mirror of
https://github.com/rclone/rclone.git
synced 2024-12-11 17:51:12 +01:00
6427029c4e
* Update all dependencies * Remove all `[[constraint]]` from Gopkg.toml * Add in the minimum number of `[[override]]` to build * Remove go get of github.com/inconshreveable/mousetrap as it is vendored * Update docs with new policy on constraints
4459 lines
164 KiB
Go
4459 lines
164 KiB
Go
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
|
|
|
|
package secretsmanager
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/aws/awsutil"
|
|
"github.com/aws/aws-sdk-go/aws/request"
|
|
"github.com/aws/aws-sdk-go/private/protocol"
|
|
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
|
|
)
|
|
|
|
const opCancelRotateSecret = "CancelRotateSecret"
|
|
|
|
// CancelRotateSecretRequest generates a "aws/request.Request" representing the
|
|
// client's request for the CancelRotateSecret operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See CancelRotateSecret for more information on using the CancelRotateSecret
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the CancelRotateSecretRequest method.
|
|
// req, resp := client.CancelRotateSecretRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret
|
|
func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput) {
|
|
op := &request.Operation{
|
|
Name: opCancelRotateSecret,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &CancelRotateSecretInput{}
|
|
}
|
|
|
|
output = &CancelRotateSecretOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// CancelRotateSecret API operation for AWS Secrets Manager.
|
|
//
|
|
// Disables automatic scheduled rotation and cancels the rotation of a secret
|
|
// if one is currently in progress.
|
|
//
|
|
// To re-enable scheduled rotation, call RotateSecret with AutomaticallyRotateAfterDays
|
|
// set to a value greater than 0. This will immediately rotate your secret and
|
|
// then enable the automatic schedule.
|
|
//
|
|
// If you cancel a rotation that is in progress, it can leave the VersionStage
|
|
// labels in an unexpected state. Depending on what step of the rotation was
|
|
// in progress, you might need to remove the staging label AWSPENDING from the
|
|
// partially created version, specified by the SecretVersionId response value.
|
|
// You should also evaluate the partially rotated new version to see if it should
|
|
// be deleted, which you can do by removing all staging labels from the new
|
|
// version's VersionStage field.
|
|
//
|
|
// To successfully start a rotation, the staging label AWSPENDING must be in
|
|
// one of the following states:
|
|
//
|
|
// * Not be attached to any version at all
|
|
//
|
|
// * Attached to the same version as the staging label AWSCURRENT
|
|
//
|
|
// If the staging label AWSPENDING is attached to a different version than the
|
|
// version with AWSCURRENT then the attempt to rotate fails.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:CancelRotateSecret
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To configure rotation for a secret or to manually trigger a rotation,
|
|
// use RotateSecret.
|
|
//
|
|
// * To get the rotation configuration details for a secret, use DescribeSecret.
|
|
//
|
|
// * To list all of the currently available secrets, use ListSecrets.
|
|
//
|
|
// * To list all of the versions currently associated with a secret, use
|
|
// ListSecretVersionIds.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation CancelRotateSecret for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret
|
|
func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error) {
|
|
req, out := c.CancelRotateSecretRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See CancelRotateSecret for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error) {
|
|
req, out := c.CancelRotateSecretRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opCreateSecret = "CreateSecret"
|
|
|
|
// CreateSecretRequest generates a "aws/request.Request" representing the
|
|
// client's request for the CreateSecret operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See CreateSecret for more information on using the CreateSecret
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the CreateSecretRequest method.
|
|
// req, resp := client.CreateSecretRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret
|
|
func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput) {
|
|
op := &request.Operation{
|
|
Name: opCreateSecret,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &CreateSecretInput{}
|
|
}
|
|
|
|
output = &CreateSecretOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// CreateSecret API operation for AWS Secrets Manager.
|
|
//
|
|
// Creates a new secret. A secret in Secrets Manager consists of both the protected
|
|
// secret data and the important information needed to manage the secret.
|
|
//
|
|
// Secrets Manager stores the encrypted secret data in one of a collection of
|
|
// "versions" associated with the secret. Each version contains a copy of the
|
|
// encrypted secret data. Each version is associated with one or more "staging
|
|
// labels" that identify where the version is in the rotation cycle. The SecretVersionsToStages
|
|
// field of the secret contains the mapping of staging labels to the active
|
|
// versions of the secret. Versions without a staging label are considered deprecated
|
|
// and are not included in the list.
|
|
//
|
|
// You provide the secret data to be encrypted by putting text in either the
|
|
// SecretString parameter or binary data in the SecretBinary parameter, but
|
|
// not both. If you include SecretString or SecretBinary then Secrets Manager
|
|
// also creates an initial secret version and automatically attaches the staging
|
|
// label AWSCURRENT to the new version.
|
|
//
|
|
// If you call an operation that needs to encrypt or decrypt the SecretString
|
|
// or SecretBinary for a secret in the same account as the calling user and
|
|
// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
|
|
// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
|
|
// If this key doesn't already exist in your account then Secrets Manager creates
|
|
// it for you automatically. All users in the same AWS account automatically
|
|
// have access to use the default CMK. Note that if an Secrets Manager API call
|
|
// results in AWS having to create the account's AWS-managed CMK, it can result
|
|
// in a one-time significant delay in returning the result.
|
|
//
|
|
// If the secret is in a different AWS account from the credentials calling
|
|
// an API that requires encryption or decryption of the secret value then you
|
|
// must create and use a custom KMS CMK because you can't access the default
|
|
// CMK for the account using credentials from a different AWS account. Store
|
|
// the ARN of the CMK in the secret when you create the secret or when you update
|
|
// it by including it in the KMSKeyId. If you call an API that must encrypt
|
|
// or decrypt SecretString or SecretBinary using credentials from a different
|
|
// account then the KMS key policy must grant cross-account access to that other
|
|
// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:CreateSecret
|
|
//
|
|
// * kms:GenerateDataKey - needed only if you use a customer-created KMS
|
|
// key to encrypt the secret. You do not need this permission to use the
|
|
// account's default AWS managed CMK for Secrets Manager.
|
|
//
|
|
// * kms:Decrypt - needed only if you use a customer-created KMS key to encrypt
|
|
// the secret. You do not need this permission to use the account's default
|
|
// AWS managed CMK for Secrets Manager.
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To delete a secret, use DeleteSecret.
|
|
//
|
|
// * To modify an existing secret, use UpdateSecret.
|
|
//
|
|
// * To create a new version of a secret, use PutSecretValue.
|
|
//
|
|
// * To retrieve the encrypted secure string and secure binary values, use
|
|
// GetSecretValue.
|
|
//
|
|
// * To retrieve all other details for a secret, use DescribeSecret. This
|
|
// does not include the encrypted secure string and secure binary values.
|
|
//
|
|
// * To retrieve the list of secret versions associated with the current
|
|
// secret, use DescribeSecret and examine the SecretVersionsToStages response
|
|
// value.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation CreateSecret for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeLimitExceededException "LimitExceededException"
|
|
// The request failed because it would exceed one of the Secrets Manager internal
|
|
// limits.
|
|
//
|
|
// * ErrCodeEncryptionFailure "EncryptionFailure"
|
|
// Secrets Manager can't encrypt the protected secret text using the provided
|
|
// KMS key. Check that the customer master key (CMK) is available, enabled,
|
|
// and not in an invalid state. For more information, see How Key State Affects
|
|
// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
|
|
//
|
|
// * ErrCodeResourceExistsException "ResourceExistsException"
|
|
// A resource with the ID you requested already exists.
|
|
//
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException"
|
|
// The policy document that you provided isn't valid.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret
|
|
func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error) {
|
|
req, out := c.CreateSecretRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// CreateSecretWithContext is the same as CreateSecret with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See CreateSecret for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error) {
|
|
req, out := c.CreateSecretRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opDeleteSecret = "DeleteSecret"
|
|
|
|
// DeleteSecretRequest generates a "aws/request.Request" representing the
|
|
// client's request for the DeleteSecret operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See DeleteSecret for more information on using the DeleteSecret
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the DeleteSecretRequest method.
|
|
// req, resp := client.DeleteSecretRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret
|
|
func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput) {
|
|
op := &request.Operation{
|
|
Name: opDeleteSecret,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &DeleteSecretInput{}
|
|
}
|
|
|
|
output = &DeleteSecretOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// DeleteSecret API operation for AWS Secrets Manager.
|
|
//
|
|
// Deletes an entire secret and all of its versions. You can optionally include
|
|
// a recovery window during which you can restore the secret. If you don't specify
|
|
// a recovery window value, the operation defaults to 30 days. Secrets Manager
|
|
// attaches a DeletionDate stamp to the secret that specifies the end of the
|
|
// recovery window. At the end of the recovery window, Secrets Manager deletes
|
|
// the secret permanently.
|
|
//
|
|
// At any time before recovery window ends, you can use RestoreSecret to remove
|
|
// the DeletionDate and cancel the deletion of the secret.
|
|
//
|
|
// You cannot access the encrypted secret information in any secret that is
|
|
// scheduled for deletion. If you need to access that information, you must
|
|
// cancel the deletion with RestoreSecret and then retrieve the information.
|
|
//
|
|
// There is no explicit operation to delete a version of a secret. Instead,
|
|
// remove all staging labels from the VersionStage field of a version. That
|
|
// marks the version as deprecated and allows Secrets Manager to delete it as
|
|
// needed. Versions that do not have any staging labels do not show up in ListSecretVersionIds
|
|
// unless you specify IncludeDeprecated.
