s +} + +// The response to a DataQuery. +type DataResponse struct { + _ struct{} `type:"structure"` + + // The Region or Availability Zone that's the destination for the data query. + // For example, eu-west-1. + Destination *string `locationName:"destination" type:"string"` + + // The ID passed in the DataQuery. + Id *string `locationName:"id" type:"string"` + + // The metric used for the network performance request. Currently only aggregate-latency + // is supported, showing network latency during a specified period. + Metric *string `locationName:"metric" type:"string" enum:"MetricType"` + + // A list of MetricPoint objects. + MetricPoints []*MetricPoint `locationName:"metricPointSet" locationNameList:"item" type:"list"` + + // The period used for the network performance request. + Period *string `locationName:"period" type:"string" enum:"PeriodType"` + + // The Region or Availability Zone that's the source for the data query. For + // example, us-east-1. + Source *string `locationName:"source" type:"string"` + + // The statistic used for the network performance request. + Statistic *string `locationName:"statistic" type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DataResponse) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *DataResponse) SetDestination(v string) *DataResponse { + s.Destination = &v + return s +} + +// SetId sets the Id field's value. +func (s *DataResponse) SetId(v string) *DataResponse { + s.Id = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *DataResponse) SetMetric(v string) *DataResponse { + s.Metric = &v + return s +} + +// SetMetricPoints sets the MetricPoints field's value. +func (s *DataResponse) SetMetricPoints(v []*MetricPoint) *DataResponse { + s.MetricPoints = v + return s +} + +// SetPeriod sets the Period field's value. +func (s *DataResponse) SetPeriod(v string) *DataResponse { + s.Period = &v + return s +} + +// SetSource sets the Source field's value. +func (s *DataResponse) SetSource(v string) *DataResponse { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *DataResponse) SetStatistic(v string) *DataResponse { + s.Statistic = &v + return s +} + type DeleteCarrierGatewayInput struct { _ struct{} `type:"structure"` @@ -74265,7 +78067,7 @@ func (s *DeleteCoipPoolInput) SetDryRun(v bool) *DeleteCoipPoolInput { type DeleteCoipPoolOutput struct { _ struct{} `type:"structure"` - // Describes a customer-owned address pool. + // Information about the CoIP address pool. CoipPool *CoipPool `locationName:"coipPool" type:"structure"` } @@ -76019,7 +79821,7 @@ func (s *DeleteLocalGatewayRouteTableInput) SetLocalGatewayRouteTableId(v string type DeleteLocalGatewayRouteTableOutput struct { _ struct{} `type:"structure"` - // Describes a local gateway route table. + // Information about the local gateway route table. LocalGatewayRouteTable *LocalGatewayRouteTable `locationName:"localGatewayRouteTable" type:"structure"` } @@ -76108,8 +79910,7 @@ func (s *DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociationInput) SetL type DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociationOutput struct { _ struct{} `type:"structure"` - // Describes an association between a local gateway route table and a virtual - // interface group. + // Information about the association. LocalGatewayRouteTableVirtualInterfaceGroupAssociation *LocalGatewayRouteTableVirtualInterfaceGroupAssociation `locationName:"localGatewayRouteTableVirtualInterfaceGroupAssociation" type:"structure"` } @@ -79478,6 +83279,406 @@ func (s *DeleteTransitGatewayVpcAttachmentOutput) SetTransitGatewayVpcAttachment return s } +type DeleteVerifiedAccessEndpointInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessEndpointInput"} + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessEndpointInput) SetClientToken(v string) *DeleteVerifiedAccessEndpointInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessEndpointInput) SetDryRun(v bool) *DeleteVerifiedAccessEndpointInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *DeleteVerifiedAccessEndpointInput) SetVerifiedAccessEndpointId(v string) *DeleteVerifiedAccessEndpointInput { + s.VerifiedAccessEndpointId = &v + return s +} + +type DeleteVerifiedAccessEndpointOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessEndpointOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessEndpoint sets the VerifiedAccessEndpoint field's value. +func (s *DeleteVerifiedAccessEndpointOutput) SetVerifiedAccessEndpoint(v *VerifiedAccessEndpoint) *DeleteVerifiedAccessEndpointOutput { + s.VerifiedAccessEndpoint = v + return s +} + +type DeleteVerifiedAccessGroupInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessGroupInput"} + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessGroupInput) SetClientToken(v string) *DeleteVerifiedAccessGroupInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessGroupInput) SetDryRun(v bool) *DeleteVerifiedAccessGroupInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *DeleteVerifiedAccessGroupInput) SetVerifiedAccessGroupId(v string) *DeleteVerifiedAccessGroupInput { + s.VerifiedAccessGroupId = &v + return s +} + +type DeleteVerifiedAccessGroupOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessGroupOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessGroup sets the VerifiedAccessGroup field's value. +func (s *DeleteVerifiedAccessGroupOutput) SetVerifiedAccessGroup(v *VerifiedAccessGroup) *DeleteVerifiedAccessGroupOutput { + s.VerifiedAccessGroup = v + return s +} + +type DeleteVerifiedAccessInstanceInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessInstanceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessInstanceInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessInstanceInput) SetClientToken(v string) *DeleteVerifiedAccessInstanceInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessInstanceInput) SetDryRun(v bool) *DeleteVerifiedAccessInstanceInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DeleteVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string) *DeleteVerifiedAccessInstanceInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type DeleteVerifiedAccessInstanceOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessInstanceOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *DeleteVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *DeleteVerifiedAccessInstanceOutput { + s.VerifiedAccessInstance = v + return s +} + +type DeleteVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DeleteVerifiedAccessTrustProviderInput) SetClientToken(v string) *DeleteVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteVerifiedAccessTrustProviderInput) SetDryRun(v bool) *DeleteVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *DeleteVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *DeleteVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +type DeleteVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *DeleteVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *DeleteVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type DeleteVolumeInput struct { _ struct{} `type:"structure"` @@ -81581,6 +85782,109 @@ func (s *DescribeAvailabilityZonesOutput) SetAvailabilityZones(v []*Availability return s } +type DescribeAwsNetworkPerformanceMetricSubscriptionsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetDryRun(v bool) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetFilters(v []*Filter) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetMaxResults(v int64) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsInput) SetNextToken(v string) *DescribeAwsNetworkPerformanceMetricSubscriptionsInput { + s.NextToken = &v + return s +} + +type DescribeAwsNetworkPerformanceMetricSubscriptionsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Describes the current Infrastructure Performance subscriptions. + Subscriptions []*Subscription `locationName:"subscriptionSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) SetNextToken(v string) *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput { + s.NextToken = &v + return s +} + +// SetSubscriptions sets the Subscriptions field's value. +func (s *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) SetSubscriptions(v []*Subscription) *DescribeAwsNetworkPerformanceMetricSubscriptionsOutput { + s.Subscriptions = v + return s +} + type DescribeBundleTasksInput struct { _ struct{} `type:"structure"` @@ -98132,6 +102436,659 @@ func (s *DescribeTrunkInterfaceAssociationsOutput) SetNextToken(v string) *Descr return s } +type DescribeVerifiedAccessEndpointsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpointIds []*string `locationName:"VerifiedAccessEndpointId" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroupId *string `type:"string"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessEndpointsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessEndpointsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetDryRun(v bool) *DescribeVerifiedAccessEndpointsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetFilters(v []*Filter) *DescribeVerifiedAccessEndpointsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetMaxResults(v int64) *DescribeVerifiedAccessEndpointsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetNextToken(v string) *DescribeVerifiedAccessEndpointsInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessEndpointIds sets the VerifiedAccessEndpointIds field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetVerifiedAccessEndpointIds(v []*string) *DescribeVerifiedAccessEndpointsInput { + s.VerifiedAccessEndpointIds = v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetVerifiedAccessGroupId(v string) *DescribeVerifiedAccessEndpointsInput { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DescribeVerifiedAccessEndpointsInput) SetVerifiedAccessInstanceId(v string) *DescribeVerifiedAccessEndpointsInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type DescribeVerifiedAccessEndpointsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpoints []*VerifiedAccessEndpoint `locationName:"verifiedAccessEndpointSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessEndpointsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessEndpointsOutput) SetNextToken(v string) *DescribeVerifiedAccessEndpointsOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessEndpoints sets the VerifiedAccessEndpoints field's value. +func (s *DescribeVerifiedAccessEndpointsOutput) SetVerifiedAccessEndpoints(v []*VerifiedAccessEndpoint) *DescribeVerifiedAccessEndpointsOutput { + s.VerifiedAccessEndpoints = v + return s +} + +type DescribeVerifiedAccessGroupsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the Amazon Web Services Verified Access groups. + VerifiedAccessGroupIds []*string `locationName:"VerifiedAccessGroupId" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessGroupsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetDryRun(v bool) *DescribeVerifiedAccessGroupsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetFilters(v []*Filter) *DescribeVerifiedAccessGroupsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetMaxResults(v int64) *DescribeVerifiedAccessGroupsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetNextToken(v string) *DescribeVerifiedAccessGroupsInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessGroupIds sets the VerifiedAccessGroupIds field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetVerifiedAccessGroupIds(v []*string) *DescribeVerifiedAccessGroupsInput { + s.VerifiedAccessGroupIds = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DescribeVerifiedAccessGroupsInput) SetVerifiedAccessInstanceId(v string) *DescribeVerifiedAccessGroupsInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type DescribeVerifiedAccessGroupsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The ID of the Verified Access group. + VerifiedAccessGroups []*VerifiedAccessGroup `locationName:"verifiedAccessGroupSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessGroupsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessGroupsOutput) SetNextToken(v string) *DescribeVerifiedAccessGroupsOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessGroups sets the VerifiedAccessGroups field's value. +func (s *DescribeVerifiedAccessGroupsOutput) SetVerifiedAccessGroups(v []*VerifiedAccessGroup) *DescribeVerifiedAccessGroupsOutput { + s.VerifiedAccessGroups = v + return s +} + +type DescribeVerifiedAccessInstanceLoggingConfigurationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the Amazon Web Services Verified Access instances. + VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessInstanceLoggingConfigurationsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetDryRun(v bool) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetFilters(v []*Filter) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetMaxResults(v int64) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetNextToken(v string) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessInstanceIds sets the VerifiedAccessInstanceIds field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsInput) SetVerifiedAccessInstanceIds(v []*string) *DescribeVerifiedAccessInstanceLoggingConfigurationsInput { + s.VerifiedAccessInstanceIds = v + return s +} + +type DescribeVerifiedAccessInstanceLoggingConfigurationsOutput struct { + _ struct{} `type:"structure"` + + // The current logging configuration for the Amazon Web Services Verified Access + // instances. + LoggingConfigurations []*VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfigurationSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) GoString() string { + return s.String() +} + +// SetLoggingConfigurations sets the LoggingConfigurations field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) SetLoggingConfigurations(v []*VerifiedAccessInstanceLoggingConfiguration) *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput { + s.LoggingConfigurations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) SetNextToken(v string) *DescribeVerifiedAccessInstanceLoggingConfigurationsOutput { + s.NextToken = &v + return s +} + +type DescribeVerifiedAccessInstancesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the Amazon Web Services Verified Access instances. + VerifiedAccessInstanceIds []*string `locationName:"VerifiedAccessInstanceId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessInstancesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessInstancesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetDryRun(v bool) *DescribeVerifiedAccessInstancesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetFilters(v []*Filter) *DescribeVerifiedAccessInstancesInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetMaxResults(v int64) *DescribeVerifiedAccessInstancesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetNextToken(v string) *DescribeVerifiedAccessInstancesInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessInstanceIds sets the VerifiedAccessInstanceIds field's value. +func (s *DescribeVerifiedAccessInstancesInput) SetVerifiedAccessInstanceIds(v []*string) *DescribeVerifiedAccessInstancesInput { + s.VerifiedAccessInstanceIds = v + return s +} + +type DescribeVerifiedAccessInstancesOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The IDs of the Amazon Web Services Verified Access instances. + VerifiedAccessInstances []*VerifiedAccessInstance `locationName:"verifiedAccessInstanceSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessInstancesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessInstancesOutput) SetNextToken(v string) *DescribeVerifiedAccessInstancesOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessInstances sets the VerifiedAccessInstances field's value. +func (s *DescribeVerifiedAccessInstancesOutput) SetVerifiedAccessInstances(v []*VerifiedAccessInstance) *DescribeVerifiedAccessInstancesOutput { + s.VerifiedAccessInstances = v + return s +} + +type DescribeVerifiedAccessTrustProvidersInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the Amazon Web Services Verified Access trust providers. + VerifiedAccessTrustProviderIds []*string `locationName:"VerifiedAccessTrustProviderId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeVerifiedAccessTrustProvidersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeVerifiedAccessTrustProvidersInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetDryRun(v bool) *DescribeVerifiedAccessTrustProvidersInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetFilters(v []*Filter) *DescribeVerifiedAccessTrustProvidersInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetMaxResults(v int64) *DescribeVerifiedAccessTrustProvidersInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetNextToken(v string) *DescribeVerifiedAccessTrustProvidersInput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessTrustProviderIds sets the VerifiedAccessTrustProviderIds field's value. +func (s *DescribeVerifiedAccessTrustProvidersInput) SetVerifiedAccessTrustProviderIds(v []*string) *DescribeVerifiedAccessTrustProvidersInput { + s.VerifiedAccessTrustProviderIds = v + return s +} + +type DescribeVerifiedAccessTrustProvidersOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The IDs of the Amazon Web Services Verified Access trust providers. + VerifiedAccessTrustProviders []*VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProviderSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeVerifiedAccessTrustProvidersOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeVerifiedAccessTrustProvidersOutput) SetNextToken(v string) *DescribeVerifiedAccessTrustProvidersOutput { + s.NextToken = &v + return s +} + +// SetVerifiedAccessTrustProviders sets the VerifiedAccessTrustProviders field's value. +func (s *DescribeVerifiedAccessTrustProvidersOutput) SetVerifiedAccessTrustProviders(v []*VerifiedAccessTrustProvider) *DescribeVerifiedAccessTrustProvidersOutput { + s.VerifiedAccessTrustProviders = v + return s +} + type DescribeVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -99576,9 +104533,12 @@ type DescribeVpcEndpointServicesInput struct { // One or more filters. // + // * owner - The ID or alias of the Amazon Web Services account that owns + // the service. + // // * service-name - The name of the service. // - // * service-type - The type of service (Interface | Gateway). + // * service-type - The type of service (Interface | Gateway | GatewayLoadBalancer). // // * supported-ip-address-types - The IP address type (ipv4 | ipv6). // @@ -99723,16 +104683,6 @@ type DescribeVpcEndpointsInput struct { // // * service-name - The name of the service. // - // * vpc-id - The ID of the VPC in which the endpoint resides. - // - // * vpc-endpoint-id - The ID of the endpoint. - // - // * vpc-endpoint-state - The state of the endpoint (pendingAcceptance | - // pending | available | deleting | deleted | rejected | failed). - // - // * vpc-endpoint-type - The type of VPC endpoint (Interface | Gateway | - // GatewayLoadBalancer). - // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. // For example, to find all resources that have a tag with the key Owner @@ -99742,6 +104692,16 @@ type DescribeVpcEndpointsInput struct { // * tag-key - The key of a tag assigned to the resource. Use this filter // to find all resources assigned a tag with a specific key, regardless of // the tag value. + // + // * vpc-id - The ID of the VPC in which the endpoint resides. + // + // * vpc-endpoint-id - The ID of the endpoint. + // + // * vpc-endpoint-state - The state of the endpoint (pendingAcceptance | + // pending | available | deleting | deleted | rejected | failed). + // + // * vpc-endpoint-type - The type of VPC endpoint (Interface | Gateway | + // GatewayLoadBalancer). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of items to return for this request. The request returns @@ -100830,6 +105790,129 @@ func (s DetachNetworkInterfaceOutput) GoString() string { return s.String() } +type DetachVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DetachVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DetachVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetClientToken(v string) *DetachVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetDryRun(v bool) *DetachVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetVerifiedAccessInstanceId(v string) *DetachVerifiedAccessTrustProviderInput { + s.VerifiedAccessInstanceId = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *DetachVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *DetachVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +type DetachVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DetachVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *DetachVerifiedAccessTrustProviderOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *DetachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessInstance = v + return s +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *DetachVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *DetachVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type DetachVolumeInput struct { _ struct{} `type:"structure"` @@ -101017,6 +106100,39 @@ func (s DetachVpnGatewayOutput) GoString() string { return s.String() } +// Options for an Amazon Web Services Verified Access device-identity based +// trust provider. +type DeviceOptions struct { + _ struct{} `type:"structure"` + + // The ID of the tenant application with the device-identity provider. + TenantId *string `locationName:"tenantId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeviceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeviceOptions) GoString() string { + return s.String() +} + +// SetTenantId sets the TenantId field's value. +func (s *DeviceOptions) SetTenantId(v string) *DeviceOptions { + s.TenantId = &v + return s +} + // Describes a DHCP configuration option. type DhcpConfiguration struct { _ struct{} `type:"structure"` @@ -101270,6 +106386,109 @@ func (s *DisableAddressTransferOutput) SetAddressTransfer(v *AddressTransfer) *D return s } +type DisableAwsNetworkPerformanceMetricSubscriptionInput struct { + _ struct{} `type:"structure"` + + // The target Region or Availability Zone that the metric subscription is disabled + // for. For example, eu-north-1. + Destination *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The metric used for the disabled subscription. + Metric *string `type:"string" enum:"MetricType"` + + // The source Region or Availability Zone that the metric subscription is disabled + // for. For example, us-east-1. + Source *string `type:"string"` + + // The statistic used for the disabled subscription. + Statistic *string `type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionInput) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetDestination(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Destination = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetDryRun(v bool) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.DryRun = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetMetric(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Metric = &v + return s +} + +// SetSource sets the Source field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetSource(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionInput) SetStatistic(v string) *DisableAwsNetworkPerformanceMetricSubscriptionInput { + s.Statistic = &v + return s +} + +type DisableAwsNetworkPerformanceMetricSubscriptionOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether the unsubscribe action was successful. + Output *bool `locationName:"output" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableAwsNetworkPerformanceMetricSubscriptionOutput) GoString() string { + return s.String() +} + +// SetOutput sets the Output field's value. +func (s *DisableAwsNetworkPerformanceMetricSubscriptionOutput) SetOutput(v bool) *DisableAwsNetworkPerformanceMetricSubscriptionOutput { + s.Output = &v + return s +} + type DisableEbsEncryptionByDefaultInput struct { _ struct{} `type:"structure"` @@ -104946,6 +110165,96 @@ func (s *ElasticInferenceAcceleratorAssociation) SetElasticInferenceAcceleratorA return s } +// ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology +// to increase the maximum bandwidth used per stream and minimize tail latency +// of network traffic between EC2 instances. With ENA Express, you can communicate +// between two EC2 instances in the same subnet within the same account, or +// in different accounts. Both sending and receiving instances must have ENA +// Express enabled. +// +// To improve the reliability of network packet delivery, ENA Express reorders +// network packets on the receiving end by default. However, some UDP-based +// applications are designed to handle network packets that are out of order +// to reduce the overhead for packet delivery at the network layer. When ENA +// Express is enabled, you can specify whether UDP network traffic uses it. +type EnaSrdSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether ENA Express is enabled for the network interface. + EnaSrdEnabled *bool `type:"boolean"` + + // Configures ENA Express for UDP network traffic. + EnaSrdUdpSpecification *EnaSrdUdpSpecification `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdEnabled sets the EnaSrdEnabled field's value. +func (s *EnaSrdSpecification) SetEnaSrdEnabled(v bool) *EnaSrdSpecification { + s.EnaSrdEnabled = &v + return s +} + +// SetEnaSrdUdpSpecification sets the EnaSrdUdpSpecification field's value. +func (s *EnaSrdSpecification) SetEnaSrdUdpSpecification(v *EnaSrdUdpSpecification) *EnaSrdSpecification { + s.EnaSrdUdpSpecification = v + return s +} + +// ENA Express is compatible with both TCP and UDP transport protocols. When +// it’s enabled, TCP traffic automatically uses it. However, some UDP-based +// applications are designed to handle network packets that are out of order, +// without a need for retransmission, such as live video broadcasting or other +// near-real-time applications. For UDP traffic, you can specify whether to +// use ENA Express, based on your application environment needs. +type EnaSrdUdpSpecification struct { + _ struct{} `type:"structure"` + + // Indicates whether UDP traffic uses ENA Express. To specify this setting, + // you must first enable ENA Express. + EnaSrdUdpEnabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnaSrdUdpSpecification) GoString() string { + return s.String() +} + +// SetEnaSrdUdpEnabled sets the EnaSrdUdpEnabled field's value. +func (s *EnaSrdUdpSpecification) SetEnaSrdUdpEnabled(v bool) *EnaSrdUdpSpecification { + s.EnaSrdUdpEnabled = &v + return s +} + type EnableAddressTransferInput struct { _ struct{} `type:"structure"` @@ -105049,6 +110358,109 @@ func (s *EnableAddressTransferOutput) SetAddressTransfer(v *AddressTransfer) *En return s } +type EnableAwsNetworkPerformanceMetricSubscriptionInput struct { + _ struct{} `type:"structure"` + + // The target Region or Availability Zone that the metric subscription is enabled + // for. For example, eu-west-1. + Destination *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The metric used for the enabled subscription. + Metric *string `type:"string" enum:"MetricType"` + + // The source Region or Availability Zone that the metric subscription is enabled + // for. For example, us-east-1. + Source *string `type:"string"` + + // The statistic used for the enabled subscription. + Statistic *string `type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionInput) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetDestination(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Destination = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetDryRun(v bool) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.DryRun = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetMetric(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Metric = &v + return s +} + +// SetSource sets the Source field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetSource(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionInput) SetStatistic(v string) *EnableAwsNetworkPerformanceMetricSubscriptionInput { + s.Statistic = &v + return s +} + +type EnableAwsNetworkPerformanceMetricSubscriptionOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether the subscribe action was successful. + Output *bool `locationName:"output" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableAwsNetworkPerformanceMetricSubscriptionOutput) GoString() string { + return s.String() +} + +// SetOutput sets the Output field's value. +func (s *EnableAwsNetworkPerformanceMetricSubscriptionOutput) SetOutput(v bool) *EnableAwsNetworkPerformanceMetricSubscriptionOutput { + s.Output = &v + return s +} + type EnableEbsEncryptionByDefaultInput struct { _ struct{} `type:"structure"` @@ -105896,6 +111308,66 @@ func (s *EnableIpamOrganizationAdminAccountOutput) SetSuccess(v bool) *EnableIpa return s } +type EnableReachabilityAnalyzerOrganizationSharingInput struct { + _ struct{} `type:"structure"` + + DryRun *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableReachabilityAnalyzerOrganizationSharingInput) SetDryRun(v bool) *EnableReachabilityAnalyzerOrganizationSharingInput { + s.DryRun = &v + return s +} + +type EnableReachabilityAnalyzerOrganizationSharingOutput struct { + _ struct{} `type:"structure"` + + ReturnValue *bool `locationName:"returnValue" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableReachabilityAnalyzerOrganizationSharingOutput) GoString() string { + return s.String() +} + +// SetReturnValue sets the ReturnValue field's value. +func (s *EnableReachabilityAnalyzerOrganizationSharingOutput) SetReturnValue(v bool) *EnableReachabilityAnalyzerOrganizationSharingOutput { + s.ReturnValue = &v + return s +} + type EnableSerialConsoleAccessInput struct { _ struct{} `type:"structure"` @@ -110384,6 +115856,129 @@ func (s *GetAssociatedIpv6PoolCidrsOutput) SetNextToken(v string) *GetAssociated return s } +type GetAwsNetworkPerformanceDataInput struct { + _ struct{} `type:"structure"` + + // A list of network performance data queries. + DataQueries []*DataQuery `locationName:"DataQuery" type:"list"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ending time for the performance data request. The end time must be formatted + // as yyyy-mm-ddThh:mm:ss. For example, 2022-06-12T12:00:00.000Z. + EndTime *time.Time `type:"timestamp"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The starting time for the performance data request. The starting time must + // be formatted as yyyy-mm-ddThh:mm:ss. For example, 2022-06-10T12:00:00.000Z. + StartTime *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataInput) GoString() string { + return s.String() +} + +// SetDataQueries sets the DataQueries field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetDataQueries(v []*DataQuery) *GetAwsNetworkPerformanceDataInput { + s.DataQueries = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetDryRun(v bool) *GetAwsNetworkPerformanceDataInput { + s.DryRun = &v + return s +} + +// SetEndTime sets the EndTime field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetEndTime(v time.Time) *GetAwsNetworkPerformanceDataInput { + s.EndTime = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetMaxResults(v int64) *GetAwsNetworkPerformanceDataInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetNextToken(v string) *GetAwsNetworkPerformanceDataInput { + s.NextToken = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *GetAwsNetworkPerformanceDataInput) SetStartTime(v time.Time) *GetAwsNetworkPerformanceDataInput { + s.StartTime = &v + return s +} + +type GetAwsNetworkPerformanceDataOutput struct { + _ struct{} `type:"structure"` + + // The list of data responses. + DataResponses []*DataResponse `locationName:"dataResponseSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAwsNetworkPerformanceDataOutput) GoString() string { + return s.String() +} + +// SetDataResponses sets the DataResponses field's value. +func (s *GetAwsNetworkPerformanceDataOutput) SetDataResponses(v []*DataResponse) *GetAwsNetworkPerformanceDataOutput { + s.DataResponses = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetAwsNetworkPerformanceDataOutput) SetNextToken(v string) *GetAwsNetworkPerformanceDataOutput { + s.NextToken = &v + return s +} + type GetCapacityReservationUsageInput struct { _ struct{} `type:"structure"` @@ -114620,6 +120215,202 @@ func (s *GetTransitGatewayRouteTablePropagationsOutput) SetTransitGatewayRouteTa return s } +type GetVerifiedAccessEndpointPolicyInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetVerifiedAccessEndpointPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetVerifiedAccessEndpointPolicyInput"} + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetVerifiedAccessEndpointPolicyInput) SetDryRun(v bool) *GetVerifiedAccessEndpointPolicyInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *GetVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v string) *GetVerifiedAccessEndpointPolicyInput { + s.VerifiedAccessEndpointId = &v + return s +} + +type GetVerifiedAccessEndpointPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessEndpointPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *GetVerifiedAccessEndpointPolicyOutput) SetPolicyDocument(v string) *GetVerifiedAccessEndpointPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *GetVerifiedAccessEndpointPolicyOutput) SetPolicyEnabled(v bool) *GetVerifiedAccessEndpointPolicyOutput { + s.PolicyEnabled = &v + return s +} + +type GetVerifiedAccessGroupPolicyInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetVerifiedAccessGroupPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetVerifiedAccessGroupPolicyInput"} + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetVerifiedAccessGroupPolicyInput) SetDryRun(v bool) *GetVerifiedAccessGroupPolicyInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *GetVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) *GetVerifiedAccessGroupPolicyInput { + s.VerifiedAccessGroupId = &v + return s +} + +type GetVerifiedAccessGroupPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetVerifiedAccessGroupPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *GetVerifiedAccessGroupPolicyOutput) SetPolicyDocument(v string) *GetVerifiedAccessGroupPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *GetVerifiedAccessGroupPolicyOutput) SetPolicyEnabled(v bool) *GetVerifiedAccessGroupPolicyOutput { + s.PolicyEnabled = &v + return s +} + type GetVpnConnectionDeviceSampleConfigurationInput struct { _ struct{} `type:"structure"` @@ -128417,7 +134208,7 @@ type LocalGatewayRouteTable struct { // The state of the local gateway route table. State *string `locationName:"state" type:"string"` - // Describes a state change. + // Information about the state change. StateReason *StateReason `locationName:"stateReason" type:"structure"` // The tags assigned to the local gateway route table. @@ -129197,6 +134988,69 @@ func (s *MemoryMiBRequest) SetMin(v int64) *MemoryMiBRequest { return s } +// Indicates whether the network was healthy or unhealthy at a particular point. +// The value is aggregated from the startDate to the endDate. Currently only +// five_minutes is supported. +type MetricPoint struct { + _ struct{} `type:"structure"` + + // The end date for the metric point. The ending time must be formatted as yyyy-mm-ddThh:mm:ss. + // For example, 2022-06-12T12:00:00.000Z. + EndDate *time.Time `locationName:"endDate" type:"timestamp"` + + // The start date for the metric point. The starting date for the metric point. + // The starting time must be formatted as yyyy-mm-ddThh:mm:ss. For example, + // 2022-06-10T12:00:00.000Z. + StartDate *time.Time `locationName:"startDate" type:"timestamp"` + + // The status of the metric point. + Status *string `locationName:"status" type:"string"` + + Value *float64 `locationName:"value" type:"float"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricPoint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MetricPoint) GoString() string { + return s.String() +} + +// SetEndDate sets the EndDate field's value. +func (s *MetricPoint) SetEndDate(v time.Time) *MetricPoint { + s.EndDate = &v + return s +} + +// SetStartDate sets the StartDate field's value. +func (s *MetricPoint) SetStartDate(v time.Time) *MetricPoint { + s.StartDate = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *MetricPoint) SetStatus(v string) *MetricPoint { + s.Status = &v + return s +} + +// SetValue sets the Value field's value. +func (s *MetricPoint) SetValue(v float64) *MetricPoint { + s.Value = &v + return s +} + type ModifyAddressAttributeInput struct { _ struct{} `type:"structure"` @@ -132877,7 +138731,7 @@ func (s *ModifyLocalGatewayRouteInput) SetNetworkInterfaceId(v string) *ModifyLo type ModifyLocalGatewayRouteOutput struct { _ struct{} `type:"structure"` - // Describes a route for a local gateway route table. + // Information about the local gateway route table. Route *LocalGatewayRoute `locationName:"route" type:"structure"` } @@ -133069,7 +138923,7 @@ func (s *ModifyManagedPrefixListOutput) SetPrefixList(v *ManagedPrefixList) *Mod type ModifyNetworkInterfaceAttributeInput struct { _ struct{} `type:"structure"` - // Information about the interface attachment. If modifying the 'delete on termination' + // Information about the interface attachment. If modifying the delete on termination // attribute, you must specify the ID of the interface attachment. Attachment *NetworkInterfaceAttachmentChanges `locationName:"attachment" type:"structure"` @@ -133082,6 +138936,10 @@ type ModifyNetworkInterfaceAttributeInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // Updates the ENA Express configuration for the network interface that’s + // attached to the instance. + EnaSrdSpecification *EnaSrdSpecification `type:"structure"` + // Changes the security groups for the network interface. The new set of groups // you specify replaces the current set. You must specify at least one group, // even if it's just the default security group in the VPC. You must specify @@ -133151,6 +139009,12 @@ func (s *ModifyNetworkInterfaceAttributeInput) SetDryRun(v bool) *ModifyNetworkI return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *ModifyNetworkInterfaceAttributeInput) SetEnaSrdSpecification(v *EnaSrdSpecification) *ModifyNetworkInterfaceAttributeInput { + s.EnaSrdSpecification = v + return s +} + // SetGroups sets the Groups field's value. func (s *ModifyNetworkInterfaceAttributeInput) SetGroups(v []*string) *ModifyNetworkInterfaceAttributeInput { s.Groups = v @@ -134716,7 +140580,7 @@ func (s *ModifyTransitGatewayOptions) SetVpnEcmpSupport(v string) *ModifyTransit type ModifyTransitGatewayOutput struct { _ struct{} `type:"structure"` - // Describes a transit gateway. + // Information about the transit gateway. TransitGateway *TransitGateway `locationName:"transitGateway" type:"structure"` } @@ -135034,6 +140898,1033 @@ func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } +// Options for a network-interface type Verified Access endpoint. +type ModifyVerifiedAccessEndpointEniOptions struct { + _ struct{} `type:"structure"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointEniOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointEniOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointEniOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointEniOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPort sets the Port field's value. +func (s *ModifyVerifiedAccessEndpointEniOptions) SetPort(v int64) *ModifyVerifiedAccessEndpointEniOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *ModifyVerifiedAccessEndpointEniOptions) SetProtocol(v string) *ModifyVerifiedAccessEndpointEniOptions { + s.Protocol = &v + return s +} + +type ModifyVerifiedAccessEndpointInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access endpoint. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The load balancer details if creating the Amazon Web Services Verified Access + // endpoint as load-balancertype. + LoadBalancerOptions *ModifyVerifiedAccessEndpointLoadBalancerOptions `type:"structure"` + + // The network interface options. + NetworkInterfaceOptions *ModifyVerifiedAccessEndpointEniOptions `type:"structure"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroupId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointInput"} + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + if s.LoadBalancerOptions != nil { + if err := s.LoadBalancerOptions.Validate(); err != nil { + invalidParams.AddNested("LoadBalancerOptions", err.(request.ErrInvalidParams)) + } + } + if s.NetworkInterfaceOptions != nil { + if err := s.NetworkInterfaceOptions.Validate(); err != nil { + invalidParams.AddNested("NetworkInterfaceOptions", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetClientToken(v string) *ModifyVerifiedAccessEndpointInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetDescription(v string) *ModifyVerifiedAccessEndpointInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetDryRun(v bool) *ModifyVerifiedAccessEndpointInput { + s.DryRun = &v + return s +} + +// SetLoadBalancerOptions sets the LoadBalancerOptions field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetLoadBalancerOptions(v *ModifyVerifiedAccessEndpointLoadBalancerOptions) *ModifyVerifiedAccessEndpointInput { + s.LoadBalancerOptions = v + return s +} + +// SetNetworkInterfaceOptions sets the NetworkInterfaceOptions field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetNetworkInterfaceOptions(v *ModifyVerifiedAccessEndpointEniOptions) *ModifyVerifiedAccessEndpointInput { + s.NetworkInterfaceOptions = v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetVerifiedAccessEndpointId(v string) *ModifyVerifiedAccessEndpointInput { + s.VerifiedAccessEndpointId = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *ModifyVerifiedAccessEndpointInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessEndpointInput { + s.VerifiedAccessGroupId = &v + return s +} + +// Describes a load balancer when creating an Amazon Web Services Verified Access +// endpoint using the load-balancer type. +type ModifyVerifiedAccessEndpointLoadBalancerOptions struct { + _ struct{} `type:"structure"` + + // The IP port number. + Port *int64 `min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `type:"string" enum:"VerifiedAccessEndpointProtocol"` + + // The IDs of the subnets. + SubnetIds []*string `locationName:"SubnetId" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointLoadBalancerOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointLoadBalancerOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointLoadBalancerOptions"} + if s.Port != nil && *s.Port < 1 { + invalidParams.Add(request.NewErrParamMinValue("Port", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPort sets the Port field's value. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetPort(v int64) *ModifyVerifiedAccessEndpointLoadBalancerOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetProtocol(v string) *ModifyVerifiedAccessEndpointLoadBalancerOptions { + s.Protocol = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *ModifyVerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*string) *ModifyVerifiedAccessEndpointLoadBalancerOptions { + s.SubnetIds = v + return s +} + +type ModifyVerifiedAccessEndpointOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access endpoint details. + VerifiedAccessEndpoint *VerifiedAccessEndpoint `locationName:"verifiedAccessEndpoint" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessEndpoint sets the VerifiedAccessEndpoint field's value. +func (s *ModifyVerifiedAccessEndpointOutput) SetVerifiedAccessEndpoint(v *VerifiedAccessEndpoint) *ModifyVerifiedAccessEndpointOutput { + s.VerifiedAccessEndpoint = v + return s +} + +type ModifyVerifiedAccessEndpointPolicyInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The status of the Verified Access policy. + // + // PolicyEnabled is a required field + PolicyEnabled *bool `type:"boolean" required:"true"` + + // The ID of the Amazon Web Services Verified Access endpoint. + // + // VerifiedAccessEndpointId is a required field + VerifiedAccessEndpointId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessEndpointPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessEndpointPolicyInput"} + if s.PolicyEnabled == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) + } + if s.VerifiedAccessEndpointId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessEndpointId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetClientToken(v string) *ModifyVerifiedAccessEndpointPolicyInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetDryRun(v bool) *ModifyVerifiedAccessEndpointPolicyInput { + s.DryRun = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetPolicyDocument(v string) *ModifyVerifiedAccessEndpointPolicyInput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessEndpointPolicyInput { + s.PolicyEnabled = &v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *ModifyVerifiedAccessEndpointPolicyInput) SetVerifiedAccessEndpointId(v string) *ModifyVerifiedAccessEndpointPolicyInput { + s.VerifiedAccessEndpointId = &v + return s +} + +type ModifyVerifiedAccessEndpointPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessEndpointPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetPolicyDocument(v string) *ModifyVerifiedAccessEndpointPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessEndpointPolicyOutput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessEndpointPolicyOutput { + s.PolicyEnabled = &v + return s +} + +type ModifyVerifiedAccessGroupInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access group. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessGroupInput"} + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessGroupInput) SetClientToken(v string) *ModifyVerifiedAccessGroupInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessGroupInput) SetDescription(v string) *ModifyVerifiedAccessGroupInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessGroupInput) SetDryRun(v bool) *ModifyVerifiedAccessGroupInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *ModifyVerifiedAccessGroupInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessGroupInput { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *ModifyVerifiedAccessGroupInput) SetVerifiedAccessInstanceId(v string) *ModifyVerifiedAccessGroupInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type ModifyVerifiedAccessGroupOutput struct { + _ struct{} `type:"structure"` + + // Details of Amazon Web Services Verified Access group. + VerifiedAccessGroup *VerifiedAccessGroup `locationName:"verifiedAccessGroup" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessGroup sets the VerifiedAccessGroup field's value. +func (s *ModifyVerifiedAccessGroupOutput) SetVerifiedAccessGroup(v *VerifiedAccessGroup) *ModifyVerifiedAccessGroupOutput { + s.VerifiedAccessGroup = v + return s +} + +type ModifyVerifiedAccessGroupPolicyInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `type:"string"` + + // The status of the Verified Access policy. + // + // PolicyEnabled is a required field + PolicyEnabled *bool `type:"boolean" required:"true"` + + // The ID of the Amazon Web Services Verified Access group. + // + // VerifiedAccessGroupId is a required field + VerifiedAccessGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessGroupPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessGroupPolicyInput"} + if s.PolicyEnabled == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyEnabled")) + } + if s.VerifiedAccessGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetClientToken(v string) *ModifyVerifiedAccessGroupPolicyInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetDryRun(v bool) *ModifyVerifiedAccessGroupPolicyInput { + s.DryRun = &v + return s +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetPolicyDocument(v string) *ModifyVerifiedAccessGroupPolicyInput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessGroupPolicyInput { + s.PolicyEnabled = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *ModifyVerifiedAccessGroupPolicyInput) SetVerifiedAccessGroupId(v string) *ModifyVerifiedAccessGroupPolicyInput { + s.VerifiedAccessGroupId = &v + return s +} + +type ModifyVerifiedAccessGroupPolicyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services Verified Access policy document. + PolicyDocument *string `locationName:"policyDocument" type:"string"` + + // The status of the Verified Access policy. + PolicyEnabled *bool `locationName:"policyEnabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessGroupPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyDocument sets the PolicyDocument field's value. +func (s *ModifyVerifiedAccessGroupPolicyOutput) SetPolicyDocument(v string) *ModifyVerifiedAccessGroupPolicyOutput { + s.PolicyDocument = &v + return s +} + +// SetPolicyEnabled sets the PolicyEnabled field's value. +func (s *ModifyVerifiedAccessGroupPolicyOutput) SetPolicyEnabled(v bool) *ModifyVerifiedAccessGroupPolicyOutput { + s.PolicyEnabled = &v + return s +} + +type ModifyVerifiedAccessInstanceInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access instance. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessInstanceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessInstanceInput"} + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetClientToken(v string) *ModifyVerifiedAccessInstanceInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetDescription(v string) *ModifyVerifiedAccessInstanceInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetDryRun(v bool) *ModifyVerifiedAccessInstanceInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *ModifyVerifiedAccessInstanceInput) SetVerifiedAccessInstanceId(v string) *ModifyVerifiedAccessInstanceInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type ModifyVerifiedAccessInstanceLoggingConfigurationInput struct { + _ struct{} `type:"structure"` + + // The configuration options for Amazon Web Services Verified Access instances. + // + // AccessLogs is a required field + AccessLogs *VerifiedAccessLogOptions `type:"structure" required:"true"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Amazon Web Services Verified Access instance. + // + // VerifiedAccessInstanceId is a required field + VerifiedAccessInstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessInstanceLoggingConfigurationInput"} + if s.AccessLogs == nil { + invalidParams.Add(request.NewErrParamRequired("AccessLogs")) + } + if s.VerifiedAccessInstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessInstanceId")) + } + if s.AccessLogs != nil { + if err := s.AccessLogs.Validate(); err != nil { + invalidParams.AddNested("AccessLogs", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessLogs sets the AccessLogs field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetAccessLogs(v *VerifiedAccessLogOptions) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.AccessLogs = v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetClientToken(v string) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetDryRun(v bool) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.DryRun = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationInput) SetVerifiedAccessInstanceId(v string) *ModifyVerifiedAccessInstanceLoggingConfigurationInput { + s.VerifiedAccessInstanceId = &v + return s +} + +type ModifyVerifiedAccessInstanceLoggingConfigurationOutput struct { + _ struct{} `type:"structure"` + + // The logging configuration for Amazon Web Services Verified Access instance. + LoggingConfiguration *VerifiedAccessInstanceLoggingConfiguration `locationName:"loggingConfiguration" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceLoggingConfigurationOutput) GoString() string { + return s.String() +} + +// SetLoggingConfiguration sets the LoggingConfiguration field's value. +func (s *ModifyVerifiedAccessInstanceLoggingConfigurationOutput) SetLoggingConfiguration(v *VerifiedAccessInstanceLoggingConfiguration) *ModifyVerifiedAccessInstanceLoggingConfigurationOutput { + s.LoggingConfiguration = v + return s +} + +type ModifyVerifiedAccessInstanceOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstance *VerifiedAccessInstance `locationName:"verifiedAccessInstance" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessInstanceOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessInstance sets the VerifiedAccessInstance field's value. +func (s *ModifyVerifiedAccessInstanceOutput) SetVerifiedAccessInstance(v *VerifiedAccessInstance) *ModifyVerifiedAccessInstanceOutput { + s.VerifiedAccessInstance = v + return s +} + +type ModifyVerifiedAccessTrustProviderInput struct { + _ struct{} `type:"structure"` + + // A unique, case-sensitive token that you provide to ensure idempotency of + // your modification request. For more information, see Ensuring Idempotency + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description for the Amazon Web Services Verified Access trust provider. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The OpenID Connect details for an oidc-type, user-identity based trust provider. + OidcOptions *ModifyVerifiedAccessTrustProviderOidcOptions `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + // + // VerifiedAccessTrustProviderId is a required field + VerifiedAccessTrustProviderId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVerifiedAccessTrustProviderInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVerifiedAccessTrustProviderInput"} + if s.VerifiedAccessTrustProviderId == nil { + invalidParams.Add(request.NewErrParamRequired("VerifiedAccessTrustProviderId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetClientToken(v string) *ModifyVerifiedAccessTrustProviderInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetDescription(v string) *ModifyVerifiedAccessTrustProviderInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetDryRun(v bool) *ModifyVerifiedAccessTrustProviderInput { + s.DryRun = &v + return s +} + +// SetOidcOptions sets the OidcOptions field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetOidcOptions(v *ModifyVerifiedAccessTrustProviderOidcOptions) *ModifyVerifiedAccessTrustProviderInput { + s.OidcOptions = v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *ModifyVerifiedAccessTrustProviderInput) SetVerifiedAccessTrustProviderId(v string) *ModifyVerifiedAccessTrustProviderInput { + s.VerifiedAccessTrustProviderId = &v + return s +} + +// OpenID Connect options for an oidc-type, user-identity based trust provider. +type ModifyVerifiedAccessTrustProviderOidcOptions struct { + _ struct{} `type:"structure"` + + // OpenID Connect (OIDC) scopes are used by an application during authentication + // to authorize access to a user's details. Each scope returns a specific set + // of user attributes. + Scope *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOidcOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOidcOptions) GoString() string { + return s.String() +} + +// SetScope sets the Scope field's value. +func (s *ModifyVerifiedAccessTrustProviderOidcOptions) SetScope(v string) *ModifyVerifiedAccessTrustProviderOidcOptions { + s.Scope = &v + return s +} + +type ModifyVerifiedAccessTrustProviderOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProvider *VerifiedAccessTrustProvider `locationName:"verifiedAccessTrustProvider" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyVerifiedAccessTrustProviderOutput) GoString() string { + return s.String() +} + +// SetVerifiedAccessTrustProvider sets the VerifiedAccessTrustProvider field's value. +func (s *ModifyVerifiedAccessTrustProviderOutput) SetVerifiedAccessTrustProvider(v *VerifiedAccessTrustProvider) *ModifyVerifiedAccessTrustProviderOutput { + s.VerifiedAccessTrustProvider = v + return s +} + type ModifyVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -136518,7 +143409,7 @@ func (s *ModifyVpnConnectionOptionsInput) SetVpnConnectionId(v string) *ModifyVp type ModifyVpnConnectionOptionsOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -136549,7 +143440,7 @@ func (s *ModifyVpnConnectionOptionsOutput) SetVpnConnection(v *VpnConnection) *M type ModifyVpnConnectionOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -136652,7 +143543,7 @@ func (s *ModifyVpnTunnelCertificateInput) SetVpnTunnelOutsideIpAddress(v string) type ModifyVpnTunnelCertificateOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -136769,7 +143660,7 @@ func (s *ModifyVpnTunnelOptionsInput) SetVpnTunnelOutsideIpAddress(v string) *Mo type ModifyVpnTunnelOptionsOutput struct { _ struct{} `type:"structure"` - // Describes a VPN connection. + // Information about the VPN connection. VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` } @@ -138092,6 +144983,12 @@ type NetworkInfo struct { // Indicates whether Elastic Fabric Adapter (EFA) is supported. EfaSupported *bool `locationName:"efaSupported" type:"boolean"` + // Indicates whether the instance type supports ENA Express. ENA Express uses + // Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase + // the maximum bandwidth used per stream and minimize tail latency of network + // traffic between EC2 instances. + EnaSrdSupported *bool `locationName:"enaSrdSupported" type:"boolean"` + // Indicates whether Elastic Network Adapter (ENA) is supported. EnaSupport *string `locationName:"enaSupport" type:"string" enum:"EnaSupport"` @@ -138158,6 +145055,12 @@ func (s *NetworkInfo) SetEfaSupported(v bool) *NetworkInfo { return s } +// SetEnaSrdSupported sets the EnaSrdSupported field's value. +func (s *NetworkInfo) SetEnaSrdSupported(v bool) *NetworkInfo { + s.EnaSrdSupported = &v + return s +} + // SetEnaSupport sets the EnaSupport field's value. func (s *NetworkInfo) SetEnaSupport(v string) *NetworkInfo { s.EnaSupport = &v @@ -138456,6 +145359,8 @@ func (s *NetworkInsightsAccessScopeContent) SetNetworkInsightsAccessScopeId(v st type NetworkInsightsAnalysis struct { _ struct{} `type:"structure"` + AdditionalAccounts []*string `locationName:"additionalAccountSet" locationNameList:"item" type:"list"` + // Potential intermediate components. AlternatePathHints []*AlternatePathHint `locationName:"alternatePathHintSet" locationNameList:"item" type:"list"` @@ -138494,6 +145399,8 @@ type NetworkInsightsAnalysis struct { // The status message, if the status is failed. StatusMessage *string `locationName:"statusMessage" type:"string"` + SuggestedAccounts []*string `locationName:"suggestedAccountSet" locationNameList:"item" type:"list"` + // The tags. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` @@ -138519,6 +145426,12 @@ func (s NetworkInsightsAnalysis) GoString() string { return s.String() } +// SetAdditionalAccounts sets the AdditionalAccounts field's value. +func (s *NetworkInsightsAnalysis) SetAdditionalAccounts(v []*string) *NetworkInsightsAnalysis { + s.AdditionalAccounts = v + return s +} + // SetAlternatePathHints sets the AlternatePathHints field's value. func (s *NetworkInsightsAnalysis) SetAlternatePathHints(v []*AlternatePathHint) *NetworkInsightsAnalysis { s.AlternatePathHints = v @@ -138591,6 +145504,12 @@ func (s *NetworkInsightsAnalysis) SetStatusMessage(v string) *NetworkInsightsAna return s } +// SetSuggestedAccounts sets the SuggestedAccounts field's value. +func (s *NetworkInsightsAnalysis) SetSuggestedAccounts(v []*string) *NetworkInsightsAnalysis { + s.SuggestedAccounts = v + return s +} + // SetTags sets the Tags field's value. func (s *NetworkInsightsAnalysis) SetTags(v []*Tag) *NetworkInsightsAnalysis { s.Tags = v @@ -138613,6 +145532,8 @@ type NetworkInsightsPath struct { // The Amazon Web Services resource that is the destination of the path. Destination *string `locationName:"destination" type:"string"` + DestinationArn *string `locationName:"destinationArn" min:"1" type:"string"` + // The IP address of the Amazon Web Services resource that is the destination // of the path. DestinationIp *string `locationName:"destinationIp" type:"string"` @@ -138632,6 +145553,8 @@ type NetworkInsightsPath struct { // The Amazon Web Services resource that is the source of the path. Source *string `locationName:"source" type:"string"` + SourceArn *string `locationName:"sourceArn" min:"1" type:"string"` + // The IP address of the Amazon Web Services resource that is the source of // the path. SourceIp *string `locationName:"sourceIp" type:"string"` @@ -138670,6 +145593,12 @@ func (s *NetworkInsightsPath) SetDestination(v string) *NetworkInsightsPath { return s } +// SetDestinationArn sets the DestinationArn field's value. +func (s *NetworkInsightsPath) SetDestinationArn(v string) *NetworkInsightsPath { + s.DestinationArn = &v + return s +} + // SetDestinationIp sets the DestinationIp field's value. func (s *NetworkInsightsPath) SetDestinationIp(v string) *NetworkInsightsPath { s.DestinationIp = &v @@ -138706,6 +145635,12 @@ func (s *NetworkInsightsPath) SetSource(v string) *NetworkInsightsPath { return s } +// SetSourceArn sets the SourceArn field's value. +func (s *NetworkInsightsPath) SetSourceArn(v string) *NetworkInsightsPath { + s.SourceArn = &v + return s +} + // SetSourceIp sets the SourceIp field's value. func (s *NetworkInsightsPath) SetSourceIp(v string) *NetworkInsightsPath { s.SourceIp = &v @@ -139088,6 +146023,10 @@ type NetworkInterfaceAttachment struct { // The device index of the network interface attachment on the instance. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` + // Configures ENA Express for the network interface that this action attaches + // to the instance. + EnaSrdSpecification *AttachmentEnaSrdSpecification `locationName:"enaSrdSpecification" type:"structure"` + // The ID of the instance. InstanceId *string `locationName:"instanceId" type:"string"` @@ -139143,6 +146082,12 @@ func (s *NetworkInterfaceAttachment) SetDeviceIndex(v int64) *NetworkInterfaceAt return s } +// SetEnaSrdSpecification sets the EnaSrdSpecification field's value. +func (s *NetworkInterfaceAttachment) SetEnaSrdSpecification(v *AttachmentEnaSrdSpecification) *NetworkInterfaceAttachment { + s.EnaSrdSpecification = v + return s +} + // SetInstanceId sets the InstanceId field's value. func (s *NetworkInterfaceAttachment) SetInstanceId(v string) *NetworkInterfaceAttachment { s.InstanceId = &v @@ -139543,6 +146488,92 @@ func (s *NewDhcpConfiguration) SetValues(v []*string) *NewDhcpConfiguration { return s } +// Options for OIDC-based, user-identity type trust provider. +type OidcOptions struct { + _ struct{} `type:"structure"` + + // The OIDC authorization endpoint. + AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` + + // The client identifier. + ClientId *string `locationName:"clientId" type:"string"` + + // The client secret. + ClientSecret *string `locationName:"clientSecret" type:"string"` + + // The OIDC issuer. + Issuer *string `locationName:"issuer" type:"string"` + + // The OpenID Connect (OIDC) scope specified. + Scope *string `locationName:"scope" type:"string"` + + // The OIDC token endpoint. + TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` + + // The OIDC user info endpoint. + UserInfoEndpoint *string `locationName:"userInfoEndpoint" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OidcOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OidcOptions) GoString() string { + return s.String() +} + +// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value. +func (s *OidcOptions) SetAuthorizationEndpoint(v string) *OidcOptions { + s.AuthorizationEndpoint = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *OidcOptions) SetClientId(v string) *OidcOptions { + s.ClientId = &v + return s +} + +// SetClientSecret sets the ClientSecret field's value. +func (s *OidcOptions) SetClientSecret(v string) *OidcOptions { + s.ClientSecret = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *OidcOptions) SetIssuer(v string) *OidcOptions { + s.Issuer = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *OidcOptions) SetScope(v string) *OidcOptions { + s.Scope = &v + return s +} + +// SetTokenEndpoint sets the TokenEndpoint field's value. +func (s *OidcOptions) SetTokenEndpoint(v string) *OidcOptions { + s.TokenEndpoint = &v + return s +} + +// SetUserInfoEndpoint sets the UserInfoEndpoint field's value. +func (s *OidcOptions) SetUserInfoEndpoint(v string) *OidcOptions { + s.UserInfoEndpoint = &v + return s +} + // Describes the configuration of On-Demand Instances in an EC2 Fleet. type OnDemandOptions struct { _ struct{} `type:"structure"` @@ -140841,11 +147872,10 @@ func (s *Phase2IntegrityAlgorithmsRequestListValue) SetValue(v string) *Phase2In type Placement struct { _ struct{} `type:"structure"` - // The affinity setting for the instance on the Dedicated Host. This parameter - // is not supported for the ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) - // command. + // The affinity setting for the instance on the Dedicated Host. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet) + // or ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html). Affinity *string `locationName:"affinity" type:"string"` // The Availability Zone of the instance. @@ -140853,49 +147883,46 @@ type Placement struct { // If not specified, an Availability Zone will be automatically chosen for you // based on the load balancing criteria for the Region. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). AvailabilityZone *string `locationName:"availabilityZone" type:"string"` - // The Group Id of the placement group. + // The ID of the placement group that the instance is in. If you specify GroupId, + // you can't specify GroupName. GroupId *string `locationName:"groupId" type:"string"` - // The name of the placement group the instance is in. + // The name of the placement group that the instance is in. If you specify GroupName, + // you can't specify GroupId. GroupName *string `locationName:"groupName" type:"string"` - // The ID of the Dedicated Host on which the instance resides. This parameter - // is not supported for the ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) - // command. + // The ID of the Dedicated Host on which the instance resides. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet) + // or ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html). HostId *string `locationName:"hostId" type:"string"` - // The ARN of the host resource group in which to launch the instances. If you - // specify a host resource group ARN, omit the Tenancy parameter or set it to - // host. + // The ARN of the host resource group in which to launch the instances. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // If you specify this parameter, either omit the Tenancy parameter or set it + // to host. + // + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). HostResourceGroupArn *string `locationName:"hostResourceGroupArn" type:"string"` // The number of the partition that the instance is in. Valid only if the placement // group strategy is set to partition. // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). PartitionNumber *int64 `locationName:"partitionNumber" type:"integer"` // Reserved for future use. - // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). SpreadDomain *string `locationName:"spreadDomain" type:"string"` // The tenancy of the instance (if the instance is running in a VPC). An instance - // with a tenancy of dedicated runs on single-tenant hardware. The host tenancy - // is not supported for the ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) - // command. - // - // This parameter is not supported by CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // with a tenancy of dedicated runs on single-tenant hardware. // - // T3 instances that use the unlimited CPU credit option do not support host - // tenancy. + // This parameter is not supported for CreateFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet). + // The host tenancy is not supported for ImportInstance (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportInstance.html) + // or for T3 instances that are configured for the unlimited CPU credit option. Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"` } @@ -144118,7 +151145,7 @@ func (s *RejectTransitGatewayMulticastDomainAssociationsInput) SetTransitGateway type RejectTransitGatewayMulticastDomainAssociationsOutput struct { _ struct{} `type:"structure"` - // Describes the multicast domain associations. + // Information about the multicast domain associations. Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` } @@ -155445,27 +162472,44 @@ type SpotFleetRequestConfigData struct { // For more information, see Allocation strategies for Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-allocation-strategy.html) // in the Amazon EC2 User Guide. // - // lowestPrice - Spot Fleet launches instances from the lowest-price Spot Instance - // pool that has available capacity. If the cheapest pool doesn't have available - // capacity, the Spot Instances come from the next cheapest pool that has available - // capacity. If a pool runs out of capacity before fulfilling your desired capacity, - // Spot Fleet will continue to fulfill your request by drawing from the next - // cheapest pool. To ensure that your desired capacity is met, you might receive - // Spot Instances from several pools. - // - // diversified - Spot Fleet launches instances from all of the Spot Instance - // pools that you specify. - // - // capacityOptimized (recommended) - Spot Fleet launches instances from Spot - // Instance pools with optimal capacity for the number of instances that are - // launching. To give certain instance types a higher chance of launching first, - // use capacityOptimizedPrioritized. Set a priority for each instance type by - // using the Priority parameter for LaunchTemplateOverrides. You can assign - // the same priority to different LaunchTemplateOverrides. EC2 implements the - // priorities on a best-effort basis, but optimizes for capacity first. capacityOptimizedPrioritized - // is supported only if your Spot Fleet uses a launch template. Note that if - // the OnDemandAllocationStrategy is set to prioritized, the same priority is - // applied when fulfilling On-Demand capacity. + // priceCapacityOptimized (recommended) + // + // Spot Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. Spot Fleet then requests Spot Instances from the lowest + // priced of these pools. + // + // capacityOptimized + // + // Spot Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. To give certain instance types a higher chance of launching + // first, use capacityOptimizedPrioritized. Set a priority for each instance + // type by using the Priority parameter for LaunchTemplateOverrides. You can + // assign the same priority to different LaunchTemplateOverrides. EC2 implements + // the priorities on a best-effort basis, but optimizes for capacity first. + // capacityOptimizedPrioritized is supported only if your Spot Fleet uses a + // launch template. Note that if the OnDemandAllocationStrategy is set to prioritized, + // the same priority is applied when fulfilling On-Demand capacity. + // + // diversified + // + // Spot Fleet requests instances from all of the Spot Instance pools that you + // specify. + // + // lowestPrice + // + // Spot Fleet requests instances from the lowest priced Spot Instance pool that + // has available capacity. If the lowest priced pool doesn't have available + // capacity, the Spot Instances come from the next lowest priced pool that has + // available capacity. If a pool runs out of capacity before fulfilling your + // desired capacity, Spot Fleet will continue to fulfill your request by drawing + // from the next lowest priced pool. To ensure that your desired capacity is + // met, you might receive Spot Instances from several pools. Because this strategy + // only considers instance price and not capacity availability, it might lead + // to high interruption rates. // // Default: lowestPrice AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"AllocationStrategy"` @@ -156329,27 +163373,44 @@ type SpotOptions struct { // For more information, see Allocation strategies for Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html) // in the Amazon EC2 User Guide. // - // lowest-price - EC2 Fleet launches instances from the lowest-price Spot Instance - // pool that has available capacity. If the cheapest pool doesn't have available - // capacity, the Spot Instances come from the next cheapest pool that has available - // capacity. If a pool runs out of capacity before fulfilling your desired capacity, - // EC2 Fleet will continue to fulfill your request by drawing from the next - // cheapest pool. To ensure that your desired capacity is met, you might receive - // Spot Instances from several pools. - // - // diversified - EC2 Fleet launches instances from all of the Spot Instance - // pools that you specify. - // - // capacity-optimized (recommended) - EC2 Fleet launches instances from Spot - // Instance pools with optimal capacity for the number of instances that are - // launching. To give certain instance types a higher chance of launching first, - // use capacity-optimized-prioritized. Set a priority for each instance type - // by using the Priority parameter for LaunchTemplateOverrides. You can assign - // the same priority to different LaunchTemplateOverrides. EC2 implements the - // priorities on a best-effort basis, but optimizes for capacity first. capacity-optimized-prioritized - // is supported only if your fleet uses a launch template. Note that if the - // On-Demand AllocationStrategy is set to prioritized, the same priority is - // applied when fulfilling On-Demand capacity. + // price-capacity-optimized (recommended) + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. EC2 Fleet then requests Spot Instances from the lowest + // priced of these pools. + // + // capacity-optimized + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. To give certain instance types a higher chance of launching + // first, use capacity-optimized-prioritized. Set a priority for each instance + // type by using the Priority parameter for LaunchTemplateOverrides. You can + // assign the same priority to different LaunchTemplateOverrides. EC2 implements + // the priorities on a best-effort basis, but optimizes for capacity first. + // capacity-optimized-prioritized is supported only if your EC2 Fleet uses a + // launch template. Note that if the On-Demand AllocationStrategy is set to + // prioritized, the same priority is applied when fulfilling On-Demand capacity. + // + // diversified + // + // EC2 Fleet requests instances from all of the Spot Instance pools that you + // specify. + // + // lowest-price + // + // EC2 Fleet requests instances from the lowest priced Spot Instance pool that + // has available capacity. If the lowest priced pool doesn't have available + // capacity, the Spot Instances come from the next lowest priced pool that has + // available capacity. If a pool runs out of capacity before fulfilling your + // desired capacity, EC2 Fleet will continue to fulfill your request by drawing + // from the next lowest priced pool. To ensure that your desired capacity is + // met, you might receive Spot Instances from several pools. Because this strategy + // only considers instance price and not capacity availability, it might lead + // to high interruption rates. // // Default: lowest-price AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"SpotAllocationStrategy"` @@ -156484,27 +163545,44 @@ type SpotOptionsRequest struct { // For more information, see Allocation strategies for Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html) // in the Amazon EC2 User Guide. // - // lowest-price - EC2 Fleet launches instances from the lowest-price Spot Instance - // pool that has available capacity. If the cheapest pool doesn't have available - // capacity, the Spot Instances come from the next cheapest pool that has available - // capacity. If a pool runs out of capacity before fulfilling your desired capacity, - // EC2 Fleet will continue to fulfill your request by drawing from the next - // cheapest pool. To ensure that your desired capacity is met, you might receive - // Spot Instances from several pools. - // - // diversified - EC2 Fleet launches instances from all of the Spot Instance - // pools that you specify. - // - // capacity-optimized (recommended) - EC2 Fleet launches instances from Spot - // Instance pools with optimal capacity for the number of instances that are - // launching. To give certain instance types a higher chance of launching first, - // use capacity-optimized-prioritized. Set a priority for each instance type - // by using the Priority parameter for LaunchTemplateOverrides. You can assign - // the same priority to different LaunchTemplateOverrides. EC2 implements the - // priorities on a best-effort basis, but optimizes for capacity first. capacity-optimized-prioritized - // is supported only if your fleet uses a launch template. Note that if the - // On-Demand AllocationStrategy is set to prioritized, the same priority is - // applied when fulfilling On-Demand capacity. + // price-capacity-optimized (recommended) + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. EC2 Fleet then requests Spot Instances from the lowest + // priced of these pools. + // + // capacity-optimized + // + // EC2 Fleet identifies the pools with the highest capacity availability for + // the number of instances that are launching. This means that we will request + // Spot Instances from the pools that we believe have the lowest chance of interruption + // in the near term. To give certain instance types a higher chance of launching + // first, use capacity-optimized-prioritized. Set a priority for each instance + // type by using the Priority parameter for LaunchTemplateOverrides. You can + // assign the same priority to different LaunchTemplateOverrides. EC2 implements + // the priorities on a best-effort basis, but optimizes for capacity first. + // capacity-optimized-prioritized is supported only if your EC2 Fleet uses a + // launch template. Note that if the On-Demand AllocationStrategy is set to + // prioritized, the same priority is applied when fulfilling On-Demand capacity. + // + // diversified + // + // EC2 Fleet requests instances from all of the Spot Instance pools that you + // specify. + // + // lowest-price + // + // EC2 Fleet requests instances from the lowest priced Spot Instance pool that + // has available capacity. If the lowest priced pool doesn't have available + // capacity, the Spot Instances come from the next lowest priced pool that has + // available capacity. If a pool runs out of capacity before fulfilling your + // desired capacity, EC2 Fleet will continue to fulfill your request by drawing + // from the next lowest priced pool. To ensure that your desired capacity is + // met, you might receive Spot Instances from several pools. Because this strategy + // only considers instance price and not capacity availability, it might lead + // to high interruption rates. // // Default: lowest-price AllocationStrategy *string `type:"string" enum:"SpotAllocationStrategy"` @@ -157187,6 +164265,8 @@ func (s *StartNetworkInsightsAccessScopeAnalysisOutput) SetNetworkInsightsAccess type StartNetworkInsightsAnalysisInput struct { _ struct{} `type:"structure"` + AdditionalAccounts []*string `locationName:"AdditionalAccount" locationNameList:"item" type:"list"` + // Unique, case-sensitive identifier that you provide to ensure the idempotency // of the request. For more information, see How to ensure idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` @@ -157240,6 +164320,12 @@ func (s *StartNetworkInsightsAnalysisInput) Validate() error { return nil } +// SetAdditionalAccounts sets the AdditionalAccounts field's value. +func (s *StartNetworkInsightsAnalysisInput) SetAdditionalAccounts(v []*string) *StartNetworkInsightsAnalysisInput { + s.AdditionalAccounts = v + return s +} + // SetClientToken sets the ClientToken field's value. func (s *StartNetworkInsightsAnalysisInput) SetClientToken(v string) *StartNetworkInsightsAnalysisInput { s.ClientToken = &v @@ -158185,6 +165271,76 @@ func (s *SubnetIpv6CidrBlockAssociation) SetIpv6CidrBlockState(v *SubnetCidrBloc return s } +// Describes an Infrastructure Performance subscription. +type Subscription struct { + _ struct{} `type:"structure"` + + // The Region or Availability Zone that's the target for the subscription. For + // example, eu-west-1. + Destination *string `locationName:"destination" type:"string"` + + // The metric used for the subscription. + Metric *string `locationName:"metric" type:"string" enum:"MetricType"` + + // The data aggregation time for the subscription. + Period *string `locationName:"period" type:"string" enum:"PeriodType"` + + // The Region or Availability Zone that's the source for the subscription. For + // example, us-east-1. + Source *string `locationName:"source" type:"string"` + + // The statistic used for the subscription. + Statistic *string `locationName:"statistic" type:"string" enum:"StatisticType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Subscription) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Subscription) GoString() string { + return s.String() +} + +// SetDestination sets the Destination field's value. +func (s *Subscription) SetDestination(v string) *Subscription { + s.Destination = &v + return s +} + +// SetMetric sets the Metric field's value. +func (s *Subscription) SetMetric(v string) *Subscription { + s.Metric = &v + return s +} + +// SetPeriod sets the Period field's value. +func (s *Subscription) SetPeriod(v string) *Subscription { + s.Period = &v + return s +} + +// SetSource sets the Source field's value. +func (s *Subscription) SetSource(v string) *Subscription { + s.Source = &v + return s +} + +// SetStatistic sets the Statistic field's value. +func (s *Subscription) SetStatistic(v string) *Subscription { + s.Statistic = &v + return s +} + // Describes the burstable performance instance whose credit option for CPU // usage was successfully modified. type SuccessfulInstanceCreditSpecificationItem struct { @@ -164164,6 +171320,1282 @@ func (s *ValidationWarning) SetErrors(v []*ValidationError) *ValidationWarning { return s } +// An Amazon Web Services Verified Access endpoint specifies the application +// that Amazon Web Services Verified Access provides access to. It must be attached +// to an Amazon Web Services Verified Access group. An Amazon Web Services Verified +// Access endpoint must also have an attached access policy before you attached +// it to a group. +type VerifiedAccessEndpoint struct { + _ struct{} `type:"structure"` + + // The DNS name for users to reach your application. + ApplicationDomain *string `locationName:"applicationDomain" type:"string"` + + // The type of attachment used to provide connectivity between the Amazon Web + // Services Verified Access endpoint and the application. + AttachmentType *string `locationName:"attachmentType" type:"string" enum:"VerifiedAccessEndpointAttachmentType"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // The deletion time. + DeletionTime *string `locationName:"deletionTime" type:"string"` + + // A description for the Amazon Web Services Verified Access endpoint. + Description *string `locationName:"description" type:"string"` + + // Returned if endpoint has a device trust provider attached. + DeviceValidationDomain *string `locationName:"deviceValidationDomain" type:"string"` + + // The ARN of a public TLS/SSL certificate imported into or created with ACM. + DomainCertificateArn *string `locationName:"domainCertificateArn" type:"string"` + + // A DNS name that is generated for the endpoint. + EndpointDomain *string `locationName:"endpointDomain" type:"string"` + + // The type of Amazon Web Services Verified Access endpoint. Incoming application + // requests will be sent to an IP address, load balancer or a network interface + // depending on the endpoint type specified. + EndpointType *string `locationName:"endpointType" type:"string" enum:"VerifiedAccessEndpointType"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The load balancer details if creating the Amazon Web Services Verified Access + // endpoint as load-balancertype. + LoadBalancerOptions *VerifiedAccessEndpointLoadBalancerOptions `locationName:"loadBalancerOptions" type:"structure"` + + // The options for network-interface type endpoint. + NetworkInterfaceOptions *VerifiedAccessEndpointEniOptions `locationName:"networkInterfaceOptions" type:"structure"` + + // The IDs of the security groups for the endpoint. + SecurityGroupIds []*string `locationName:"securityGroupIdSet" locationNameList:"item" type:"list"` + + // The endpoint status. + Status *VerifiedAccessEndpointStatus `locationName:"status" type:"structure"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access endpoint. + VerifiedAccessEndpointId *string `locationName:"verifiedAccessEndpointId" type:"string"` + + // The ID of the Amazon Web Services Verified Access group. + VerifiedAccessGroupId *string `locationName:"verifiedAccessGroupId" type:"string"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpoint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpoint) GoString() string { + return s.String() +} + +// SetApplicationDomain sets the ApplicationDomain field's value. +func (s *VerifiedAccessEndpoint) SetApplicationDomain(v string) *VerifiedAccessEndpoint { + s.ApplicationDomain = &v + return s +} + +// SetAttachmentType sets the AttachmentType field's value. +func (s *VerifiedAccessEndpoint) SetAttachmentType(v string) *VerifiedAccessEndpoint { + s.AttachmentType = &v + return s +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessEndpoint) SetCreationTime(v string) *VerifiedAccessEndpoint { + s.CreationTime = &v + return s +} + +// SetDeletionTime sets the DeletionTime field's value. +func (s *VerifiedAccessEndpoint) SetDeletionTime(v string) *VerifiedAccessEndpoint { + s.DeletionTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessEndpoint) SetDescription(v string) *VerifiedAccessEndpoint { + s.Description = &v + return s +} + +// SetDeviceValidationDomain sets the DeviceValidationDomain field's value. +func (s *VerifiedAccessEndpoint) SetDeviceValidationDomain(v string) *VerifiedAccessEndpoint { + s.DeviceValidationDomain = &v + return s +} + +// SetDomainCertificateArn sets the DomainCertificateArn field's value. +func (s *VerifiedAccessEndpoint) SetDomainCertificateArn(v string) *VerifiedAccessEndpoint { + s.DomainCertificateArn = &v + return s +} + +// SetEndpointDomain sets the EndpointDomain field's value. +func (s *VerifiedAccessEndpoint) SetEndpointDomain(v string) *VerifiedAccessEndpoint { + s.EndpointDomain = &v + return s +} + +// SetEndpointType sets the EndpointType field's value. +func (s *VerifiedAccessEndpoint) SetEndpointType(v string) *VerifiedAccessEndpoint { + s.EndpointType = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessEndpoint) SetLastUpdatedTime(v string) *VerifiedAccessEndpoint { + s.LastUpdatedTime = &v + return s +} + +// SetLoadBalancerOptions sets the LoadBalancerOptions field's value. +func (s *VerifiedAccessEndpoint) SetLoadBalancerOptions(v *VerifiedAccessEndpointLoadBalancerOptions) *VerifiedAccessEndpoint { + s.LoadBalancerOptions = v + return s +} + +// SetNetworkInterfaceOptions sets the NetworkInterfaceOptions field's value. +func (s *VerifiedAccessEndpoint) SetNetworkInterfaceOptions(v *VerifiedAccessEndpointEniOptions) *VerifiedAccessEndpoint { + s.NetworkInterfaceOptions = v + return s +} + +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *VerifiedAccessEndpoint) SetSecurityGroupIds(v []*string) *VerifiedAccessEndpoint { + s.SecurityGroupIds = v + return s +} + +// SetStatus sets the Status field's value. +func (s *VerifiedAccessEndpoint) SetStatus(v *VerifiedAccessEndpointStatus) *VerifiedAccessEndpoint { + s.Status = v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessEndpoint) SetTags(v []*Tag) *VerifiedAccessEndpoint { + s.Tags = v + return s +} + +// SetVerifiedAccessEndpointId sets the VerifiedAccessEndpointId field's value. +func (s *VerifiedAccessEndpoint) SetVerifiedAccessEndpointId(v string) *VerifiedAccessEndpoint { + s.VerifiedAccessEndpointId = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *VerifiedAccessEndpoint) SetVerifiedAccessGroupId(v string) *VerifiedAccessEndpoint { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessEndpoint) SetVerifiedAccessInstanceId(v string) *VerifiedAccessEndpoint { + s.VerifiedAccessInstanceId = &v + return s +} + +// Options for a network-interface type endpoint. +type VerifiedAccessEndpointEniOptions struct { + _ struct{} `type:"structure"` + + // The ID of the network interface. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // The IP port number. + Port *int64 `locationName:"port" min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `locationName:"protocol" type:"string" enum:"VerifiedAccessEndpointProtocol"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointEniOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointEniOptions) GoString() string { + return s.String() +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *VerifiedAccessEndpointEniOptions) SetNetworkInterfaceId(v string) *VerifiedAccessEndpointEniOptions { + s.NetworkInterfaceId = &v + return s +} + +// SetPort sets the Port field's value. +func (s *VerifiedAccessEndpointEniOptions) SetPort(v int64) *VerifiedAccessEndpointEniOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *VerifiedAccessEndpointEniOptions) SetProtocol(v string) *VerifiedAccessEndpointEniOptions { + s.Protocol = &v + return s +} + +// Describes a load balancer when creating an Amazon Web Services Verified Access +// endpoint using the load-balancer type. +type VerifiedAccessEndpointLoadBalancerOptions struct { + _ struct{} `type:"structure"` + + // The ARN of the load balancer. + LoadBalancerArn *string `locationName:"loadBalancerArn" type:"string"` + + // The IP port number. + Port *int64 `locationName:"port" min:"1" type:"integer"` + + // The IP protocol. + Protocol *string `locationName:"protocol" type:"string" enum:"VerifiedAccessEndpointProtocol"` + + // The IDs of the subnets. + SubnetIds []*string `locationName:"subnetIdSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointLoadBalancerOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointLoadBalancerOptions) GoString() string { + return s.String() +} + +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetLoadBalancerArn(v string) *VerifiedAccessEndpointLoadBalancerOptions { + s.LoadBalancerArn = &v + return s +} + +// SetPort sets the Port field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetPort(v int64) *VerifiedAccessEndpointLoadBalancerOptions { + s.Port = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetProtocol(v string) *VerifiedAccessEndpointLoadBalancerOptions { + s.Protocol = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *VerifiedAccessEndpointLoadBalancerOptions) SetSubnetIds(v []*string) *VerifiedAccessEndpointLoadBalancerOptions { + s.SubnetIds = v + return s +} + +// Describes the status of a Verified Access endpoint. +type VerifiedAccessEndpointStatus struct { + _ struct{} `type:"structure"` + + // The status code of the Verified Access endpoint. + Code *string `locationName:"code" type:"string" enum:"VerifiedAccessEndpointStatusCode"` + + // The status message of the Verified Access endpoint. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessEndpointStatus) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *VerifiedAccessEndpointStatus) SetCode(v string) *VerifiedAccessEndpointStatus { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *VerifiedAccessEndpointStatus) SetMessage(v string) *VerifiedAccessEndpointStatus { + s.Message = &v + return s +} + +// Describes a Verified Access group. +type VerifiedAccessGroup struct { + _ struct{} `type:"structure"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // The deletion time. + DeletionTime *string `locationName:"deletionTime" type:"string"` + + // A description for the Amazon Web Services Verified Access group. + Description *string `locationName:"description" type:"string"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The Amazon Web Services account number that owns the group. + Owner *string `locationName:"owner" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ARN of the Verified Access group. + VerifiedAccessGroupArn *string `locationName:"verifiedAccessGroupArn" type:"string"` + + // The ID of the Verified Access group. + VerifiedAccessGroupId *string `locationName:"verifiedAccessGroupId" type:"string"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessGroup) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessGroup) SetCreationTime(v string) *VerifiedAccessGroup { + s.CreationTime = &v + return s +} + +// SetDeletionTime sets the DeletionTime field's value. +func (s *VerifiedAccessGroup) SetDeletionTime(v string) *VerifiedAccessGroup { + s.DeletionTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessGroup) SetDescription(v string) *VerifiedAccessGroup { + s.Description = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessGroup) SetLastUpdatedTime(v string) *VerifiedAccessGroup { + s.LastUpdatedTime = &v + return s +} + +// SetOwner sets the Owner field's value. +func (s *VerifiedAccessGroup) SetOwner(v string) *VerifiedAccessGroup { + s.Owner = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessGroup) SetTags(v []*Tag) *VerifiedAccessGroup { + s.Tags = v + return s +} + +// SetVerifiedAccessGroupArn sets the VerifiedAccessGroupArn field's value. +func (s *VerifiedAccessGroup) SetVerifiedAccessGroupArn(v string) *VerifiedAccessGroup { + s.VerifiedAccessGroupArn = &v + return s +} + +// SetVerifiedAccessGroupId sets the VerifiedAccessGroupId field's value. +func (s *VerifiedAccessGroup) SetVerifiedAccessGroupId(v string) *VerifiedAccessGroup { + s.VerifiedAccessGroupId = &v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessGroup) SetVerifiedAccessInstanceId(v string) *VerifiedAccessGroup { + s.VerifiedAccessInstanceId = &v + return s +} + +// Describes a Verified Access instance. +type VerifiedAccessInstance struct { + _ struct{} `type:"structure"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // A description for the Amazon Web Services Verified Access instance. + Description *string `locationName:"description" type:"string"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` + + // The IDs of the Amazon Web Services Verified Access trust providers. + VerifiedAccessTrustProviders []*VerifiedAccessTrustProviderCondensed `locationName:"verifiedAccessTrustProviderSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstance) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstance) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessInstance) SetCreationTime(v string) *VerifiedAccessInstance { + s.CreationTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessInstance) SetDescription(v string) *VerifiedAccessInstance { + s.Description = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessInstance) SetLastUpdatedTime(v string) *VerifiedAccessInstance { + s.LastUpdatedTime = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessInstance) SetTags(v []*Tag) *VerifiedAccessInstance { + s.Tags = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessInstance) SetVerifiedAccessInstanceId(v string) *VerifiedAccessInstance { + s.VerifiedAccessInstanceId = &v + return s +} + +// SetVerifiedAccessTrustProviders sets the VerifiedAccessTrustProviders field's value. +func (s *VerifiedAccessInstance) SetVerifiedAccessTrustProviders(v []*VerifiedAccessTrustProviderCondensed) *VerifiedAccessInstance { + s.VerifiedAccessTrustProviders = v + return s +} + +// Describes logging options for an Amazon Web Services Verified Access instance. +type VerifiedAccessInstanceLoggingConfiguration struct { + _ struct{} `type:"structure"` + + // Details about the logging options. + AccessLogs *VerifiedAccessLogs `locationName:"accessLogs" type:"structure"` + + // The ID of the Amazon Web Services Verified Access instance. + VerifiedAccessInstanceId *string `locationName:"verifiedAccessInstanceId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstanceLoggingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessInstanceLoggingConfiguration) GoString() string { + return s.String() +} + +// SetAccessLogs sets the AccessLogs field's value. +func (s *VerifiedAccessInstanceLoggingConfiguration) SetAccessLogs(v *VerifiedAccessLogs) *VerifiedAccessInstanceLoggingConfiguration { + s.AccessLogs = v + return s +} + +// SetVerifiedAccessInstanceId sets the VerifiedAccessInstanceId field's value. +func (s *VerifiedAccessInstanceLoggingConfiguration) SetVerifiedAccessInstanceId(v string) *VerifiedAccessInstanceLoggingConfiguration { + s.VerifiedAccessInstanceId = &v + return s +} + +// Options for CloudWatch Logs as a logging destination. +type VerifiedAccessLogCloudWatchLogsDestination struct { + _ struct{} `type:"structure"` + + // The delivery status for access logs. + DeliveryStatus *VerifiedAccessLogDeliveryStatus `locationName:"deliveryStatus" type:"structure"` + + // Indicates whether logging is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The ID of the CloudWatch Logs log group. + LogGroup *string `locationName:"logGroup" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestination) GoString() string { + return s.String() +} + +// SetDeliveryStatus sets the DeliveryStatus field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestination) SetDeliveryStatus(v *VerifiedAccessLogDeliveryStatus) *VerifiedAccessLogCloudWatchLogsDestination { + s.DeliveryStatus = v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestination) SetEnabled(v bool) *VerifiedAccessLogCloudWatchLogsDestination { + s.Enabled = &v + return s +} + +// SetLogGroup sets the LogGroup field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestination) SetLogGroup(v string) *VerifiedAccessLogCloudWatchLogsDestination { + s.LogGroup = &v + return s +} + +// Options for CloudWatch Logs as a logging destination. +type VerifiedAccessLogCloudWatchLogsDestinationOptions struct { + _ struct{} `type:"structure"` + + // Indicates whether logging is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` + + // The ID of the CloudWatch Logs log group. + LogGroup *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestinationOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogCloudWatchLogsDestinationOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogCloudWatchLogsDestinationOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogCloudWatchLogsDestinationOptions"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestinationOptions) SetEnabled(v bool) *VerifiedAccessLogCloudWatchLogsDestinationOptions { + s.Enabled = &v + return s +} + +// SetLogGroup sets the LogGroup field's value. +func (s *VerifiedAccessLogCloudWatchLogsDestinationOptions) SetLogGroup(v string) *VerifiedAccessLogCloudWatchLogsDestinationOptions { + s.LogGroup = &v + return s +} + +// Describes a log delivery status. +type VerifiedAccessLogDeliveryStatus struct { + _ struct{} `type:"structure"` + + // The status code. + Code *string `locationName:"code" type:"string" enum:"VerifiedAccessLogDeliveryStatusCode"` + + // The status message. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogDeliveryStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogDeliveryStatus) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *VerifiedAccessLogDeliveryStatus) SetCode(v string) *VerifiedAccessLogDeliveryStatus { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *VerifiedAccessLogDeliveryStatus) SetMessage(v string) *VerifiedAccessLogDeliveryStatus { + s.Message = &v + return s +} + +// Options for Kinesis as a logging destination. +type VerifiedAccessLogKinesisDataFirehoseDestination struct { + _ struct{} `type:"structure"` + + // The delivery status. + DeliveryStatus *VerifiedAccessLogDeliveryStatus `locationName:"deliveryStatus" type:"structure"` + + // The ID of the delivery stream. + DeliveryStream *string `locationName:"deliveryStream" type:"string"` + + // Indicates whether logging is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestination) GoString() string { + return s.String() +} + +// SetDeliveryStatus sets the DeliveryStatus field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestination) SetDeliveryStatus(v *VerifiedAccessLogDeliveryStatus) *VerifiedAccessLogKinesisDataFirehoseDestination { + s.DeliveryStatus = v + return s +} + +// SetDeliveryStream sets the DeliveryStream field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestination) SetDeliveryStream(v string) *VerifiedAccessLogKinesisDataFirehoseDestination { + s.DeliveryStream = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestination) SetEnabled(v bool) *VerifiedAccessLogKinesisDataFirehoseDestination { + s.Enabled = &v + return s +} + +// Describes Amazon Kinesis Data Firehose logging options. +type VerifiedAccessLogKinesisDataFirehoseDestinationOptions struct { + _ struct{} `type:"structure"` + + // The ID of the delivery stream. + DeliveryStream *string `type:"string"` + + // Indicates whether logging is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestinationOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogKinesisDataFirehoseDestinationOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogKinesisDataFirehoseDestinationOptions"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDeliveryStream sets the DeliveryStream field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) SetDeliveryStream(v string) *VerifiedAccessLogKinesisDataFirehoseDestinationOptions { + s.DeliveryStream = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) SetEnabled(v bool) *VerifiedAccessLogKinesisDataFirehoseDestinationOptions { + s.Enabled = &v + return s +} + +// Describes the destinations for Verified Access logs. +type VerifiedAccessLogOptions struct { + _ struct{} `type:"structure"` + + // Sends Verified Access logs to CloudWatch Logs. + CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestinationOptions `type:"structure"` + + // Sends Verified Access logs to Kinesis. + KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestinationOptions `type:"structure"` + + // Sends Verified Access logs to Amazon S3. + S3 *VerifiedAccessLogS3DestinationOptions `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogOptions"} + if s.CloudWatchLogs != nil { + if err := s.CloudWatchLogs.Validate(); err != nil { + invalidParams.AddNested("CloudWatchLogs", err.(request.ErrInvalidParams)) + } + } + if s.KinesisDataFirehose != nil { + if err := s.KinesisDataFirehose.Validate(); err != nil { + invalidParams.AddNested("KinesisDataFirehose", err.(request.ErrInvalidParams)) + } + } + if s.S3 != nil { + if err := s.S3.Validate(); err != nil { + invalidParams.AddNested("S3", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCloudWatchLogs sets the CloudWatchLogs field's value. +func (s *VerifiedAccessLogOptions) SetCloudWatchLogs(v *VerifiedAccessLogCloudWatchLogsDestinationOptions) *VerifiedAccessLogOptions { + s.CloudWatchLogs = v + return s +} + +// SetKinesisDataFirehose sets the KinesisDataFirehose field's value. +func (s *VerifiedAccessLogOptions) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestinationOptions) *VerifiedAccessLogOptions { + s.KinesisDataFirehose = v + return s +} + +// SetS3 sets the S3 field's value. +func (s *VerifiedAccessLogOptions) SetS3(v *VerifiedAccessLogS3DestinationOptions) *VerifiedAccessLogOptions { + s.S3 = v + return s +} + +// Options for Amazon S3 as a logging destination. +type VerifiedAccessLogS3Destination struct { + _ struct{} `type:"structure"` + + // The bucket name. + BucketName *string `locationName:"bucketName" type:"string"` + + // The Amazon Web Services account number that owns the bucket. + BucketOwner *string `locationName:"bucketOwner" type:"string"` + + // The delivery status. + DeliveryStatus *VerifiedAccessLogDeliveryStatus `locationName:"deliveryStatus" type:"structure"` + + // Indicates whether logging is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The bucket prefix. + Prefix *string `locationName:"prefix" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3Destination) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3Destination) GoString() string { + return s.String() +} + +// SetBucketName sets the BucketName field's value. +func (s *VerifiedAccessLogS3Destination) SetBucketName(v string) *VerifiedAccessLogS3Destination { + s.BucketName = &v + return s +} + +// SetBucketOwner sets the BucketOwner field's value. +func (s *VerifiedAccessLogS3Destination) SetBucketOwner(v string) *VerifiedAccessLogS3Destination { + s.BucketOwner = &v + return s +} + +// SetDeliveryStatus sets the DeliveryStatus field's value. +func (s *VerifiedAccessLogS3Destination) SetDeliveryStatus(v *VerifiedAccessLogDeliveryStatus) *VerifiedAccessLogS3Destination { + s.DeliveryStatus = v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogS3Destination) SetEnabled(v bool) *VerifiedAccessLogS3Destination { + s.Enabled = &v + return s +} + +// SetPrefix sets the Prefix field's value. +func (s *VerifiedAccessLogS3Destination) SetPrefix(v string) *VerifiedAccessLogS3Destination { + s.Prefix = &v + return s +} + +// Options for Amazon S3 as a logging destination. +type VerifiedAccessLogS3DestinationOptions struct { + _ struct{} `type:"structure"` + + // The bucket name. + BucketName *string `type:"string"` + + // The ID of the Amazon Web Services account that owns the Amazon S3 bucket. + BucketOwner *string `type:"string"` + + // Indicates whether logging is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` + + // The bucket prefix. + Prefix *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3DestinationOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogS3DestinationOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifiedAccessLogS3DestinationOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifiedAccessLogS3DestinationOptions"} + if s.Enabled == nil { + invalidParams.Add(request.NewErrParamRequired("Enabled")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBucketName sets the BucketName field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetBucketName(v string) *VerifiedAccessLogS3DestinationOptions { + s.BucketName = &v + return s +} + +// SetBucketOwner sets the BucketOwner field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetBucketOwner(v string) *VerifiedAccessLogS3DestinationOptions { + s.BucketOwner = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetEnabled(v bool) *VerifiedAccessLogS3DestinationOptions { + s.Enabled = &v + return s +} + +// SetPrefix sets the Prefix field's value. +func (s *VerifiedAccessLogS3DestinationOptions) SetPrefix(v string) *VerifiedAccessLogS3DestinationOptions { + s.Prefix = &v + return s +} + +// Describes the destinations for Verified Access logs. +type VerifiedAccessLogs struct { + _ struct{} `type:"structure"` + + // CloudWatch Logs logging destination. + CloudWatchLogs *VerifiedAccessLogCloudWatchLogsDestination `locationName:"cloudWatchLogs" type:"structure"` + + // Kinesis logging destination. + KinesisDataFirehose *VerifiedAccessLogKinesisDataFirehoseDestination `locationName:"kinesisDataFirehose" type:"structure"` + + // Amazon S3 logging options. + S3 *VerifiedAccessLogS3Destination `locationName:"s3" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogs) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessLogs) GoString() string { + return s.String() +} + +// SetCloudWatchLogs sets the CloudWatchLogs field's value. +func (s *VerifiedAccessLogs) SetCloudWatchLogs(v *VerifiedAccessLogCloudWatchLogsDestination) *VerifiedAccessLogs { + s.CloudWatchLogs = v + return s +} + +// SetKinesisDataFirehose sets the KinesisDataFirehose field's value. +func (s *VerifiedAccessLogs) SetKinesisDataFirehose(v *VerifiedAccessLogKinesisDataFirehoseDestination) *VerifiedAccessLogs { + s.KinesisDataFirehose = v + return s +} + +// SetS3 sets the S3 field's value. +func (s *VerifiedAccessLogs) SetS3(v *VerifiedAccessLogS3Destination) *VerifiedAccessLogs { + s.S3 = v + return s +} + +// Describes a Verified Access trust provider. +type VerifiedAccessTrustProvider struct { + _ struct{} `type:"structure"` + + // The creation time. + CreationTime *string `locationName:"creationTime" type:"string"` + + // A description for the Amazon Web Services Verified Access trust provider. + Description *string `locationName:"description" type:"string"` + + // The options for device-identity type trust provider. + DeviceOptions *DeviceOptions `locationName:"deviceOptions" type:"structure"` + + // The type of device-based trust provider. + DeviceTrustProviderType *string `locationName:"deviceTrustProviderType" type:"string" enum:"DeviceTrustProviderType"` + + // The last updated time. + LastUpdatedTime *string `locationName:"lastUpdatedTime" type:"string"` + + // The OpenID Connect details for an oidc-type, user-identity based trust provider. + OidcOptions *OidcOptions `locationName:"oidcOptions" type:"structure"` + + // The identifier to be used when working with policy rules. + PolicyReferenceName *string `locationName:"policyReferenceName" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The type of Verified Access trust provider. + TrustProviderType *string `locationName:"trustProviderType" type:"string" enum:"TrustProviderType"` + + // The type of user-based trust provider. + UserTrustProviderType *string `locationName:"userTrustProviderType" type:"string" enum:"UserTrustProviderType"` + + // The ID of the Amazon Web Services Verified Access trust provider. + VerifiedAccessTrustProviderId *string `locationName:"verifiedAccessTrustProviderId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProvider) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProvider) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *VerifiedAccessTrustProvider) SetCreationTime(v string) *VerifiedAccessTrustProvider { + s.CreationTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessTrustProvider) SetDescription(v string) *VerifiedAccessTrustProvider { + s.Description = &v + return s +} + +// SetDeviceOptions sets the DeviceOptions field's value. +func (s *VerifiedAccessTrustProvider) SetDeviceOptions(v *DeviceOptions) *VerifiedAccessTrustProvider { + s.DeviceOptions = v + return s +} + +// SetDeviceTrustProviderType sets the DeviceTrustProviderType field's value. +func (s *VerifiedAccessTrustProvider) SetDeviceTrustProviderType(v string) *VerifiedAccessTrustProvider { + s.DeviceTrustProviderType = &v + return s +} + +// SetLastUpdatedTime sets the LastUpdatedTime field's value. +func (s *VerifiedAccessTrustProvider) SetLastUpdatedTime(v string) *VerifiedAccessTrustProvider { + s.LastUpdatedTime = &v + return s +} + +// SetOidcOptions sets the OidcOptions field's value. +func (s *VerifiedAccessTrustProvider) SetOidcOptions(v *OidcOptions) *VerifiedAccessTrustProvider { + s.OidcOptions = v + return s +} + +// SetPolicyReferenceName sets the PolicyReferenceName field's value. +func (s *VerifiedAccessTrustProvider) SetPolicyReferenceName(v string) *VerifiedAccessTrustProvider { + s.PolicyReferenceName = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *VerifiedAccessTrustProvider) SetTags(v []*Tag) *VerifiedAccessTrustProvider { + s.Tags = v + return s +} + +// SetTrustProviderType sets the TrustProviderType field's value. +func (s *VerifiedAccessTrustProvider) SetTrustProviderType(v string) *VerifiedAccessTrustProvider { + s.TrustProviderType = &v + return s +} + +// SetUserTrustProviderType sets the UserTrustProviderType field's value. +func (s *VerifiedAccessTrustProvider) SetUserTrustProviderType(v string) *VerifiedAccessTrustProvider { + s.UserTrustProviderType = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *VerifiedAccessTrustProvider) SetVerifiedAccessTrustProviderId(v string) *VerifiedAccessTrustProvider { + s.VerifiedAccessTrustProviderId = &v + return s +} + +// Condensed information about a trust provider. +type VerifiedAccessTrustProviderCondensed struct { + _ struct{} `type:"structure"` + + // The description of trust provider. + Description *string `locationName:"description" type:"string"` + + // The type of device-based trust provider. + DeviceTrustProviderType *string `locationName:"deviceTrustProviderType" type:"string" enum:"DeviceTrustProviderType"` + + // The type of trust provider (user- or device-based). + TrustProviderType *string `locationName:"trustProviderType" type:"string" enum:"TrustProviderType"` + + // The type of user-based trust provider. + UserTrustProviderType *string `locationName:"userTrustProviderType" type:"string" enum:"UserTrustProviderType"` + + // The ID of the trust provider. + VerifiedAccessTrustProviderId *string `locationName:"verifiedAccessTrustProviderId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProviderCondensed) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifiedAccessTrustProviderCondensed) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetDescription(v string) *VerifiedAccessTrustProviderCondensed { + s.Description = &v + return s +} + +// SetDeviceTrustProviderType sets the DeviceTrustProviderType field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetDeviceTrustProviderType(v string) *VerifiedAccessTrustProviderCondensed { + s.DeviceTrustProviderType = &v + return s +} + +// SetTrustProviderType sets the TrustProviderType field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetTrustProviderType(v string) *VerifiedAccessTrustProviderCondensed { + s.TrustProviderType = &v + return s +} + +// SetUserTrustProviderType sets the UserTrustProviderType field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetUserTrustProviderType(v string) *VerifiedAccessTrustProviderCondensed { + s.UserTrustProviderType = &v + return s +} + +// SetVerifiedAccessTrustProviderId sets the VerifiedAccessTrustProviderId field's value. +func (s *VerifiedAccessTrustProviderCondensed) SetVerifiedAccessTrustProviderId(v string) *VerifiedAccessTrustProviderCondensed { + s.VerifiedAccessTrustProviderId = &v + return s +} + // Describes telemetry for a VPN tunnel. type VgwTelemetry struct { _ struct{} `type:"structure"` @@ -168436,6 +176868,22 @@ func DestinationFileFormat_Values() []string { } } +const ( + // DeviceTrustProviderTypeJamf is a DeviceTrustProviderType enum value + DeviceTrustProviderTypeJamf = "jamf" + + // DeviceTrustProviderTypeCrowdstrike is a DeviceTrustProviderType enum value + DeviceTrustProviderTypeCrowdstrike = "crowdstrike" +) + +// DeviceTrustProviderType_Values returns all elements of the DeviceTrustProviderType enum +func DeviceTrustProviderType_Values() []string { + return []string{ + DeviceTrustProviderTypeJamf, + DeviceTrustProviderTypeCrowdstrike, + } +} + const ( // DeviceTypeEbs is a DeviceType enum value DeviceTypeEbs = "ebs" @@ -171507,6 +179955,9 @@ const ( // InstanceTypeTrn132xlarge is a InstanceType enum value InstanceTypeTrn132xlarge = "trn1.32xlarge" + + // InstanceTypeHpc6id32xlarge is a InstanceType enum value + InstanceTypeHpc6id32xlarge = "hpc6id.32xlarge" ) // InstanceType_Values returns all elements of the InstanceType enum @@ -172085,6 +180536,7 @@ func InstanceType_Values() []string { InstanceTypeU24tb1112xlarge, InstanceTypeTrn12xlarge, InstanceTypeTrn132xlarge, + InstanceTypeHpc6id32xlarge, } } @@ -172936,6 +181388,18 @@ func MembershipType_Values() []string { } } +const ( + // MetricTypeAggregateLatency is a MetricType enum value + MetricTypeAggregateLatency = "aggregate-latency" +) + +// MetricType_Values returns all elements of the MetricType enum +func MetricType_Values() []string { + return []string{ + MetricTypeAggregateLatency, + } +} + const ( // ModifyAvailabilityZoneOptInStatusOptedIn is a ModifyAvailabilityZoneOptInStatus enum value ModifyAvailabilityZoneOptInStatusOptedIn = "opted-in" @@ -173344,6 +181808,38 @@ func PaymentOption_Values() []string { } } +const ( + // PeriodTypeFiveMinutes is a PeriodType enum value + PeriodTypeFiveMinutes = "five-minutes" + + // PeriodTypeFifteenMinutes is a PeriodType enum value + PeriodTypeFifteenMinutes = "fifteen-minutes" + + // PeriodTypeOneHour is a PeriodType enum value + PeriodTypeOneHour = "one-hour" + + // PeriodTypeThreeHours is a PeriodType enum value + PeriodTypeThreeHours = "three-hours" + + // PeriodTypeOneDay is a PeriodType enum value + PeriodTypeOneDay = "one-day" + + // PeriodTypeOneWeek is a PeriodType enum value + PeriodTypeOneWeek = "one-week" +) + +// PeriodType_Values returns all elements of the PeriodType enum +func PeriodType_Values() []string { + return []string{ + PeriodTypeFiveMinutes, + PeriodTypeFifteenMinutes, + PeriodTypeOneHour, + PeriodTypeThreeHours, + PeriodTypeOneDay, + PeriodTypeOneWeek, + } +} + const ( // PermissionGroupAll is a PermissionGroup enum value PermissionGroupAll = "all" @@ -174017,6 +182513,21 @@ const ( // ResourceTypeVpcEndpointConnectionDeviceType is a ResourceType enum value ResourceTypeVpcEndpointConnectionDeviceType = "vpc-endpoint-connection-device-type" + // ResourceTypeVerifiedAccessInstance is a ResourceType enum value + ResourceTypeVerifiedAccessInstance = "verified-access-instance" + + // ResourceTypeVerifiedAccessGroup is a ResourceType enum value + ResourceTypeVerifiedAccessGroup = "verified-access-group" + + // ResourceTypeVerifiedAccessEndpoint is a ResourceType enum value + ResourceTypeVerifiedAccessEndpoint = "verified-access-endpoint" + + // ResourceTypeVerifiedAccessPolicy is a ResourceType enum value + ResourceTypeVerifiedAccessPolicy = "verified-access-policy" + + // ResourceTypeVerifiedAccessTrustProvider is a ResourceType enum value + ResourceTypeVerifiedAccessTrustProvider = "verified-access-trust-provider" + // ResourceTypeVpnConnectionDeviceType is a ResourceType enum value ResourceTypeVpnConnectionDeviceType = "vpn-connection-device-type" ) @@ -174100,6 +182611,11 @@ func ResourceType_Values() []string { ResourceTypeCapacityReservationFleet, ResourceTypeTrafficMirrorFilterRule, ResourceTypeVpcEndpointConnectionDeviceType, + ResourceTypeVerifiedAccessInstance, + ResourceTypeVerifiedAccessGroup, + ResourceTypeVerifiedAccessEndpoint, + ResourceTypeVerifiedAccessPolicy, + ResourceTypeVerifiedAccessTrustProvider, ResourceTypeVpnConnectionDeviceType, } } @@ -174520,6 +183036,18 @@ func StaticSourcesSupportValue_Values() []string { } } +const ( + // StatisticTypeP50 is a StatisticType enum value + StatisticTypeP50 = "p50" +) + +// StatisticType_Values returns all elements of the StatisticType enum +func StatisticType_Values() []string { + return []string{ + StatisticTypeP50, + } +} + const ( // StatusMoveInProgress is a Status enum value StatusMoveInProgress = "MoveInProgress" @@ -175368,6 +183896,22 @@ func TransportProtocol_Values() []string { } } +const ( + // TrustProviderTypeUser is a TrustProviderType enum value + TrustProviderTypeUser = "user" + + // TrustProviderTypeDevice is a TrustProviderType enum value + TrustProviderTypeDevice = "device" +) + +// TrustProviderType_Values returns all elements of the TrustProviderType enum +func TrustProviderType_Values() []string { + return []string{ + TrustProviderTypeUser, + TrustProviderTypeDevice, + } +} + const ( // TunnelInsideIpVersionIpv4 is a TunnelInsideIpVersion enum value TunnelInsideIpVersionIpv4 = "ipv4" @@ -175448,6 +183992,110 @@ func UsageClassType_Values() []string { } } +const ( + // UserTrustProviderTypeIamIdentityCenter is a UserTrustProviderType enum value + UserTrustProviderTypeIamIdentityCenter = "iam-identity-center" + + // UserTrustProviderTypeOidc is a UserTrustProviderType enum value + UserTrustProviderTypeOidc = "oidc" +) + +// UserTrustProviderType_Values returns all elements of the UserTrustProviderType enum +func UserTrustProviderType_Values() []string { + return []string{ + UserTrustProviderTypeIamIdentityCenter, + UserTrustProviderTypeOidc, + } +} + +const ( + // VerifiedAccessEndpointAttachmentTypeVpc is a VerifiedAccessEndpointAttachmentType enum value + VerifiedAccessEndpointAttachmentTypeVpc = "vpc" +) + +// VerifiedAccessEndpointAttachmentType_Values returns all elements of the VerifiedAccessEndpointAttachmentType enum +func VerifiedAccessEndpointAttachmentType_Values() []string { + return []string{ + VerifiedAccessEndpointAttachmentTypeVpc, + } +} + +const ( + // VerifiedAccessEndpointProtocolHttp is a VerifiedAccessEndpointProtocol enum value + VerifiedAccessEndpointProtocolHttp = "http" + + // VerifiedAccessEndpointProtocolHttps is a VerifiedAccessEndpointProtocol enum value + VerifiedAccessEndpointProtocolHttps = "https" +) + +// VerifiedAccessEndpointProtocol_Values returns all elements of the VerifiedAccessEndpointProtocol enum +func VerifiedAccessEndpointProtocol_Values() []string { + return []string{ + VerifiedAccessEndpointProtocolHttp, + VerifiedAccessEndpointProtocolHttps, + } +} + +const ( + // VerifiedAccessEndpointStatusCodePending is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodePending = "pending" + + // VerifiedAccessEndpointStatusCodeActive is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeActive = "active" + + // VerifiedAccessEndpointStatusCodeUpdating is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeUpdating = "updating" + + // VerifiedAccessEndpointStatusCodeDeleting is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeDeleting = "deleting" + + // VerifiedAccessEndpointStatusCodeDeleted is a VerifiedAccessEndpointStatusCode enum value + VerifiedAccessEndpointStatusCodeDeleted = "deleted" +) + +// VerifiedAccessEndpointStatusCode_Values returns all elements of the VerifiedAccessEndpointStatusCode enum +func VerifiedAccessEndpointStatusCode_Values() []string { + return []string{ + VerifiedAccessEndpointStatusCodePending, + VerifiedAccessEndpointStatusCodeActive, + VerifiedAccessEndpointStatusCodeUpdating, + VerifiedAccessEndpointStatusCodeDeleting, + VerifiedAccessEndpointStatusCodeDeleted, + } +} + +const ( + // VerifiedAccessEndpointTypeLoadBalancer is a VerifiedAccessEndpointType enum value + VerifiedAccessEndpointTypeLoadBalancer = "load-balancer" + + // VerifiedAccessEndpointTypeNetworkInterface is a VerifiedAccessEndpointType enum value + VerifiedAccessEndpointTypeNetworkInterface = "network-interface" +) + +// VerifiedAccessEndpointType_Values returns all elements of the VerifiedAccessEndpointType enum +func VerifiedAccessEndpointType_Values() []string { + return []string{ + VerifiedAccessEndpointTypeLoadBalancer, + VerifiedAccessEndpointTypeNetworkInterface, + } +} + +const ( + // VerifiedAccessLogDeliveryStatusCodeSuccess is a VerifiedAccessLogDeliveryStatusCode enum value + VerifiedAccessLogDeliveryStatusCodeSuccess = "success" + + // VerifiedAccessLogDeliveryStatusCodeFailed is a VerifiedAccessLogDeliveryStatusCode enum value + VerifiedAccessLogDeliveryStatusCodeFailed = "failed" +) + +// VerifiedAccessLogDeliveryStatusCode_Values returns all elements of the VerifiedAccessLogDeliveryStatusCode enum +func VerifiedAccessLogDeliveryStatusCode_Values() []string { + return []string{ + VerifiedAccessLogDeliveryStatusCodeSuccess, + VerifiedAccessLogDeliveryStatusCodeFailed, + } +} + const ( // VirtualizationTypeHvm is a VirtualizationType enum value VirtualizationTypeHvm = "hvm" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go index 7711b586ebac4..5f52bf39dcb9a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go @@ -180,6 +180,10 @@ type EC2API interface { AttachNetworkInterfaceWithContext(aws.Context, *ec2.AttachNetworkInterfaceInput, ...request.Option) (*ec2.AttachNetworkInterfaceOutput, error) AttachNetworkInterfaceRequest(*ec2.AttachNetworkInterfaceInput) (*request.Request, *ec2.AttachNetworkInterfaceOutput) + AttachVerifiedAccessTrustProvider(*ec2.AttachVerifiedAccessTrustProviderInput) (*ec2.AttachVerifiedAccessTrustProviderOutput, error) + AttachVerifiedAccessTrustProviderWithContext(aws.Context, *ec2.AttachVerifiedAccessTrustProviderInput, ...request.Option) (*ec2.AttachVerifiedAccessTrustProviderOutput, error) + AttachVerifiedAccessTrustProviderRequest(*ec2.AttachVerifiedAccessTrustProviderInput) (*request.Request, *ec2.AttachVerifiedAccessTrustProviderOutput) + AttachVolume(*ec2.AttachVolumeInput) (*ec2.VolumeAttachment, error) AttachVolumeWithContext(aws.Context, *ec2.AttachVolumeInput, ...request.Option) (*ec2.VolumeAttachment, error) AttachVolumeRequest(*ec2.AttachVolumeInput) (*request.Request, *ec2.VolumeAttachment) @@ -528,6 +532,22 @@ type EC2API interface { CreateTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.CreateTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.CreateTransitGatewayVpcAttachmentOutput, error) CreateTransitGatewayVpcAttachmentRequest(*ec2.CreateTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.CreateTransitGatewayVpcAttachmentOutput) + CreateVerifiedAccessEndpoint(*ec2.CreateVerifiedAccessEndpointInput) (*ec2.CreateVerifiedAccessEndpointOutput, error) + CreateVerifiedAccessEndpointWithContext(aws.Context, *ec2.CreateVerifiedAccessEndpointInput, ...request.Option) (*ec2.CreateVerifiedAccessEndpointOutput, error) + CreateVerifiedAccessEndpointRequest(*ec2.CreateVerifiedAccessEndpointInput) (*request.Request, *ec2.CreateVerifiedAccessEndpointOutput) + + CreateVerifiedAccessGroup(*ec2.CreateVerifiedAccessGroupInput) (*ec2.CreateVerifiedAccessGroupOutput, error) + CreateVerifiedAccessGroupWithContext(aws.Context, *ec2.CreateVerifiedAccessGroupInput, ...request.Option) (*ec2.CreateVerifiedAccessGroupOutput, error) + CreateVerifiedAccessGroupRequest(*ec2.CreateVerifiedAccessGroupInput) (*request.Request, *ec2.CreateVerifiedAccessGroupOutput) + + CreateVerifiedAccessInstance(*ec2.CreateVerifiedAccessInstanceInput) (*ec2.CreateVerifiedAccessInstanceOutput, error) + CreateVerifiedAccessInstanceWithContext(aws.Context, *ec2.CreateVerifiedAccessInstanceInput, ...request.Option) (*ec2.CreateVerifiedAccessInstanceOutput, error) + CreateVerifiedAccessInstanceRequest(*ec2.CreateVerifiedAccessInstanceInput) (*request.Request, *ec2.CreateVerifiedAccessInstanceOutput) + + CreateVerifiedAccessTrustProvider(*ec2.CreateVerifiedAccessTrustProviderInput) (*ec2.CreateVerifiedAccessTrustProviderOutput, error) + CreateVerifiedAccessTrustProviderWithContext(aws.Context, *ec2.CreateVerifiedAccessTrustProviderInput, ...request.Option) (*ec2.CreateVerifiedAccessTrustProviderOutput, error) + CreateVerifiedAccessTrustProviderRequest(*ec2.CreateVerifiedAccessTrustProviderInput) (*request.Request, *ec2.CreateVerifiedAccessTrustProviderOutput) + CreateVolume(*ec2.CreateVolumeInput) (*ec2.Volume, error) CreateVolumeWithContext(aws.Context, *ec2.CreateVolumeInput, ...request.Option) (*ec2.Volume, error) CreateVolumeRequest(*ec2.CreateVolumeInput) (*request.Request, *ec2.Volume) @@ -800,6 +820,22 @@ type EC2API interface { DeleteTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.DeleteTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.DeleteTransitGatewayVpcAttachmentOutput, error) DeleteTransitGatewayVpcAttachmentRequest(*ec2.DeleteTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.DeleteTransitGatewayVpcAttachmentOutput) + DeleteVerifiedAccessEndpoint(*ec2.DeleteVerifiedAccessEndpointInput) (*ec2.DeleteVerifiedAccessEndpointOutput, error) + DeleteVerifiedAccessEndpointWithContext(aws.Context, *ec2.DeleteVerifiedAccessEndpointInput, ...request.Option) (*ec2.DeleteVerifiedAccessEndpointOutput, error) + DeleteVerifiedAccessEndpointRequest(*ec2.DeleteVerifiedAccessEndpointInput) (*request.Request, *ec2.DeleteVerifiedAccessEndpointOutput) + + DeleteVerifiedAccessGroup(*ec2.DeleteVerifiedAccessGroupInput) (*ec2.DeleteVerifiedAccessGroupOutput, error) + DeleteVerifiedAccessGroupWithContext(aws.Context, *ec2.DeleteVerifiedAccessGroupInput, ...request.Option) (*ec2.DeleteVerifiedAccessGroupOutput, error) + DeleteVerifiedAccessGroupRequest(*ec2.DeleteVerifiedAccessGroupInput) (*request.Request, *ec2.DeleteVerifiedAccessGroupOutput) + + DeleteVerifiedAccessInstance(*ec2.DeleteVerifiedAccessInstanceInput) (*ec2.DeleteVerifiedAccessInstanceOutput, error) + DeleteVerifiedAccessInstanceWithContext(aws.Context, *ec2.DeleteVerifiedAccessInstanceInput, ...request.Option) (*ec2.DeleteVerifiedAccessInstanceOutput, error) + DeleteVerifiedAccessInstanceRequest(*ec2.DeleteVerifiedAccessInstanceInput) (*request.Request, *ec2.DeleteVerifiedAccessInstanceOutput) + + DeleteVerifiedAccessTrustProvider(*ec2.DeleteVerifiedAccessTrustProviderInput) (*ec2.DeleteVerifiedAccessTrustProviderOutput, error) + DeleteVerifiedAccessTrustProviderWithContext(aws.Context, *ec2.DeleteVerifiedAccessTrustProviderInput, ...request.Option) (*ec2.DeleteVerifiedAccessTrustProviderOutput, error) + DeleteVerifiedAccessTrustProviderRequest(*ec2.DeleteVerifiedAccessTrustProviderInput) (*request.Request, *ec2.DeleteVerifiedAccessTrustProviderOutput) + DeleteVolume(*ec2.DeleteVolumeInput) (*ec2.DeleteVolumeOutput, error) DeleteVolumeWithContext(aws.Context, *ec2.DeleteVolumeInput, ...request.Option) (*ec2.DeleteVolumeOutput, error) DeleteVolumeRequest(*ec2.DeleteVolumeInput) (*request.Request, *ec2.DeleteVolumeOutput) @@ -894,6 +930,13 @@ type EC2API interface { DescribeAvailabilityZonesWithContext(aws.Context, *ec2.DescribeAvailabilityZonesInput, ...request.Option) (*ec2.DescribeAvailabilityZonesOutput, error) DescribeAvailabilityZonesRequest(*ec2.DescribeAvailabilityZonesInput) (*request.Request, *ec2.DescribeAvailabilityZonesOutput) + DescribeAwsNetworkPerformanceMetricSubscriptions(*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsInput) (*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, error) + DescribeAwsNetworkPerformanceMetricSubscriptionsWithContext(aws.Context, *ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsInput, ...request.Option) (*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, error) + DescribeAwsNetworkPerformanceMetricSubscriptionsRequest(*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsInput) (*request.Request, *ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput) + + DescribeAwsNetworkPerformanceMetricSubscriptionsPages(*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsInput, func(*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, bool) bool) error + DescribeAwsNetworkPerformanceMetricSubscriptionsPagesWithContext(aws.Context, *ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsInput, func(*ec2.DescribeAwsNetworkPerformanceMetricSubscriptionsOutput, bool) bool, ...request.Option) error + DescribeBundleTasks(*ec2.DescribeBundleTasksInput) (*ec2.DescribeBundleTasksOutput, error) DescribeBundleTasksWithContext(aws.Context, *ec2.DescribeBundleTasksInput, ...request.Option) (*ec2.DescribeBundleTasksOutput, error) DescribeBundleTasksRequest(*ec2.DescribeBundleTasksInput) (*request.Request, *ec2.DescribeBundleTasksOutput) @@ -1610,6 +1653,41 @@ type EC2API interface { DescribeTrunkInterfaceAssociationsPages(*ec2.DescribeTrunkInterfaceAssociationsInput, func(*ec2.DescribeTrunkInterfaceAssociationsOutput, bool) bool) error DescribeTrunkInterfaceAssociationsPagesWithContext(aws.Context, *ec2.DescribeTrunkInterfaceAssociationsInput, func(*ec2.DescribeTrunkInterfaceAssociationsOutput, bool) bool, ...request.Option) error + DescribeVerifiedAccessEndpoints(*ec2.DescribeVerifiedAccessEndpointsInput) (*ec2.DescribeVerifiedAccessEndpointsOutput, error) + DescribeVerifiedAccessEndpointsWithContext(aws.Context, *ec2.DescribeVerifiedAccessEndpointsInput, ...request.Option) (*ec2.DescribeVerifiedAccessEndpointsOutput, error) + DescribeVerifiedAccessEndpointsRequest(*ec2.DescribeVerifiedAccessEndpointsInput) (*request.Request, *ec2.DescribeVerifiedAccessEndpointsOutput) + + DescribeVerifiedAccessEndpointsPages(*ec2.DescribeVerifiedAccessEndpointsInput, func(*ec2.DescribeVerifiedAccessEndpointsOutput, bool) bool) error + DescribeVerifiedAccessEndpointsPagesWithContext(aws.Context, *ec2.DescribeVerifiedAccessEndpointsInput, func(*ec2.DescribeVerifiedAccessEndpointsOutput, bool) bool, ...request.Option) error + + DescribeVerifiedAccessGroups(*ec2.DescribeVerifiedAccessGroupsInput) (*ec2.DescribeVerifiedAccessGroupsOutput, error) + DescribeVerifiedAccessGroupsWithContext(aws.Context, *ec2.DescribeVerifiedAccessGroupsInput, ...request.Option) (*ec2.DescribeVerifiedAccessGroupsOutput, error) + DescribeVerifiedAccessGroupsRequest(*ec2.DescribeVerifiedAccessGroupsInput) (*request.Request, *ec2.DescribeVerifiedAccessGroupsOutput) + + DescribeVerifiedAccessGroupsPages(*ec2.DescribeVerifiedAccessGroupsInput, func(*ec2.DescribeVerifiedAccessGroupsOutput, bool) bool) error + DescribeVerifiedAccessGroupsPagesWithContext(aws.Context, *ec2.DescribeVerifiedAccessGroupsInput, func(*ec2.DescribeVerifiedAccessGroupsOutput, bool) bool, ...request.Option) error + + DescribeVerifiedAccessInstanceLoggingConfigurations(*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsInput) (*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, error) + DescribeVerifiedAccessInstanceLoggingConfigurationsWithContext(aws.Context, *ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsInput, ...request.Option) (*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, error) + DescribeVerifiedAccessInstanceLoggingConfigurationsRequest(*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsInput) (*request.Request, *ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput) + + DescribeVerifiedAccessInstanceLoggingConfigurationsPages(*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsInput, func(*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, bool) bool) error + DescribeVerifiedAccessInstanceLoggingConfigurationsPagesWithContext(aws.Context, *ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsInput, func(*ec2.DescribeVerifiedAccessInstanceLoggingConfigurationsOutput, bool) bool, ...request.Option) error + + DescribeVerifiedAccessInstances(*ec2.DescribeVerifiedAccessInstancesInput) (*ec2.DescribeVerifiedAccessInstancesOutput, error) + DescribeVerifiedAccessInstancesWithContext(aws.Context, *ec2.DescribeVerifiedAccessInstancesInput, ...request.Option) (*ec2.DescribeVerifiedAccessInstancesOutput, error) + DescribeVerifiedAccessInstancesRequest(*ec2.DescribeVerifiedAccessInstancesInput) (*request.Request, *ec2.DescribeVerifiedAccessInstancesOutput) + + DescribeVerifiedAccessInstancesPages(*ec2.DescribeVerifiedAccessInstancesInput, func(*ec2.DescribeVerifiedAccessInstancesOutput, bool) bool) error + DescribeVerifiedAccessInstancesPagesWithContext(aws.Context, *ec2.DescribeVerifiedAccessInstancesInput, func(*ec2.DescribeVerifiedAccessInstancesOutput, bool) bool, ...request.Option) error + + DescribeVerifiedAccessTrustProviders(*ec2.DescribeVerifiedAccessTrustProvidersInput) (*ec2.DescribeVerifiedAccessTrustProvidersOutput, error) + DescribeVerifiedAccessTrustProvidersWithContext(aws.Context, *ec2.DescribeVerifiedAccessTrustProvidersInput, ...request.Option) (*ec2.DescribeVerifiedAccessTrustProvidersOutput, error) + DescribeVerifiedAccessTrustProvidersRequest(*ec2.DescribeVerifiedAccessTrustProvidersInput) (*request.Request, *ec2.DescribeVerifiedAccessTrustProvidersOutput) + + DescribeVerifiedAccessTrustProvidersPages(*ec2.DescribeVerifiedAccessTrustProvidersInput, func(*ec2.DescribeVerifiedAccessTrustProvidersOutput, bool) bool) error + DescribeVerifiedAccessTrustProvidersPagesWithContext(aws.Context, *ec2.DescribeVerifiedAccessTrustProvidersInput, func(*ec2.DescribeVerifiedAccessTrustProvidersOutput, bool) bool, ...request.Option) error + DescribeVolumeAttribute(*ec2.DescribeVolumeAttributeInput) (*ec2.DescribeVolumeAttributeOutput, error) DescribeVolumeAttributeWithContext(aws.Context, *ec2.DescribeVolumeAttributeInput, ...request.Option) (*ec2.DescribeVolumeAttributeOutput, error) DescribeVolumeAttributeRequest(*ec2.DescribeVolumeAttributeInput) (*request.Request, *ec2.DescribeVolumeAttributeOutput) @@ -1723,6 +1801,10 @@ type EC2API interface { DetachNetworkInterfaceWithContext(aws.Context, *ec2.DetachNetworkInterfaceInput, ...request.Option) (*ec2.DetachNetworkInterfaceOutput, error) DetachNetworkInterfaceRequest(*ec2.DetachNetworkInterfaceInput) (*request.Request, *ec2.DetachNetworkInterfaceOutput) + DetachVerifiedAccessTrustProvider(*ec2.DetachVerifiedAccessTrustProviderInput) (*ec2.DetachVerifiedAccessTrustProviderOutput, error) + DetachVerifiedAccessTrustProviderWithContext(aws.Context, *ec2.DetachVerifiedAccessTrustProviderInput, ...request.Option) (*ec2.DetachVerifiedAccessTrustProviderOutput, error) + DetachVerifiedAccessTrustProviderRequest(*ec2.DetachVerifiedAccessTrustProviderInput) (*request.Request, *ec2.DetachVerifiedAccessTrustProviderOutput) + DetachVolume(*ec2.DetachVolumeInput) (*ec2.VolumeAttachment, error) DetachVolumeWithContext(aws.Context, *ec2.DetachVolumeInput, ...request.Option) (*ec2.VolumeAttachment, error) DetachVolumeRequest(*ec2.DetachVolumeInput) (*request.Request, *ec2.VolumeAttachment) @@ -1735,6 +1817,10 @@ type EC2API interface { DisableAddressTransferWithContext(aws.Context, *ec2.DisableAddressTransferInput, ...request.Option) (*ec2.DisableAddressTransferOutput, error) DisableAddressTransferRequest(*ec2.DisableAddressTransferInput) (*request.Request, *ec2.DisableAddressTransferOutput) + DisableAwsNetworkPerformanceMetricSubscription(*ec2.DisableAwsNetworkPerformanceMetricSubscriptionInput) (*ec2.DisableAwsNetworkPerformanceMetricSubscriptionOutput, error) + DisableAwsNetworkPerformanceMetricSubscriptionWithContext(aws.Context, *ec2.DisableAwsNetworkPerformanceMetricSubscriptionInput, ...request.Option) (*ec2.DisableAwsNetworkPerformanceMetricSubscriptionOutput, error) + DisableAwsNetworkPerformanceMetricSubscriptionRequest(*ec2.DisableAwsNetworkPerformanceMetricSubscriptionInput) (*request.Request, *ec2.DisableAwsNetworkPerformanceMetricSubscriptionOutput) + DisableEbsEncryptionByDefault(*ec2.DisableEbsEncryptionByDefaultInput) (*ec2.DisableEbsEncryptionByDefaultOutput, error) DisableEbsEncryptionByDefaultWithContext(aws.Context, *ec2.DisableEbsEncryptionByDefaultInput, ...request.Option) (*ec2.DisableEbsEncryptionByDefaultOutput, error) DisableEbsEncryptionByDefaultRequest(*ec2.DisableEbsEncryptionByDefaultInput) (*request.Request, *ec2.DisableEbsEncryptionByDefaultOutput) @@ -1827,6 +1913,10 @@ type EC2API interface { EnableAddressTransferWithContext(aws.Context, *ec2.EnableAddressTransferInput, ...request.Option) (*ec2.EnableAddressTransferOutput, error) EnableAddressTransferRequest(*ec2.EnableAddressTransferInput) (*request.Request, *ec2.EnableAddressTransferOutput) + EnableAwsNetworkPerformanceMetricSubscription(*ec2.EnableAwsNetworkPerformanceMetricSubscriptionInput) (*ec2.EnableAwsNetworkPerformanceMetricSubscriptionOutput, error) + EnableAwsNetworkPerformanceMetricSubscriptionWithContext(aws.Context, *ec2.EnableAwsNetworkPerformanceMetricSubscriptionInput, ...request.Option) (*ec2.EnableAwsNetworkPerformanceMetricSubscriptionOutput, error) + EnableAwsNetworkPerformanceMetricSubscriptionRequest(*ec2.EnableAwsNetworkPerformanceMetricSubscriptionInput) (*request.Request, *ec2.EnableAwsNetworkPerformanceMetricSubscriptionOutput) + EnableEbsEncryptionByDefault(*ec2.EnableEbsEncryptionByDefaultInput) (*ec2.EnableEbsEncryptionByDefaultOutput, error) EnableEbsEncryptionByDefaultWithContext(aws.Context, *ec2.EnableEbsEncryptionByDefaultInput, ...request.Option) (*ec2.EnableEbsEncryptionByDefaultOutput, error) EnableEbsEncryptionByDefaultRequest(*ec2.EnableEbsEncryptionByDefaultInput) (*request.Request, *ec2.EnableEbsEncryptionByDefaultOutput) @@ -1847,6 +1937,10 @@ type EC2API interface { EnableIpamOrganizationAdminAccountWithContext(aws.Context, *ec2.EnableIpamOrganizationAdminAccountInput, ...request.Option) (*ec2.EnableIpamOrganizationAdminAccountOutput, error) EnableIpamOrganizationAdminAccountRequest(*ec2.EnableIpamOrganizationAdminAccountInput) (*request.Request, *ec2.EnableIpamOrganizationAdminAccountOutput) + EnableReachabilityAnalyzerOrganizationSharing(*ec2.EnableReachabilityAnalyzerOrganizationSharingInput) (*ec2.EnableReachabilityAnalyzerOrganizationSharingOutput, error) + EnableReachabilityAnalyzerOrganizationSharingWithContext(aws.Context, *ec2.EnableReachabilityAnalyzerOrganizationSharingInput, ...request.Option) (*ec2.EnableReachabilityAnalyzerOrganizationSharingOutput, error) + EnableReachabilityAnalyzerOrganizationSharingRequest(*ec2.EnableReachabilityAnalyzerOrganizationSharingInput) (*request.Request, *ec2.EnableReachabilityAnalyzerOrganizationSharingOutput) + EnableSerialConsoleAccess(*ec2.EnableSerialConsoleAccessInput) (*ec2.EnableSerialConsoleAccessOutput, error) EnableSerialConsoleAccessWithContext(aws.Context, *ec2.EnableSerialConsoleAccessInput, ...request.Option) (*ec2.EnableSerialConsoleAccessOutput, error) EnableSerialConsoleAccessRequest(*ec2.EnableSerialConsoleAccessInput) (*request.Request, *ec2.EnableSerialConsoleAccessOutput) @@ -1898,6 +1992,13 @@ type EC2API interface { GetAssociatedIpv6PoolCidrsPages(*ec2.GetAssociatedIpv6PoolCidrsInput, func(*ec2.GetAssociatedIpv6PoolCidrsOutput, bool) bool) error GetAssociatedIpv6PoolCidrsPagesWithContext(aws.Context, *ec2.GetAssociatedIpv6PoolCidrsInput, func(*ec2.GetAssociatedIpv6PoolCidrsOutput, bool) bool, ...request.Option) error + GetAwsNetworkPerformanceData(*ec2.GetAwsNetworkPerformanceDataInput) (*ec2.GetAwsNetworkPerformanceDataOutput, error) + GetAwsNetworkPerformanceDataWithContext(aws.Context, *ec2.GetAwsNetworkPerformanceDataInput, ...request.Option) (*ec2.GetAwsNetworkPerformanceDataOutput, error) + GetAwsNetworkPerformanceDataRequest(*ec2.GetAwsNetworkPerformanceDataInput) (*request.Request, *ec2.GetAwsNetworkPerformanceDataOutput) + + GetAwsNetworkPerformanceDataPages(*ec2.GetAwsNetworkPerformanceDataInput, func(*ec2.GetAwsNetworkPerformanceDataOutput, bool) bool) error + GetAwsNetworkPerformanceDataPagesWithContext(aws.Context, *ec2.GetAwsNetworkPerformanceDataInput, func(*ec2.GetAwsNetworkPerformanceDataOutput, bool) bool, ...request.Option) error + GetCapacityReservationUsage(*ec2.GetCapacityReservationUsageInput) (*ec2.GetCapacityReservationUsageOutput, error) GetCapacityReservationUsageWithContext(aws.Context, *ec2.GetCapacityReservationUsageInput, ...request.Option) (*ec2.GetCapacityReservationUsageOutput, error) GetCapacityReservationUsageRequest(*ec2.GetCapacityReservationUsageInput) (*request.Request, *ec2.GetCapacityReservationUsageOutput) @@ -2075,6 +2176,14 @@ type EC2API interface { GetTransitGatewayRouteTablePropagationsPages(*ec2.GetTransitGatewayRouteTablePropagationsInput, func(*ec2.GetTransitGatewayRouteTablePropagationsOutput, bool) bool) error GetTransitGatewayRouteTablePropagationsPagesWithContext(aws.Context, *ec2.GetTransitGatewayRouteTablePropagationsInput, func(*ec2.GetTransitGatewayRouteTablePropagationsOutput, bool) bool, ...request.Option) error + GetVerifiedAccessEndpointPolicy(*ec2.GetVerifiedAccessEndpointPolicyInput) (*ec2.GetVerifiedAccessEndpointPolicyOutput, error) + GetVerifiedAccessEndpointPolicyWithContext(aws.Context, *ec2.GetVerifiedAccessEndpointPolicyInput, ...request.Option) (*ec2.GetVerifiedAccessEndpointPolicyOutput, error) + GetVerifiedAccessEndpointPolicyRequest(*ec2.GetVerifiedAccessEndpointPolicyInput) (*request.Request, *ec2.GetVerifiedAccessEndpointPolicyOutput) + + GetVerifiedAccessGroupPolicy(*ec2.GetVerifiedAccessGroupPolicyInput) (*ec2.GetVerifiedAccessGroupPolicyOutput, error) + GetVerifiedAccessGroupPolicyWithContext(aws.Context, *ec2.GetVerifiedAccessGroupPolicyInput, ...request.Option) (*ec2.GetVerifiedAccessGroupPolicyOutput, error) + GetVerifiedAccessGroupPolicyRequest(*ec2.GetVerifiedAccessGroupPolicyInput) (*request.Request, *ec2.GetVerifiedAccessGroupPolicyOutput) + GetVpnConnectionDeviceSampleConfiguration(*ec2.GetVpnConnectionDeviceSampleConfigurationInput) (*ec2.GetVpnConnectionDeviceSampleConfigurationOutput, error) GetVpnConnectionDeviceSampleConfigurationWithContext(aws.Context, *ec2.GetVpnConnectionDeviceSampleConfigurationInput, ...request.Option) (*ec2.GetVpnConnectionDeviceSampleConfigurationOutput, error) GetVpnConnectionDeviceSampleConfigurationRequest(*ec2.GetVpnConnectionDeviceSampleConfigurationInput) (*request.Request, *ec2.GetVpnConnectionDeviceSampleConfigurationOutput) @@ -2292,6 +2401,34 @@ type EC2API interface { ModifyTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.ModifyTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.ModifyTransitGatewayVpcAttachmentOutput, error) ModifyTransitGatewayVpcAttachmentRequest(*ec2.ModifyTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.ModifyTransitGatewayVpcAttachmentOutput) + ModifyVerifiedAccessEndpoint(*ec2.ModifyVerifiedAccessEndpointInput) (*ec2.ModifyVerifiedAccessEndpointOutput, error) + ModifyVerifiedAccessEndpointWithContext(aws.Context, *ec2.ModifyVerifiedAccessEndpointInput, ...request.Option) (*ec2.ModifyVerifiedAccessEndpointOutput, error) + ModifyVerifiedAccessEndpointRequest(*ec2.ModifyVerifiedAccessEndpointInput) (*request.Request, *ec2.ModifyVerifiedAccessEndpointOutput) + + ModifyVerifiedAccessEndpointPolicy(*ec2.ModifyVerifiedAccessEndpointPolicyInput) (*ec2.ModifyVerifiedAccessEndpointPolicyOutput, error) + ModifyVerifiedAccessEndpointPolicyWithContext(aws.Context, *ec2.ModifyVerifiedAccessEndpointPolicyInput, ...request.Option) (*ec2.ModifyVerifiedAccessEndpointPolicyOutput, error) + ModifyVerifiedAccessEndpointPolicyRequest(*ec2.ModifyVerifiedAccessEndpointPolicyInput) (*request.Request, *ec2.ModifyVerifiedAccessEndpointPolicyOutput) + + ModifyVerifiedAccessGroup(*ec2.ModifyVerifiedAccessGroupInput) (*ec2.ModifyVerifiedAccessGroupOutput, error) + ModifyVerifiedAccessGroupWithContext(aws.Context, *ec2.ModifyVerifiedAccessGroupInput, ...request.Option) (*ec2.ModifyVerifiedAccessGroupOutput, error) + ModifyVerifiedAccessGroupRequest(*ec2.ModifyVerifiedAccessGroupInput) (*request.Request, *ec2.ModifyVerifiedAccessGroupOutput) + + ModifyVerifiedAccessGroupPolicy(*ec2.ModifyVerifiedAccessGroupPolicyInput) (*ec2.ModifyVerifiedAccessGroupPolicyOutput, error) + ModifyVerifiedAccessGroupPolicyWithContext(aws.Context, *ec2.ModifyVerifiedAccessGroupPolicyInput, ...request.Option) (*ec2.ModifyVerifiedAccessGroupPolicyOutput, error) + ModifyVerifiedAccessGroupPolicyRequest(*ec2.ModifyVerifiedAccessGroupPolicyInput) (*request.Request, *ec2.ModifyVerifiedAccessGroupPolicyOutput) + + ModifyVerifiedAccessInstance(*ec2.ModifyVerifiedAccessInstanceInput) (*ec2.ModifyVerifiedAccessInstanceOutput, error) + ModifyVerifiedAccessInstanceWithContext(aws.Context, *ec2.ModifyVerifiedAccessInstanceInput, ...request.Option) (*ec2.ModifyVerifiedAccessInstanceOutput, error) + ModifyVerifiedAccessInstanceRequest(*ec2.ModifyVerifiedAccessInstanceInput) (*request.Request, *ec2.ModifyVerifiedAccessInstanceOutput) + + ModifyVerifiedAccessInstanceLoggingConfiguration(*ec2.ModifyVerifiedAccessInstanceLoggingConfigurationInput) (*ec2.ModifyVerifiedAccessInstanceLoggingConfigurationOutput, error) + ModifyVerifiedAccessInstanceLoggingConfigurationWithContext(aws.Context, *ec2.ModifyVerifiedAccessInstanceLoggingConfigurationInput, ...request.Option) (*ec2.ModifyVerifiedAccessInstanceLoggingConfigurationOutput, error) + ModifyVerifiedAccessInstanceLoggingConfigurationRequest(*ec2.ModifyVerifiedAccessInstanceLoggingConfigurationInput) (*request.Request, *ec2.ModifyVerifiedAccessInstanceLoggingConfigurationOutput) + + ModifyVerifiedAccessTrustProvider(*ec2.ModifyVerifiedAccessTrustProviderInput) (*ec2.ModifyVerifiedAccessTrustProviderOutput, error) + ModifyVerifiedAccessTrustProviderWithContext(aws.Context, *ec2.ModifyVerifiedAccessTrustProviderInput, ...request.Option) (*ec2.ModifyVerifiedAccessTrustProviderOutput, error) + ModifyVerifiedAccessTrustProviderRequest(*ec2.ModifyVerifiedAccessTrustProviderInput) (*request.Request, *ec2.ModifyVerifiedAccessTrustProviderOutput) + ModifyVolume(*ec2.ModifyVolumeInput) (*ec2.ModifyVolumeOutput, error) ModifyVolumeWithContext(aws.Context, *ec2.ModifyVolumeInput, ...request.Option) (*ec2.ModifyVolumeOutput, error) ModifyVolumeRequest(*ec2.ModifyVolumeInput) (*request.Request, *ec2.ModifyVolumeOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 2ac8aa1be1d58..33a8b05d446fe 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -93,8 +93,8 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -104,10 +104,18 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { req, out := c.CancelKeyDeletionRequest(input) @@ -175,32 +183,26 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // ConnectCustomKeyStore API operation for AWS Key Management Service. // // Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// to its associated CloudHSM cluster. +// to its backing key store. For an CloudHSM key store, ConnectCustomKeyStore +// connects the key store to its associated CloudHSM cluster. For an external +// key store, ConnectCustomKeyStore connects the key store to the external key +// store proxy that communicates with your external key manager. // // The custom key store must be connected before you can create KMS keys in // the key store or use the KMS keys it contains. You can disconnect and reconnect // a custom key store at any time. // -// To connect a custom key store, its associated CloudHSM cluster must have -// at least one active HSM. To get the number of active HSMs in a cluster, use -// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) -// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// (CU) must not be logged into the cluster. This prevents KMS from using this -// account to log in. -// -// The connection process can take an extended amount of time to complete; up -// to 20 minutes. This operation starts the connection process, but it does -// not wait for it to complete. When it succeeds, this operation quickly returns -// an HTTP 200 response and a JSON object with no properties. However, this -// response does not indicate that the custom key store is connected. To get -// the connection state of the custom key store, use the DescribeCustomKeyStores +// The connection process for a custom key store can take an extended amount +// of time to complete. This operation starts the connection process, but it +// does not wait for it to complete. When it succeeds, this operation quickly +// returns an HTTP 200 response and a JSON object with no properties. However, +// this response does not indicate that the custom key store is connected. To +// get the connection state of the custom key store, use the DescribeCustomKeyStores // operation. // -// During the connection process, KMS finds the CloudHSM cluster that is associated -// with the custom key store, creates the connection infrastructure, connects -// to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates -// its password. +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. // // The ConnectCustomKeyStore operation might fail for various reasons. To find // the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode @@ -210,8 +212,44 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // the custom key store, correct the error, use the UpdateCustomKeyStore operation // if necessary, and then use ConnectCustomKeyStore again. // -// If you are having trouble connecting or disconnecting a custom key store, -// see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// # CloudHSM key store +// +// During the connection process for an CloudHSM key store, KMS finds the CloudHSM +// cluster that is associated with the custom key store, creates the connection +// infrastructure, connects to the cluster, logs into the CloudHSM client as +// the kmsuser CU, and rotates its password. +// +// To connect an CloudHSM key store, its associated CloudHSM cluster must have +// at least one active HSM. To get the number of active HSMs in a cluster, use +// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) +// (CU) must not be logged into the cluster. This prevents KMS from using this +// account to log in. +// +// If you are having trouble connecting or disconnecting a CloudHSM key store, +// see Troubleshooting an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the Key Management Service Developer Guide. +// +// # External key store +// +// When you connect an external key store that uses public endpoint connectivity, +// KMS tests its ability to communicate with your external key manager by sending +// a request via the external key store proxy. +// +// When you connect to an external key store that uses VPC endpoint service +// connectivity, KMS establishes the networking elements that it needs to communicate +// with your external key manager via the external key store proxy. This includes +// creating an interface endpoint to the VPC endpoint service and a private +// hosted zone for traffic between KMS and the VPC endpoint service. +// +// To connect an external key store, KMS must be able to connect to the external +// key store proxy, the external key store proxy must be able to communicate +// with your external key manager, and the external key manager must be available +// for cryptographic operations. +// +// If you are having trouble connecting or disconnecting an external key store, +// see Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html) // in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key @@ -242,10 +280,9 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // Returned Error Types: // // - CloudHsmClusterNotActiveException -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. // // - CustomKeyStoreInvalidStateException @@ -255,17 +292,27 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with @@ -277,29 +324,29 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, @@ -375,7 +422,7 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // Creates a friendly name for a KMS key. // // Adding, deleting, or updating an alias can allow or deny permission to the -// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // You can use an alias to identify a KMS key in the KMS console, in the DescribeKey @@ -433,8 +480,8 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - AlreadyExistsException // The request was rejected because it attempted to create a resource that already @@ -460,10 +507,18 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { req, out := c.CreateAliasRequest(input) @@ -530,27 +585,65 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // CreateCustomKeyStore API operation for AWS Key Management Service. // // Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// that is associated with an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) -// that you own and manage. -// -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// backed by a key store that you own and manage. When you use a KMS key in +// a custom key store for a cryptographic operation, the cryptographic operation +// is actually performed in your key store using your keys. KMS supports CloudHSM +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html) +// backed by an CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) +// and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html) +// backed by an external key store proxy and external key manager outside of +// Amazon Web Services. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// -// Before you create the custom key store, you must assemble the required elements, -// including an CloudHSM cluster that fulfills the requirements for a custom -// key store. For details about the required elements, see Assemble the Prerequisites -// (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// of KMS with the isolation and control of a key store that you own and manage. +// +// Before you create the custom key store, the required elements must be in +// place and operational. We recommend that you use the test tools that KMS +// provides to verify the configuration your external key store proxy. For details +// about the required elements and verification tests, see Assemble the prerequisites +// (for CloudHSM key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// or Assemble the prerequisites (for external key stores) (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements) // in the Key Management Service Developer Guide. // +// To create a custom key store, use the following parameters. +// +// - To create an CloudHSM key store, specify the CustomKeyStoreName, CloudHsmClusterId, +// KeyStorePassword, and TrustAnchorCertificate. The CustomKeyStoreType parameter +// is optional for CloudHSM key stores. If you include it, set it to the +// default value, AWS_CLOUDHSM. For help with failures, see Troubleshooting +// an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the Key Management Service Developer Guide. +// +// - To create an external key store, specify the CustomKeyStoreName and +// a CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values for XksProxyConnectivity, +// XksProxyAuthenticationCredential, XksProxyUriEndpoint, and XksProxyUriPath. +// If your XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify the +// XksProxyVpcEndpointServiceName parameter. For help with failures, see +// Troubleshooting an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html) +// in the Key Management Service Developer Guide. +// +// For external key stores: +// +// Some external key managers provide a simpler method for creating an external +// key store. For details, see your external key manager documentation. +// +// When creating an external key store in the KMS console, you can upload a +// JSON-based proxy configuration file with the desired values. You cannot use +// a proxy configuration with the CreateCustomKeyStore operation. However, you +// can use the values in the file to help you determine the correct values for +// the CreateCustomKeyStore parameters. +// // When the operation completes successfully, it returns the ID of the new custom // key store. Before you can use your new custom key store, you need to use -// the ConnectCustomKeyStore operation to connect the new key store to its CloudHSM -// cluster. Even if you are not going to use your custom key store immediately, -// you might want to connect it to verify that all settings are correct and -// then disconnect it until you are ready to use it. -// -// For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// the ConnectCustomKeyStore operation to connect a new CloudHSM key store to +// its CloudHSM cluster, or to connect a new external key store to the external +// key store proxy for your external key manager. Even if you are not going +// to use your custom key store immediately, you might want to connect it to +// verify that all settings are correct and then disconnect it until you are +// ready to use it. +// +// For help with failures, see Troubleshooting a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key @@ -582,12 +675,13 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // // - CloudHsmClusterInUseException // The request was rejected because the specified CloudHSM cluster is already -// associated with a custom key store or it shares a backup history with a cluster -// that is associated with a custom key store. Each custom key store must be -// associated with a different CloudHSM cluster. +// associated with an CloudHSM key store in the account, or it shares a backup +// history with an CloudHSM key store in the account. Each CloudHSM key store +// in the account must be associated with a different CloudHSM cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // - CustomKeyStoreNameInUseException @@ -604,51 +698,113 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // can be retried. // // - CloudHsmClusterNotActiveException -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. // // - IncorrectTrustAnchorException // The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified CloudHSM cluster. +// to create an CloudHSM key store is not the trust anchor certificate for the +// specified CloudHSM cluster. // -// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the CloudHSM User Guide . // +// - LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the Key Management Service Developer Guide. +// +// - XksProxyUriInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with an external key store in the +// Amazon Web Services account and Region. Each external key store in an account +// and Region must use a unique external key store proxy API address. +// +// - XksProxyUriEndpointInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an account and Region must +// use a unique external key store proxy address. +// +// - XksProxyUriUnreachableException +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +// +// - XksProxyIncorrectAuthenticationCredentialException +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +// +// - XksProxyVpcEndpointServiceInUseException +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an Amazon Web Services account +// and Region must use a different Amazon VPC endpoint service. +// +// - XksProxyVpcEndpointServiceNotFoundException +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +// +// - XksProxyVpcEndpointServiceInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +// +// - XksProxyInvalidResponseException +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +// +// - XksProxyInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { req, out := c.CreateCustomKeyStoreRequest(input) @@ -783,8 +939,8 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // The request was rejected because the specified KMS key is not enabled. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -806,10 +962,18 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { req, out := c.CreateGrantRequest(input) @@ -876,13 +1040,21 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // CreateKey API operation for AWS Key Management Service. // // Creates a unique customer managed KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys) -// in your Amazon Web Services account and Region. +// in your Amazon Web Services account and Region. You can use a KMS key in +// cryptographic operations, such as encryption and signing. Some Amazon Web +// Services services let you use KMS keys that you create and manage to protect +// your service resources. // -// In addition to the required parameters, you can use the optional parameters -// to specify a key policy, description, tags, and other useful elements for -// any key type. +// A KMS key is a logical representation of a cryptographic key. In addition +// to the key material used in cryptographic operations, a KMS key includes +// metadata, such as the key ID, key policy, creation date, description, and +// key state. For details, see Managing keys (https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html) +// in the Key Management Service Developer Guide // -// KMS is replacing the term customer master key (CMK) with KMS key and KMS +// Use the parameters of CreateKey to specify the type of KMS key, the source +// of its key material, its key policy, description, tags, and other properties. +// +// KMS has replaced the term customer master key (CMK) with KMS key and KMS // key. The concept has not changed. To prevent breaking changes, KMS is keeping // some variations of this term. // @@ -890,11 +1062,14 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // # Symmetric encryption KMS key // -// To create a symmetric encryption KMS key, you aren't required to specify -// any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, and the -// default value for KeyUsage, ENCRYPT_DECRYPT, create a symmetric encryption -// KMS key. For technical details, see SYMMETRIC_DEFAULT key spec (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-symmetric-default) -// in the Key Management Service Developer Guide. +// By default, CreateKey creates a symmetric encryption KMS key with key material +// that KMS generates. This is the basic and most widely used type of KMS key, +// and provides the best performance. +// +// To create a symmetric encryption KMS key, you don't need to specify any parameters. +// The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, +// ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric +// encryption KMS key with KMS key material. // // If you need a key for basic encryption and decryption or you are creating // a KMS key to protect your resources in an Amazon Web Services service, create @@ -965,12 +1140,13 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // in the Key Management Service Developer Guide. // -// To import your own key material, begin by creating a symmetric encryption -// KMS key with no key material. To do this, use the Origin parameter of CreateKey -// with a value of EXTERNAL. Next, use GetParametersForImport operation to get -// a public key and import token, and use the public key to encrypt your key -// material. Then, use ImportKeyMaterial with your import token to import the -// key material. For step-by-step instructions, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// To import your own key material into a KMS key, begin by creating a symmetric +// encryption KMS key with no key material. To do this, use the Origin parameter +// of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation +// to get a public key and import token, and use the public key to encrypt your +// key material. Then, use ImportKeyMaterial with your import token to import +// the key material. For step-by-step instructions, see Importing Key Material +// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the Key Management Service Developer Guide . // // This feature supports only symmetric encryption KMS keys, including multi-Region @@ -980,22 +1156,52 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // To create a multi-Region primary key with imported key material, use the // Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion // parameter with a value of True. To create replicas of the multi-Region primary -// key, use the ReplicateKey operation. For more information about multi-Region -// keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// key, use the ReplicateKey operation. For instructions, see Importing key +// material into multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html). +// For more information about multi-Region keys, see Multi-Region keys in KMS +// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // in the Key Management Service Developer Guide. // // # Custom key store // -// To create a symmetric encryption KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// use the CustomKeyStoreId parameter to specify the custom key store. You must -// also use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM -// cluster that is associated with the custom key store must have at least two -// active HSMs in different Availability Zones in the Amazon Web Services Region. +// A custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// lets you protect your Amazon Web Services resources using keys in a backing +// key store that you own and manage. When you request a cryptographic operation +// with a KMS key in a custom key store, the operation is performed in the backing +// key store using its cryptographic keys. +// +// KMS supports CloudHSM key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html) +// backed by an CloudHSM cluster and external key stores (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html) +// backed by an external key manager outside of Amazon Web Services. When you +// create a KMS key in an CloudHSM key store, KMS generates an encryption key +// in the CloudHSM cluster and associates it with the KMS key. When you create +// a KMS key in an external key store, you specify an existing encryption key +// in the external key manager. +// +// Some external key managers provide a simpler method for creating a KMS key +// in an external key store. For details, see your external key manager documentation. +// +// Before you create a KMS key in a custom key store, the ConnectionState of +// the key store must be CONNECTED. To connect the custom key store, use the +// ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores +// operation. // -// Custom key stores support only symmetric encryption KMS keys. You cannot -// create an HMAC KMS key or an asymmetric KMS key in a custom key store. For -// information about custom key stores in KMS see Custom key stores in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// in the Key Management Service Developer Guide . +// To create a KMS key in a custom key store, use the CustomKeyStoreId. Use +// the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, +// ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is +// supported in a custom key store. +// +// To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html), +// use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster +// that is associated with the custom key store must have at least two active +// HSMs in different Availability Zones in the Amazon Web Services Region. +// +// To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html), +// use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId +// parameter that identifies an existing external key. +// +// Some external key managers provide a simpler method for creating a KMS key +// in an external key store. For details, see your external key manager documentation. // // Cross-account use: No. You cannot use this operation to create a KMS key // in a different Amazon Web Services account. @@ -1028,8 +1234,8 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // or semantically correct. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -1062,49 +1268,83 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the CloudHSM User Guide . // +// - XksKeyInvalidConfigurationException +// The request was rejected because the external key specified by the XksKeyId +// parameter did not meet the configuration requirements for an external key +// store. +// +// The external key must be an AES-256 symmetric key that is enabled and performs +// encryption and decryption. +// +// - XksKeyAlreadyInUseException +// The request was rejected because the (XksKeyId) is already associated with +// a KMS key in this external key store. Each KMS key in an external key store +// must be associated with a different external key. +// +// - XksKeyNotFoundException +// The request was rejected because the external key store proxy could not find +// the external key. This exception is thrown when the value of the XksKeyId +// parameter doesn't identify a key in the external key manager associated with +// the external key proxy. +// +// Verify that the XksKeyId represents an existing key in the external key manager. +// Use the key identifier that the external key store proxy uses to identify +// the key. For details, see the documentation provided with your external key +// store proxy or key manager. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { req, out := c.CreateKeyRequest(input) @@ -1192,8 +1432,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // // The Decrypt operation also decrypts ciphertext that was encrypted outside // of KMS by the public key in an KMS asymmetric KMS key. However, it cannot -// decrypt ciphertext produced by other libraries, such as the Amazon Web Services -// Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// decrypt symmetric ciphertext produced by other libraries, such as the Amazon +// Web Services Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) // or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). // These libraries return a ciphertext format that is incompatible with KMS. // @@ -1297,8 +1537,8 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // key, use the DescribeKey operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. @@ -1311,10 +1551,18 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { req, out := c.DecryptRequest(input) @@ -1384,7 +1632,7 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // Deletes the specified alias. // // Adding, deleting, or updating an alias can allow or deny permission to the -// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // Because an alias is not a property of a KMS key, you can delete and change @@ -1428,8 +1676,8 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -1443,10 +1691,18 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { req, out := c.DeleteAliasRequest(input) @@ -1514,33 +1770,39 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // DeleteCustomKeyStore API operation for AWS Key Management Service. // // Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// This operation does not delete the CloudHSM cluster that is associated with -// the custom key store, or affect any users or keys in the cluster. +// This operation does not affect any backing elements of the custom key store. +// It does not delete the CloudHSM cluster that is associated with an CloudHSM +// key store, or affect any users or keys in the cluster. For an external key +// store, it does not affect the external key store proxy, external key manager, +// or any external keys. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. // // The custom key store that you delete cannot contain any KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). // Before deleting the key store, verify that you will never need to use any // of the KMS keys in the key store for any cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). // Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. -// When the scheduled waiting period expires, the ScheduleKeyDeletion operation -// deletes the KMS keys. Then it makes a best effort to delete the key material -// from the associated cluster. However, you might need to manually delete the -// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) -// from the cluster and its backups. -// -// After all KMS keys are deleted from KMS, use DisconnectCustomKeyStore to -// disconnect the key store from KMS. Then, you can delete the custom key store. -// -// Instead of deleting the custom key store, consider using DisconnectCustomKeyStore -// to disconnect it from KMS. While the key store is disconnected, you cannot -// create or use the KMS keys in the key store. But, you do not need to delete -// KMS keys and you can reconnect a disconnected custom key store at any time. +// After the required waiting period expires and all KMS keys are deleted from +// the custom key store, use DisconnectCustomKeyStore to disconnect the key +// store from KMS. Then, you can delete the custom key store. +// +// For keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes +// a best effort to delete the key material from the associated cluster. However, +// you might need to manually delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// from the cluster and its backups. KMS never creates, manages, or deletes +// cryptographic keys in the external key manager associated with an external +// key store. You must manage them using your external key manager tools. +// +// Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore +// operation to disconnect the custom key store from its backing key store. +// While the key store is disconnected, you cannot create or use the KMS keys +// in the key store. But, you do not need to delete KMS keys and you can reconnect +// a disconnected custom key store at any time. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. // @@ -1581,17 +1843,27 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with @@ -1713,8 +1985,8 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // a specified resource is not valid for this operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -1728,10 +2000,18 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { req, out := c.DeleteImportedKeyMaterialRequest(input) @@ -1788,7 +2068,7 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -1806,30 +2086,37 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // in the account and Region. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. +// of KMS with the isolation and control of a key store that you own and manage. // // By default, this operation returns information about all custom key stores // in the account and Region. To get only information about a particular custom // key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter // (but not both). // -// To determine whether the custom key store is connected to its CloudHSM cluster, -// use the ConnectionState element in the response. If an attempt to connect -// the custom key store failed, the ConnectionState value is FAILED and the -// ConnectionErrorCode element in the response indicates the cause of the failure. -// For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. +// To determine whether the custom key store is connected to its CloudHSM cluster +// or external key store proxy, use the ConnectionState element in the response. +// If an attempt to connect the custom key store failed, the ConnectionState +// value is FAILED and the ConnectionErrorCode element in the response indicates +// the cause of the failure. For help interpreting the ConnectionErrorCode, +// see CustomKeyStoresListEntry. // // Custom key stores have a DISCONNECTED connection state if the key store has -// never been connected or you use the DisconnectCustomKeyStore operation to -// disconnect it. If your custom key store state is CONNECTED but you are having -// trouble using it, make sure that its associated CloudHSM cluster is active -// and contains the minimum number of HSMs required for the operation, if any. -// -// For help repairing your custom key store, see the Troubleshooting Custom -// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// topic in the Key Management Service Developer Guide. +// never been connected or you used the DisconnectCustomKeyStore operation to +// disconnect it. Otherwise, the connection state is CONNECTED. If your custom +// key store connection state is CONNECTED but you are having trouble using +// it, verify that the backing store is active and available. For an CloudHSM +// key store, verify that the associated CloudHSM cluster is active and contains +// the minimum number of HSMs required for the operation, if any. For an external +// key store, verify that the external key store proxy and its associated external +// key manager are reachable and enabled. +// +// For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html). +// For help repairing your external key store, see the Troubleshooting external +// key stores (https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html). +// Both topics are in the Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. @@ -1995,10 +2282,13 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // any) of the key material. It includes fields, like KeySpec, that help you // distinguish different types of KMS keys. It also displays the key usage (encryption, // signing, or generating and verifying MACs) and the algorithms that the KMS -// key supports. For KMS keys in custom key stores, it includes information -// about the custom key store, such as the key store ID and the CloudHSM cluster -// ID. For multi-Region keys, it displays the primary key and all related replica -// keys. +// key supports. For multi-Region keys (kms/latest/developerguide/multi-region-keys-overview.html), +// it displays the primary key and all related replica keys. For KMS keys in +// CloudHSM key stores (kms/latest/developerguide/keystore-cloudhsm.html), it +// includes information about the custom key store, such as the key store ID +// and the CloudHSM cluster ID. For KMS key in external key stores (kms/latest/developerguide/keystore-external.html), +// it includes the custom key store ID and the ID and status of the associated +// external key. // // DescribeKey does not return the following information: // @@ -2061,8 +2351,8 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2171,8 +2461,8 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2182,10 +2472,18 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { req, out := c.DisableKeyRequest(input) @@ -2256,12 +2554,12 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // of the specified symmetric encryption KMS key. // // Automatic key rotation is supported only on symmetric encryption KMS keys. -// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status of these KMS keys is always false. To enable or disable -// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // // You can enable (EnableKeyRotation) and disable automatic rotation of the @@ -2311,8 +2609,8 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2322,10 +2620,18 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -2397,10 +2703,18 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // DisconnectCustomKeyStore API operation for AWS Key Management Service. // // Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// from its associated CloudHSM cluster. While a custom key store is disconnected, -// you can manage the custom key store and its KMS keys, but you cannot create -// or use KMS keys in the custom key store. You can reconnect the custom key -// store at any time. +// from its backing key store. This operation disconnects an CloudHSM key store +// from its associated CloudHSM cluster or disconnects an external key store +// from the external key store proxy that communicates with your external key +// manager. +// +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. +// +// While a custom key store is disconnected, you can manage the custom key store +// and its KMS keys, but you cannot create or use its KMS keys. You can reconnect +// the custom key store at any time. // // While a custom key store is disconnected, all attempts to create KMS keys // in the custom key store or to use existing KMS keys in cryptographic operations @@ -2408,16 +2722,13 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // will fail. This action can prevent users from storing and accessing sensitive // data. // +// When you disconnect a custom key store, its ConnectionState changes to Disconnected. // To find the connection state of a custom key store, use the DescribeCustomKeyStores // operation. To reconnect a custom key store, use the ConnectCustomKeyStore // operation. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. // @@ -2452,17 +2763,27 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with @@ -2571,8 +2892,8 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2587,10 +2908,18 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { req, out := c.EnableKeyRequest(input) @@ -2669,12 +2998,12 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // // Automatic key rotation is supported only on symmetric encryption KMS keys // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). -// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status of these KMS keys is always false. To enable or disable -// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // // You cannot enable or disable automatic rotation Amazon Web Services managed @@ -2730,8 +3059,8 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -2741,10 +3070,18 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -2899,8 +3236,8 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -2930,10 +3267,18 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { req, out := c.EncryptRequest(input) @@ -3106,8 +3451,8 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3137,10 +3482,18 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { req, out := c.GenerateDataKeyRequest(input) @@ -3296,8 +3649,8 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3327,10 +3680,18 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -3479,8 +3840,8 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3510,10 +3871,18 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -3612,6 +3981,14 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // or a key in a custom key store to generate a data key. To get the type of // your KMS key, use the DescribeKey operation. // +// You must also specify the length of the data key. Use either the KeySpec +// or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data +// keys, use the KeySpec parameter. +// +// To generate an SM4 data key (China Regions only), specify a KeySpec value +// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used +// in China Regions to encrypt your data key is an SM4 encryption key. +// // If the operation succeeds, you will find the encrypted copy of the data key // in the CiphertextBlob field. // @@ -3666,8 +4043,8 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -3697,10 +4074,18 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) @@ -3767,15 +4152,18 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, // GenerateMac API operation for AWS Key Management Service. // // Generates a hash-based message authentication code (HMAC) for a message using -// an HMAC KMS key and a MAC algorithm that the key supports. The MAC algorithm -// computes the HMAC for the message and the key as described in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). -// -// You can use the HMAC that this operation generates with the VerifyMac operation -// to demonstrate that the original message has not changed. Also, because a -// secret key is used to create the hash, you can verify that the party that -// generated the hash has the required secret key. This operation is part of -// KMS support for HMAC KMS keys. For details, see HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) -// in the Key Management Service Developer Guide . +// an HMAC KMS key and a MAC algorithm that the key supports. HMAC KMS keys +// and the HMAC algorithms that KMS uses conform to industry standards defined +// in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). +// +// You can use value that GenerateMac returns in the VerifyMac operation to +// demonstrate that the original message has not changed. Also, because a secret +// key is used to create the hash, you can verify that the party that generated +// the hash has the required secret key. You can also use the raw result to +// implement HMAC-based algorithms such as key derivation functions. This operation +// is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS +// (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the +// Key Management Service Developer Guide . // // Best practices recommend that you limit the time during which any signing // mechanism, including an HMAC, is effective. This deters an attack where the @@ -3845,10 +4233,18 @@ func (c *KMS) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateMac func (c *KMS) GenerateMac(input *GenerateMacInput) (*GenerateMacOutput, error) { req, out := c.GenerateMacRequest(input) @@ -3920,9 +4316,8 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // byte string. There is no default value for string length. // // By default, the random byte string is generated in KMS. To generate the byte -// string in the CloudHSM cluster that is associated with a custom key store -// (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// specify the custom key store ID. +// string in the CloudHSM cluster associated with an CloudHSM key store, use +// the CustomKeyStoreId parameter. // // Applications in Amazon Web Services Nitro Enclaves can call this operation // by using the Amazon Web Services Nitro Enclaves Development Kit (https://github.com/aws/aws-nitro-enclaves-sdk-c). @@ -3949,13 +4344,17 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // +// - UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// // - CustomKeyStoreNotFoundException // The request was rejected because KMS cannot find a custom key store with // the specified key store name or ID. @@ -3967,17 +4366,27 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { @@ -4072,8 +4481,8 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -4083,10 +4492,18 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { req, out := c.GetKeyPolicyRequest(input) @@ -4163,12 +4580,12 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // // Automatic key rotation is supported only on symmetric encryption KMS keys // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks). -// You cannot enable or disable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), +// You cannot enable automatic rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status of these KMS keys is always false. To enable or disable -// automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key.. // // You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) @@ -4228,8 +4645,8 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -4239,10 +4656,18 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. @@ -4322,11 +4747,11 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // a subsequent ImportKeyMaterial request. // // You must specify the key ID of the symmetric encryption KMS key into which -// you will import key material. This KMS key's Origin must be EXTERNAL. You -// must also specify the wrapping algorithm and type of wrapping key (public -// key) that you will use to encrypt the key material. You cannot perform this -// operation on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in -// a different Amazon Web Services account. +// you will import key material. The KMS key Origin must be EXTERNAL. You must +// also specify the wrapping algorithm and type of wrapping key (public key) +// that you will use to encrypt the key material. You cannot perform this operation +// on an asymmetric KMS key, an HMAC KMS key, or on any KMS key in a different +// Amazon Web Services account. // // To import key material, you must use the public key and import token from // the same response. These items are valid for 24 hours. The expiration date @@ -4368,8 +4793,8 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // a specified resource is not valid for this operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -4383,10 +4808,18 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { req, out := c.GetParametersForImportRequest(input) @@ -4467,11 +4900,6 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // are part of every KMS operation. You also reduce of risk of encrypting data // that cannot be decrypted. These features are not effective outside of KMS. // -// To verify a signature outside of KMS with an SM2 public key (China Regions -// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 -// as the distinguishing ID. For more information, see Offline verification -// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). -// // To help you use the public key safely outside of KMS, GetPublicKey returns // important information about the public key in the response, including: // @@ -4493,6 +4921,11 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // algorithm that is not supported by KMS. You can also avoid errors, such as // using the wrong signing algorithm in a verification operation. // +// To verify a signature outside of KMS with an SM2 public key (China Regions +// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 +// as the distinguishing ID. For more information, see Offline verification +// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). +// // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. @@ -4527,8 +4960,8 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -4566,10 +4999,18 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey func (c *KMS) GetPublicKey(input *GetPublicKeyInput) (*GetPublicKeyOutput, error) { req, out := c.GetPublicKeyRequest(input) @@ -4664,11 +5105,13 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // - The import token that GetParametersForImport returned. You must use // a public key and token from the same GetParametersForImport response. // -// - Whether the key material expires and if so, when. If you set an expiration -// date, KMS deletes the key material from the KMS key on the specified date, -// and the KMS key becomes unusable. To use the KMS key again, you must reimport -// the same key material. The only way to change an expiration date is by -// reimporting the same key material and specifying a new expiration date. +// - Whether the key material expires (ExpirationModel) and, if so, when +// (ValidTo). If you set an expiration date, on the specified date, KMS deletes +// the key material from the KMS key, making the KMS key unusable. To use +// the KMS key in cryptographic operations again, you must reimport the same +// key material. The only way to change the expiration model or expiration +// date is by reimporting the same key material and specifying a new expiration +// date. // // When this operation is successful, the key state of the KMS key changes from // PendingImport to Enabled, and you can use the KMS key. @@ -4714,8 +5157,8 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // a specified resource is not valid for this operation. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -4729,10 +5172,18 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - InvalidCiphertextException // From the Decrypt or ReEncrypt operation, the request was rejected because // the specified ciphertext, or additional authenticated data incorporated into @@ -4812,7 +5263,7 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -4873,8 +5324,8 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidMarkerException // The request was rejected because the marker that specifies where pagination @@ -4999,7 +5450,7 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5061,8 +5512,8 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // be found. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidMarkerException // The request was rejected because the marker that specifies where pagination @@ -5083,10 +5534,18 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { req, out := c.ListGrantsRequest(input) @@ -5194,7 +5653,7 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5243,8 +5702,8 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -5254,10 +5713,18 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { req, out := c.ListKeyPoliciesRequest(input) @@ -5365,7 +5832,7 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5409,8 +5876,8 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -5527,7 +5994,7 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5697,7 +6164,7 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", - TruncationToken: "Truncated", + TruncationToken: "", }, } @@ -5755,8 +6222,8 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidMarkerException // The request was rejected because the marker that specifies where pagination @@ -5931,8 +6398,8 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // or semantically correct. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - UnsupportedOperationException // The request was rejected because a specified parameter is not supported or @@ -5951,10 +6418,18 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { req, out := c.PutKeyPolicyRequest(input) @@ -6056,20 +6531,20 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // was encrypted under a different KMS key, the ReEncrypt operation fails. // This practice ensures that you use the KMS key that you intend. // -// - To reencrypt the data, you must use the DestinationKeyId parameter specify -// the KMS key that re-encrypts the data after it is decrypted. If the destination -// KMS key is an asymmetric KMS key, you must also provide the encryption -// algorithm. The algorithm that you choose must be compatible with the KMS -// key. When you use an asymmetric KMS key to encrypt or reencrypt data, -// be sure to record the KMS key and encryption algorithm that you choose. -// You will be required to provide the same KMS key and encryption algorithm -// when you decrypt the data. If the KMS key and algorithm do not match the -// values used to encrypt the data, the decrypt operation fails. You are -// not required to supply the key ID and encryption algorithm when you decrypt -// with symmetric encryption KMS keys because KMS stores this information -// in the ciphertext blob. KMS cannot store metadata in ciphertext generated -// with asymmetric keys. The standard format for asymmetric key ciphertext -// does not include configurable fields. +// - To reencrypt the data, you must use the DestinationKeyId parameter to +// specify the KMS key that re-encrypts the data after it is decrypted. If +// the destination KMS key is an asymmetric KMS key, you must also provide +// the encryption algorithm. The algorithm that you choose must be compatible +// with the KMS key. When you use an asymmetric KMS key to encrypt or reencrypt +// data, be sure to record the KMS key and encryption algorithm that you +// choose. You will be required to provide the same KMS key and encryption +// algorithm when you decrypt the data. If the KMS key and algorithm do not +// match the values used to encrypt the data, the decrypt operation fails. +// You are not required to supply the key ID and encryption algorithm when +// you decrypt with symmetric encryption KMS keys because KMS stores this +// information in the ciphertext blob. KMS cannot store metadata in ciphertext +// generated with asymmetric keys. The standard format for asymmetric key +// ciphertext does not include configurable fields. // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -6140,8 +6615,8 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // must identify the same KMS key that was used to encrypt the ciphertext. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -6171,10 +6646,18 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { req, out := c.ReEncryptRequest(input) @@ -6348,10 +6831,18 @@ func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Reques // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. @@ -6500,8 +6991,8 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // be found. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -6511,10 +7002,18 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { req, out := c.RetireGrantRequest(input) @@ -6628,8 +7127,8 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // be found. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, @@ -6646,10 +7145,18 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { req, out := c.RevokeGrantRequest(input) @@ -6730,13 +7237,6 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // is unrecoverable. (The only exception is a multi-Region replica key.) To // prevent the use of a KMS key without deleting it, use DisableKey. // -// If you schedule deletion of a KMS key from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), -// when the waiting period expires, ScheduleKeyDeletion deletes the KMS key -// from KMS. Then KMS makes a best effort to delete the key material from the -// associated CloudHSM cluster. However, you might need to manually delete the -// orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) -// from the cluster and its backups. -// // You can schedule the deletion of a multi-Region primary key and its replica // keys at any time. However, KMS will not delete a multi-Region primary key // with existing replica keys. If you schedule the deletion of a primary key @@ -6748,6 +7248,18 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) // in the Key Management Service Developer Guide. // +// When KMS deletes a KMS key from an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-cmk-keystore.html), +// it makes a best effort to delete the associated key material from the associated +// CloudHSM cluster. However, you might need to manually delete the orphaned +// key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// from the cluster and its backups. Deleting a KMS key from an external key +// store (https://docs.aws.amazon.com/kms/latest/developerguide/delete-xks-key.html) +// has no effect on the associated external key. However, for both types of +// custom key stores, deleting a KMS key is destructive and irreversible. You +// cannot decrypt ciphertext encrypted under the KMS key by using only its associated +// external key or CloudHSM key. Also, you cannot recreate a KMS key in an external +// key store by creating a new KMS key with the same key material. +// // For more information about scheduling a KMS key for deletion, see Deleting // KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the Key Management Service Developer Guide. @@ -6785,8 +7297,8 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -6796,10 +7308,18 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { req, out := c.ScheduleKeyDeletionRequest(input) @@ -6940,8 +7460,8 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -6971,10 +7491,18 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign func (c *KMS) Sign(input *SignInput) (*SignOutput, error) { req, out := c.SignRequest(input) @@ -7044,7 +7572,7 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // Adds or edits tags on a customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. -// For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // Each tag consists of a tag key and a tag value, both of which are case-sensitive @@ -7111,10 +7639,18 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - LimitExceededException // The request was rejected because a quota was exceeded. For more information, // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) @@ -7193,7 +7729,7 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // To delete a tag, specify the tag key and the KMS key. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. -// For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // When it succeeds, the UntagResource operation doesn't return any output. @@ -7251,10 +7787,18 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - TagException // The request was rejected because one or more tags are not valid. // @@ -7330,14 +7874,14 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // account and Region. // // Adding, deleting, or updating an alias can allow or deny permission to the -// KMS key. For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// KMS key. For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // The current and new KMS key must be the same type (both symmetric or both -// asymmetric), and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). -// This restriction prevents errors in code that uses aliases. If you must assign -// an alias to a different type of KMS key, use DeleteAlias to delete the old -// alias and CreateAlias to create a new alias. +// asymmetric or both HMAC), and they must have the same key usage. This restriction +// prevents errors in code that uses aliases. If you must assign an alias to +// a different type of KMS key, use DeleteAlias to delete the old alias and +// CreateAlias to create a new alias. // // You cannot use UpdateAlias to change an alias name. To change an alias name, // use DeleteAlias to delete the old alias and CreateAlias to create a new alias. @@ -7386,8 +7930,8 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // Returned Error Types: // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - NotFoundException // The request was rejected because the specified entity or resource could not @@ -7406,10 +7950,18 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { req, out := c.UpdateAliasRequest(input) @@ -7476,42 +8028,70 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // UpdateCustomKeyStore API operation for AWS Key Management Service. // -// Changes the properties of a custom key store. Use the CustomKeyStoreId parameter -// to identify the custom key store you want to edit. Use the remaining parameters -// to change the properties of the custom key store. -// -// You can only update a custom key store that is disconnected. To disconnect -// the custom key store, use DisconnectCustomKeyStore. To reconnect the custom -// key store after the update completes, use ConnectCustomKeyStore. To find -// the connection state of a custom key store, use the DescribeCustomKeyStores -// operation. -// -// The CustomKeyStoreId parameter is required in all commands. Use the other -// parameters of UpdateCustomKeyStore to edit your key store settings. +// Changes the properties of a custom key store. You can use this operation +// to change the properties of an CloudHSM key store or an external key store. // -// - Use the NewCustomKeyStoreName parameter to change the friendly name -// of the custom key store to the value that you specify. +// Use the required CustomKeyStoreId parameter to identify the custom key store. +// Use the remaining optional parameters to change its properties. This operation +// does not return any property values. To verify the updated property values, +// use the DescribeCustomKeyStores operation. // -// - Use the KeyStorePassword parameter tell KMS the current password of -// the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// in the associated CloudHSM cluster. You can use this parameter to fix -// connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) -// that occur when KMS cannot log into the associated cluster because the -// kmsuser password has changed. This value does not change the password -// in the CloudHSM cluster. -// -// - Use the CloudHsmClusterId parameter to associate the custom key store -// with a different, but related, CloudHSM cluster. You can use this parameter -// to repair a custom key store if its CloudHSM cluster becomes corrupted -// or is deleted, or when you need to create or restore a cluster from a -// backup. +// This operation is part of the custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in KMS, which combines the convenience and extensive integration +// of KMS with the isolation and control of a key store that you own and manage. +// +// When updating the properties of an external key store, verify that the updated +// settings connect your key store, via the external key store proxy, to the +// same external key manager as the previous settings, or to a backup or snapshot +// of the external key manager with the same cryptographic keys. If the updated +// connection settings fail, you can fix them and retry, although an extended +// delay might disrupt Amazon Web Services services. However, if KMS permanently +// loses its access to cryptographic keys, ciphertext encrypted under those +// keys is unrecoverable. +// +// For external key stores: +// +// Some external key managers provide a simpler method for updating an external +// key store. For details, see your external key manager documentation. +// +// When updating an external key store in the KMS console, you can upload a +// JSON-based proxy configuration file with the desired values. You cannot upload +// the proxy configuration file to the UpdateCustomKeyStore operation. However, +// you can use the file to help you determine the correct values for the UpdateCustomKeyStore +// parameters. +// +// For an CloudHSM key store, you can use this operation to change the custom +// key store friendly name (NewCustomKeyStoreName), to tell KMS about a change +// to the kmsuser crypto user password (KeyStorePassword), or to associate the +// custom key store with a different, but related, CloudHSM cluster (CloudHsmClusterId). +// To update any property of an CloudHSM key store, the ConnectionState of the +// CloudHSM key store must be DISCONNECTED. +// +// For an external key store, you can use this operation to change the custom +// key store friendly name (NewCustomKeyStoreName), or to tell KMS about a change +// to the external key store proxy authentication credentials (XksProxyAuthenticationCredential), +// connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint) +// and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity +// of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint service +// name (XksProxyVpcEndpointServiceName). To update most properties of an external +// key store, the ConnectionState of the external key store must be DISCONNECTED. +// However, you can update the CustomKeyStoreName, XksProxyAuthenticationCredential, +// and XksProxyUriPath of an external key store when it is in the CONNECTED +// or DISCONNECTED state. +// +// If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore, +// use the DisconnectCustomKeyStore operation to disconnect the custom key store. +// After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore +// to reconnect the custom key store. To find the ConnectionState of the custom +// key store, use the DescribeCustomKeyStores operation. +// +// Before updating the custom key store, verify that the new values allow KMS +// to connect the custom key store to its backing key store. For example, before +// you change the XksProxyUriPath value, verify that the external key store +// proxy is reachable at the new path. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// feature in KMS, which combines the convenience and extensive integration -// of KMS with the isolation and control of a single-tenant key store. -// // Cross-account use: No. You cannot perform this operation on a custom key // store in a different Amazon Web Services account. // @@ -7555,15 +8135,16 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // - CloudHsmClusterNotRelatedException // The request was rejected because the specified CloudHSM cluster has a different // cluster certificate than the original cluster. You cannot use the operation -// to specify an unrelated cluster. +// to specify an unrelated cluster for an CloudHSM key store. // -// Specify a cluster that shares a backup history with the original cluster. -// This includes clusters that were created from a backup of the current cluster, -// and clusters that were created from the same backup that produced the current -// cluster. +// Specify an CloudHSM cluster that shares a backup history with the original +// cluster. This includes clusters that were created from a backup of the current +// cluster, and clusters that were created from the same backup that produced +// the current cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // - CustomKeyStoreInvalidStateException @@ -7573,60 +8154,126 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. // // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // // - CloudHsmClusterNotActiveException -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. // // - CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the CloudHSM User Guide . // +// - XksProxyUriInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with an external key store in the +// Amazon Web Services account and Region. Each external key store in an account +// and Region must use a unique external key store proxy API address. +// +// - XksProxyUriEndpointInUseException +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an account and Region must +// use a unique external key store proxy address. +// +// - XksProxyUriUnreachableException +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +// +// - XksProxyIncorrectAuthenticationCredentialException +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +// +// - XksProxyVpcEndpointServiceInUseException +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an Amazon Web Services account +// and Region must use a different Amazon VPC endpoint service. +// +// - XksProxyVpcEndpointServiceNotFoundException +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +// +// - XksProxyVpcEndpointServiceInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +// +// - XksProxyInvalidResponseException +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +// +// - XksProxyInvalidConfigurationException +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { req, out := c.UpdateCustomKeyStoreRequest(input) @@ -7730,8 +8377,8 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // is not valid. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InternalException // The request was rejected because an internal exception occurred. The request @@ -7741,10 +8388,18 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { req, out := c.UpdateKeyDescriptionRequest(input) @@ -7902,10 +8557,18 @@ func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req * // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - InternalException // The request was rejected because an internal exception occurred. The request // can be retried. @@ -8004,15 +8667,16 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // You can also verify the digital signature by using the public key of the // KMS key outside of KMS. Use the GetPublicKey operation to download the public // key in the asymmetric KMS key and then use the public key to verify the signature -// outside of KMS. To verify a signature outside of KMS with an SM2 public key, -// you must specify the distinguishing ID. By default, KMS uses 1234567812345678 +// outside of KMS. The advantage of using the Verify operation is that it is +// performed within KMS. As a result, it's easy to call, the operation is performed +// within the FIPS boundary, it is logged in CloudTrail, and you can use key +// policy and IAM policy to determine who is authorized to use the KMS key to +// verify signatures. +// +// To verify a signature outside of KMS with an SM2 public key (China Regions +// only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 // as the distinguishing ID. For more information, see Offline verification -// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification) -// in Key Management Service Developer Guide. The advantage of using the Verify -// operation is that it is performed within KMS. As a result, it's easy to call, -// the operation is performed within the FIPS boundary, it is logged in CloudTrail, -// and you can use key policy and IAM policy to determine who is authorized -// to use the KMS key to verify signatures. +// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification). // // The KMS key that you use for this operation must be in a compatible key state. // For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -8048,8 +8712,8 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // You can retry the request. // // - DependencyTimeoutException -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. // // - InvalidKeyUsageException // The request was rejected for one of the following reasons: @@ -8079,10 +8743,18 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // - KMSInvalidSignatureException // The request was rejected because the signature verification failed. Signature // verification fails when it cannot confirm that signature was produced by @@ -8157,10 +8829,12 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out // message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes // an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, // and compares the computed HMAC to the HMAC that you specify. If the HMACs -// are identical, the verification succeeds; otherwise, it fails. +// are identical, the verification succeeds; otherwise, it fails. Verification +// indicates that the message hasn't changed since the HMAC was calculated, +// and the specified key was used to generate and verify the HMAC. // -// Verification indicates that the message hasn't changed since the HMAC was -// calculated, and the specified key was used to generate and verify the HMAC. +// HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards +// defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). // // This operation is part of KMS support for HMAC KMS keys. For details, see // HMAC keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) @@ -8232,10 +8906,18 @@ func (c *KMS) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, out // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide . // +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/VerifyMac func (c *KMS) VerifyMac(input *VerifyMacInput) (*VerifyMacOutput, error) { req, out := c.VerifyMacRequest(input) @@ -8486,12 +9168,13 @@ func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { } // The request was rejected because the specified CloudHSM cluster is already -// associated with a custom key store or it shares a backup history with a cluster -// that is associated with a custom key store. Each custom key store must be -// associated with a different CloudHSM cluster. +// associated with an CloudHSM key store in the account, or it shares a backup +// history with an CloudHSM key store in the account. Each CloudHSM key store +// in the account must be associated with a different CloudHSM cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. type CloudHsmClusterInUseException struct { _ struct{} `type:"structure"` @@ -8557,29 +9240,29 @@ func (s *CloudHsmClusterInUseException) RequestID() string { } // The request was rejected because the associated CloudHSM cluster did not -// meet the configuration requirements for a custom key store. +// meet the configuration requirements for an CloudHSM key store. // -// - The cluster must be configured with private subnets in at least two -// different Availability Zones in the Region. +// - The CloudHSM cluster must be configured with private subnets in at least +// two different Availability Zones in the Region. // // - The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security -// group ID. These rules are set by default when you create the cluster. -// Do not delete or change them. To get information about a particular security -// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// group ID. These rules are set by default when you create the CloudHSM +// cluster. Do not delete or change them. To get information about a particular +// security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // -// - The cluster must contain at least as many HSMs as the operation requires. -// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// - The CloudHSM cluster must contain at least as many HSMs as the operation +// requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated -// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, @@ -8648,10 +9331,9 @@ func (s *CloudHsmClusterInvalidConfigurationException) RequestID() string { return s.RespMetadata.RequestID } -// The request was rejected because the CloudHSM cluster that is associated -// with the custom key store is not active. Initialize and activate the cluster -// and try the command again. For detailed instructions, see Getting Started -// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// The request was rejected because the CloudHSM cluster associated with the +// CloudHSM key store is not active. Initialize and activate the cluster and +// try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. type CloudHsmClusterNotActiveException struct { _ struct{} `type:"structure"` @@ -8783,15 +9465,16 @@ func (s *CloudHsmClusterNotFoundException) RequestID() string { // The request was rejected because the specified CloudHSM cluster has a different // cluster certificate than the original cluster. You cannot use the operation -// to specify an unrelated cluster. +// to specify an unrelated cluster for an CloudHSM key store. // -// Specify a cluster that shares a backup history with the original cluster. -// This includes clusters that were created from a backup of the current cluster, -// and clusters that were created from the same backup that produced the current -// cluster. +// Specify an CloudHSM cluster that shares a backup history with the original +// cluster. This includes clusters that were created from a backup of the current +// cluster, and clusters that were created from the same backup that produced +// the current cluster. // -// Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// CloudHSM clusters that share a backup history have the same cluster certificate. +// To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters +// (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. type CloudHsmClusterNotRelatedException struct { _ struct{} `type:"structure"` @@ -9042,18 +9725,33 @@ func (s CreateAliasOutput) GoString() string { type CreateCustomKeyStoreInput struct { _ struct{} `type:"structure"` - // Identifies the CloudHSM cluster for the custom key store. Enter the cluster - // ID of any active CloudHSM cluster that is not already associated with a custom - // key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // Identifies the CloudHSM cluster for an CloudHSM key store. This parameter + // is required for custom key stores with CustomKeyStoreType of AWS_CLOUDHSM. + // + // Enter the cluster ID of any active CloudHSM cluster that is not already associated + // with a custom key store. To find the cluster ID, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. CloudHsmClusterId *string `min:"19" type:"string"` // Specifies a friendly name for the custom key store. The name must be unique - // in your Amazon Web Services account. + // in your Amazon Web Services account and Region. This parameter is required + // for all custom key stores. // // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` + // Specifies the type of custom key store. The default value is AWS_CLOUDHSM. + // + // For a custom key store backed by an CloudHSM cluster, omit the parameter + // or enter AWS_CLOUDHSM. For a custom key store backed by an external key manager + // outside of Amazon Web Services, enter EXTERNAL_KEY_STORE. You cannot change + // this property after the key store is created. + CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"` + + // Specifies the kmsuser password for an CloudHSM key store. This parameter + // is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. + // // Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) // in the specified CloudHSM cluster. KMS logs into the cluster as this user // to manage key material on your behalf. @@ -9068,10 +9766,120 @@ type CreateCustomKeyStoreInput struct { // String and GoString methods. KeyStorePassword *string `min:"7" type:"string" sensitive:"true"` - // Enter the content of the trust anchor certificate for the cluster. This is - // the content of the customerCA.crt file that you created when you initialized - // the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). + // * CreateCustom + // + // Specifies the certificate for an CloudHSM key store. This parameter is required + // for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. + // + // Enter the content of the trust anchor certificate for the CloudHSM cluster. + // This is the content of the customerCA.crt file that you created when you + // initialized the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). TrustAnchorCertificate *string `min:"1" type:"string"` + + // Specifies an authentication credential for the external key store proxy (XKS + // proxy). This parameter is required for all custom key stores with a CustomKeyStoreType + // of EXTERNAL_KEY_STORE. + // + // The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, + // a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. + // For character requirements, see XksProxyAuthenticationCredentialType (kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html). + // + // KMS uses this authentication credential to sign requests to the external + // key store proxy on your behalf. This credential is unrelated to Identity + // and Access Management (IAM) and Amazon Web Services credentials. + // + // This parameter doesn't set or change the authentication credentials on the + // XKS proxy. It just tells KMS the credential that you established on your + // external key store proxy. If you rotate your proxy authentication credential, + // use the UpdateCustomKeyStore operation to provide the new credential to KMS. + XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"` + + // Indicates how KMS communicates with the external key store proxy. This parameter + // is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. + // If the external key store proxy uses a Amazon VPC endpoint service for communication + // with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, see + // Choosing a connectivity option (https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity) + // in the Key Management Service Developer Guide. + // + // An Amazon VPC endpoint service keeps your communication with KMS in a private + // address space entirely within Amazon Web Services, but it requires more configuration, + // including establishing a Amazon VPC with multiple subnets, a VPC endpoint + // service, a network load balancer, and a verified private DNS name. A public + // endpoint is simpler to set up, but it might be slower and might not fulfill + // your security requirements. You might consider testing with a public endpoint, + // and then establishing a VPC endpoint service for production tasks. Note that + // this choice does not determine the location of the external key store proxy. + // Even if you choose a VPC endpoint service, the proxy can be hosted within + // the VPC or outside of Amazon