|
|
//
|
|
// The permanent secret deletion at the end of the waiting period is performed
|
|
// as a background task with low priority. There is no guarantee of a specific
|
|
// time after the recovery window for the actual delete operation to occur.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:DeleteSecret
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To create a secret, use CreateSecret.
|
|
//
|
|
// * To cancel deletion of a version of a secret before the recovery window
|
|
// has expired, use RestoreSecret.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation DeleteSecret for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret
|
|
func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error) {
|
|
req, out := c.DeleteSecretRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// DeleteSecretWithContext is the same as DeleteSecret with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See DeleteSecret for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error) {
|
|
req, out := c.DeleteSecretRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opDescribeSecret = "DescribeSecret"
|
|
|
|
// DescribeSecretRequest generates a "aws/request.Request" representing the
|
|
// client's request for the DescribeSecret operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See DescribeSecret for more information on using the DescribeSecret
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the DescribeSecretRequest method.
|
|
// req, resp := client.DescribeSecretRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret
|
|
func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput) {
|
|
op := &request.Operation{
|
|
Name: opDescribeSecret,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &DescribeSecretInput{}
|
|
}
|
|
|
|
output = &DescribeSecretOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// DescribeSecret API operation for AWS Secrets Manager.
|
|
//
|
|
// Retrieves the details of a secret. It does not include the encrypted fields.
|
|
// Only those fields that are populated with a value are returned in the response.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:DescribeSecret
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To create a secret, use CreateSecret.
|
|
//
|
|
// * To modify a secret, use UpdateSecret.
|
|
//
|
|
// * To retrieve the encrypted secret information in a version of the secret,
|
|
// use GetSecretValue.
|
|
//
|
|
// * To list all of the secrets in the AWS account, use ListSecrets.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation DescribeSecret for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret
|
|
func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error) {
|
|
req, out := c.DescribeSecretRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// DescribeSecretWithContext is the same as DescribeSecret with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See DescribeSecret for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error) {
|
|
req, out := c.DescribeSecretRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opGetRandomPassword = "GetRandomPassword"
|
|
|
|
// GetRandomPasswordRequest generates a "aws/request.Request" representing the
|
|
// client's request for the GetRandomPassword operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See GetRandomPassword for more information on using the GetRandomPassword
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the GetRandomPasswordRequest method.
|
|
// req, resp := client.GetRandomPasswordRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword
|
|
func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput) {
|
|
op := &request.Operation{
|
|
Name: opGetRandomPassword,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &GetRandomPasswordInput{}
|
|
}
|
|
|
|
output = &GetRandomPasswordOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// GetRandomPassword API operation for AWS Secrets Manager.
|
|
//
|
|
// Generates a random password of the specified complexity. This operation is
|
|
// intended for use in the Lambda rotation function. Per best practice, we recommend
|
|
// that you specify the maximum length and include every character type that
|
|
// the system you are generating a password for can support.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:GetRandomPassword
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation GetRandomPassword for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword
|
|
func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error) {
|
|
req, out := c.GetRandomPasswordRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See GetRandomPassword for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error) {
|
|
req, out := c.GetRandomPasswordRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opGetSecretValue = "GetSecretValue"
|
|
|
|
// GetSecretValueRequest generates a "aws/request.Request" representing the
|
|
// client's request for the GetSecretValue operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See GetSecretValue for more information on using the GetSecretValue
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the GetSecretValueRequest method.
|
|
// req, resp := client.GetSecretValueRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue
|
|
func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput) {
|
|
op := &request.Operation{
|
|
Name: opGetSecretValue,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &GetSecretValueInput{}
|
|
}
|
|
|
|
output = &GetSecretValueOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// GetSecretValue API operation for AWS Secrets Manager.
|
|
//
|
|
// Retrieves the contents of the encrypted fields SecretString or SecretBinary
|
|
// from the specified version of a secret, whichever contains content.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:GetSecretValue
|
|
//
|
|
// * kms:Decrypt - required only if you use a customer-created KMS key to
|
|
// encrypt the secret. You do not need this permission to use the account's
|
|
// default AWS managed CMK for Secrets Manager.
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To create a new version of the secret with different encrypted information,
|
|
// use PutSecretValue.
|
|
//
|
|
// * To retrieve the non-encrypted details for the secret, use DescribeSecret.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation GetSecretValue for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeDecryptionFailure "DecryptionFailure"
|
|
// Secrets Manager can't decrypt the protected secret text using the provided
|
|
// KMS key.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue
|
|
func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error) {
|
|
req, out := c.GetSecretValueRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// GetSecretValueWithContext is the same as GetSecretValue with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See GetSecretValue for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error) {
|
|
req, out := c.GetSecretValueRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opListSecretVersionIds = "ListSecretVersionIds"
|
|
|
|
// ListSecretVersionIdsRequest generates a "aws/request.Request" representing the
|
|
// client's request for the ListSecretVersionIds operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See ListSecretVersionIds for more information on using the ListSecretVersionIds
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the ListSecretVersionIdsRequest method.
|
|
// req, resp := client.ListSecretVersionIdsRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds
|
|
func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput) {
|
|
op := &request.Operation{
|
|
Name: opListSecretVersionIds,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
Paginator: &request.Paginator{
|
|
InputTokens: []string{"NextToken"},
|
|
OutputTokens: []string{"NextToken"},
|
|
LimitToken: "MaxResults",
|
|
TruncationToken: "",
|
|
},
|
|
}
|
|
|
|
if input == nil {
|
|
input = &ListSecretVersionIdsInput{}
|
|
}
|
|
|
|
output = &ListSecretVersionIdsOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// ListSecretVersionIds API operation for AWS Secrets Manager.
|
|
//
|
|
// Lists all of the versions attached to the specified secret. The output does
|
|
// not include the SecretString or SecretBinary fields. By default, the list
|
|
// includes only versions that have at least one staging label in VersionStage
|
|
// attached.
|
|
//
|
|
// Always check the NextToken response parameter when calling any of the List*
|
|
// operations. These operations can occasionally return an empty or shorter
|
|
// than expected list of results even when there are more results available.
|
|
// When this happens, the NextToken response parameter contains a value to pass
|
|
// to the next call to the same API to request the next part of the list.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:ListSecretVersionIds
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To list the secrets in an account, use ListSecrets.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation ListSecretVersionIds for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeInvalidNextTokenException "InvalidNextTokenException"
|
|
// You provided an invalid NextToken value.
|
|
//
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds
|
|
func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error) {
|
|
req, out := c.ListSecretVersionIdsRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See ListSecretVersionIds for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error) {
|
|
req, out := c.ListSecretVersionIdsRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation,
|
|
// calling the "fn" function with the response data for each page. To stop
|
|
// iterating, return false from the fn function.
|
|
//
|
|
// See ListSecretVersionIds method for more information on how to use this operation.
|
|
//
|
|
// Note: This operation can generate multiple requests to a service.
|
|
//
|
|
// // Example iterating over at most 3 pages of a ListSecretVersionIds operation.
|
|
// pageNum := 0
|
|
// err := client.ListSecretVersionIdsPages(params,
|
|
// func(page *ListSecretVersionIdsOutput, lastPage bool) bool {
|
|
// pageNum++
|
|
// fmt.Println(page)
|
|
// return pageNum <= 3
|
|
// })
|
|
//
|
|
func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error {
|
|
return c.ListSecretVersionIdsPagesWithContext(aws.BackgroundContext(), input, fn)
|
|
}
|
|
|
|
// ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except
|
|
// it takes a Context and allows setting request options on the pages.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error {
|
|
p := request.Pagination{
|
|
NewRequest: func() (*request.Request, error) {
|
|
var inCpy *ListSecretVersionIdsInput
|
|
if input != nil {
|
|
tmp := *input
|
|
inCpy = &tmp
|
|
}
|
|
req, _ := c.ListSecretVersionIdsRequest(inCpy)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return req, nil
|
|
},
|
|
}
|
|
|
|
cont := true
|
|
for p.Next() && cont {
|
|
cont = fn(p.Page().(*ListSecretVersionIdsOutput), !p.HasNextPage())
|
|
}
|
|
return p.Err()
|
|
}
|
|
|
|
const opListSecrets = "ListSecrets"
|
|
|
|
// ListSecretsRequest generates a "aws/request.Request" representing the
|
|
// client's request for the ListSecrets operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See ListSecrets for more information on using the ListSecrets
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the ListSecretsRequest method.
|
|
// req, resp := client.ListSecretsRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets
|
|
func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput) {
|
|
op := &request.Operation{
|
|
Name: opListSecrets,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
Paginator: &request.Paginator{
|
|
InputTokens: []string{"NextToken"},
|
|
OutputTokens: []string{"NextToken"},
|
|
LimitToken: "MaxResults",
|
|
TruncationToken: "",
|
|
},
|
|
}
|
|
|
|
if input == nil {
|
|
input = &ListSecretsInput{}
|
|
}
|
|
|
|
output = &ListSecretsOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// ListSecrets API operation for AWS Secrets Manager.
|
|
//
|
|
// Lists all of the secrets that are stored by Secrets Manager in the AWS account.
|
|
// To list the versions currently stored for a specific secret, use ListSecretVersionIds.
|
|
// The encrypted fields SecretString and SecretBinary are not included in the
|
|
// output. To get that information, call the GetSecretValue operation.
|
|
//
|
|
// Always check the NextToken response parameter when calling any of the List*
|
|
// operations. These operations can occasionally return an empty or shorter
|
|
// than expected list of results even when there are more results available.
|
|
// When this happens, the NextToken response parameter contains a value to pass
|
|
// to the next call to the same API to request the next part of the list.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:ListSecrets
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To list the versions attached to a secret, use ListSecretVersionIds.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation ListSecrets for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidNextTokenException "InvalidNextTokenException"
|
|
// You provided an invalid NextToken value.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets
|
|
func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error) {
|
|
req, out := c.ListSecretsRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// ListSecretsWithContext is the same as ListSecrets with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See ListSecrets for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error) {
|
|
req, out := c.ListSecretsRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// ListSecretsPages iterates over the pages of a ListSecrets operation,
|
|
// calling the "fn" function with the response data for each page. To stop
|
|
// iterating, return false from the fn function.
|
|
//
|
|
// See ListSecrets method for more information on how to use this operation.
|
|
//
|
|
// Note: This operation can generate multiple requests to a service.
|
|
//
|
|
// // Example iterating over at most 3 pages of a ListSecrets operation.
|
|
// pageNum := 0
|
|
// err := client.ListSecretsPages(params,
|
|
// func(page *ListSecretsOutput, lastPage bool) bool {
|
|
// pageNum++
|
|
// fmt.Println(page)
|
|
// return pageNum <= 3
|
|
// })
|
|
//
|
|
func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error {
|
|
return c.ListSecretsPagesWithContext(aws.BackgroundContext(), input, fn)
|
|
}
|
|
|
|
// ListSecretsPagesWithContext same as ListSecretsPages except
|
|
// it takes a Context and allows setting request options on the pages.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error {
|
|
p := request.Pagination{
|
|
NewRequest: func() (*request.Request, error) {
|
|
var inCpy *ListSecretsInput
|
|
if input != nil {
|
|
tmp := *input
|
|
inCpy = &tmp
|
|
}
|
|
req, _ := c.ListSecretsRequest(inCpy)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return req, nil
|
|
},
|
|
}
|
|
|
|
cont := true
|
|
for p.Next() && cont {
|
|
cont = fn(p.Page().(*ListSecretsOutput), !p.HasNextPage())
|
|
}
|
|
return p.Err()
|
|
}
|
|
|
|
const opPutSecretValue = "PutSecretValue"
|
|
|
|
// PutSecretValueRequest generates a "aws/request.Request" representing the
|
|
// client's request for the PutSecretValue operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See PutSecretValue for more information on using the PutSecretValue
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the PutSecretValueRequest method.
|
|
// req, resp := client.PutSecretValueRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue
|
|
func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput) {
|
|
op := &request.Operation{
|
|
Name: opPutSecretValue,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &PutSecretValueInput{}
|
|
}
|
|
|
|
output = &PutSecretValueOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// PutSecretValue API operation for AWS Secrets Manager.
|
|
//
|
|
// Stores a new encrypted secret value in the specified secret. To do this,
|
|
// the operation creates a new version and attaches it to the secret. The version
|
|
// can contain a new SecretString value or a new SecretBinary value. You can
|
|
// also specify the staging labels that are initially attached to the new version.
|
|
//
|
|
// The Secrets Manager console uses only the SecretString field. To add binary
|
|
// data to a secret with the SecretBinary field you must use the AWS CLI or
|
|
// one of the AWS SDKs.
|
|
//
|
|
// * If this operation creates the first version for the secret then Secrets
|
|
// Manager automatically attaches the staging label AWSCURRENT to the new
|
|
// version.
|
|
//
|
|
// * If another version of this secret already exists, then this operation
|
|
// does not automatically move any staging labels other than those that you
|
|
// explicitly specify in the VersionStages parameter.
|
|
//
|
|
// * If this operation moves the staging label AWSCURRENT from another version
|
|
// to this version (because you included it in the StagingLabels parameter)
|
|
// then Secrets Manager also automatically moves the staging label AWSPREVIOUS
|
|
// to the version that AWSCURRENT was removed from.
|
|
//
|
|
// * This operation is idempotent. If a version with a SecretVersionId with
|
|
// the same value as the ClientRequestToken parameter already exists and
|
|
// you specify the same secret data, the operation succeeds but does nothing.
|
|
// However, if the secret data is different, then the operation fails because
|
|
// you cannot modify an existing version; you can only create new ones.
|
|
//
|
|
// If you call an operation that needs to encrypt or decrypt the SecretString
|
|
// or SecretBinary for a secret in the same account as the calling user and
|
|
// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
|
|
// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
|
|
// If this key doesn't already exist in your account then Secrets Manager creates
|
|
// it for you automatically. All users in the same AWS account automatically
|
|
// have access to use the default CMK. Note that if an Secrets Manager API call
|
|
// results in AWS having to create the account's AWS-managed CMK, it can result
|
|
// in a one-time significant delay in returning the result.
|
|
//
|
|
// If the secret is in a different AWS account from the credentials calling
|
|
// an API that requires encryption or decryption of the secret value then you
|
|
// must create and use a custom KMS CMK because you can't access the default
|
|
// CMK for the account using credentials from a different AWS account. Store
|
|
// the ARN of the CMK in the secret when you create the secret or when you update
|
|
// it by including it in the KMSKeyId. If you call an API that must encrypt
|
|
// or decrypt SecretString or SecretBinary using credentials from a different
|
|
// account then the KMS key policy must grant cross-account access to that other
|
|
// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:PutSecretValue
|
|
//
|
|
// * kms:GenerateDataKey - needed only if you use a customer-created KMS
|
|
// key to encrypt the secret. You do not need this permission to use the
|
|
// account's AWS managed CMK for Secrets Manager.
|
|
//
|
|
// * kms:Encrypt - needed only if you use a customer-created KMS key to encrypt
|
|
// the secret. You do not need this permission to use the account's AWS managed
|
|
// CMK for Secrets Manager.
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To retrieve the encrypted value you store in the version of a secret,
|
|
// use GetSecretValue.
|
|
//
|
|
// * To create a secret, use CreateSecret.
|
|
//
|
|
// * To get the details for a secret, use DescribeSecret.
|
|
//
|
|
// * To list the versions attached to a secret, use ListSecretVersionIds.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation PutSecretValue for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeLimitExceededException "LimitExceededException"
|
|
// The request failed because it would exceed one of the Secrets Manager internal
|
|
// limits.
|
|
//
|
|
// * ErrCodeEncryptionFailure "EncryptionFailure"
|
|
// Secrets Manager can't encrypt the protected secret text using the provided
|
|
// KMS key. Check that the customer master key (CMK) is available, enabled,
|
|
// and not in an invalid state. For more information, see How Key State Affects
|
|
// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
|
|
//
|
|
// * ErrCodeResourceExistsException "ResourceExistsException"
|
|
// A resource with the ID you requested already exists.
|
|
//
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue
|
|
func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error) {
|
|
req, out := c.PutSecretValueRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// PutSecretValueWithContext is the same as PutSecretValue with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See PutSecretValue for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error) {
|
|
req, out := c.PutSecretValueRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opRestoreSecret = "RestoreSecret"
|
|
|
|
// RestoreSecretRequest generates a "aws/request.Request" representing the
|
|
// client's request for the RestoreSecret operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See RestoreSecret for more information on using the RestoreSecret
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the RestoreSecretRequest method.
|
|
// req, resp := client.RestoreSecretRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret
|
|
func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput) {
|
|
op := &request.Operation{
|
|
Name: opRestoreSecret,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &RestoreSecretInput{}
|
|
}
|
|
|
|
output = &RestoreSecretOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// RestoreSecret API operation for AWS Secrets Manager.
|
|
//
|
|
// Cancels the scheduled deletion of a secret by removing the DeletedDate time
|
|
// stamp. This makes the secret accessible to query once again.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:RestoreSecret
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To delete a secret, use DeleteSecret.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation RestoreSecret for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret
|
|
func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error) {
|
|
req, out := c.RestoreSecretRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// RestoreSecretWithContext is the same as RestoreSecret with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See RestoreSecret for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error) {
|
|
req, out := c.RestoreSecretRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opRotateSecret = "RotateSecret"
|
|
|
|
// RotateSecretRequest generates a "aws/request.Request" representing the
|
|
// client's request for the RotateSecret operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See RotateSecret for more information on using the RotateSecret
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the RotateSecretRequest method.
|
|
// req, resp := client.RotateSecretRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret
|
|
func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput) {
|
|
op := &request.Operation{
|
|
Name: opRotateSecret,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &RotateSecretInput{}
|
|
}
|
|
|
|
output = &RotateSecretOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// RotateSecret API operation for AWS Secrets Manager.
|
|
//
|
|
// Configures and starts the asynchronous process of rotating this secret. If
|
|
// you include the configuration parameters, the operation sets those values
|
|
// for the secret and then immediately starts a rotation. If you do not include
|
|
// the configuration parameters, the operation starts a rotation with the values
|
|
// already stored in the secret. After the rotation completes, the protected
|
|
// service and its clients all use the new version of the secret.
|
|
//
|
|
// This required configuration information includes the ARN of an AWS Lambda
|
|
// function and the time between scheduled rotations. The Lambda rotation function
|
|
// creates a new version of the secret and creates or updates the credentials
|
|
// on the protected service to match. After testing the new credentials, the
|
|
// function marks the new secret with the staging label AWSCURRENT so that your
|
|
// clients all immediately begin to use the new version. For more information
|
|
// about rotating secrets and how to configure a Lambda function to rotate the
|
|
// secrets for your protected service, see Rotating Secrets in AWS Secrets Manager
|
|
// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html)
|
|
// in the AWS Secrets Manager User Guide.