Web Services such as in your corporate data + // center. + XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // Specifies the endpoint that KMS uses to send requests to the external key + // store proxy (XKS proxy). This parameter is required for custom key stores + // with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // The protocol must be HTTPS. KMS communicates on port 443. Do not specify + // the port in the XksProxyUriEndpoint value. + // + // For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, + // specify https:// followed by the private DNS name of the VPC endpoint service. + // + // For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint + // must be reachable before you create the custom key store. KMS connects to + // the external key store proxy while creating the custom key store. For external + // key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you + // call the ConnectCustomKeyStore operation. + // + // The value of this parameter must begin with https://. The remainder can contain + // upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), and + // hyphens (-). Additional slashes (/ and \) are not permitted. + // + // Uniqueness requirements: + // + // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be + // unique in the Amazon Web Services account and Region. + // + // * An external key store with PUBLIC_ENDPOINT connectivity cannot use the + // same XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE + // connectivity in the same Amazon Web Services Region. + // + // * Each external key store with VPC_ENDPOINT_SERVICE connectivity must + // have its own private DNS name. The XksProxyUriEndpoint value for external + // key stores with VPC_ENDPOINT_SERVICE connectivity (private DNS name) must + // be unique in the Amazon Web Services account and Region. + XksProxyUriEndpoint *string `min:"10" type:"string"` + + // Specifies the base path to the proxy APIs for this external key store. To + // find this value, see the documentation for your external key store proxy. + // This parameter is required for all custom key stores with a CustomKeyStoreType + // of EXTERNAL_KEY_STORE. + // + // The value must start with / and must end with /kms/xks/v1 where v1 represents + // the version of the KMS external key store proxy API. This path can include + // an optional prefix between the required elements such as /prefix/kms/xks/v1. + // + // Uniqueness requirements: + // + // * The combined XksProxyUriEndpoint and XksProxyUriPath values must be + // unique in the Amazon Web Services account and Region. + XksProxyUriPath *string `min:"10" type:"string"` + + // Specifies the name of the Amazon VPC endpoint service for interface endpoints + // that is used to communicate with your external key store proxy (XKS proxy). + // This parameter is required when the value of CustomKeyStoreType is EXTERNAL_KEY_STORE + // and the value of XksProxyConnectivity is VPC_ENDPOINT_SERVICE. + // + // The Amazon VPC endpoint service must fulfill all requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements) + // for use with an external key store. + // + // Uniqueness requirements: + // + // * External key stores with VPC_ENDPOINT_SERVICE connectivity can share + // an Amazon VPC, but each external key store must have its own VPC endpoint + // service and private DNS name. + XksProxyVpcEndpointServiceName *string `min:"20" type:"string"` } // String returns the string representation. @@ -9110,6 +9918,20 @@ func (s *CreateCustomKeyStoreInput) Validate() error { if s.TrustAnchorCertificate != nil && len(*s.TrustAnchorCertificate) < 1 { invalidParams.Add(request.NewErrParamMinLen("TrustAnchorCertificate", 1)) } + if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10)) + } + if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10)) + } + if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20)) + } + if s.XksProxyAuthenticationCredential != nil { + if err := s.XksProxyAuthenticationCredential.Validate(); err != nil { + invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -9129,6 +9951,12 @@ func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreName(v string) *CreateCusto return s } +// SetCustomKeyStoreType sets the CustomKeyStoreType field's value. +func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreType(v string) *CreateCustomKeyStoreInput { + s.CustomKeyStoreType = &v + return s +} + // SetKeyStorePassword sets the KeyStorePassword field's value. func (s *CreateCustomKeyStoreInput) SetKeyStorePassword(v string) *CreateCustomKeyStoreInput { s.KeyStorePassword = &v @@ -9141,8 +9969,38 @@ func (s *CreateCustomKeyStoreInput) SetTrustAnchorCertificate(v string) *CreateC return s } -type CreateCustomKeyStoreOutput struct { - _ struct{} `type:"structure"` +// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *CreateCustomKeyStoreInput { + s.XksProxyAuthenticationCredential = v + return s +} + +// SetXksProxyConnectivity sets the XksProxyConnectivity field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *CreateCustomKeyStoreInput { + s.XksProxyConnectivity = &v + return s +} + +// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *CreateCustomKeyStoreInput { + s.XksProxyUriEndpoint = &v + return s +} + +// SetXksProxyUriPath sets the XksProxyUriPath field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyUriPath(v string) *CreateCustomKeyStoreInput { + s.XksProxyUriPath = &v + return s +} + +// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value. +func (s *CreateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *CreateCustomKeyStoreInput { + s.XksProxyVpcEndpointServiceName = &v + return s +} + +type CreateCustomKeyStoreOutput struct { + _ struct{} `type:"structure"` // A unique identifier for the new custom key store. CustomKeyStoreId *string `min:"1" type:"string"` @@ -9446,31 +10304,25 @@ type CreateKeyInput struct { // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // and the key material in its associated CloudHSM cluster. To create a KMS - // key in a custom key store, you must also specify the Origin parameter with - // a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the - // custom key store must have at least two active HSMs, each in a different - // Availability Zone in the Region. + // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // The ConnectionState of the custom key store must be CONNECTED. To find the + // CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation. // // This parameter is valid only for symmetric encryption KMS keys in a single // Region. You cannot create any other type of KMS key in a custom key store. // - // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. - // - // The response includes the custom key store ID and the ID of the CloudHSM - // cluster. - // - // This operation is part of the custom key store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // feature in KMS, which combines the convenience and extensive integration - // of KMS with the isolation and control of a single-tenant key store. + // When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable + // 256-bit symmetric key in its associated CloudHSM cluster and associates it + // with the KMS key. When you create a KMS key in an external key store, you + // must use the XksKeyId parameter to specify an external key that serves as + // key material for the KMS key. CustomKeyStoreId *string `min:"1" type:"string"` // Instead, use the KeySpec parameter. // // The KeySpec and CustomerMasterKeySpec parameters work the same way. Only // the names differ. We recommend that you use KeySpec parameter in your code. - // However, to avoid breaking changes, KMS will support both parameters. + // However, to avoid breaking changes, KMS supports both parameters. // // Deprecated: This parameter has been deprecated. Instead, use the KeySpec parameter. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` @@ -9491,11 +10343,11 @@ type CreateKeyInput struct { // in the Key Management Service Developer Guide . // // The KeySpec determines whether the KMS key contains a symmetric key or an - // asymmetric key pair. It also determines the cryptographic algorithms that - // the KMS key supports. You can't change the KeySpec after the KMS key is created. - // To further restrict the algorithms that can be used with the KMS key, use - // a condition key in its key policy or IAM policy. For more information, see - // kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), + // asymmetric key pair. It also determines the algorithms that the KMS key supports. + // You can't change the KeySpec after the KMS key is created. To further restrict + // the algorithms that can be used with the KMS key, use a condition key in + // its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm + // (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), // kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm) // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) // in the Key Management Service Developer Guide . @@ -9561,36 +10413,37 @@ type CreateKeyInput struct { // This value creates a primary key, not a replica. To create a replica key, // use the ReplicateKey operation. // - // You can create a multi-Region version of a symmetric encryption KMS key, - // an HMAC KMS key, an asymmetric KMS key, or a KMS key with imported key material. - // However, you cannot create a multi-Region key in a custom key store. + // You can create a symmetric or asymmetric multi-Region key, and you can create + // a multi-Region key with imported key material. However, you cannot create + // a multi-Region key in a custom key store. MultiRegion *bool `type:"boolean"` // The source of the key material for the KMS key. You cannot change the origin // after you create the KMS key. The default is AWS_KMS, which means that KMS // creates the key material. // - // To create a KMS key with no key material (for imported key material), set - // the value to EXTERNAL. For more information about importing key material - // into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) - // in the Key Management Service Developer Guide. This value is valid only for - // symmetric encryption KMS keys. + // To create a KMS key with no key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) + // (for imported key material), set this value to EXTERNAL. For more information + // about importing key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) + // in the Key Management Service Developer Guide. The EXTERNAL origin value + // is valid only for symmetric KMS keys. // - // To create a KMS key in an KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) + // To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) // and create its key material in the associated CloudHSM cluster, set this // value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to - // identify the custom key store. This value is valid only for symmetric encryption - // KMS keys. + // identify the CloudHSM key store. The KeySpec value must be SYMMETRIC_DEFAULT. + // + // To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html), + // set this value to EXTERNAL_KEY_STORE. You must also use the CustomKeyStoreId + // parameter to identify the external key store and the XksKeyId parameter to + // identify the associated external key. The KeySpec value must be SYMMETRIC_DEFAULT. Origin *string `type:"string" enum:"OriginType"` - // The key policy to attach to the KMS key. If you do not specify a key policy, - // KMS attaches a default key policy to the KMS key. For more information, see - // Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) - // in the Key Management Service Developer Guide. + // The key policy to attach to the KMS key. // // If you provide a key policy, it must meet the following criteria: // - // * If you don't set BypassPolicyLockoutSafetyCheck to True, the key policy + // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the CreateKey request to make // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk // that the KMS key becomes unmanageable. For more information, refer to @@ -9606,20 +10459,14 @@ type CreateKeyInput struct { // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Amazon Web Services Identity and Access Management User Guide. // - // A key policy document can include only the following characters: - // - // * Printable ASCII characters from the space character (\u0020) through - // the end of the ASCII character range. - // - // * Printable characters in the Basic Latin and Latin-1 Supplement character - // set (through \u00FF). + // If you do not provide a key policy, KMS attaches a default key policy to + // the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // in the Key Management Service Developer Guide. // - // * The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special - // characters + // The key policy size quota is 32 kilobytes (32768 bytes). // - // For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) - // in the Key Management Service Developer Guide. For help writing and formatting - // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) + // For help writing and formatting a JSON policy document, see the IAM JSON + // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) // in the Identity and Access Management User Guide . Policy *string `min:"1" type:"string"` @@ -9627,7 +10474,7 @@ type CreateKeyInput struct { // key when it is created. To tag an existing KMS key, use the TagResource operation. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. - // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) @@ -9644,6 +10491,33 @@ type CreateKeyInput struct { // Tags can also be used to control access to a KMS key. For details, see Tagging // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). Tags []*Tag `type:"list"` + + // Identifies the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) + // that serves as key material for the KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html). + // Specify the ID that the external key store proxy (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy) + // uses to refer to the external key. For help, see the documentation for your + // external key store proxy. + // + // This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE. + // It is not valid for KMS keys with any other Origin value. + // + // The external key must be an existing 256-bit AES symmetric encryption key + // hosted outside of Amazon Web Services in an external key manager associated + // with the external key store specified by the CustomKeyStoreId parameter. + // This key must be enabled and configured to perform encryption and decryption. + // Each KMS key in an external key store must use a different external key. + // For details, see Requirements for a KMS key in an external key store (https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements) + // in the Key Management Service Developer Guide. + // + // Each KMS key in an external key store is associated two backing keys. One + // is key material that KMS generates. The other is the external key specified + // by this parameter. When you use the KMS key in an external key store to encrypt + // data, the encryption operation is performed first by KMS using the KMS key + // material, and then by the external key manager using the specified external + // key, a process known as double encryption. For details, see Double encryption + // (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption) + // in the Key Management Service Developer Guide. + XksKeyId *string `min:"1" type:"string"` } // String returns the string representation. @@ -9673,6 +10547,9 @@ func (s *CreateKeyInput) Validate() error { if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } + if s.XksKeyId != nil && len(*s.XksKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("XksKeyId", 1)) + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -9750,6 +10627,12 @@ func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput { return s } +// SetXksKeyId sets the XksKeyId field's value. +func (s *CreateKeyInput) SetXksKeyId(v string) *CreateKeyInput { + s.XksKeyId = &v + return s +} + type CreateKeyOutput struct { _ struct{} `type:"structure"` @@ -9854,17 +10737,27 @@ func (s *CustomKeyStoreHasCMKsException) RequestID() string { // // This exception is thrown under the following conditions: // -// - You requested the CreateKey or GenerateRandom operation in a custom -// key store that is not connected. These operations are valid only when -// the custom key store ConnectionState is CONNECTED. +// - You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. To reconnect a custom key store +// in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect +// it (ConnectCustomKeyStore). +// +// - You requested the CreateKey operation in a custom key store that is +// not connected. This operations is valid only when the custom key store +// ConnectionState is CONNECTED. +// +// - You requested the DisconnectCustomKeyStore operation on a custom key +// store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation +// is valid for all other ConnectionState values. // // - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // -// - You requested the ConnectCustomKeyStore operation on a custom key store -// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid -// for all other ConnectionState values. +// - You requested the GenerateRandom operation in an CloudHSM key store +// that is not connected. This operation is valid only when the CloudHSM +// key store ConnectionState is CONNECTED. type CustomKeyStoreInvalidStateException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -10064,39 +10957,53 @@ func (s *CustomKeyStoreNotFoundException) RequestID() string { type CustomKeyStoresListEntry struct { _ struct{} `type:"structure"` - // A unique identifier for the CloudHSM cluster that is associated with the - // custom key store. + // A unique identifier for the CloudHSM cluster that is associated with an CloudHSM + // key store. This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM. CloudHsmClusterId *string `min:"19" type:"string"` // Describes the connection error. This field appears in the response only when - // the ConnectionState is FAILED. For help resolving these errors, see How to - // Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) - // in Key Management Service Developer Guide. - // - // Valid values are: + // the ConnectionState is FAILED. // - // * CLUSTER_NOT_FOUND - KMS cannot find the CloudHSM cluster with the specified - // cluster ID. + // Many failures can be resolved by updating the properties of the custom key + // store. To update a custom key store, disconnect it (DisconnectCustomKeyStore), + // correct the errors (UpdateCustomKeyStore), and try to connect again (ConnectCustomKeyStore). + // For additional help resolving these errors, see How to Fix a Connection Failure + // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in Key Management Service Developer Guide. // - // * INSUFFICIENT_CLOUDHSM_HSMS - The associated CloudHSM cluster does not - // contain any active HSMs. To connect a custom key store to its CloudHSM - // cluster, the cluster must contain at least one active HSM. + // All custom key stores: // - // * INTERNAL_ERROR - KMS could not complete the request due to an internal + // * INTERNAL_ERROR — KMS could not complete the request due to an internal // error. Retry the request. For ConnectCustomKeyStore requests, disconnect // the custom key store before trying to connect again. // - // * INVALID_CREDENTIALS - KMS does not have the correct password for the - // kmsuser crypto user in the CloudHSM cluster. Before you can connect your - // custom key store to its CloudHSM cluster, you must change the kmsuser - // account password and update the key store password value for the custom - // key store. + // * NETWORK_ERRORS — Network errors are preventing KMS from connecting + // the custom key store to its backing key store. // - // * NETWORK_ERRORS - Network errors are preventing KMS from connecting to - // the custom key store. + // CloudHSM key stores: + // + // * CLUSTER_NOT_FOUND — KMS cannot find the CloudHSM cluster with the + // specified cluster ID. + // + // * INSUFFICIENT_CLOUDHSM_HSMS — The associated CloudHSM cluster does + // not contain any active HSMs. To connect a custom key store to its CloudHSM + // cluster, the cluster must contain at least one active HSM. // - // * SUBNET_NOT_FOUND - A subnet in the CloudHSM cluster configuration was - // deleted. If KMS cannot find all of the subnets in the cluster configuration, + // * INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET — At least one private subnet + // associated with the CloudHSM cluster doesn't have any available IP addresses. + // A CloudHSM key store connection requires one free IP address in each of + // the associated private subnets, although two are preferable. For details, + // see How to Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in the Key Management Service Developer Guide. + // + // * INVALID_CREDENTIALS — The KeyStorePassword for the custom key store + // doesn't match the current password of the kmsuser crypto user in the CloudHSM + // cluster. Before you can connect your custom key store to its CloudHSM + // cluster, you must change the kmsuser account password and update the KeyStorePassword + // value for the custom key store. + // + // * SUBNET_NOT_FOUND — A subnet in the CloudHSM cluster configuration + // was deleted. If KMS cannot find all of the subnets in the cluster configuration, // attempts to connect the custom key store to the CloudHSM cluster fail. // To fix this error, create a cluster from a recent backup and associate // it with your custom key store. (This process creates a new cluster configuration @@ -10104,13 +11011,13 @@ type CustomKeyStoresListEntry struct { // Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) // in the Key Management Service Developer Guide. // - // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated + // * USER_LOCKED_OUT — The kmsuser CU account is locked out of the associated // CloudHSM cluster due to too many failed password attempts. Before you // can connect your custom key store to its CloudHSM cluster, you must change // the kmsuser account password and update the key store password value for // the custom key store. // - // * USER_LOGGED_IN - The kmsuser CU account is logged into the the associated + // * USER_LOGGED_IN — The kmsuser CU account is logged into the associated // CloudHSM cluster. This prevents KMS from rotating the kmsuser account // password and logging into the cluster. Before you can connect your custom // key store to its CloudHSM cluster, you must log the kmsuser CU out of @@ -10119,27 +11026,94 @@ type CustomKeyStoresListEntry struct { // store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2) // in the Key Management Service Developer Guide. // - // * USER_NOT_FOUND - KMS cannot find a kmsuser CU account in the associated + // * USER_NOT_FOUND — KMS cannot find a kmsuser CU account in the associated // CloudHSM cluster. Before you can connect your custom key store to its // CloudHSM cluster, you must create a kmsuser CU account in the cluster, // and then update the key store password value for the custom key store. + // + // External key stores: + // + // * INVALID_CREDENTIALS — One or both of the XksProxyAuthenticationCredential + // values is not valid on the specified external key store proxy. + // + // * XKS_PROXY_ACCESS_DENIED — KMS requests are denied access to the external + // key store proxy. If the external key store proxy has authorization rules, + // verify that they permit KMS to communicate with the proxy on your behalf. + // + // * XKS_PROXY_INVALID_CONFIGURATION — A configuration error is preventing + // the external key store from connecting to its proxy. Verify the value + // of the XksProxyUriPath. + // + // * XKS_PROXY_INVALID_RESPONSE — KMS cannot interpret the response from + // the external key store proxy. If you see this connection error code repeatedly, + // notify your external key store proxy vendor. + // + // * XKS_PROXY_INVALID_TLS_CONFIGURATION — KMS cannot connect to the external + // key store proxy because the TLS configuration is invalid. Verify that + // the XKS proxy supports TLS 1.2 or 1.3. Also, verify that the TLS certificate + // is not expired, and that it matches the hostname in the XksProxyUriEndpoint + // value, and that it is signed by a certificate authority included in the + // Trusted Certificate Authorities (https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities) + // list. + // + // * XKS_PROXY_NOT_REACHABLE — KMS can't communicate with your external + // key store proxy. Verify that the XksProxyUriEndpoint and XksProxyUriPath + // are correct. Use the tools for your external key store proxy to verify + // that the proxy is active and available on its network. Also, verify that + // your external key manager instances are operating properly. Connection + // attempts fail with this connection error code if the proxy reports that + // all external key manager instances are unavailable. + // + // * XKS_PROXY_TIMED_OUT — KMS can connect to the external key store proxy, + // but the proxy does not respond to KMS in the time allotted. If you see + // this connection error code repeatedly, notify your external key store + // proxy vendor. + // + // * XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION — The Amazon VPC endpoint + // service configuration doesn't conform to the requirements for an KMS external + // key store. The VPC endpoint service must be an endpoint service for interface + // endpoints in the caller's Amazon Web Services account. It must have a + // network load balancer (NLB) connected to at least two subnets, each in + // a different Availability Zone. The Allow principals list must include + // the KMS service principal for the Region, cks.kms..amazonaws.com, + // such as cks.kms.us-east-1.amazonaws.com. It must not require acceptance + // (https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html) + // of connection requests. It must have a private DNS name. The private DNS + // name for an external key store with VPC_ENDPOINT_SERVICE connectivity + // must be unique in its Amazon Web Services Region. The domain of the private + // DNS name must have a verification status (https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html) + // of verified. The TLS certificate (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html) + // specifies the private DNS hostname at which the endpoint is reachable. + // + // * XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND — KMS can't find the VPC endpoint + // service that it uses to communicate with the external key store proxy. + // Verify that the XksProxyVpcEndpointServiceName is correct and the KMS + // service principal has service consumer permissions on the Amazon VPC endpoint + // service. ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` - // Indicates whether the custom key store is connected to its CloudHSM cluster. + // Indicates whether the custom key store is connected to its backing key store. + // For an CloudHSM key store, the ConnectionState indicates whether it is connected + // to its CloudHSM cluster. For an external key store, the ConnectionState indicates + // whether it is connected to the external key store proxy that communicates + // with your external key manager. // - // You can create and use KMS keys in your custom key stores only when its connection - // state is CONNECTED. + // You can create and use KMS keys in your custom key stores only when its ConnectionState + // is CONNECTED. // - // The value is DISCONNECTED if the key store has never been connected or you - // use the DisconnectCustomKeyStore operation to disconnect it. If the value - // is CONNECTED but you are having trouble using the custom key store, make - // sure that its associated CloudHSM cluster is active and contains at least - // one active HSM. + // The ConnectionState value is DISCONNECTED only if the key store has never + // been connected or you use the DisconnectCustomKeyStore operation to disconnect + // it. If the value is CONNECTED but you are having trouble using the custom + // key store, make sure that the backing key store is reachable and active. + // For an CloudHSM key store, verify that its associated CloudHSM cluster is + // active and contains at least one active HSM. For an external key store, verify + // that the external key store proxy and external key manager are connected + // and enabled. // // A value of FAILED indicates that an attempt to connect was unsuccessful. // The ConnectionErrorCode field in the response indicates the cause of the - // failure. For help resolving a connection failure, see Troubleshooting a Custom - // Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) + // failure. For help resolving a connection failure, see Troubleshooting a custom + // key store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the Key Management Service Developer Guide. ConnectionState *string `type:"string" enum:"ConnectionStateType"` @@ -10152,10 +11126,26 @@ type CustomKeyStoresListEntry struct { // The user-specified friendly name for the custom key store. CustomKeyStoreName *string `min:"1" type:"string"` - // The trust anchor certificate of the associated CloudHSM cluster. When you - // initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // Indicates the type of the custom key store. AWS_CLOUDHSM indicates a custom + // key store backed by an CloudHSM cluster. EXTERNAL_KEY_STORE indicates a custom + // key store backed by an external key store proxy and external key manager + // outside of Amazon Web Services. + CustomKeyStoreType *string `type:"string" enum:"CustomKeyStoreType"` + + // The trust anchor certificate of the CloudHSM cluster associated with an CloudHSM + // key store. When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create this certificate and save it in the customerCA.crt file. + // + // This field appears only when the CustomKeyStoreType is AWS_CLOUDHSM. TrustAnchorCertificate *string `min:"1" type:"string"` + + // Configuration settings for the external key store proxy (XKS proxy). The + // external key store proxy translates KMS requests into a format that your + // external key manager can understand. The proxy configuration includes connection + // information that KMS requires. + // + // This field appears only when the CustomKeyStoreType is EXTERNAL_KEY_STORE. + XksProxyConfiguration *XksProxyConfigurationType `type:"structure"` } // String returns the string representation. @@ -10212,12 +11202,24 @@ func (s *CustomKeyStoresListEntry) SetCustomKeyStoreName(v string) *CustomKeySto return s } +// SetCustomKeyStoreType sets the CustomKeyStoreType field's value. +func (s *CustomKeyStoresListEntry) SetCustomKeyStoreType(v string) *CustomKeyStoresListEntry { + s.CustomKeyStoreType = &v + return s +} + // SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value. func (s *CustomKeyStoresListEntry) SetTrustAnchorCertificate(v string) *CustomKeyStoresListEntry { s.TrustAnchorCertificate = &v return s } +// SetXksProxyConfiguration sets the XksProxyConfiguration field's value. +func (s *CustomKeyStoresListEntry) SetXksProxyConfiguration(v *XksProxyConfigurationType) *CustomKeyStoresListEntry { + s.XksProxyConfiguration = v + return s +} + type DecryptInput struct { _ struct{} `type:"structure"` @@ -10643,8 +11645,8 @@ func (s DeleteImportedKeyMaterialOutput) GoString() string { return s.String() } -// The system timed out while trying to fulfill the request. The request can -// be retried. +// The system timed out while trying to fulfill the request. You can retry the +// request. type DependencyTimeoutException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -10716,8 +11718,8 @@ type DescribeCustomKeyStoresInput struct { // // By default, this operation gets information about all custom key stores in // the account and Region. To limit the output to a particular custom key store, - // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, - // but not both. + // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but + // not both. CustomKeyStoreId *string `min:"1" type:"string"` // Gets only information about the specified custom key store. Enter the friendly @@ -10725,8 +11727,8 @@ type DescribeCustomKeyStoresInput struct { // // By default, this operation gets information about all custom key stores in // the account and Region. To limit the output to a particular custom key store, - // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, - // but not both. + // provide either the CustomKeyStoreId or CustomKeyStoreName parameter, but + // not both. CustomKeyStoreName *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When @@ -11361,13 +12363,13 @@ func (s EnableKeyOutput) GoString() string { type EnableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric encryption KMS key. You cannot enable or disable automatic - // rotation of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), + // Identifies a symmetric encryption KMS key. You cannot enable automatic rotation + // of asymmetric KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html), // HMAC KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html), // KMS keys with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or KMS keys in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). - // The key rotation status of these KMS keys is always false. To enable or disable - // automatic rotation of a set of related multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), + // To enable or disable automatic rotation of a set of related multi-Region + // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate), // set the property on the primary key. // // Specify the key ID or key ARN of the KMS key. @@ -11455,6 +12457,8 @@ type EncryptInput struct { // This parameter is required only for asymmetric KMS keys. The default value, // SYMMETRIC_DEFAULT, is the algorithm used for symmetric encryption KMS keys. // If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256. + // + // The SM2PKE algorithm is only available in China Regions. EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` // Specifies the encryption context that will be used to encrypt the data. An @@ -11963,8 +12967,7 @@ type GenerateDataKeyPairInput struct { // encrypt and decrypt or to sign and verify (but not both), and the rule that // permits you to use ECC KMS keys only to sign and verify, are not effective // on data key pairs, which are used outside of KMS. The SM2 key spec is only - // available in China Regions. RSA and ECC asymmetric key pairs are also available - // in China Regions. + // available in China Regions. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` @@ -12169,8 +13172,7 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // encrypt and decrypt or to sign and verify (but not both), and the rule that // permits you to use ECC KMS keys only to sign and verify, are not effective // on data key pairs, which are used outside of KMS. The SM2 key spec is only - // available in China Regions. RSA and ECC asymmetric key pairs are also available - // in China Regions. + // available in China Regions. // // KeyPairSpec is a required field KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` @@ -12592,8 +13594,10 @@ type GenerateMacOutput struct { // The HMAC KMS key used in the operation. KeyId *string `min:"1" type:"string"` - // The hash-based message authentication code (HMAC) for the given message, - // key, and MAC algorithm. + // The hash-based message authentication code (HMAC) that was generated for + // the specified message, HMAC KMS key, and MAC algorithm. + // + // This is the standard, raw HMAC defined in RFC 2104 (https://datatracker.ietf.org/doc/html/rfc2104). // Mac is automatically base64 encoded/decoded by the SDK. Mac []byte `min:"1" type:"blob"` @@ -12641,8 +13645,11 @@ type GenerateRandomInput struct { _ struct{} `type:"structure"` // Generates the random byte string in the CloudHSM cluster that is associated - // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). - // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. + // with the specified CloudHSM key store. To find the ID of a custom key store, + // use the DescribeCustomKeyStores operation. + // + // External key store IDs are not valid for this parameter. If you specify the + // ID of an external key store, GenerateRandom throws an UnsupportedOperationException. CustomKeyStoreId *string `min:"1" type:"string"` // The length of the random byte string. This parameter is required. @@ -13183,7 +14190,7 @@ type GetPublicKeyOutput struct { // // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend // that you use the KeySpec field in your code. However, to avoid breaking changes, - // KMS will support both fields. + // KMS supports both fields. // // Deprecated: This field has been deprecated. Instead, use the KeySpec field. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` @@ -13293,10 +14300,10 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp // // KMS applies the grant constraints only to cryptographic operations that support // an encryption context, that is, all cryptographic operations with a symmetric -// encryption KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). +// KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). // Grant constraints are not applied to operations that do not support an encryption -// context, such as cryptographic operations with HMAC KMS keys or asymmetric -// KMS keys, and management operations, such as DescribeKey or RetireGrant. +// context, such as cryptographic operations with asymmetric KMS keys and management +// operations, such as DescribeKey or RetireGrant. // // In a cryptographic operation, the encryption context in the decryption operation // must be an exact, case-sensitive match for the keys and values in the encryption @@ -13481,9 +14488,15 @@ type ImportKeyMaterialInput struct { // EncryptedKeyMaterial is a required field EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` - // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES, - // in which case you must include the ValidTo parameter. When this parameter - // is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. + // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. + // + // When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify + // a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, + // you must omit the ValidTo parameter. + // + // You cannot change the ExpirationModel or ValidTo values for the current import + // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) + // and reimport the key material. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` // The import token that you received in the response to a previous GetParametersForImport @@ -13514,10 +14527,20 @@ type ImportKeyMaterialInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The time at which the imported key material expires. When the key material - // expires, KMS deletes the key material and the KMS key becomes unusable. You - // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. - // Otherwise it is required. + // The date and time when the imported key material expires. This parameter + // is required when the value of the ExpirationModel parameter is KEY_MATERIAL_EXPIRES. + // Otherwise it is not valid. + // + // The value of this parameter must be a future date and time. The maximum value + // is 365 days from the request date. + // + // When the key material expires, KMS deletes the key material from the KMS + // key. Without its key material, the KMS key is unusable. To use the KMS key + // in cryptographic operations, you must reimport the same key material. + // + // You cannot change the ExpirationModel or ValidTo values for the current import + // after the request completes. To change either value, you must delete (DeleteImportedKeyMaterial) + // and reimport the key material. ValidTo *time.Time `type:"timestamp"` } @@ -13752,9 +14775,10 @@ func (s *IncorrectKeyMaterialException) RequestID() string { } // The request was rejected because the trust anchor certificate in the request -// is not the trust anchor certificate for the specified CloudHSM cluster. +// to create an CloudHSM key store is not the trust anchor certificate for the +// specified CloudHSM cluster. // -// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. type IncorrectTrustAnchorException struct { @@ -14423,9 +15447,17 @@ func (s *InvalidMarkerException) RequestID() string { // The request was rejected because the state of the specified resource is not // valid for this request. // -// For more information about how key state affects the use of a KMS key, see -// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the Key Management Service Developer Guide . +// This exceptions means one of the following: +// +// - The key state of the KMS key is not compatible with the operation. To +// find the key state, use the DescribeKey operation. For more information +// about which key states are compatible with each KMS operation, see Key +// states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the Key Management Service Developer Guide . +// +// - For cryptographic operations on KMS keys in custom key stores, this +// exception represents a general failure with many possible causes. To identify +// the cause, see the error message that accompanies the exception. type InvalidStateException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -14664,8 +15696,8 @@ func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry { // Contains metadata about a KMS key. // -// This data type is used as a response element for the CreateKey and DescribeKey -// operations. +// This data type is used as a response element for the CreateKey, DescribeKey, +// and ReplicateKey operations. type KeyMetadata struct { _ struct{} `type:"structure"` @@ -14679,16 +15711,17 @@ type KeyMetadata struct { Arn *string `min:"20" type:"string"` // The cluster ID of the CloudHSM cluster that contains the key material for - // the KMS key. When you create a KMS key in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), + // the KMS key. When you create a KMS key in an CloudHSM custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // KMS creates the key material for the KMS key in the associated CloudHSM cluster. - // This value is present only when the KMS key is created in a custom key store. + // This field is present only when the KMS key is created in an CloudHSM key + // store. CloudHsmClusterId *string `min:"19" type:"string"` // The date and time when the KMS key was created. CreationDate *time.Time `type:"timestamp"` // A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // that contains the KMS key. This value is present only when the KMS key is + // that contains the KMS key. This field is present only when the KMS key is // created in a custom key store. CustomKeyStoreId *string `min:"1" type:"string"` @@ -14696,7 +15729,7 @@ type KeyMetadata struct { // // The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend // that you use the KeySpec field in your code. However, to avoid breaking changes, - // KMS will support both fields. + // KMS supports both fields. // // Deprecated: This field has been deprecated. Instead, use the KeySpec field. CustomerMasterKeySpec *string `deprecated:"true" type:"string" enum:"CustomerMasterKeySpec"` @@ -14814,6 +15847,13 @@ type KeyMetadata struct { // value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. ValidTo *time.Time `type:"timestamp"` + + // Information about the external key that is associated with a KMS key in an + // external key store. + // + // For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) + // in the Key Management Service Developer Guide. + XksKeyConfiguration *XksKeyConfigurationType `type:"structure"` } // String returns the string representation. @@ -14972,6 +16012,12 @@ func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { return s } +// SetXksKeyConfiguration sets the XksKeyConfiguration field's value. +func (s *KeyMetadata) SetXksKeyConfiguration(v *XksKeyConfigurationType) *KeyMetadata { + s.XksKeyConfiguration = v + return s +} + // The request was rejected because the specified KMS key was not available. // You can retry the request. type KeyUnavailableException struct { @@ -15781,7 +16827,7 @@ type ListResourceTagsOutput struct { // A list of tags. Each tag consists of a tag key and a tag value. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. - // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. Tags []*Tag `type:"list"` @@ -16208,7 +17254,7 @@ type PutKeyPolicyInput struct { // characters // // For information about key policies, see Key policies in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) - // in the Key Management Service Developer Guide. For help writing and formatting + // in the Key Management Service Developer Guide.For help writing and formatting // a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) // in the Identity and Access Management User Guide . // @@ -16720,7 +17766,7 @@ type ReplicateKeyInput struct { // operation. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. - // For details, see ABAC in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) @@ -17863,8 +18909,8 @@ type UpdateAliasInput struct { // // The KMS key must be in the same Amazon Web Services account and Region as // the alias. Also, the new target KMS key must be the same type as the current - // target KMS key (both symmetric or both asymmetric) and they must have the - // same key usage. + // target KMS key (both symmetric or both asymmetric or both HMAC) and they + // must have the same key usage. // // Specify the key ID or key ARN of the KMS key. // @@ -17959,7 +19005,8 @@ func (s UpdateAliasOutput) GoString() string { type UpdateCustomKeyStoreInput struct { _ struct{} `type:"structure"` - // Associates the custom key store with a related CloudHSM cluster. + // Associates the custom key store with a related CloudHSM cluster. This parameter + // is valid only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. // // Enter the cluster ID of the cluster that you used to create the custom key // store or a cluster that shares a backup history and has the same cluster @@ -17969,6 +19016,8 @@ type UpdateCustomKeyStoreInput struct { // for a cluster associated with a custom key store. To view the cluster certificate // of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. + // + // To change this value, the CloudHSM key store must be disconnected. CloudHsmClusterId *string `min:"19" type:"string"` // Identifies the custom key store that you want to update. Enter the ID of @@ -17979,12 +19028,15 @@ type UpdateCustomKeyStoreInput struct { CustomKeyStoreId *string `min:"1" type:"string" required:"true"` // Enter the current password of the kmsuser crypto user (CU) in the CloudHSM - // cluster that is associated with the custom key store. + // cluster that is associated with the custom key store. This parameter is valid + // only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. // // This parameter tells KMS the current password of the kmsuser crypto user // (CU). It does not set or change the password of any users in the CloudHSM // cluster. // + // To change this value, the CloudHSM key store must be disconnected. + // // KeyStorePassword is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateCustomKeyStoreInput's // String and GoString methods. @@ -17992,7 +19044,82 @@ type UpdateCustomKeyStoreInput struct { // Changes the friendly name of the custom key store to the value that you specify. // The custom key store name must be unique in the Amazon Web Services account. + // + // To change this value, an CloudHSM key store must be disconnected. An external + // key store can be connected or disconnected. NewCustomKeyStoreName *string `min:"1" type:"string"` + + // Changes the credentials that KMS uses to sign requests to the external key + // store proxy (XKS proxy). This parameter is valid only for custom key stores + // with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // You must specify both the AccessKeyId and SecretAccessKey value in the authentication + // credential, even if you are only updating one value. + // + // This parameter doesn't establish or change your authentication credentials + // on the proxy. It just tells KMS the credential that you established with + // your external key store proxy. For example, if you rotate the credential + // on your external key store proxy, you can use this parameter to update the + // credential in KMS. + // + // You can change this value when the external key store is connected or disconnected. + XksProxyAuthenticationCredential *XksProxyAuthenticationCredentialType `type:"structure"` + + // Changes the connectivity setting for the external key store. To indicate + // that the external key store proxy uses a Amazon VPC endpoint service to communicate + // with KMS, specify VPC_ENDPOINT_SERVICE. Otherwise, specify PUBLIC_ENDPOINT. + // + // If you change the XksProxyConnectivity to VPC_ENDPOINT_SERVICE, you must + // also change the XksProxyUriEndpoint and add an XksProxyVpcEndpointServiceName + // value. + // + // If you change the XksProxyConnectivity to PUBLIC_ENDPOINT, you must also + // change the XksProxyUriEndpoint and specify a null or empty string for the + // XksProxyVpcEndpointServiceName value. + // + // To change this value, the external key store must be disconnected. + XksProxyConnectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // Changes the URI endpoint that KMS uses to connect to your external key store + // proxy (XKS proxy). This parameter is valid only for custom key stores with + // a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // For external key stores with an XksProxyConnectivity value of PUBLIC_ENDPOINT, + // the protocol must be HTTPS. + // + // For external key stores with an XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, + // specify https:// followed by the private DNS name associated with the VPC + // endpoint service. Each external key store must use a different private DNS + // name. + // + // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique + // in the Amazon Web Services account and Region. + // + // To change this value, the external key store must be disconnected. + XksProxyUriEndpoint *string `min:"10" type:"string"` + + // Changes the base path to the proxy APIs for this external key store. To find + // this value, see the documentation for your external key manager and external + // key store proxy (XKS proxy). This parameter is valid only for custom key + // stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. + // + // The value must start with / and must end with /kms/xks/v1, where v1 represents + // the version of the KMS external key store proxy API. You can include an optional + // prefix between the required elements such as /example/kms/xks/v1. + // + // The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique + // in the Amazon Web Services account and Region. + // + // You can change this value when the external key store is connected or disconnected. + XksProxyUriPath *string `min:"10" type:"string"` + + // Changes the name that KMS uses to identify the Amazon VPC endpoint service + // for your external key store proxy (XKS proxy). This parameter is valid when + // the CustomKeyStoreType is EXTERNAL_KEY_STORE and the XksProxyConnectivity + // is VPC_ENDPOINT_SERVICE. + // + // To change this value, the external key store must be disconnected. + XksProxyVpcEndpointServiceName *string `min:"20" type:"string"` } // String returns the string representation. @@ -18031,6 +19158,20 @@ func (s *UpdateCustomKeyStoreInput) Validate() error { if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 { invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1)) } + if s.XksProxyUriEndpoint != nil && len(*s.XksProxyUriEndpoint) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriEndpoint", 10)) + } + if s.XksProxyUriPath != nil && len(*s.XksProxyUriPath) < 10 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyUriPath", 10)) + } + if s.XksProxyVpcEndpointServiceName != nil && len(*s.XksProxyVpcEndpointServiceName) < 20 { + invalidParams.Add(request.NewErrParamMinLen("XksProxyVpcEndpointServiceName", 20)) + } + if s.XksProxyAuthenticationCredential != nil { + if err := s.XksProxyAuthenticationCredential.Validate(); err != nil { + invalidParams.AddNested("XksProxyAuthenticationCredential", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -18062,6 +19203,36 @@ func (s *UpdateCustomKeyStoreInput) SetNewCustomKeyStoreName(v string) *UpdateCu return s } +// SetXksProxyAuthenticationCredential sets the XksProxyAuthenticationCredential field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyAuthenticationCredential(v *XksProxyAuthenticationCredentialType) *UpdateCustomKeyStoreInput { + s.XksProxyAuthenticationCredential = v + return s +} + +// SetXksProxyConnectivity sets the XksProxyConnectivity field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyConnectivity(v string) *UpdateCustomKeyStoreInput { + s.XksProxyConnectivity = &v + return s +} + +// SetXksProxyUriEndpoint sets the XksProxyUriEndpoint field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyUriEndpoint(v string) *UpdateCustomKeyStoreInput { + s.XksProxyUriEndpoint = &v + return s +} + +// SetXksProxyUriPath sets the XksProxyUriPath field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyUriPath(v string) *UpdateCustomKeyStoreInput { + s.XksProxyUriPath = &v + return s +} + +// SetXksProxyVpcEndpointServiceName sets the XksProxyVpcEndpointServiceName field's value. +func (s *UpdateCustomKeyStoreInput) SetXksProxyVpcEndpointServiceName(v string) *UpdateCustomKeyStoreInput { + s.XksProxyVpcEndpointServiceName = &v + return s +} + type UpdateCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } @@ -18683,77 +19854,1131 @@ func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput { return s } -const ( - // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value - AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" +// The request was rejected because the (XksKeyId) is already associated with +// a KMS key in this external key store. Each KMS key in an external key store +// must be associated with a different external key. +type XksKeyAlreadyInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value - AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" + Message_ *string `locationName:"message" type:"string"` +} - // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value - AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" -) +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyAlreadyInUseException) String() string { + return awsutil.Prettify(s) +} -// AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum -func AlgorithmSpec_Values() []string { - return []string{ - AlgorithmSpecRsaesPkcs1V15, - AlgorithmSpecRsaesOaepSha1, - AlgorithmSpecRsaesOaepSha256, +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyAlreadyInUseException) GoString() string { + return s.String() +} + +func newErrorXksKeyAlreadyInUseException(v protocol.ResponseMetadata) error { + return &XksKeyAlreadyInUseException{ + RespMetadata: v, } } -const ( - // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS" +// Code returns the exception type name. +func (s *XksKeyAlreadyInUseException) Code() string { + return "XksKeyAlreadyInUseException" +} - // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND" +// Message returns the exception's message. +func (s *XksKeyAlreadyInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} - // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS" +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyAlreadyInUseException) OrigErr() error { + return nil +} - // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR" +func (s *XksKeyAlreadyInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} - // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS" +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyAlreadyInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} - // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT" +// RequestID returns the service's response RequestID for request. +func (s *XksKeyAlreadyInUseException) RequestID() string { + return s.RespMetadata.RequestID +} - // ConnectionErrorCodeTypeUserNotFound is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeUserNotFound = "USER_NOT_FOUND" +// Information about the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)that +// is associated with a KMS key in an external key store. +// +// These fields appear in a CreateKey or DescribeKey response only for a KMS +// key in an external key store. +// +// The external key is a symmetric encryption key that is hosted by an external +// key manager outside of Amazon Web Services. When you use the KMS key in an +// external key store in a cryptographic operation, the cryptographic operation +// is performed in the external key manager using the specified external key. +// For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) +// in the Key Management Service Developer Guide. +type XksKeyConfigurationType struct { + _ struct{} `type:"structure"` - // ConnectionErrorCodeTypeUserLoggedIn is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeUserLoggedIn = "USER_LOGGED_IN" + // The ID of the external key in its external key manager. This is the ID that + // the external key store proxy uses to identify the external key. + Id *string `min:"1" type:"string"` +} - // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND" +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyConfigurationType) String() string { + return awsutil.Prettify(s) +} - // ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet is a ConnectionErrorCodeType enum value - ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET" -) +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyConfigurationType) GoString() string { + return s.String() +} -// ConnectionErrorCodeType_Values returns all elements of the ConnectionErrorCodeType enum -func ConnectionErrorCodeType_Values() []string { - return []string{ - ConnectionErrorCodeTypeInvalidCredentials, - ConnectionErrorCodeTypeClusterNotFound, - ConnectionErrorCodeTypeNetworkErrors, - ConnectionErrorCodeTypeInternalError, - ConnectionErrorCodeTypeInsufficientCloudhsmHsms, - ConnectionErrorCodeTypeUserLockedOut, - ConnectionErrorCodeTypeUserNotFound, - ConnectionErrorCodeTypeUserLoggedIn, - ConnectionErrorCodeTypeSubnetNotFound, - ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet, - } +// SetId sets the Id field's value. +func (s *XksKeyConfigurationType) SetId(v string) *XksKeyConfigurationType { + s.Id = &v + return s } -const ( - // ConnectionStateTypeConnected is a ConnectionStateType enum value - ConnectionStateTypeConnected = "CONNECTED" +// The request was rejected because the external key specified by the XksKeyId +// parameter did not meet the configuration requirements for an external key +// store. +// +// The external key must be an AES-256 symmetric key that is enabled and performs +// encryption and decryption. +type XksKeyInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksKeyInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksKeyInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksKeyInvalidConfigurationException) Code() string { + return "XksKeyInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksKeyInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksKeyInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksKeyInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the external key store proxy could not find +// the external key. This exception is thrown when the value of the XksKeyId +// parameter doesn't identify a key in the external key manager associated with +// the external key proxy. +// +// Verify that the XksKeyId represents an existing key in the external key manager. +// Use the key identifier that the external key store proxy uses to identify +// the key. For details, see the documentation provided with your external key +// store proxy or key manager. +type XksKeyNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksKeyNotFoundException) GoString() string { + return s.String() +} + +func newErrorXksKeyNotFoundException(v protocol.ResponseMetadata) error { + return &XksKeyNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksKeyNotFoundException) Code() string { + return "XksKeyNotFoundException" +} + +// Message returns the exception's message. +func (s *XksKeyNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksKeyNotFoundException) OrigErr() error { + return nil +} + +func (s *XksKeyNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksKeyNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksKeyNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS uses the authentication credential to sign requests that it sends to +// the external key store proxy (XKS proxy) on your behalf. You establish these +// credentials on your external key store proxy and report them to KMS. +// +// The XksProxyAuthenticationCredential includes two required elements. +type XksProxyAuthenticationCredentialType struct { + _ struct{} `type:"structure"` + + // A unique identifier for the raw secret access key. + // + // AccessKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's + // String and GoString methods. + // + // AccessKeyId is a required field + AccessKeyId *string `min:"20" type:"string" required:"true" sensitive:"true"` + + // A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9, + // /, +, and =. + // + // RawSecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyAuthenticationCredentialType's + // String and GoString methods. + // + // RawSecretAccessKey is a required field + RawSecretAccessKey *string `min:"43" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyAuthenticationCredentialType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyAuthenticationCredentialType) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *XksProxyAuthenticationCredentialType) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "XksProxyAuthenticationCredentialType"} + if s.AccessKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("AccessKeyId")) + } + if s.AccessKeyId != nil && len(*s.AccessKeyId) < 20 { + invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 20)) + } + if s.RawSecretAccessKey == nil { + invalidParams.Add(request.NewErrParamRequired("RawSecretAccessKey")) + } + if s.RawSecretAccessKey != nil && len(*s.RawSecretAccessKey) < 43 { + invalidParams.Add(request.NewErrParamMinLen("RawSecretAccessKey", 43)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *XksProxyAuthenticationCredentialType) SetAccessKeyId(v string) *XksProxyAuthenticationCredentialType { + s.AccessKeyId = &v + return s +} + +// SetRawSecretAccessKey sets the RawSecretAccessKey field's value. +func (s *XksProxyAuthenticationCredentialType) SetRawSecretAccessKey(v string) *XksProxyAuthenticationCredentialType { + s.RawSecretAccessKey = &v + return s +} + +// Detailed information about the external key store proxy (XKS proxy). Your +// external key store proxy translates KMS requests into a format that your +// external key manager can understand. These fields appear in a DescribeCustomKeyStores +// response only when the CustomKeyStoreType is EXTERNAL_KEY_STORE. +type XksProxyConfigurationType struct { + _ struct{} `type:"structure"` + + // The part of the external key store proxy authentication credential (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential) + // that uniquely identifies the secret access key. + // + // AccessKeyId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by XksProxyConfigurationType's + // String and GoString methods. + AccessKeyId *string `min:"20" type:"string" sensitive:"true"` + + // Indicates whether the external key store proxy uses a public endpoint or + // an Amazon VPC endpoint service to communicate with KMS. + Connectivity *string `type:"string" enum:"XksProxyConnectivityType"` + + // The URI endpoint for the external key store proxy. + // + // If the external key store proxy has a public endpoint, it is displayed here. + // + // If the external key store proxy uses an Amazon VPC endpoint service name, + // this field displays the private DNS name associated with the VPC endpoint + // service. + UriEndpoint *string `min:"10" type:"string"` + + // The path to the external key store proxy APIs. + UriPath *string `min:"10" type:"string"` + + // The Amazon VPC endpoint service used to communicate with the external key + // store proxy. This field appears only when the external key store proxy uses + // an Amazon VPC endpoint service to communicate with KMS. + VpcEndpointServiceName *string `min:"20" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyConfigurationType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyConfigurationType) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *XksProxyConfigurationType) SetAccessKeyId(v string) *XksProxyConfigurationType { + s.AccessKeyId = &v + return s +} + +// SetConnectivity sets the Connectivity field's value. +func (s *XksProxyConfigurationType) SetConnectivity(v string) *XksProxyConfigurationType { + s.Connectivity = &v + return s +} + +// SetUriEndpoint sets the UriEndpoint field's value. +func (s *XksProxyConfigurationType) SetUriEndpoint(v string) *XksProxyConfigurationType { + s.UriEndpoint = &v + return s +} + +// SetUriPath sets the UriPath field's value. +func (s *XksProxyConfigurationType) SetUriPath(v string) *XksProxyConfigurationType { + s.UriPath = &v + return s +} + +// SetVpcEndpointServiceName sets the VpcEndpointServiceName field's value. +func (s *XksProxyConfigurationType) SetVpcEndpointServiceName(v string) *XksProxyConfigurationType { + s.VpcEndpointServiceName = &v + return s +} + +// The request was rejected because the proxy credentials failed to authenticate +// to the specified external key store proxy. The specified external key store +// proxy rejected a status request from KMS due to invalid credentials. This +// can indicate an error in the credentials or in the identification of the +// external key store proxy. +type XksProxyIncorrectAuthenticationCredentialException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyIncorrectAuthenticationCredentialException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyIncorrectAuthenticationCredentialException) GoString() string { + return s.String() +} + +func newErrorXksProxyIncorrectAuthenticationCredentialException(v protocol.ResponseMetadata) error { + return &XksProxyIncorrectAuthenticationCredentialException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyIncorrectAuthenticationCredentialException) Code() string { + return "XksProxyIncorrectAuthenticationCredentialException" +} + +// Message returns the exception's message. +func (s *XksProxyIncorrectAuthenticationCredentialException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyIncorrectAuthenticationCredentialException) OrigErr() error { + return nil +} + +func (s *XksProxyIncorrectAuthenticationCredentialException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyIncorrectAuthenticationCredentialException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyIncorrectAuthenticationCredentialException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message. +type XksProxyInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksProxyInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksProxyInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyInvalidConfigurationException) Code() string { + return "XksProxyInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksProxyInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksProxyInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS cannot interpret the response it received from the external key store +// proxy. The problem might be a poorly constructed response, but it could also +// be a transient network issue. If you see this error repeatedly, report it +// to the proxy vendor. +type XksProxyInvalidResponseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidResponseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyInvalidResponseException) GoString() string { + return s.String() +} + +func newErrorXksProxyInvalidResponseException(v protocol.ResponseMetadata) error { + return &XksProxyInvalidResponseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyInvalidResponseException) Code() string { + return "XksProxyInvalidResponseException" +} + +// Message returns the exception's message. +func (s *XksProxyInvalidResponseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyInvalidResponseException) OrigErr() error { + return nil +} + +func (s *XksProxyInvalidResponseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyInvalidResponseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyInvalidResponseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an account and Region must +// use a unique external key store proxy address. +type XksProxyUriEndpointInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriEndpointInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriEndpointInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriEndpointInUseException(v protocol.ResponseMetadata) error { + return &XksProxyUriEndpointInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriEndpointInUseException) Code() string { + return "XksProxyUriEndpointInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyUriEndpointInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriEndpointInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyUriEndpointInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriEndpointInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriEndpointInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the concatenation of the XksProxyUriEndpoint +// and XksProxyUriPath is already associated with an external key store in the +// Amazon Web Services account and Region. Each external key store in an account +// and Region must use a unique external key store proxy API address. +type XksProxyUriInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriInUseException(v protocol.ResponseMetadata) error { + return &XksProxyUriInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriInUseException) Code() string { + return "XksProxyUriInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyUriInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyUriInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// KMS was unable to reach the specified XksProxyUriPath. The path must be reachable +// before you create the external key store or update its settings. +// +// This exception is also thrown when the external key store proxy response +// to a GetHealthStatus request indicates that all external key manager instances +// are unavailable. +type XksProxyUriUnreachableException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriUnreachableException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyUriUnreachableException) GoString() string { + return s.String() +} + +func newErrorXksProxyUriUnreachableException(v protocol.ResponseMetadata) error { + return &XksProxyUriUnreachableException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyUriUnreachableException) Code() string { + return "XksProxyUriUnreachableException" +} + +// Message returns the exception's message. +func (s *XksProxyUriUnreachableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyUriUnreachableException) OrigErr() error { + return nil +} + +func (s *XksProxyUriUnreachableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyUriUnreachableException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyUriUnreachableException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the specified Amazon VPC endpoint service +// is already associated with an external key store in the Amazon Web Services +// account and Region. Each external key store in an Amazon Web Services account +// and Region must use a different Amazon VPC endpoint service. +type XksProxyVpcEndpointServiceInUseException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInUseException) GoString() string { + return s.String() +} + +func newErrorXksProxyVpcEndpointServiceInUseException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceInUseException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceInUseException) Code() string { + return "XksProxyVpcEndpointServiceInUseException" +} + +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceInUseException) OrigErr() error { + return nil +} + +func (s *XksProxyVpcEndpointServiceInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceInUseException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceInUseException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because the Amazon VPC endpoint service configuration +// does not fulfill the requirements for an external key store proxy. For details, +// see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) +// for Amazon VPC endpoint service connectivity for an external key store. +type XksProxyVpcEndpointServiceInvalidConfigurationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorXksProxyVpcEndpointServiceInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceInvalidConfigurationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Code() string { + return "XksProxyVpcEndpointServiceInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceInvalidConfigurationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was rejected because KMS could not find the specified VPC endpoint +// service. Use DescribeCustomKeyStores to verify the VPC endpoint service name +// for the external key store. Also, confirm that the Allow principals list +// for the VPC endpoint service includes the KMS service principal for the Region, +// such as cks.kms.us-east-1.amazonaws.com. +type XksProxyVpcEndpointServiceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s XksProxyVpcEndpointServiceNotFoundException) GoString() string { + return s.String() +} + +func newErrorXksProxyVpcEndpointServiceNotFoundException(v protocol.ResponseMetadata) error { + return &XksProxyVpcEndpointServiceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *XksProxyVpcEndpointServiceNotFoundException) Code() string { + return "XksProxyVpcEndpointServiceNotFoundException" +} + +// Message returns the exception's message. +func (s *XksProxyVpcEndpointServiceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *XksProxyVpcEndpointServiceNotFoundException) OrigErr() error { + return nil +} + +func (s *XksProxyVpcEndpointServiceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *XksProxyVpcEndpointServiceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *XksProxyVpcEndpointServiceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +const ( + // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value + AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" + + // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value + AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" + + // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value + AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" +) + +// AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum +func AlgorithmSpec_Values() []string { + return []string{ + AlgorithmSpecRsaesPkcs1V15, + AlgorithmSpecRsaesOaepSha1, + AlgorithmSpecRsaesOaepSha256, + } +} + +const ( + // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS" + + // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND" + + // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS" + + // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR" + + // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS" + + // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT" + + // ConnectionErrorCodeTypeUserNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserNotFound = "USER_NOT_FOUND" + + // ConnectionErrorCodeTypeUserLoggedIn is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserLoggedIn = "USER_LOGGED_IN" + + // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND" + + // ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET" + + // ConnectionErrorCodeTypeXksProxyAccessDenied is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyAccessDenied = "XKS_PROXY_ACCESS_DENIED" + + // ConnectionErrorCodeTypeXksProxyNotReachable is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyNotReachable = "XKS_PROXY_NOT_REACHABLE" + + // ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound = "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND" + + // ConnectionErrorCodeTypeXksProxyInvalidResponse is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidResponse = "XKS_PROXY_INVALID_RESPONSE" + + // ConnectionErrorCodeTypeXksProxyInvalidConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidConfiguration = "XKS_PROXY_INVALID_CONFIGURATION" + + // ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration = "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION" + + // ConnectionErrorCodeTypeXksProxyTimedOut is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyTimedOut = "XKS_PROXY_TIMED_OUT" + + // ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration = "XKS_PROXY_INVALID_TLS_CONFIGURATION" +) + +// ConnectionErrorCodeType_Values returns all elements of the ConnectionErrorCodeType enum +func ConnectionErrorCodeType_Values() []string { + return []string{ + ConnectionErrorCodeTypeInvalidCredentials, + ConnectionErrorCodeTypeClusterNotFound, + ConnectionErrorCodeTypeNetworkErrors, + ConnectionErrorCodeTypeInternalError, + ConnectionErrorCodeTypeInsufficientCloudhsmHsms, + ConnectionErrorCodeTypeUserLockedOut, + ConnectionErrorCodeTypeUserNotFound, + ConnectionErrorCodeTypeUserLoggedIn, + ConnectionErrorCodeTypeSubnetNotFound, + ConnectionErrorCodeTypeInsufficientFreeAddressesInSubnet, + ConnectionErrorCodeTypeXksProxyAccessDenied, + ConnectionErrorCodeTypeXksProxyNotReachable, + ConnectionErrorCodeTypeXksVpcEndpointServiceNotFound, + ConnectionErrorCodeTypeXksProxyInvalidResponse, + ConnectionErrorCodeTypeXksProxyInvalidConfiguration, + ConnectionErrorCodeTypeXksVpcEndpointServiceInvalidConfiguration, + ConnectionErrorCodeTypeXksProxyTimedOut, + ConnectionErrorCodeTypeXksProxyInvalidTlsConfiguration, + } +} + +const ( + // ConnectionStateTypeConnected is a ConnectionStateType enum value + ConnectionStateTypeConnected = "CONNECTED" // ConnectionStateTypeConnecting is a ConnectionStateType enum value ConnectionStateTypeConnecting = "CONNECTING" @@ -18779,6 +21004,22 @@ func ConnectionStateType_Values() []string { } } +const ( + // CustomKeyStoreTypeAwsCloudhsm is a CustomKeyStoreType enum value + CustomKeyStoreTypeAwsCloudhsm = "AWS_CLOUDHSM" + + // CustomKeyStoreTypeExternalKeyStore is a CustomKeyStoreType enum value + CustomKeyStoreTypeExternalKeyStore = "EXTERNAL_KEY_STORE" +) + +// CustomKeyStoreType_Values returns all elements of the CustomKeyStoreType enum +func CustomKeyStoreType_Values() []string { + return []string{ + CustomKeyStoreTypeAwsCloudhsm, + CustomKeyStoreTypeExternalKeyStore, + } +} + const ( // CustomerMasterKeySpecRsa2048 is a CustomerMasterKeySpec enum value CustomerMasterKeySpecRsa2048 = "RSA_2048" @@ -19208,6 +21449,9 @@ const ( // OriginTypeAwsCloudhsm is a OriginType enum value OriginTypeAwsCloudhsm = "AWS_CLOUDHSM" + + // OriginTypeExternalKeyStore is a OriginType enum value + OriginTypeExternalKeyStore = "EXTERNAL_KEY_STORE" ) // OriginType_Values returns all elements of the OriginType enum @@ -19216,6 +21460,7 @@ func OriginType_Values() []string { OriginTypeAwsKms, OriginTypeExternal, OriginTypeAwsCloudhsm, + OriginTypeExternalKeyStore, } } @@ -19278,3 +21523,19 @@ func WrappingKeySpec_Values() []string { WrappingKeySpecRsa2048, } } + +const ( + // XksProxyConnectivityTypePublicEndpoint is a XksProxyConnectivityType enum value + XksProxyConnectivityTypePublicEndpoint = "PUBLIC_ENDPOINT" + + // XksProxyConnectivityTypeVpcEndpointService is a XksProxyConnectivityType enum value + XksProxyConnectivityTypeVpcEndpointService = "VPC_ENDPOINT_SERVICE" +) + +// XksProxyConnectivityType_Values returns all elements of the XksProxyConnectivityType enum +func XksProxyConnectivityType_Values() []string { + return []string{ + XksProxyConnectivityTypePublicEndpoint, + XksProxyConnectivityTypeVpcEndpointService, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go index d926e08e68560..7dc9bd44278dc 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go @@ -8,7 +8,7 @@ // For general information about KMS, see the Key Management Service Developer // Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). // -// KMS is replacing the term customer master key (CMK) with KMS key and KMS +// KMS has replaced the term customer master key (CMK) with KMS key and KMS // key. The concept has not changed. To prevent breaking changes, KMS is keeping // some variations of this term. // @@ -40,7 +40,7 @@ // // Requests must be signed by using an access key ID and a secret access key. // We strongly recommend that you do not use your Amazon Web Services account -// (root) access key ID and secret key for everyday work with KMS. Instead, +// (root) access key ID and secret access key for everyday work with KMS. Instead, // use the access key ID and secret access key for an IAM user. You can also // use the Amazon Web Services Security Token Service to generate temporary // security credentials that you can use to sign requests. diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go index 4f8fc21049027..c897f638993ad 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go @@ -19,12 +19,13 @@ const ( // "CloudHsmClusterInUseException". // // The request was rejected because the specified CloudHSM cluster is already - // associated with a custom key store or it shares a backup history with a cluster - // that is associated with a custom key store. Each custom key store must be - // associated with a different CloudHSM cluster. + // associated with an CloudHSM key store in the account, or it shares a backup + // history with an CloudHSM key store in the account. Each CloudHSM key store + // in the account must be associated with a different CloudHSM cluster. // - // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // CloudHSM clusters that share a backup history have the same cluster certificate. + // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException" @@ -32,29 +33,29 @@ const ( // "CloudHsmClusterInvalidConfigurationException". // // The request was rejected because the associated CloudHSM cluster did not - // meet the configuration requirements for a custom key store. + // meet the configuration requirements for an CloudHSM key store. // - // * The cluster must be configured with private subnets in at least two - // different Availability Zones in the Region. + // * The CloudHSM cluster must be configured with private subnets in at least + // two different Availability Zones in the Region. // // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security - // group ID. These rules are set by default when you create the cluster. - // Do not delete or change them. To get information about a particular security - // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) + // group ID. These rules are set by default when you create the CloudHSM + // cluster. Do not delete or change them. To get information about a particular + // security group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // - // * The cluster must contain at least as many HSMs as the operation requires. - // To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) + // * The CloudHSM cluster must contain at least as many HSMs as the operation + // requires. To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the CloudHSM cluster must have at least two active HSMs, each // in a different Availability Zone. For the ConnectCustomKeyStore operation, // the CloudHSM must contain at least one active HSM. // // For information about the requirements for an CloudHSM cluster that is associated - // with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) + // with an CloudHSM key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the Key Management Service Developer Guide. For information about creating // a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the CloudHSM User Guide. For information about cluster security groups, @@ -65,10 +66,9 @@ const ( // ErrCodeCloudHsmClusterNotActiveException for service response error code // "CloudHsmClusterNotActiveException". // - // The request was rejected because the CloudHSM cluster that is associated - // with the custom key store is not active. Initialize and activate the cluster - // and try the command again. For detailed instructions, see Getting Started - // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) + // The request was rejected because the CloudHSM cluster associated with the + // CloudHSM key store is not active. Initialize and activate the cluster and + // try the command again. For detailed instructions, see Getting Started (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the CloudHSM User Guide. ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException" @@ -84,15 +84,16 @@ const ( // // The request was rejected because the specified CloudHSM cluster has a different // cluster certificate than the original cluster. You cannot use the operation - // to specify an unrelated cluster. + // to specify an unrelated cluster for an CloudHSM key store. // - // Specify a cluster that shares a backup history with the original cluster. - // This includes clusters that were created from a backup of the current cluster, - // and clusters that were created from the same backup that produced the current - // cluster. + // Specify an CloudHSM cluster that shares a backup history with the original + // cluster. This includes clusters that were created from a backup of the current + // cluster, and clusters that were created from the same backup that produced + // the current cluster. // - // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // CloudHSM clusters that share a backup history have the same cluster certificate. + // To view the cluster certificate of an CloudHSM cluster, use the DescribeClusters + // (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException" @@ -114,17 +115,27 @@ const ( // // This exception is thrown under the following conditions: // - // * You requested the CreateKey or GenerateRandom operation in a custom - // key store that is not connected. These operations are valid only when - // the custom key store ConnectionState is CONNECTED. + // * You requested the ConnectCustomKeyStore operation on a custom key store + // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid + // for all other ConnectionState values. To reconnect a custom key store + // in a FAILED state, disconnect it (DisconnectCustomKeyStore), then connect + // it (ConnectCustomKeyStore). + // + // * You requested the CreateKey operation in a custom key store that is + // not connected. This operations is valid only when the custom key store + // ConnectionState is CONNECTED. + // + // * You requested the DisconnectCustomKeyStore operation on a custom key + // store with a ConnectionState of DISCONNECTING or DISCONNECTED. This operation + // is valid for all other ConnectionState values. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // - // * You requested the ConnectCustomKeyStore operation on a custom key store - // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid - // for all other ConnectionState values. + // * You requested the GenerateRandom operation in an CloudHSM key store + // that is not connected. This operation is valid only when the CloudHSM + // key store ConnectionState is CONNECTED. ErrCodeCustomKeyStoreInvalidStateException = "CustomKeyStoreInvalidStateException" // ErrCodeCustomKeyStoreNameInUseException for service response error code @@ -145,8 +156,8 @@ const ( // ErrCodeDependencyTimeoutException for service response error code // "DependencyTimeoutException". // - // The system timed out while trying to fulfill the request. The request can - // be retried. + // The system timed out while trying to fulfill the request. You can retry the + // request. ErrCodeDependencyTimeoutException = "DependencyTimeoutException" // ErrCodeDisabledException for service response error code @@ -183,9 +194,10 @@ const ( // "IncorrectTrustAnchorException". // // The request was rejected because the trust anchor certificate in the request - // is not the trust anchor certificate for the specified CloudHSM cluster. + // to create an CloudHSM key store is not the trust anchor certificate for the + // specified CloudHSM cluster. // - // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // When you initialize the CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException" @@ -274,9 +286,17 @@ const ( // The request was rejected because the state of the specified resource is not // valid for this request. // - // For more information about how key state affects the use of a KMS key, see - // Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the Key Management Service Developer Guide . + // This exceptions means one of the following: + // + // * The key state of the KMS key is not compatible with the operation. To + // find the key state, use the DescribeKey operation. For more information + // about which key states are compatible with each KMS operation, see Key + // states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the Key Management Service Developer Guide . + // + // * For cryptographic operations on KMS keys in custom key stores, this + // exception represents a general failure with many possible causes. To identify + // the cause, see the error message that accompanies the exception. ErrCodeInvalidStateException = "KMSInvalidStateException" // ErrCodeKMSInvalidMacException for service response error code @@ -336,41 +356,170 @@ const ( // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. ErrCodeUnsupportedOperationException = "UnsupportedOperationException" + + // ErrCodeXksKeyAlreadyInUseException for service response error code + // "XksKeyAlreadyInUseException". + // + // The request was rejected because the (XksKeyId) is already associated with + // a KMS key in this external key store. Each KMS key in an external key store + // must be associated with a different external key. + ErrCodeXksKeyAlreadyInUseException = "XksKeyAlreadyInUseException" + + // ErrCodeXksKeyInvalidConfigurationException for service response error code + // "XksKeyInvalidConfigurationException". + // + // The request was rejected because the external key specified by the XksKeyId + // parameter did not meet the configuration requirements for an external key + // store. + // + // The external key must be an AES-256 symmetric key that is enabled and performs + // encryption and decryption. + ErrCodeXksKeyInvalidConfigurationException = "XksKeyInvalidConfigurationException" + + // ErrCodeXksKeyNotFoundException for service response error code + // "XksKeyNotFoundException". + // + // The request was rejected because the external key store proxy could not find + // the external key. This exception is thrown when the value of the XksKeyId + // parameter doesn't identify a key in the external key manager associated with + // the external key proxy. + // + // Verify that the XksKeyId represents an existing key in the external key manager. + // Use the key identifier that the external key store proxy uses to identify + // the key. For details, see the documentation provided with your external key + // store proxy or key manager. + ErrCodeXksKeyNotFoundException = "XksKeyNotFoundException" + + // ErrCodeXksProxyIncorrectAuthenticationCredentialException for service response error code + // "XksProxyIncorrectAuthenticationCredentialException". + // + // The request was rejected because the proxy credentials failed to authenticate + // to the specified external key store proxy. The specified external key store + // proxy rejected a status request from KMS due to invalid credentials. This + // can indicate an error in the credentials or in the identification of the + // external key store proxy. + ErrCodeXksProxyIncorrectAuthenticationCredentialException = "XksProxyIncorrectAuthenticationCredentialException" + + // ErrCodeXksProxyInvalidConfigurationException for service response error code + // "XksProxyInvalidConfigurationException". + // + // The request was rejected because the Amazon VPC endpoint service configuration + // does not fulfill the requirements for an external key store proxy. For details, + // see the exception message. + ErrCodeXksProxyInvalidConfigurationException = "XksProxyInvalidConfigurationException" + + // ErrCodeXksProxyInvalidResponseException for service response error code + // "XksProxyInvalidResponseException". + // + // KMS cannot interpret the response it received from the external key store + // proxy. The problem might be a poorly constructed response, but it could also + // be a transient network issue. If you see this error repeatedly, report it + // to the proxy vendor. + ErrCodeXksProxyInvalidResponseException = "XksProxyInvalidResponseException" + + // ErrCodeXksProxyUriEndpointInUseException for service response error code + // "XksProxyUriEndpointInUseException". + // + // The request was rejected because the concatenation of the XksProxyUriEndpoint + // is already associated with an external key store in the Amazon Web Services + // account and Region. Each external key store in an account and Region must + // use a unique external key store proxy address. + ErrCodeXksProxyUriEndpointInUseException = "XksProxyUriEndpointInUseException" + + // ErrCodeXksProxyUriInUseException for service response error code + // "XksProxyUriInUseException". + // + // The request was rejected because the concatenation of the XksProxyUriEndpoint + // and XksProxyUriPath is already associated with an external key store in the + // Amazon Web Services account and Region. Each external key store in an account + // and Region must use a unique external key store proxy API address. + ErrCodeXksProxyUriInUseException = "XksProxyUriInUseException" + + // ErrCodeXksProxyUriUnreachableException for service response error code + // "XksProxyUriUnreachableException". + // + // KMS was unable to reach the specified XksProxyUriPath. The path must be reachable + // before you create the external key store or update its settings. + // + // This exception is also thrown when the external key store proxy response + // to a GetHealthStatus request indicates that all external key manager instances + // are unavailable. + ErrCodeXksProxyUriUnreachableException = "XksProxyUriUnreachableException" + + // ErrCodeXksProxyVpcEndpointServiceInUseException for service response error code + // "XksProxyVpcEndpointServiceInUseException". + // + // The request was rejected because the specified Amazon VPC endpoint service + // is already associated with an external key store in the Amazon Web Services + // account and Region. Each external key store in an Amazon Web Services account + // and Region must use a different Amazon VPC endpoint service. + ErrCodeXksProxyVpcEndpointServiceInUseException = "XksProxyVpcEndpointServiceInUseException" + + // ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException for service response error code + // "XksProxyVpcEndpointServiceInvalidConfigurationException". + // + // The request was rejected because the Amazon VPC endpoint service configuration + // does not fulfill the requirements for an external key store proxy. For details, + // see the exception message and review the requirements (kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements) + // for Amazon VPC endpoint service connectivity for an external key store. + ErrCodeXksProxyVpcEndpointServiceInvalidConfigurationException = "XksProxyVpcEndpointServiceInvalidConfigurationException" + + // ErrCodeXksProxyVpcEndpointServiceNotFoundException for service response error code + // "XksProxyVpcEndpointServiceNotFoundException". + // + // The request was rejected because KMS could not find the specified VPC endpoint + // service. Use DescribeCustomKeyStores to verify the VPC endpoint service name + // for the external key store. Also, confirm that the Allow principals list + // for the VPC endpoint service includes the KMS service principal for the Region, + // such as cks.kms.us-east-1.amazonaws.com. + ErrCodeXksProxyVpcEndpointServiceNotFoundException = "XksProxyVpcEndpointServiceNotFoundException" ) var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ - "AlreadyExistsException": newErrorAlreadyExistsException, - "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException, - "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException, - "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException, - "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException, - "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException, - "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException, - "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException, - "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException, - "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException, - "DependencyTimeoutException": newErrorDependencyTimeoutException, - "DisabledException": newErrorDisabledException, - "ExpiredImportTokenException": newErrorExpiredImportTokenException, - "IncorrectKeyException": newErrorIncorrectKeyException, - "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException, - "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException, - "KMSInternalException": newErrorInternalException, - "InvalidAliasNameException": newErrorInvalidAliasNameException, - "InvalidArnException": newErrorInvalidArnException, - "InvalidCiphertextException": newErrorInvalidCiphertextException, - "InvalidGrantIdException": newErrorInvalidGrantIdException, - "InvalidGrantTokenException": newErrorInvalidGrantTokenException, - "InvalidImportTokenException": newErrorInvalidImportTokenException, - "InvalidKeyUsageException": newErrorInvalidKeyUsageException, - "InvalidMarkerException": newErrorInvalidMarkerException, - "KMSInvalidStateException": newErrorInvalidStateException, - "KMSInvalidMacException": newErrorKMSInvalidMacException, - "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException, - "KeyUnavailableException": newErrorKeyUnavailableException, - "LimitExceededException": newErrorLimitExceededException, - "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, - "NotFoundException": newErrorNotFoundException, - "TagException": newErrorTagException, - "UnsupportedOperationException": newErrorUnsupportedOperationException, + "AlreadyExistsException": newErrorAlreadyExistsException, + "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException, + "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException, + "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException, + "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException, + "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException, + "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException, + "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException, + "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException, + "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException, + "DependencyTimeoutException": newErrorDependencyTimeoutException, + "DisabledException": newErrorDisabledException, + "ExpiredImportTokenException": newErrorExpiredImportTokenException, + "IncorrectKeyException": newErrorIncorrectKeyException, + "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException, + "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException, + "KMSInternalException": newErrorInternalException, + "InvalidAliasNameException": newErrorInvalidAliasNameException, + "InvalidArnException": newErrorInvalidArnException, + "InvalidCiphertextException": newErrorInvalidCiphertextException, + "InvalidGrantIdException": newErrorInvalidGrantIdException, + "InvalidGrantTokenException": newErrorInvalidGrantTokenException, + "InvalidImportTokenException": newErrorInvalidImportTokenException, + "InvalidKeyUsageException": newErrorInvalidKeyUsageException, + "InvalidMarkerException": newErrorInvalidMarkerException, + "KMSInvalidStateException": newErrorInvalidStateException, + "KMSInvalidMacException": newErrorKMSInvalidMacException, + "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException, + "KeyUnavailableException": newErrorKeyUnavailableException, + "LimitExceededException": newErrorLimitExceededException, + "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, + "NotFoundException": newErrorNotFoundException, + "TagException": newErrorTagException, + "UnsupportedOperationException": newErrorUnsupportedOperationException, + "XksKeyAlreadyInUseException": newErrorXksKeyAlreadyInUseException, + "XksKeyInvalidConfigurationException": newErrorXksKeyInvalidConfigurationException, + "XksKeyNotFoundException": newErrorXksKeyNotFoundException, + "XksProxyIncorrectAuthenticationCredentialException": newErrorXksProxyIncorrectAuthenticationCredentialException, + "XksProxyInvalidConfigurationException": newErrorXksProxyInvalidConfigurationException, + "XksProxyInvalidResponseException": newErrorXksProxyInvalidResponseException, + "XksProxyUriEndpointInUseException": newErrorXksProxyUriEndpointInUseException, + "XksProxyUriInUseException": newErrorXksProxyUriInUseException, + "XksProxyUriUnreachableException": newErrorXksProxyUriUnreachableException, + "XksProxyVpcEndpointServiceInUseException": newErrorXksProxyVpcEndpointServiceInUseException, + "XksProxyVpcEndpointServiceInvalidConfigurationException": newErrorXksProxyVpcEndpointServiceInvalidConfigurationException, + "XksProxyVpcEndpointServiceNotFoundException": newErrorXksProxyVpcEndpointServiceNotFoundException, } diff --git a/vendor/github.com/huandu/xstrings/.travis.yml b/vendor/github.com/huandu/xstrings/.travis.yml deleted file mode 100644 index d6460be411e57..0000000000000 --- a/vendor/github.com/huandu/xstrings/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -language: go -install: - - go get golang.org/x/tools/cmd/cover - - go get github.com/mattn/goveralls -script: - - go test -v -covermode=count -coverprofile=coverage.out - - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ] && [ ! -z "$COVERALLS_TOKEN" ]; then $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci -repotoken $COVERALLS_TOKEN; fi' diff --git a/vendor/github.com/huandu/xstrings/README.md b/vendor/github.com/huandu/xstrings/README.md index 292bf2f39e13d..750c3c7eb69a7 100644 --- a/vendor/github.com/huandu/xstrings/README.md +++ b/vendor/github.com/huandu/xstrings/README.md @@ -1,7 +1,7 @@ -# xstrings # +# xstrings -[![Build Status](https://travis-ci.org/huandu/xstrings.svg?branch=master)](https://travis-ci.org/huandu/xstrings) -[![GoDoc](https://godoc.org/github.com/huandu/xstrings?status.svg)](https://godoc.org/github.com/huandu/xstrings) +[![Build Status](https://github.com/huandu/xstrings/workflows/Go/badge.svg)](https://github.com/huandu/xstrings/actions) +[![Go Doc](https://godoc.org/github.com/huandu/xstrings?status.svg)](https://pkg.go.dev/github.com/huandu/xstrings) [![Go Report](https://goreportcard.com/badge/github.com/huandu/xstrings)](https://goreportcard.com/report/github.com/huandu/xstrings) [![Coverage Status](https://coveralls.io/repos/github/huandu/xstrings/badge.svg?branch=master)](https://coveralls.io/github/huandu/xstrings?branch=master) @@ -9,109 +9,109 @@ Go package [xstrings](https://godoc.org/github.com/huandu/xstrings) is a collect All functions are well tested and carefully tuned for performance. -## Propose a new function ## +## Propose a new function Please review [contributing guideline](CONTRIBUTING.md) and [create new issue](https://github.com/huandu/xstrings/issues) to state why it should be included. -## Install ## +## Install Use `go get` to install this library. go get github.com/huandu/xstrings -## API document ## +## API document See [GoDoc](https://godoc.org/github.com/huandu/xstrings) for full document. -## Function list ## +## Function list Go functions have a unique naming style. One, who has experience in other language but new in Go, may have difficulties to find out right string function to use. Here is a list of functions in [strings](http://golang.org/pkg/strings) and [xstrings](https://godoc.org/github.com/huandu/xstrings) with enough extra information about how to map these functions to their friends in other languages. Hope this list could be helpful for fresh gophers. -### Package `xstrings` functions ### - -*Keep this table sorted by Function in ascending order.* - -| Function | Friends | # | -| -------- | ------- | --- | -| [Center](https://godoc.org/github.com/huandu/xstrings#Center) | `str.center` in Python; `String#center` in Ruby | [#30](https://github.com/huandu/xstrings/issues/30) | -| [Count](https://godoc.org/github.com/huandu/xstrings#Count) | `String#count` in Ruby | [#16](https://github.com/huandu/xstrings/issues/16) | -| [Delete](https://godoc.org/github.com/huandu/xstrings#Delete) | `String#delete` in Ruby | [#17](https://github.com/huandu/xstrings/issues/17) | -| [ExpandTabs](https://godoc.org/github.com/huandu/xstrings#ExpandTabs) | `str.expandtabs` in Python | [#27](https://github.com/huandu/xstrings/issues/27) | -| [FirstRuneToLower](https://godoc.org/github.com/huandu/xstrings#FirstRuneToLower) | `lcfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) | -| [FirstRuneToUpper](https://godoc.org/github.com/huandu/xstrings#FirstRuneToUpper) | `String#capitalize` in Ruby; `ucfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) | -| [Insert](https://godoc.org/github.com/huandu/xstrings#Insert) | `String#insert` in Ruby | [#18](https://github.com/huandu/xstrings/issues/18) | -| [LastPartition](https://godoc.org/github.com/huandu/xstrings#LastPartition) | `str.rpartition` in Python; `String#rpartition` in Ruby | [#19](https://github.com/huandu/xstrings/issues/19) | -| [LeftJustify](https://godoc.org/github.com/huandu/xstrings#LeftJustify) | `str.ljust` in Python; `String#ljust` in Ruby | [#28](https://github.com/huandu/xstrings/issues/28) | -| [Len](https://godoc.org/github.com/huandu/xstrings#Len) | `mb_strlen` in PHP | [#23](https://github.com/huandu/xstrings/issues/23) | -| [Partition](https://godoc.org/github.com/huandu/xstrings#Partition) | `str.partition` in Python; `String#partition` in Ruby | [#10](https://github.com/huandu/xstrings/issues/10) | -| [Reverse](https://godoc.org/github.com/huandu/xstrings#Reverse) | `String#reverse` in Ruby; `strrev` in PHP; `reverse` in Perl | [#7](https://github.com/huandu/xstrings/issues/7) | -| [RightJustify](https://godoc.org/github.com/huandu/xstrings#RightJustify) | `str.rjust` in Python; `String#rjust` in Ruby | [#29](https://github.com/huandu/xstrings/issues/29) | -| [RuneWidth](https://godoc.org/github.com/huandu/xstrings#RuneWidth) | - | [#27](https://github.com/huandu/xstrings/issues/27) | -| [Scrub](https://godoc.org/github.com/huandu/xstrings#Scrub) | `String#scrub` in Ruby | [#20](https://github.com/huandu/xstrings/issues/20) | -| [Shuffle](https://godoc.org/github.com/huandu/xstrings#Shuffle) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) | -| [ShuffleSource](https://godoc.org/github.com/huandu/xstrings#ShuffleSource) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) | -| [Slice](https://godoc.org/github.com/huandu/xstrings#Slice) | `mb_substr` in PHP | [#9](https://github.com/huandu/xstrings/issues/9) | -| [Squeeze](https://godoc.org/github.com/huandu/xstrings#Squeeze) | `String#squeeze` in Ruby | [#11](https://github.com/huandu/xstrings/issues/11) | -| [Successor](https://godoc.org/github.com/huandu/xstrings#Successor) | `String#succ` or `String#next` in Ruby | [#22](https://github.com/huandu/xstrings/issues/22) | -| [SwapCase](https://godoc.org/github.com/huandu/xstrings#SwapCase) | `str.swapcase` in Python; `String#swapcase` in Ruby | [#12](https://github.com/huandu/xstrings/issues/12) | -| [ToCamelCase](https://godoc.org/github.com/huandu/xstrings#ToCamelCase) | `String#camelize` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) | -| [ToKebab](https://godoc.org/github.com/huandu/xstrings#ToKebabCase) | - | [#41](https://github.com/huandu/xstrings/issues/41) | -| [ToSnakeCase](https://godoc.org/github.com/huandu/xstrings#ToSnakeCase) | `String#underscore` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) | -| [Translate](https://godoc.org/github.com/huandu/xstrings#Translate) | `str.translate` in Python; `String#tr` in Ruby; `strtr` in PHP; `tr///` in Perl | [#21](https://github.com/huandu/xstrings/issues/21) | -| [Width](https://godoc.org/github.com/huandu/xstrings#Width) | `mb_strwidth` in PHP | [#26](https://github.com/huandu/xstrings/issues/26) | -| [WordCount](https://godoc.org/github.com/huandu/xstrings#WordCount) | `str_word_count` in PHP | [#14](https://github.com/huandu/xstrings/issues/14) | -| [WordSplit](https://godoc.org/github.com/huandu/xstrings#WordSplit) | - | [#14](https://github.com/huandu/xstrings/issues/14) | - -### Package `strings` functions ### - -*Keep this table sorted by Function in ascending order.* - -| Function | Friends | -| -------- | ------- | -| [Contains](http://golang.org/pkg/strings/#Contains) | `String#include?` in Ruby | -| [ContainsAny](http://golang.org/pkg/strings/#ContainsAny) | - | -| [ContainsRune](http://golang.org/pkg/strings/#ContainsRune) | - | -| [Count](http://golang.org/pkg/strings/#Count) | `str.count` in Python; `substr_count` in PHP | -| [EqualFold](http://golang.org/pkg/strings/#EqualFold) | `stricmp` in PHP; `String#casecmp` in Ruby | -| [Fields](http://golang.org/pkg/strings/#Fields) | `str.split` in Python; `split` in Perl; `String#split` in Ruby | -| [FieldsFunc](http://golang.org/pkg/strings/#FieldsFunc) | - | -| [HasPrefix](http://golang.org/pkg/strings/#HasPrefix) | `str.startswith` in Python; `String#start_with?` in Ruby | -| [HasSuffix](http://golang.org/pkg/strings/#HasSuffix) | `str.endswith` in Python; `String#end_with?` in Ruby | -| [Index](http://golang.org/pkg/strings/#Index) | `str.index` in Python; `String#index` in Ruby; `strpos` in PHP; `index` in Perl | -| [IndexAny](http://golang.org/pkg/strings/#IndexAny) | - | -| [IndexByte](http://golang.org/pkg/strings/#IndexByte) | - | -| [IndexFunc](http://golang.org/pkg/strings/#IndexFunc) | - | -| [IndexRune](http://golang.org/pkg/strings/#IndexRune) | - | -| [Join](http://golang.org/pkg/strings/#Join) | `str.join` in Python; `Array#join` in Ruby; `implode` in PHP; `join` in Perl | -| [LastIndex](http://golang.org/pkg/strings/#LastIndex) | `str.rindex` in Python; `String#rindex`; `strrpos` in PHP; `rindex` in Perl | -| [LastIndexAny](http://golang.org/pkg/strings/#LastIndexAny) | - | -| [LastIndexFunc](http://golang.org/pkg/strings/#LastIndexFunc) | - | -| [Map](http://golang.org/pkg/strings/#Map) | `String#each_codepoint` in Ruby | -| [Repeat](http://golang.org/pkg/strings/#Repeat) | operator `*` in Python and Ruby; `str_repeat` in PHP | -| [Replace](http://golang.org/pkg/strings/#Replace) | `str.replace` in Python; `String#sub` in Ruby; `str_replace` in PHP | -| [Split](http://golang.org/pkg/strings/#Split) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl | -| [SplitAfter](http://golang.org/pkg/strings/#SplitAfter) | - | -| [SplitAfterN](http://golang.org/pkg/strings/#SplitAfterN) | - | -| [SplitN](http://golang.org/pkg/strings/#SplitN) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl | -| [Title](http://golang.org/pkg/strings/#Title) | `str.title` in Python | -| [ToLower](http://golang.org/pkg/strings/#ToLower) | `str.lower` in Python; `String#downcase` in Ruby; `strtolower` in PHP; `lc` in Perl | -| [ToLowerSpecial](http://golang.org/pkg/strings/#ToLowerSpecial) | - | -| [ToTitle](http://golang.org/pkg/strings/#ToTitle) | - | -| [ToTitleSpecial](http://golang.org/pkg/strings/#ToTitleSpecial) | - | -| [ToUpper](http://golang.org/pkg/strings/#ToUpper) | `str.upper` in Python; `String#upcase` in Ruby; `strtoupper` in PHP; `uc` in Perl | -| [ToUpperSpecial](http://golang.org/pkg/strings/#ToUpperSpecial) | - | -| [Trim](http://golang.org/pkg/strings/#Trim) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP | -| [TrimFunc](http://golang.org/pkg/strings/#TrimFunc) | - | -| [TrimLeft](http://golang.org/pkg/strings/#TrimLeft) | `str.lstrip` in Python; `String#lstrip` in Ruby; `ltrim` in PHP | -| [TrimLeftFunc](http://golang.org/pkg/strings/#TrimLeftFunc) | - | -| [TrimPrefix](http://golang.org/pkg/strings/#TrimPrefix) | - | -| [TrimRight](http://golang.org/pkg/strings/#TrimRight) | `str.rstrip` in Python; `String#rstrip` in Ruby; `rtrim` in PHP | -| [TrimRightFunc](http://golang.org/pkg/strings/#TrimRightFunc) | - | -| [TrimSpace](http://golang.org/pkg/strings/#TrimSpace) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP | -| [TrimSuffix](http://golang.org/pkg/strings/#TrimSuffix) | `String#chomp` in Ruby; `chomp` in Perl | - -## License ## +### Package `xstrings` functions + +_Keep this table sorted by Function in ascending order._ + +| Function | Friends | # | +| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | --------------------------------------------------- | +| [Center](https://godoc.org/github.com/huandu/xstrings#Center) | `str.center` in Python; `String#center` in Ruby | [#30](https://github.com/huandu/xstrings/issues/30) | +| [Count](https://godoc.org/github.com/huandu/xstrings#Count) | `String#count` in Ruby | [#16](https://github.com/huandu/xstrings/issues/16) | +| [Delete](https://godoc.org/github.com/huandu/xstrings#Delete) | `String#delete` in Ruby | [#17](https://github.com/huandu/xstrings/issues/17) | +| [ExpandTabs](https://godoc.org/github.com/huandu/xstrings#ExpandTabs) | `str.expandtabs` in Python | [#27](https://github.com/huandu/xstrings/issues/27) | +| [FirstRuneToLower](https://godoc.org/github.com/huandu/xstrings#FirstRuneToLower) | `lcfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) | +| [FirstRuneToUpper](https://godoc.org/github.com/huandu/xstrings#FirstRuneToUpper) | `String#capitalize` in Ruby; `ucfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) | +| [Insert](https://godoc.org/github.com/huandu/xstrings#Insert) | `String#insert` in Ruby | [#18](https://github.com/huandu/xstrings/issues/18) | +| [LastPartition](https://godoc.org/github.com/huandu/xstrings#LastPartition) | `str.rpartition` in Python; `String#rpartition` in Ruby | [#19](https://github.com/huandu/xstrings/issues/19) | +| [LeftJustify](https://godoc.org/github.com/huandu/xstrings#LeftJustify) | `str.ljust` in Python; `String#ljust` in Ruby | [#28](https://github.com/huandu/xstrings/issues/28) | +| [Len](https://godoc.org/github.com/huandu/xstrings#Len) | `mb_strlen` in PHP | [#23](https://github.com/huandu/xstrings/issues/23) | +| [Partition](https://godoc.org/github.com/huandu/xstrings#Partition) | `str.partition` in Python; `String#partition` in Ruby | [#10](https://github.com/huandu/xstrings/issues/10) | +| [Reverse](https://godoc.org/github.com/huandu/xstrings#Reverse) | `String#reverse` in Ruby; `strrev` in PHP; `reverse` in Perl | [#7](https://github.com/huandu/xstrings/issues/7) | +| [RightJustify](https://godoc.org/github.com/huandu/xstrings#RightJustify) | `str.rjust` in Python; `String#rjust` in Ruby | [#29](https://github.com/huandu/xstrings/issues/29) | +| [RuneWidth](https://godoc.org/github.com/huandu/xstrings#RuneWidth) | - | [#27](https://github.com/huandu/xstrings/issues/27) | +| [Scrub](https://godoc.org/github.com/huandu/xstrings#Scrub) | `String#scrub` in Ruby | [#20](https://github.com/huandu/xstrings/issues/20) | +| [Shuffle](https://godoc.org/github.com/huandu/xstrings#Shuffle) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) | +| [ShuffleSource](https://godoc.org/github.com/huandu/xstrings#ShuffleSource) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) | +| [Slice](https://godoc.org/github.com/huandu/xstrings#Slice) | `mb_substr` in PHP | [#9](https://github.com/huandu/xstrings/issues/9) | +| [Squeeze](https://godoc.org/github.com/huandu/xstrings#Squeeze) | `String#squeeze` in Ruby | [#11](https://github.com/huandu/xstrings/issues/11) | +| [Successor](https://godoc.org/github.com/huandu/xstrings#Successor) | `String#succ` or `String#next` in Ruby | [#22](https://github.com/huandu/xstrings/issues/22) | +| [SwapCase](https://godoc.org/github.com/huandu/xstrings#SwapCase) | `str.swapcase` in Python; `String#swapcase` in Ruby | [#12](https://github.com/huandu/xstrings/issues/12) | +| [ToCamelCase](https://godoc.org/github.com/huandu/xstrings#ToCamelCase) | `String#camelize` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) | +| [ToKebab](https://godoc.org/github.com/huandu/xstrings#ToKebabCase) | - | [#41](https://github.com/huandu/xstrings/issues/41) | +| [ToSnakeCase](https://godoc.org/github.com/huandu/xstrings#ToSnakeCase) | `String#underscore` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) | +| [Translate](https://godoc.org/github.com/huandu/xstrings#Translate) | `str.translate` in Python; `String#tr` in Ruby; `strtr` in PHP; `tr///` in Perl | [#21](https://github.com/huandu/xstrings/issues/21) | +| [Width](https://godoc.org/github.com/huandu/xstrings#Width) | `mb_strwidth` in PHP | [#26](https://github.com/huandu/xstrings/issues/26) | +| [WordCount](https://godoc.org/github.com/huandu/xstrings#WordCount) | `str_word_count` in PHP | [#14](https://github.com/huandu/xstrings/issues/14) | +| [WordSplit](https://godoc.org/github.com/huandu/xstrings#WordSplit) | - | [#14](https://github.com/huandu/xstrings/issues/14) | + +### Package `strings` functions + +_Keep this table sorted by Function in ascending order._ + +| Function | Friends | +| --------------------------------------------------------------- | ----------------------------------------------------------------------------------- | +| [Contains](http://golang.org/pkg/strings/#Contains) | `String#include?` in Ruby | +| [ContainsAny](http://golang.org/pkg/strings/#ContainsAny) | - | +| [ContainsRune](http://golang.org/pkg/strings/#ContainsRune) | - | +| [Count](http://golang.org/pkg/strings/#Count) | `str.count` in Python; `substr_count` in PHP | +| [EqualFold](http://golang.org/pkg/strings/#EqualFold) | `stricmp` in PHP; `String#casecmp` in Ruby | +| [Fields](http://golang.org/pkg/strings/#Fields) | `str.split` in Python; `split` in Perl; `String#split` in Ruby | +| [FieldsFunc](http://golang.org/pkg/strings/#FieldsFunc) | - | +| [HasPrefix](http://golang.org/pkg/strings/#HasPrefix) | `str.startswith` in Python; `String#start_with?` in Ruby | +| [HasSuffix](http://golang.org/pkg/strings/#HasSuffix) | `str.endswith` in Python; `String#end_with?` in Ruby | +| [Index](http://golang.org/pkg/strings/#Index) | `str.index` in Python; `String#index` in Ruby; `strpos` in PHP; `index` in Perl | +| [IndexAny](http://golang.org/pkg/strings/#IndexAny) | - | +| [IndexByte](http://golang.org/pkg/strings/#IndexByte) | - | +| [IndexFunc](http://golang.org/pkg/strings/#IndexFunc) | - | +| [IndexRune](http://golang.org/pkg/strings/#IndexRune) | - | +| [Join](http://golang.org/pkg/strings/#Join) | `str.join` in Python; `Array#join` in Ruby; `implode` in PHP; `join` in Perl | +| [LastIndex](http://golang.org/pkg/strings/#LastIndex) | `str.rindex` in Python; `String#rindex`; `strrpos` in PHP; `rindex` in Perl | +| [LastIndexAny](http://golang.org/pkg/strings/#LastIndexAny) | - | +| [LastIndexFunc](http://golang.org/pkg/strings/#LastIndexFunc) | - | +| [Map](http://golang.org/pkg/strings/#Map) | `String#each_codepoint` in Ruby | +| [Repeat](http://golang.org/pkg/strings/#Repeat) | operator `*` in Python and Ruby; `str_repeat` in PHP | +| [Replace](http://golang.org/pkg/strings/#Replace) | `str.replace` in Python; `String#sub` in Ruby; `str_replace` in PHP | +| [Split](http://golang.org/pkg/strings/#Split) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl | +| [SplitAfter](http://golang.org/pkg/strings/#SplitAfter) | - | +| [SplitAfterN](http://golang.org/pkg/strings/#SplitAfterN) | - | +| [SplitN](http://golang.org/pkg/strings/#SplitN) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl | +| [Title](http://golang.org/pkg/strings/#Title) | `str.title` in Python | +| [ToLower](http://golang.org/pkg/strings/#ToLower) | `str.lower` in Python; `String#downcase` in Ruby; `strtolower` in PHP; `lc` in Perl | +| [ToLowerSpecial](http://golang.org/pkg/strings/#ToLowerSpecial) | - | +| [ToTitle](http://golang.org/pkg/strings/#ToTitle) | - | +| [ToTitleSpecial](http://golang.org/pkg/strings/#ToTitleSpecial) | - | +| [ToUpper](http://golang.org/pkg/strings/#ToUpper) | `str.upper` in Python; `String#upcase` in Ruby; `strtoupper` in PHP; `uc` in Perl | +| [ToUpperSpecial](http://golang.org/pkg/strings/#ToUpperSpecial) | - | +| [Trim](http://golang.org/pkg/strings/#Trim) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP | +| [TrimFunc](http://golang.org/pkg/strings/#TrimFunc) | - | +| [TrimLeft](http://golang.org/pkg/strings/#TrimLeft) | `str.lstrip` in Python; `String#lstrip` in Ruby; `ltrim` in PHP | +| [TrimLeftFunc](http://golang.org/pkg/strings/#TrimLeftFunc) | - | +| [TrimPrefix](http://golang.org/pkg/strings/#TrimPrefix) | - | +| [TrimRight](http://golang.org/pkg/strings/#TrimRight) | `str.rstrip` in Python; `String#rstrip` in Ruby; `rtrim` in PHP | +| [TrimRightFunc](http://golang.org/pkg/strings/#TrimRightFunc) | - | +| [TrimSpace](http://golang.org/pkg/strings/#TrimSpace) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP | +| [TrimSuffix](http://golang.org/pkg/strings/#TrimSuffix) | `String#chomp` in Ruby; `chomp` in Perl | + +## License This library is licensed under MIT license. See LICENSE for details. diff --git a/vendor/github.com/huandu/xstrings/convert.go b/vendor/github.com/huandu/xstrings/convert.go index 3d5a34950b0cd..151c3151d9c8c 100644 --- a/vendor/github.com/huandu/xstrings/convert.go +++ b/vendor/github.com/huandu/xstrings/convert.go @@ -130,7 +130,7 @@ func camelCaseToLowerCase(str string, connector rune) string { wt, word, remaining = nextWord(remaining) } - if wt != invalidWord && wt != punctWord { + if wt != invalidWord && wt != punctWord && wt != connectorWord { buf.WriteRune(connector) } diff --git a/vendor/k8s.io/utils/net/ipfamily.go b/vendor/k8s.io/utils/net/ipfamily.go new file mode 100644 index 0000000000000..1a51fa391891a --- /dev/null +++ b/vendor/k8s.io/utils/net/ipfamily.go @@ -0,0 +1,181 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package net + +import ( + "fmt" + "net" +) + +// IPFamily refers to a specific family if not empty, i.e. "4" or "6". +type IPFamily string + +// Constants for valid IPFamilys: +const ( + IPFamilyUnknown IPFamily = "" + + IPv4 IPFamily = "4" + IPv6 IPFamily = "6" +) + +// IsDualStackIPs returns true if: +// - all elements of ips are valid +// - at least one IP from each family (v4 and v6) is present +func IsDualStackIPs(ips []net.IP) (bool, error) { + v4Found := false + v6Found := false + for i, ip := range ips { + switch IPFamilyOf(ip) { + case IPv4: + v4Found = true + case IPv6: + v6Found = true + default: + return false, fmt.Errorf("invalid IP[%d]: %v", i, ip) + } + } + + return (v4Found && v6Found), nil +} + +// IsDualStackIPStrings returns true if: +// - all elements of ips can be parsed as IPs +// - at least one IP from each family (v4 and v6) is present +func IsDualStackIPStrings(ips []string) (bool, error) { + parsedIPs := make([]net.IP, 0, len(ips)) + for i, ip := range ips { + parsedIP := ParseIPSloppy(ip) + if parsedIP == nil { + return false, fmt.Errorf("invalid IP[%d]: %v", i, ip) + } + parsedIPs = append(parsedIPs, parsedIP) + } + return IsDualStackIPs(parsedIPs) +} + +// IsDualStackCIDRs returns true if: +// - all elements of cidrs are non-nil +// - at least one CIDR from each family (v4 and v6) is present +func IsDualStackCIDRs(cidrs []*net.IPNet) (bool, error) { + v4Found := false + v6Found := false + for i, cidr := range cidrs { + switch IPFamilyOfCIDR(cidr) { + case IPv4: + v4Found = true + case IPv6: + v6Found = true + default: + return false, fmt.Errorf("invalid CIDR[%d]: %v", i, cidr) + } + } + + return (v4Found && v6Found), nil +} + +// IsDualStackCIDRStrings returns if +// - all elements of cidrs can be parsed as CIDRs +// - at least one CIDR from each family (v4 and v6) is present +func IsDualStackCIDRStrings(cidrs []string) (bool, error) { + parsedCIDRs, err := ParseCIDRs(cidrs) + if err != nil { + return false, err + } + return IsDualStackCIDRs(parsedCIDRs) +} + +// IPFamilyOf returns the IP family of ip, or IPFamilyUnknown if it is invalid. +func IPFamilyOf(ip net.IP) IPFamily { + switch { + case ip.To4() != nil: + return IPv4 + case ip.To16() != nil: + return IPv6 + default: + return IPFamilyUnknown + } +} + +// IPFamilyOfString returns the IP family of ip, or IPFamilyUnknown if ip cannot +// be parsed as an IP. +func IPFamilyOfString(ip string) IPFamily { + return IPFamilyOf(ParseIPSloppy(ip)) +} + +// IPFamilyOfCIDR returns the IP family of cidr. +func IPFamilyOfCIDR(cidr *net.IPNet) IPFamily { + if cidr == nil { + return IPFamilyUnknown + } + return IPFamilyOf(cidr.IP) +} + +// IPFamilyOfCIDRString returns the IP family of cidr. +func IPFamilyOfCIDRString(cidr string) IPFamily { + ip, _, _ := ParseCIDRSloppy(cidr) + return IPFamilyOf(ip) +} + +// IsIPv6 returns true if netIP is IPv6 (and false if it is IPv4, nil, or invalid). +func IsIPv6(netIP net.IP) bool { + return IPFamilyOf(netIP) == IPv6 +} + +// IsIPv6String returns true if ip contains a single IPv6 address and nothing else. It +// returns false if ip is an empty string, an IPv4 address, or anything else that is not a +// single IPv6 address. +func IsIPv6String(ip string) bool { + return IPFamilyOfString(ip) == IPv6 +} + +// IsIPv6CIDR returns true if a cidr is a valid IPv6 CIDR. It returns false if cidr is +// nil or an IPv4 CIDR. Its behavior is not defined if cidr is invalid. +func IsIPv6CIDR(cidr *net.IPNet) bool { + return IPFamilyOfCIDR(cidr) == IPv6 +} + +// IsIPv6CIDRString returns true if cidr contains a single IPv6 CIDR and nothing else. It +// returns false if cidr is an empty string, an IPv4 CIDR, or anything else that is not a +// single valid IPv6 CIDR. +func IsIPv6CIDRString(cidr string) bool { + return IPFamilyOfCIDRString(cidr) == IPv6 +} + +// IsIPv4 returns true if netIP is IPv4 (and false if it is IPv6, nil, or invalid). +func IsIPv4(netIP net.IP) bool { + return IPFamilyOf(netIP) == IPv4 +} + +// IsIPv4String returns true if ip contains a single IPv4 address and nothing else. It +// returns false if ip is an empty string, an IPv6 address, or anything else that is not a +// single IPv4 address. +func IsIPv4String(ip string) bool { + return IPFamilyOfString(ip) == IPv4 +} + +// IsIPv4CIDR returns true if cidr is a valid IPv4 CIDR. It returns false if cidr is nil +// or an IPv6 CIDR. Its behavior is not defined if cidr is invalid. +func IsIPv4CIDR(cidr *net.IPNet) bool { + return IPFamilyOfCIDR(cidr) == IPv4 +} + +// IsIPv4CIDRString returns true if cidr contains a single IPv4 CIDR and nothing else. It +// returns false if cidr is an empty string, an IPv6 CIDR, or anything else that is not a +// single valid IPv4 CIDR. +func IsIPv4CIDRString(cidr string) bool { + return IPFamilyOfCIDRString(cidr) == IPv4 +} diff --git a/vendor/k8s.io/utils/net/net.go b/vendor/k8s.io/utils/net/net.go index b7c08e2e003f5..704c1f232aef5 100644 --- a/vendor/k8s.io/utils/net/net.go +++ b/vendor/k8s.io/utils/net/net.go @@ -29,138 +29,16 @@ import ( // order is maintained func ParseCIDRs(cidrsString []string) ([]*net.IPNet, error) { cidrs := make([]*net.IPNet, 0, len(cidrsString)) - for _, cidrString := range cidrsString { + for i, cidrString := range cidrsString { _, cidr, err := ParseCIDRSloppy(cidrString) if err != nil { - return nil, fmt.Errorf("failed to parse cidr value:%q with error:%v", cidrString, err) + return nil, fmt.Errorf("invalid CIDR[%d]: %v (%v)", i, cidr, err) } cidrs = append(cidrs, cidr) } return cidrs, nil } -// IsDualStackIPs returns if a slice of ips is: -// - all are valid ips -// - at least one ip from each family (v4 or v6) -func IsDualStackIPs(ips []net.IP) (bool, error) { - v4Found := false - v6Found := false - for _, ip := range ips { - if ip == nil { - return false, fmt.Errorf("ip %v is invalid", ip) - } - - if v4Found && v6Found { - continue - } - - if IsIPv6(ip) { - v6Found = true - continue - } - - v4Found = true - } - - return (v4Found && v6Found), nil -} - -// IsDualStackIPStrings returns if -// - all are valid ips -// - at least one ip from each family (v4 or v6) -func IsDualStackIPStrings(ips []string) (bool, error) { - parsedIPs := make([]net.IP, 0, len(ips)) - for _, ip := range ips { - parsedIP := ParseIPSloppy(ip) - parsedIPs = append(parsedIPs, parsedIP) - } - return IsDualStackIPs(parsedIPs) -} - -// IsDualStackCIDRs returns if -// - all are valid cidrs -// - at least one cidr from each family (v4 or v6) -func IsDualStackCIDRs(cidrs []*net.IPNet) (bool, error) { - v4Found := false - v6Found := false - for _, cidr := range cidrs { - if cidr == nil { - return false, fmt.Errorf("cidr %v is invalid", cidr) - } - - if v4Found && v6Found { - continue - } - - if IsIPv6(cidr.IP) { - v6Found = true - continue - } - v4Found = true - } - - return v4Found && v6Found, nil -} - -// IsDualStackCIDRStrings returns if -// - all are valid cidrs -// - at least one cidr from each family (v4 or v6) -func IsDualStackCIDRStrings(cidrs []string) (bool, error) { - parsedCIDRs, err := ParseCIDRs(cidrs) - if err != nil { - return false, err - } - return IsDualStackCIDRs(parsedCIDRs) -} - -// IsIPv6 returns if netIP is IPv6. -func IsIPv6(netIP net.IP) bool { - return netIP != nil && netIP.To4() == nil -} - -// IsIPv6String returns if ip is IPv6. -func IsIPv6String(ip string) bool { - netIP := ParseIPSloppy(ip) - return IsIPv6(netIP) -} - -// IsIPv6CIDRString returns if cidr is IPv6. -// This assumes cidr is a valid CIDR. -func IsIPv6CIDRString(cidr string) bool { - ip, _, _ := ParseCIDRSloppy(cidr) - return IsIPv6(ip) -} - -// IsIPv6CIDR returns if a cidr is ipv6 -func IsIPv6CIDR(cidr *net.IPNet) bool { - ip := cidr.IP - return IsIPv6(ip) -} - -// IsIPv4 returns if netIP is IPv4. -func IsIPv4(netIP net.IP) bool { - return netIP != nil && netIP.To4() != nil -} - -// IsIPv4String returns if ip is IPv4. -func IsIPv4String(ip string) bool { - netIP := ParseIPSloppy(ip) - return IsIPv4(netIP) -} - -// IsIPv4CIDR returns if a cidr is ipv4 -func IsIPv4CIDR(cidr *net.IPNet) bool { - ip := cidr.IP - return IsIPv4(ip) -} - -// IsIPv4CIDRString returns if cidr is IPv4. -// This assumes cidr is a valid CIDR. -func IsIPv4CIDRString(cidr string) bool { - ip, _, _ := ParseCIDRSloppy(cidr) - return IsIPv4(ip) -} - // ParsePort parses a string representing an IP port. If the string is not a // valid port number, this returns an error. func ParsePort(port string, allowZero bool) (int, error) { diff --git a/vendor/k8s.io/utils/net/port.go b/vendor/k8s.io/utils/net/port.go index c012f8903ca56..c6a53fa02b10d 100644 --- a/vendor/k8s.io/utils/net/port.go +++ b/vendor/k8s.io/utils/net/port.go @@ -23,15 +23,6 @@ import ( "strings" ) -// IPFamily refers to a specific family if not empty, i.e. "4" or "6". -type IPFamily string - -// Constants for valid IPFamilys: -const ( - IPv4 IPFamily = "4" - IPv6 IPFamily = "6" -) - // Protocol is a network protocol support by LocalPort. type Protocol string @@ -67,7 +58,7 @@ func NewLocalPort(desc, ip string, ipFamily IPFamily, port int, protocol Protoco if protocol != TCP && protocol != UDP { return nil, fmt.Errorf("Unsupported protocol %s", protocol) } - if ipFamily != "" && ipFamily != "4" && ipFamily != "6" { + if ipFamily != IPFamilyUnknown && ipFamily != IPv4 && ipFamily != IPv6 { return nil, fmt.Errorf("Invalid IP family %s", ipFamily) } if ip != "" { @@ -75,9 +66,10 @@ func NewLocalPort(desc, ip string, ipFamily IPFamily, port int, protocol Protoco if parsedIP == nil { return nil, fmt.Errorf("invalid ip address %s", ip) } - asIPv4 := parsedIP.To4() - if asIPv4 == nil && ipFamily == IPv4 || asIPv4 != nil && ipFamily == IPv6 { - return nil, fmt.Errorf("ip address and family mismatch %s, %s", ip, ipFamily) + if ipFamily != IPFamilyUnknown { + if IPFamily(parsedIP) != ipFamily { + return nil, fmt.Errorf("ip address and family mismatch %s, %s", ip, ipFamily) + } } } return &LocalPort{Description: desc, IP: ip, IPFamily: ipFamily, Port: port, Protocol: protocol}, nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 7b358d1bc8ee7..505f8050517b9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,7 +1,7 @@ # cloud.google.com/go/compute v1.12.1 ## explicit; go 1.19 cloud.google.com/go/compute/internal -# cloud.google.com/go/compute/metadata v0.2.1 +# cloud.google.com/go/compute/metadata v0.2.2 ## explicit; go 1.19 cloud.google.com/go/compute/metadata # github.com/Azure/azure-pipeline-go v0.2.3 @@ -67,10 +67,10 @@ github.com/MakeNowJust/heredoc/v2 # github.com/Masterminds/goutils v1.1.1 ## explicit github.com/Masterminds/goutils -# github.com/Masterminds/semver/v3 v3.1.1 -## explicit; go 1.12 +# github.com/Masterminds/semver/v3 v3.2.0 +## explicit; go 1.18 github.com/Masterminds/semver/v3 -# github.com/Masterminds/sprig/v3 v3.2.2 +# github.com/Masterminds/sprig/v3 v3.2.3 ## explicit; go 1.13 github.com/Masterminds/sprig/v3 # github.com/PuerkitoBio/purell v1.1.1 @@ -103,7 +103,7 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/instancetypes github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs github.com/aws/amazon-ec2-instance-selector/v2/pkg/sorter -# github.com/aws/aws-sdk-go v1.44.145 +# github.com/aws/aws-sdk-go v1.44.151 ## explicit; go 1.11 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn @@ -542,7 +542,7 @@ github.com/hetznercloud/hcloud-go/hcloud github.com/hetznercloud/hcloud-go/hcloud/internal/instrumentation github.com/hetznercloud/hcloud-go/hcloud/metadata github.com/hetznercloud/hcloud-go/hcloud/schema -# github.com/huandu/xstrings v1.3.2 +# github.com/huandu/xstrings v1.3.3 ## explicit; go 1.12 github.com/huandu/xstrings # github.com/imdario/mergo v0.3.12 @@ -1670,7 +1670,7 @@ k8s.io/kubelet/config/v1beta1 # k8s.io/mount-utils v0.25.4 ## explicit; go 1.19 k8s.io/mount-utils -# k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 +# k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 ## explicit; go 1.18 k8s.io/utils/buffer k8s.io/utils/clock