|
|
//
|
|
// The rotation function must end with the versions of the secret in one of
|
|
// two states:
|
|
//
|
|
// * The AWSPENDING and AWSCURRENT staging labels are attached to the same
|
|
// version of the secret, or
|
|
//
|
|
// * The AWSPENDING staging label is not attached to any version of the secret.
|
|
//
|
|
// If instead the AWSPENDING staging label is present but is not attached to
|
|
// the same version as AWSCURRENT then any later invocation of RotateSecret
|
|
// assumes that a previous rotation request is still in progress and returns
|
|
// an error.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:RotateSecret
|
|
//
|
|
// * lambda:InvokeFunction (on the function specified in the secret's metadata)
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To list the secrets in your account, use ListSecrets.
|
|
//
|
|
// * To get the details for a version of a secret, use DescribeSecret.
|
|
//
|
|
// * To create a new version of a secret, use CreateSecret.
|
|
//
|
|
// * To attach staging labels to or remove staging labels from a version
|
|
// of a secret, use UpdateSecretVersionStage.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation RotateSecret for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret
|
|
func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error) {
|
|
req, out := c.RotateSecretRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// RotateSecretWithContext is the same as RotateSecret with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See RotateSecret for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error) {
|
|
req, out := c.RotateSecretRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opTagResource = "TagResource"
|
|
|
|
// TagResourceRequest generates a "aws/request.Request" representing the
|
|
// client's request for the TagResource operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See TagResource for more information on using the TagResource
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the TagResourceRequest method.
|
|
// req, resp := client.TagResourceRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource
|
|
func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
|
|
op := &request.Operation{
|
|
Name: opTagResource,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &TagResourceInput{}
|
|
}
|
|
|
|
output = &TagResourceOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
|
|
req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
|
|
return
|
|
}
|
|
|
|
// TagResource API operation for AWS Secrets Manager.
|
|
//
|
|
// Attaches one or more tags, each consisting of a key name and a value, to
|
|
// the specified secret. Tags are part of the secret's overall metadata, and
|
|
// are not associated with any specific version of the secret. This operation
|
|
// only appends tags to the existing list of tags. To remove tags, you must
|
|
// use UntagResource.
|
|
//
|
|
// The following basic restrictions apply to tags:
|
|
//
|
|
// * Maximum number of tags per secret—50
|
|
//
|
|
// * Maximum key length—127 Unicode characters in UTF-8
|
|
//
|
|
// * Maximum value length—255 Unicode characters in UTF-8
|
|
//
|
|
// * Tag keys and values are case sensitive.
|
|
//
|
|
// * Do not use the aws: prefix in your tag names or values because it is
|
|
// reserved for AWS use. You can't edit or delete tag names or values with
|
|
// this prefix. Tags with this prefix do not count against your tags per
|
|
// secret limit.
|
|
//
|
|
// * If your tagging schema will be used across multiple services and resources,
|
|
// remember that other services might have restrictions on allowed characters.
|
|
// Generally allowed characters are: letters, spaces, and numbers representable
|
|
// in UTF-8, plus the following special characters: + - = . _ : / @.
|
|
//
|
|
// If you use tags as part of your security strategy, then adding or removing
|
|
// a tag can change permissions. If successfully completing this operation would
|
|
// result in you losing your permissions for this secret, then the operation
|
|
// is blocked and returns an Access Denied error.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:TagResource
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To remove one or more tags from the collection attached to a secret,
|
|
// use UntagResource.
|
|
//
|
|
// * To view the list of tags attached to a secret, use DescribeSecret.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation TagResource for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource
|
|
func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
|
|
req, out := c.TagResourceRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// TagResourceWithContext is the same as TagResource with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See TagResource for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
|
|
req, out := c.TagResourceRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opUntagResource = "UntagResource"
|
|
|
|
// UntagResourceRequest generates a "aws/request.Request" representing the
|
|
// client's request for the UntagResource operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See UntagResource for more information on using the UntagResource
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the UntagResourceRequest method.
|
|
// req, resp := client.UntagResourceRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource
|
|
func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
|
|
op := &request.Operation{
|
|
Name: opUntagResource,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &UntagResourceInput{}
|
|
}
|
|
|
|
output = &UntagResourceOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
|
|
req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
|
|
return
|
|
}
|
|
|
|
// UntagResource API operation for AWS Secrets Manager.
|
|
//
|
|
// Removes one or more tags from the specified secret.
|
|
//
|
|
// This operation is idempotent. If a requested tag is not attached to the secret,
|
|
// no error is returned and the secret metadata is unchanged.
|
|
//
|
|
// If you use tags as part of your security strategy, then removing a tag can
|
|
// change permissions. If successfully completing this operation would result
|
|
// in you losing your permissions for this secret, then the operation is blocked
|
|
// and returns an Access Denied error.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:UntagResource
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To add one or more tags to the collection attached to a secret, use
|
|
// TagResource.
|
|
//
|
|
// * To view the list of tags attached to a secret, use DescribeSecret.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation UntagResource for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource
|
|
func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
|
|
req, out := c.UntagResourceRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// UntagResourceWithContext is the same as UntagResource with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See UntagResource for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
|
|
req, out := c.UntagResourceRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opUpdateSecret = "UpdateSecret"
|
|
|
|
// UpdateSecretRequest generates a "aws/request.Request" representing the
|
|
// client's request for the UpdateSecret operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See UpdateSecret for more information on using the UpdateSecret
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the UpdateSecretRequest method.
|
|
// req, resp := client.UpdateSecretRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret
|
|
func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput) {
|
|
op := &request.Operation{
|
|
Name: opUpdateSecret,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &UpdateSecretInput{}
|
|
}
|
|
|
|
output = &UpdateSecretOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// UpdateSecret API operation for AWS Secrets Manager.
|
|
//
|
|
// Modifies many of the details of a secret. If you include a ClientRequestToken
|
|
// and either SecretString or SecretBinary then it also creates a new version
|
|
// attached to the secret.
|
|
//
|
|
// To modify the rotation configuration of a secret, use RotateSecret instead.
|
|
//
|
|
// The Secrets Manager console uses only the SecretString parameter and therefore
|
|
// limits you to encrypting and storing only a text string. To encrypt and store
|
|
// binary data as part of the version of a secret, you must use either the AWS
|
|
// CLI or one of the AWS SDKs.
|
|
//
|
|
// * If a version with a SecretVersionId with the same value as the ClientRequestToken
|
|
// parameter already exists, the operation generates an error. You cannot
|
|
// modify an existing version, you can only create new ones.
|
|
//
|
|
// * If you include SecretString or SecretBinary to create a new secret version,
|
|
// Secrets Manager automatically attaches the staging label AWSCURRENT to
|
|
// the new version.
|
|
//
|
|
// If you call an operation that needs to encrypt or decrypt the SecretString
|
|
// or SecretBinary for a secret in the same account as the calling user and
|
|
// that secret doesn't specify a KMS encryption key, Secrets Manager uses the
|
|
// account's default AWS managed customer master key (CMK) with the alias aws/secretsmanager.
|
|
// If this key doesn't already exist in your account then Secrets Manager creates
|
|
// it for you automatically. All users in the same AWS account automatically
|
|
// have access to use the default CMK. Note that if an Secrets Manager API call
|
|
// results in AWS having to create the account's AWS-managed CMK, it can result
|
|
// in a one-time significant delay in returning the result.
|
|
//
|
|
// If the secret is in a different AWS account from the credentials calling
|
|
// an API that requires encryption or decryption of the secret value then you
|
|
// must create and use a custom KMS CMK because you can't access the default
|
|
// CMK for the account using credentials from a different AWS account. Store
|
|
// the ARN of the CMK in the secret when you create the secret or when you update
|
|
// it by including it in the KMSKeyId. If you call an API that must encrypt
|
|
// or decrypt SecretString or SecretBinary using credentials from a different
|
|
// account then the KMS key policy must grant cross-account access to that other
|
|
// account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:UpdateSecret
|
|
//
|
|
// * kms:GenerateDataKey - needed only if you use a custom KMS key to encrypt
|
|
// the secret. You do not need this permission to use the account's AWS managed
|
|
// CMK for Secrets Manager.
|
|
//
|
|
// * kms:Decrypt - needed only if you use a custom KMS key to encrypt the
|
|
// secret. You do not need this permission to use the account's AWS managed
|
|
// CMK for Secrets Manager.
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To create a new secret, use CreateSecret.
|
|
//
|
|
// * To add only a new version to an existing secret, use PutSecretValue.
|
|
//
|
|
// * To get the details for a secret, use DescribeSecret.
|
|
//
|
|
// * To list the versions contained in a secret, use ListSecretVersionIds.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation UpdateSecret for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeLimitExceededException "LimitExceededException"
|
|
// The request failed because it would exceed one of the Secrets Manager internal
|
|
// limits.
|
|
//
|
|
// * ErrCodeEncryptionFailure "EncryptionFailure"
|
|
// Secrets Manager can't encrypt the protected secret text using the provided
|
|
// KMS key. Check that the customer master key (CMK) is available, enabled,
|
|
// and not in an invalid state. For more information, see How Key State Affects
|
|
// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
|
|
//
|
|
// * ErrCodeResourceExistsException "ResourceExistsException"
|
|
// A resource with the ID you requested already exists.
|
|
//
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException"
|
|
// The policy document that you provided isn't valid.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret
|
|
func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error) {
|
|
req, out := c.UpdateSecretRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// UpdateSecretWithContext is the same as UpdateSecret with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See UpdateSecret for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error) {
|
|
req, out := c.UpdateSecretRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
const opUpdateSecretVersionStage = "UpdateSecretVersionStage"
|
|
|
|
// UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the
|
|
// client's request for the UpdateSecretVersionStage operation. The "output" return
|
|
// value will be populated with the request's response once the request completes
|
|
// successfuly.
|
|
//
|
|
// Use "Send" method on the returned Request to send the API call to the service.
|
|
// the "output" return value is not valid until after Send returns without error.
|
|
//
|
|
// See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage
|
|
// API call, and error handling.
|
|
//
|
|
// This method is useful when you want to inject custom logic or configuration
|
|
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
|
|
//
|
|
//
|
|
// // Example sending a request using the UpdateSecretVersionStageRequest method.
|
|
// req, resp := client.UpdateSecretVersionStageRequest(params)
|
|
//
|
|
// err := req.Send()
|
|
// if err == nil { // resp is now filled
|
|
// fmt.Println(resp)
|
|
// }
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage
|
|
func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput) {
|
|
op := &request.Operation{
|
|
Name: opUpdateSecretVersionStage,
|
|
HTTPMethod: "POST",
|
|
HTTPPath: "/",
|
|
}
|
|
|
|
if input == nil {
|
|
input = &UpdateSecretVersionStageInput{}
|
|
}
|
|
|
|
output = &UpdateSecretVersionStageOutput{}
|
|
req = c.newRequest(op, input, output)
|
|
return
|
|
}
|
|
|
|
// UpdateSecretVersionStage API operation for AWS Secrets Manager.
|
|
//
|
|
// Modifies the staging labels attached to a version of a secret. Staging labels
|
|
// are used to track a version as it progresses through the secret rotation
|
|
// process. You can attach a staging label to only one version of a secret at
|
|
// a time. If a staging label to be added is already attached to another version,
|
|
// then it is moved--removed from the other version first and then attached
|
|
// to this one. For more information about staging labels, see Staging Labels
|
|
// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label)
|
|
// in the AWS Secrets Manager User Guide.
|
|
//
|
|
// The staging labels that you specify in the VersionStage parameter are added
|
|
// to the existing list of staging labels--they don't replace it.
|
|
//
|
|
// You can move the AWSCURRENT staging label to this version by including it
|
|
// in this call.
|
|
//
|
|
// Whenever you move AWSCURRENT, Secrets Manager automatically moves the label
|
|
// AWSPREVIOUS to the version that AWSCURRENT was removed from.
|
|
//
|
|
// If this action results in the last label being removed from a version, then
|
|
// the version is considered to be 'deprecated' and can be deleted by Secrets
|
|
// Manager.
|
|
//
|
|
// Minimum permissions
|
|
//
|
|
// To run this command, you must have the following permissions:
|
|
//
|
|
// * secretsmanager:UpdateSecretVersionStage
|
|
//
|
|
// Related operations
|
|
//
|
|
// * To get the list of staging labels that are currently associated with
|
|
// a version of a secret, use DescribeSecret and examine the SecretVersionsToStages
|
|
// response value.
|
|
//
|
|
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
|
|
// with awserr.Error's Code and Message methods to get detailed information about
|
|
// the error.
|
|
//
|
|
// See the AWS API reference guide for AWS Secrets Manager's
|
|
// API operation UpdateSecretVersionStage for usage and error information.
|
|
//
|
|
// Returned Error Codes:
|
|
// * ErrCodeResourceNotFoundException "ResourceNotFoundException"
|
|
// We can't find the resource that you asked for.
|
|
//
|
|
// * ErrCodeInvalidParameterException "InvalidParameterException"
|
|
// You provided an invalid value for a parameter.
|
|
//
|
|
// * ErrCodeInvalidRequestException "InvalidRequestException"
|
|
// You provided a parameter value that is not valid for the current state of
|
|
// the resource. For example, if you try to enable rotation on a secret, you
|
|
// must already have a Lambda function ARN configured or included as a parameter
|
|
// in this call.
|
|
//
|
|
// * ErrCodeLimitExceededException "LimitExceededException"
|
|
// The request failed because it would exceed one of the Secrets Manager internal
|
|
// limits.
|
|
//
|
|
// * ErrCodeInternalServiceError "InternalServiceError"
|
|
// An error occurred on the server side.
|
|
//
|
|
// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage
|
|
func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error) {
|
|
req, out := c.UpdateSecretVersionStageRequest(input)
|
|
return out, req.Send()
|
|
}
|
|
|
|
// UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of
|
|
// the ability to pass a context and additional request options.
|
|
//
|
|
// See UpdateSecretVersionStage for details on how to use this API operation.
|
|
//
|
|
// The context must be non-nil and will be used for request cancellation. If
|
|
// the context is nil a panic will occur. In the future the SDK may create
|
|
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
|
|
// for more information on using Contexts.
|
|
func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error) {
|
|
req, out := c.UpdateSecretVersionStageRequest(input)
|
|
req.SetContext(ctx)
|
|
req.ApplyOptions(opts...)
|
|
return out, req.Send()
|
|
}
|
|
|
|
type CancelRotateSecretInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// Specifies the secret for which you want to cancel a rotation request. You
|
|
// can specify either the Amazon Resource Name (ARN) or the friendly name of
|
|
// the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s CancelRotateSecretInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s CancelRotateSecretInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *CancelRotateSecretInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "CancelRotateSecretInput"}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *CancelRotateSecretInput) SetSecretId(v string) *CancelRotateSecretInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
type CancelRotateSecretOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of the secret for which rotation was canceled.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of the secret for which rotation was canceled.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// The unique identifier of the version of the secret that was created during
|
|
// the rotation. This version might not be complete, and should be evaluated
|
|
// for possible deletion. At the very least, you should remove the VersionStage
|
|
// value AWSPENDING to enable this version to be deleted. Failing to clean up
|
|
// a cancelled rotation can block you from successfully starting future rotations.
|
|
VersionId *string `min:"32" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s CancelRotateSecretOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s CancelRotateSecretOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *CancelRotateSecretOutput) SetARN(v string) *CancelRotateSecretOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *CancelRotateSecretOutput) SetName(v string) *CancelRotateSecretOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *CancelRotateSecretOutput) SetVersionId(v string) *CancelRotateSecretOutput {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
type CreateSecretInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) If you include SecretString or SecretBinary, then an initial version
|
|
// is created as part of the secret, and this parameter specifies a unique identifier
|
|
// for the new version.
|
|
//
|
|
// If you use the AWS CLI or one of the AWS SDK to call this operation, then
|
|
// you can leave this parameter empty. The CLI or SDK generates a random UUID
|
|
// for you and includes as the value for this parameter in the request. If you
|
|
// don't use the SDK and instead generate a raw HTTP request to the Secrets
|
|
// Manager service endpoint, then you must generate a ClientRequestToken yourself
|
|
// for the new version and include that value in the request.
|
|
//
|
|
// This value helps ensure idempotency. Secrets Manager uses this value to prevent
|
|
// the accidental creation of duplicate versions if there are failures and retries
|
|
// during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
|
|
// value to ensure uniqueness of your versions within the specified secret.
|
|
//
|
|
// * If the ClientRequestToken value isn't already associated with a version
|
|
// of the secret then a new version of the secret is created.
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// and SecretBinary values are the same as those in the request, then the
|
|
// request is ignored (the operation is idempotent).
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// and SecretBinary values are different from those in the request then the
|
|
// request fails because you cannot modify an existing version. Instead,
|
|
// use PutSecretValue to create a new version.
|
|
//
|
|
// This value becomes the SecretVersionId of the new version.
|
|
ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`
|
|
|
|
// (Optional) Specifies a user-provided description of the secret.
|
|
Description *string `type:"string"`
|
|
|
|
// (Optional) Specifies the ARN or alias of the AWS KMS customer master key
|
|
// (CMK) to be used to encrypt the SecretString or SecretBinary values in the
|
|
// versions stored in this secret.
|
|
//
|
|
// If you don't specify this value, then Secrets Manager defaults to using the
|
|
// AWS account's default CMK (the one named aws/secretsmanager). If a KMS CMK
|
|
// with that name doesn't yet exist, then Secrets Manager creates it for you
|
|
// automatically the first time it needs to encrypt a version's SecretString
|
|
// or SecretBinary fields.
|
|
//
|
|
// You can use the account's default CMK to encrypt and decrypt only if you
|
|
// call this operation using credentials from the same account that owns the
|
|
// secret. If the secret is in a different account, then you must create a custom
|
|
// CMK and specify the ARN in this field.
|
|
KmsKeyId *string `type:"string"`
|
|
|
|
// Specifies the friendly name of the new secret.
|
|
//
|
|
// Name is a required field
|
|
Name *string `min:"1" type:"string" required:"true"`
|
|
|
|
// (Optional) Specifies binary data that you want to encrypt and store in the
|
|
// new version of the secret. To use this parameter in the command-line tools,
|
|
// we recommend that you store your binary data in a file and then use the appropriate
|
|
// technique for your tool to pass the contents of the file as a parameter.
|
|
//
|
|
// Either SecretString or SecretBinary must have a value, but not both. They
|
|
// cannot both be empty.
|
|
//
|
|
// This parameter is not available using the Secrets Manager console. It can
|
|
// be accessed only by using the AWS CLI or one of the AWS SDKs.
|
|
//
|
|
// SecretBinary is automatically base64 encoded/decoded by the SDK.
|
|
SecretBinary []byte `type:"blob"`
|
|
|
|
// (Optional) Specifies text data that you want to encrypt and store in this
|
|
// new version of the secret.
|
|
//
|
|
// Either SecretString or SecretBinary must have a value, but not both. They
|
|
// cannot both be empty.
|
|
//
|
|
// If you create a secret by using the Secrets Manager console then Secrets
|
|
// Manager puts the protected secret text in only the SecretString parameter.
|
|
// The Secrets Manager console stores the information as a JSON structure of
|
|
// key/value pairs that the Lambda rotation function knows how to parse.
|
|
//
|
|
// For storing multiple values, we recommend that you use a JSON text string
|
|
// argument and specify key/value pairs. For information on how to format a
|
|
// JSON parameter for the various command line tool environments, see Using
|
|
// JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
|
|
// in the AWS CLI User Guide. For example:
|
|
//
|
|
// [{"Key":"username","Value":"bob"},{"Key":"password","Value":"abc123xyz456"}]
|
|
//
|
|
// If your command-line tool or SDK requires quotation marks around the parameter,
|
|
// you should use single quotes to avoid confusion with the double quotes required
|
|
// in the JSON text.
|
|
SecretString *string `type:"string"`
|
|
|
|
// (Optional) Specifies a list of user-defined tags that are attached to the
|
|
// secret. Each tag is a "Key" and "Value" pair of strings. This operation only
|
|
// appends tags to the existing list of tags. To remove tags, you must use UntagResource.
|
|
//
|
|
// Secrets Manager tag key names are case sensitive. A tag with the key "ABC"
|
|
// is a different tag from one with key "abc".
|
|
//
|
|
// If you check tags in IAM policy Condition elements as part of your security
|
|
// strategy, then adding or removing a tag can change permissions. If the successful
|
|
// completion of this operation would result in you losing your permissions
|
|
// for this secret, then this operation is blocked and returns an Access Denied
|
|
// error.
|
|
//
|
|
// This parameter requires a JSON text string argument. For information on how
|
|
// to format a JSON parameter for the various command line tool environments,
|
|
// see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
|
|
// in the AWS CLI User Guide. For example:
|
|
//
|
|
// [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
|
|
//
|
|
// If your command-line tool or SDK requires quotation marks around the parameter,
|
|
// you should use single quotes to avoid confusion with the double quotes required
|
|
// in the JSON text.
|
|
//
|
|
// The following basic restrictions apply to tags:
|
|
//
|
|
// * Maximum number of tags per secret—50
|
|
//
|
|
// * Maximum key length—127 Unicode characters in UTF-8
|
|
//
|
|
// * Maximum value length—255 Unicode characters in UTF-8
|
|
//
|
|
// * Tag keys and values are case sensitive.
|
|
//
|
|
// * Do not use the aws: prefix in your tag names or values because it is
|
|
// reserved for AWS use. You can't edit or delete tag names or values with
|
|
// this prefix. Tags with this prefix do not count against your tags per
|
|
// secret limit.
|
|
//
|
|
// * If your tagging schema will be used across multiple services and resources,
|
|
// remember that other services might have restrictions on allowed characters.
|
|
// Generally allowed characters are: letters, spaces, and numbers representable
|
|
// in UTF-8, plus the following special characters: + - = . _ : / @.
|
|
Tags []*Tag `type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s CreateSecretInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s CreateSecretInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *CreateSecretInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "CreateSecretInput"}
|
|
if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
|
|
invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32))
|
|
}
|
|
if s.Name == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("Name"))
|
|
}
|
|
if s.Name != nil && len(*s.Name) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("Name", 1))
|
|
}
|
|
if s.Tags != nil {
|
|
for i, v := range s.Tags {
|
|
if v == nil {
|
|
continue
|
|
}
|
|
if err := v.Validate(); err != nil {
|
|
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
|
|
}
|
|
}
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetClientRequestToken sets the ClientRequestToken field's value.
|
|
func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput {
|
|
s.ClientRequestToken = &v
|
|
return s
|
|
}
|
|
|
|
// SetDescription sets the Description field's value.
|
|
func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput {
|
|
s.Description = &v
|
|
return s
|
|
}
|
|
|
|
// SetKmsKeyId sets the KmsKeyId field's value.
|
|
func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput {
|
|
s.KmsKeyId = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *CreateSecretInput) SetName(v string) *CreateSecretInput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretBinary sets the SecretBinary field's value.
|
|
func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput {
|
|
s.SecretBinary = v
|
|
return s
|
|
}
|
|
|
|
// SetSecretString sets the SecretString field's value.
|
|
func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput {
|
|
s.SecretString = &v
|
|
return s
|
|
}
|
|
|
|
// SetTags sets the Tags field's value.
|
|
func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput {
|
|
s.Tags = v
|
|
return s
|
|
}
|
|
|
|
type CreateSecretOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The Amazon Resource Name (ARN) of the secret that you just created.
|
|
//
|
|
// Secrets Manager automatically adds several random characters to the name
|
|
// at the end of the ARN when you initially create a secret. This affects only
|
|
// the ARN and not the actual friendly name. This ensures that if you create
|
|
// a new secret with the same name as an old secret that you previously deleted,
|
|
// then users with access to the old secret don't automatically get access to
|
|
// the new secret because the ARNs are different.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of the secret that you just created.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// The unique identifier that's associated with the version of the secret you
|
|
// just created.
|
|
VersionId *string `min:"32" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s CreateSecretOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s CreateSecretOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *CreateSecretOutput) SetARN(v string) *CreateSecretOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *CreateSecretOutput) SetName(v string) *CreateSecretOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
type DeleteSecretInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) Specifies the number of days that Secrets Manager waits before
|
|
// it can delete the secret.
|
|
//
|
|
// This value can range from 7 to 30 days. The default value is 30.
|
|
RecoveryWindowInDays *int64 `type:"long"`
|
|
|
|
// Specifies the secret that you want to delete. You can specify either the
|
|
// Amazon Resource Name (ARN) or the friendly name of the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s DeleteSecretInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s DeleteSecretInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *DeleteSecretInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "DeleteSecretInput"}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value.
|
|
func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput {
|
|
s.RecoveryWindowInDays = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
type DeleteSecretOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of the secret that is now scheduled for deletion.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The date and time after which this secret can be deleted by Secrets Manager
|
|
// and can no longer be restored. This value is the date and time of the delete
|
|
// request plus the number of days specified in RecoveryWindowInDays.
|
|
DeletionDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The friendly name of the secret that is now scheduled for deletion.
|
|
Name *string `min:"1" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s DeleteSecretOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s DeleteSecretOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *DeleteSecretOutput) SetARN(v string) *DeleteSecretOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetDeletionDate sets the DeletionDate field's value.
|
|
func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput {
|
|
s.DeletionDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *DeleteSecretOutput) SetName(v string) *DeleteSecretOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
type DescribeSecretInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The identifier of the secret whose details you want to retrieve. You can
|
|
// specify either the Amazon Resource Name (ARN) or the friendly name of the
|
|
// secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s DescribeSecretInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s DescribeSecretInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *DescribeSecretInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "DescribeSecretInput"}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
type DescribeSecretOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of the secret.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// This value exists if the secret is scheduled for deletion. Some time after
|
|
// the specified date and time, Secrets Manager deletes the secret and all of
|
|
// its versions.
|
|
//
|
|
// If a secret is scheduled for deletion, then its details, including the encrypted
|
|
// secret information, is not accessible. To cancel a scheduled deletion and
|
|
// restore access, use RestoreSecret.
|
|
DeletedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The user-provided description of the secret.
|
|
Description *string `type:"string"`
|
|
|
|
// The ARN or alias of the AWS KMS customer master key (CMK) that's used to
|
|
// encrypt the SecretString or SecretBinary fields in each version of the secret.
|
|
// If you don't provide a key, then Secrets Manager defaults to encrypting the
|
|
// secret fields with the default KMS CMK (the one named awssecretsmanager)
|
|
// for this account.
|
|
KmsKeyId *string `type:"string"`
|
|
|
|
// The last date that this secret was accessed. This value is truncated to midnight
|
|
// of the date and therefore shows only the date, not the time.
|
|
LastAccessedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The last date and time that this secret was modified in any way.
|
|
LastChangedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The last date and time that the Secrets Manager rotation process for this
|
|
// secret was invoked.
|
|
LastRotatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The user-provided friendly name of the secret.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// Specifies whether automatic rotation is enabled for this secret.
|
|
//
|
|
// To enable rotation, use RotateSecret with AutomaticallyRotateAfterDays set
|
|
// to a value greater than 0. To disable rotation, use CancelRotateSecret.
|
|
RotationEnabled *bool `type:"boolean"`
|
|
|
|
// The ARN of a Lambda function that's invoked by Secrets Manager to rotate
|
|
// the secret either automatically per the schedule or manually by a call to
|
|
// RotateSecret.
|
|
RotationLambdaARN *string `type:"string"`
|
|
|
|
// A structure that contains the rotation configuration for this secret.
|
|
RotationRules *RotationRulesType `type:"structure"`
|
|
|
|
// The list of user-defined tags that are associated with the secret. To add
|
|
// tags to a secret, use TagResource. To remove tags, use UntagResource.
|
|
Tags []*Tag `type:"list"`
|
|
|
|
// A list of all of the currently assigned VersionStage staging labels and the
|
|
// SecretVersionId that each is attached to. Staging labels are used to keep
|
|
// track of the different versions during the rotation process.
|
|
//
|
|
// A version that does not have any staging labels attached is considered deprecated
|
|
// and subject to deletion. Such versions are not included in this list.
|
|
VersionIdsToStages map[string][]*string `type:"map"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s DescribeSecretOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s DescribeSecretOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *DescribeSecretOutput) SetARN(v string) *DescribeSecretOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetDeletedDate sets the DeletedDate field's value.
|
|
func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput {
|
|
s.DeletedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetDescription sets the Description field's value.
|
|
func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput {
|
|
s.Description = &v
|
|
return s
|
|
}
|
|
|
|
// SetKmsKeyId sets the KmsKeyId field's value.
|
|
func (s *DescribeSecretOutput) SetKmsKeyId(v string) *DescribeSecretOutput {
|
|
s.KmsKeyId = &v
|
|
return s
|
|
}
|
|
|
|
// SetLastAccessedDate sets the LastAccessedDate field's value.
|
|
func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput {
|
|
s.LastAccessedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetLastChangedDate sets the LastChangedDate field's value.
|
|
func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput {
|
|
s.LastChangedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetLastRotatedDate sets the LastRotatedDate field's value.
|
|
func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput {
|
|
s.LastRotatedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *DescribeSecretOutput) SetName(v string) *DescribeSecretOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationEnabled sets the RotationEnabled field's value.
|
|
func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput {
|
|
s.RotationEnabled = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationLambdaARN sets the RotationLambdaARN field's value.
|
|
func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput {
|
|
s.RotationLambdaARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationRules sets the RotationRules field's value.
|
|
func (s *DescribeSecretOutput) SetRotationRules(v *RotationRulesType) *DescribeSecretOutput {
|
|
s.RotationRules = v
|
|
return s
|
|
}
|
|
|
|
// SetTags sets the Tags field's value.
|
|
func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput {
|
|
s.Tags = v
|
|
return s
|
|
}
|
|
|
|
// SetVersionIdsToStages sets the VersionIdsToStages field's value.
|
|
func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput {
|
|
s.VersionIdsToStages = v
|
|
return s
|
|
}
|
|
|
|
type GetRandomPasswordInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// A string that includes characters that should not be included in the generated
|
|
// password. The default is that all characters from the included sets can be
|
|
// used.
|
|
ExcludeCharacters *string `type:"string"`
|
|
|
|
// Specifies that the generated password should not include lowercase letters.
|
|
// The default if you do not include this switch parameter is that lowercase
|
|
// letters can be included.
|
|
ExcludeLowercase *bool `type:"boolean"`
|
|
|
|
// Specifies that the generated password should not include digits. The default
|
|
// if you do not include this switch parameter is that digits can be included.
|
|
ExcludeNumbers *bool `type:"boolean"`
|
|
|
|
// Specifies that the generated password should not include punctuation characters.
|
|
// The default if you do not include this switch parameter is that punctuation
|
|
// characters can be included.
|
|
ExcludePunctuation *bool `type:"boolean"`
|
|
|
|
// Specifies that the generated password should not include uppercase letters.
|
|
// The default if you do not include this switch parameter is that uppercase
|
|
// letters can be included.
|
|
ExcludeUppercase *bool `type:"boolean"`
|
|
|
|
// Specifies that the generated password can include the space character. The
|
|
// default if you do not include this switch parameter is that the space character
|
|
// is not included.
|
|
IncludeSpace *bool `type:"boolean"`
|
|
|
|
// The desired length of the generated password. The default value if you do
|
|
// not include this parameter is 32 characters.
|
|
PasswordLength *int64 `min:"1" type:"long"`
|
|
|
|
// A boolean value that specifies whether the generated password must include
|
|
// at least one of every allowed character type. The default value is True and
|
|
// the operation requires at least one of every character type.
|
|
RequireEachIncludedType *bool `type:"boolean"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s GetRandomPasswordInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s GetRandomPasswordInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *GetRandomPasswordInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "GetRandomPasswordInput"}
|
|
if s.PasswordLength != nil && *s.PasswordLength < 1 {
|
|
invalidParams.Add(request.NewErrParamMinValue("PasswordLength", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetExcludeCharacters sets the ExcludeCharacters field's value.
|
|
func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput {
|
|
s.ExcludeCharacters = &v
|
|
return s
|
|
}
|
|
|
|
// SetExcludeLowercase sets the ExcludeLowercase field's value.
|
|
func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput {
|
|
s.ExcludeLowercase = &v
|
|
return s
|
|
}
|
|
|
|
// SetExcludeNumbers sets the ExcludeNumbers field's value.
|
|
func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput {
|
|
s.ExcludeNumbers = &v
|
|
return s
|
|
}
|
|
|
|
// SetExcludePunctuation sets the ExcludePunctuation field's value.
|
|
func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput {
|
|
s.ExcludePunctuation = &v
|
|
return s
|
|
}
|
|
|
|
// SetExcludeUppercase sets the ExcludeUppercase field's value.
|
|
func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput {
|
|
s.ExcludeUppercase = &v
|
|
return s
|
|
}
|
|
|
|
// SetIncludeSpace sets the IncludeSpace field's value.
|
|
func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput {
|
|
s.IncludeSpace = &v
|
|
return s
|
|
}
|
|
|
|
// SetPasswordLength sets the PasswordLength field's value.
|
|
func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput {
|
|
s.PasswordLength = &v
|
|
return s
|
|
}
|
|
|
|
// SetRequireEachIncludedType sets the RequireEachIncludedType field's value.
|
|
func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput {
|
|
s.RequireEachIncludedType = &v
|
|
return s
|
|
}
|
|
|
|
type GetRandomPasswordOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// A string with the generated password.
|
|
RandomPassword *string `type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s GetRandomPasswordOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s GetRandomPasswordOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetRandomPassword sets the RandomPassword field's value.
|
|
func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput {
|
|
s.RandomPassword = &v
|
|
return s
|
|
}
|
|
|
|
type GetSecretValueInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// Specifies the secret containing the version that you want to retrieve. You
|
|
// can specify either the Amazon Resource Name (ARN) or the friendly name of
|
|
// the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
|
|
// Specifies the unique identifier of the version of the secret that you want
|
|
// to retrieve. If you specify this parameter then don't specify VersionStage.
|
|
// If you don't specify either a VersionStage or SecretVersionId then the default
|
|
// is to perform the operation on the version with the VersionStage value of
|
|
// AWSCURRENT.
|
|
//
|
|
// This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
|
|
// value with 32 hexadecimal digits.
|
|
VersionId *string `min:"32" type:"string"`
|
|
|
|
// Specifies the secret version that you want to retrieve by the staging label
|
|
// attached to the version.
|
|
//
|
|
// Staging labels are used to keep track of different versions during the rotation
|
|
// process. If you use this parameter then don't specify SecretVersionId. If
|
|
// you don't specify either a VersionStage or SecretVersionId, then the default
|
|
// is to perform the operation on the version with the VersionStage value of
|
|
// AWSCURRENT.
|
|
VersionStage *string `min:"1" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s GetSecretValueInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s GetSecretValueInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *GetSecretValueInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "GetSecretValueInput"}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
if s.VersionId != nil && len(*s.VersionId) < 32 {
|
|
invalidParams.Add(request.NewErrParamMinLen("VersionId", 32))
|
|
}
|
|
if s.VersionStage != nil && len(*s.VersionStage) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionStage sets the VersionStage field's value.
|
|
func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput {
|
|
s.VersionStage = &v
|
|
return s
|
|
}
|
|
|
|
type GetSecretValueOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of the secret.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The date and time that this version of the secret was created.
|
|
CreatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The friendly name of the secret.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// The decrypted part of the protected secret information that was originally
|
|
// provided as binary data in the form of a byte array. The response parameter
|
|
// represents the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4)
|
|
// string.
|
|
//
|
|
// This parameter is not used if the secret is created by the Secrets Manager
|
|
// console.
|
|
//
|
|
// If you store custom information in this field of the secret, then you must
|
|
// code your Lambda rotation function to parse and interpret whatever you store
|
|
// in the SecretString or SecretBinary fields.
|
|
//
|
|
// SecretBinary is automatically base64 encoded/decoded by the SDK.
|
|
SecretBinary []byte `type:"blob"`
|
|
|
|
// The decrypted part of the protected secret information that was originally
|
|
// provided as a string.
|
|
//
|
|
// If you create this secret by using the Secrets Manager console then only
|
|
// the SecretString parameter contains data. Secrets Manager stores the information
|
|
// as a JSON structure of key/value pairs that the Lambda rotation function
|
|
// knows how to parse.
|
|
//
|
|
// If you store custom information in the secret by using the CreateSecret,
|
|
// UpdateSecret, or PutSecretValue API operations instead of the Secrets Manager
|
|
// console, or by using the Other secret type in the console, then you must
|
|
// code your Lambda rotation function to parse and interpret those values.
|
|
SecretString *string `type:"string"`
|
|
|
|
// The unique identifier of this version of the secret.
|
|
VersionId *string `min:"32" type:"string"`
|
|
|
|
// A list of all of the staging labels currently attached to this version of
|
|
// the secret.
|
|
VersionStages []*string `min:"1" type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s GetSecretValueOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s GetSecretValueOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *GetSecretValueOutput) SetARN(v string) *GetSecretValueOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetCreatedDate sets the CreatedDate field's value.
|
|
func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput {
|
|
s.CreatedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *GetSecretValueOutput) SetName(v string) *GetSecretValueOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretBinary sets the SecretBinary field's value.
|
|
func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput {
|
|
s.SecretBinary = v
|
|
return s
|
|
}
|
|
|
|
// SetSecretString sets the SecretString field's value.
|
|
func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput {
|
|
s.SecretString = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionStages sets the VersionStages field's value.
|
|
func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput {
|
|
s.VersionStages = v
|
|
return s
|
|
}
|
|
|
|
type ListSecretVersionIdsInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) Specifies that you want the results to include versions that do
|
|
// not have any staging labels attached to them. Such versions are considered
|
|
// deprecated and are subject to deletion by Secrets Manager as needed.
|
|
IncludeDeprecated *bool `type:"boolean"`
|
|
|
|
// (Optional) Limits the number of results that you want to include in the response.
|
|
// If you don't include this parameter, it defaults to a value that's specific
|
|
// to the operation. If additional items exist beyond the maximum you specify,
|
|
// the NextToken response element is present and has a value (isn't null). Include
|
|
// that value as the NextToken request parameter in the next call to the operation
|
|
// to get the next part of the results. Note that Secrets Manager might return
|
|
// fewer results than the maximum even when there are more results available.
|
|
// You should check NextToken after every operation to ensure that you receive
|
|
// all of the results.
|
|
MaxResults *int64 `min:"1" type:"integer"`
|
|
|
|
// (Optional) Use this parameter in a request if you receive a NextToken response
|
|
// in a previous request that indicates that there's more output available.
|
|
// In a subsequent call, set it to the value of the previous call's NextToken
|
|
// response to indicate where the output should continue from.
|
|
NextToken *string `min:"1" type:"string"`
|
|
|
|
// The identifier for the secret containing the versions you want to list. You
|
|
// can specify either the Amazon Resource Name (ARN) or the friendly name of
|
|
// the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s ListSecretVersionIdsInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s ListSecretVersionIdsInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *ListSecretVersionIdsInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "ListSecretVersionIdsInput"}
|
|
if s.MaxResults != nil && *s.MaxResults < 1 {
|
|
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
|
|
}
|
|
if s.NextToken != nil && len(*s.NextToken) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
|
|
}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetIncludeDeprecated sets the IncludeDeprecated field's value.
|
|
func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput {
|
|
s.IncludeDeprecated = &v
|
|
return s
|
|
}
|
|
|
|
// SetMaxResults sets the MaxResults field's value.
|
|
func (s *ListSecretVersionIdsInput) SetMaxResults(v int64) *ListSecretVersionIdsInput {
|
|
s.MaxResults = &v
|
|
return s
|
|
}
|
|
|
|
// SetNextToken sets the NextToken field's value.
|
|
func (s *ListSecretVersionIdsInput) SetNextToken(v string) *ListSecretVersionIdsInput {
|
|
s.NextToken = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *ListSecretVersionIdsInput) SetSecretId(v string) *ListSecretVersionIdsInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
type ListSecretVersionIdsOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The Amazon Resource Name (ARN) for the secret.
|
|
//
|
|
// Secrets Manager automatically adds several random characters to the name
|
|
// at the end of the ARN when you initially create a secret. This affects only
|
|
// the ARN and not the actual friendly name. This ensures that if you create
|
|
// a new secret with the same name as an old secret that you previously deleted,
|
|
// then users with access to the old secret don't automatically get access to
|
|
// the new secret because the ARNs are different.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of the secret.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// If present in the response, this value indicates that there's more output
|
|
// available than what's included in the current response. This can occur even
|
|
// when the response includes no values at all, such as when you ask for a filtered
|
|
// view of a very long list. Use this value in the NextToken request parameter
|
|
// in a subsequent call to the operation to continue processing and get the
|
|
// next part of the output. You should repeat this until the NextToken response
|
|
// element comes back empty (as null).
|
|
NextToken *string `min:"1" type:"string"`
|
|
|
|
// The list of the currently available versions of the specified secret.
|
|
Versions []*SecretVersionsListEntry `type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s ListSecretVersionIdsOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s ListSecretVersionIdsOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *ListSecretVersionIdsOutput) SetARN(v string) *ListSecretVersionIdsOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *ListSecretVersionIdsOutput) SetName(v string) *ListSecretVersionIdsOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetNextToken sets the NextToken field's value.
|
|
func (s *ListSecretVersionIdsOutput) SetNextToken(v string) *ListSecretVersionIdsOutput {
|
|
s.NextToken = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersions sets the Versions field's value.
|
|
func (s *ListSecretVersionIdsOutput) SetVersions(v []*SecretVersionsListEntry) *ListSecretVersionIdsOutput {
|
|
s.Versions = v
|
|
return s
|
|
}
|
|
|
|
type ListSecretsInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) Limits the number of results that you want to include in the response.
|
|
// If you don't include this parameter, it defaults to a value that's specific
|
|
// to the operation. If additional items exist beyond the maximum you specify,
|
|
// the NextToken response element is present and has a value (isn't null). Include
|
|
// that value as the NextToken request parameter in the next call to the operation
|
|
// to get the next part of the results. Note that Secrets Manager might return
|
|
// fewer results than the maximum even when there are more results available.
|
|
// You should check NextToken after every operation to ensure that you receive
|
|
// all of the results.
|
|
MaxResults *int64 `min:"1" type:"integer"`
|
|
|
|
// (Optional) Use this parameter in a request if you receive a NextToken response
|
|
// in a previous request that indicates that there's more output available.
|
|
// In a subsequent call, set it to the value of the previous call's NextToken
|
|
// response to indicate where the output should continue from.
|
|
NextToken *string `min:"1" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s ListSecretsInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s ListSecretsInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *ListSecretsInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "ListSecretsInput"}
|
|
if s.MaxResults != nil && *s.MaxResults < 1 {
|
|
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
|
|
}
|
|
if s.NextToken != nil && len(*s.NextToken) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetMaxResults sets the MaxResults field's value.
|
|
func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput {
|
|
s.MaxResults = &v
|
|
return s
|
|
}
|
|
|
|
// SetNextToken sets the NextToken field's value.
|
|
func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput {
|
|
s.NextToken = &v
|
|
return s
|
|
}
|
|
|
|
type ListSecretsOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// If present in the response, this value indicates that there's more output
|
|
// available than what's included in the current response. This can occur even
|
|
// when the response includes no values at all, such as when you ask for a filtered
|
|
// view of a very long list. Use this value in the NextToken request parameter
|
|
// in a subsequent call to the operation to continue processing and get the
|
|
// next part of the output. You should repeat this until the NextToken response
|
|
// element comes back empty (as null).
|
|
NextToken *string `min:"1" type:"string"`
|
|
|
|
// A list of the secrets in the account.
|
|
SecretList []*SecretListEntry `type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s ListSecretsOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s ListSecretsOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetNextToken sets the NextToken field's value.
|
|
func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput {
|
|
s.NextToken = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretList sets the SecretList field's value.
|
|
func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput {
|
|
s.SecretList = v
|
|
return s
|
|
}
|
|
|
|
type PutSecretValueInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) Specifies a unique identifier for the new version of the secret.
|
|
//
|
|
// If you use the AWS CLI or one of the AWS SDK to call this operation, then
|
|
// you can leave this parameter empty. The CLI or SDK generates a random UUID
|
|
// for you and includes that in the request. If you don't use the SDK and instead
|
|
// generate a raw HTTP request to the Secrets Manager service endpoint, then
|
|
// you must generate a ClientRequestToken yourself for new versions and include
|
|
// that value in the request.
|
|
//
|
|
// This value helps ensure idempotency. Secrets Manager uses this value to prevent
|
|
// the accidental creation of duplicate versions if there are failures and retries
|
|
// during the Lambda rotation function's processing. We recommend that you generate
|
|
// a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value
|
|
// to ensure uniqueness within the specified secret.
|
|
//
|
|
// * If the ClientRequestToken value isn't already associated with a version
|
|
// of the secret then a new version of the secret is created.
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// or SecretBinary values are the same as those in the request then the request
|
|
// is ignored (the operation is idempotent).
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// and SecretBinary values are different from those in the request then the
|
|
// request fails because you cannot modify an existing secret version. You
|
|
// can only create new versions to store new secret values.
|
|
//
|
|
// This value becomes the SecretVersionId of the new version.
|
|
ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`
|
|
|
|
// (Optional) Specifies binary data that you want to encrypt and store in the
|
|
// new version of the secret. To use this parameter in the command-line tools,
|
|
// we recommend that you store your binary data in a file and then use the appropriate
|
|
// technique for your tool to pass the contents of the file as a parameter.
|
|
// Either SecretBinary or SecretString must have a value, but not both. They
|
|
// cannot both be empty.
|
|
//
|
|
// This parameter is not accessible if the secret using the Secrets Manager
|
|
// console.
|
|
//
|
|
// SecretBinary is automatically base64 encoded/decoded by the SDK.
|
|
SecretBinary []byte `type:"blob"`
|
|
|
|
// Specifies the secret to which you want to add a new version. You can specify
|
|
// either the Amazon Resource Name (ARN) or the friendly name of the secret.
|
|
// The secret must already exist.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
|
|
// (Optional) Specifies text data that you want to encrypt and store in this
|
|
// new version of the secret. Either SecretString or SecretBinary must have
|
|
// a value, but not both. They cannot both be empty.
|
|
//
|
|
// If you create this secret by using the Secrets Manager console then Secrets
|
|
// Manager puts the protected secret text in only the SecretString parameter.
|
|
// The Secrets Manager console stores the information as a JSON structure of
|
|
// key/value pairs that the default Lambda rotation function knows how to parse.
|
|
//
|
|
// For storing multiple values, we recommend that you use a JSON text string
|
|
// argument and specify key/value pairs. For information on how to format a
|
|
// JSON parameter for the various command line tool environments, see Using
|
|
// JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
|
|
// in the AWS CLI User Guide.
|
|
SecretString *string `type:"string"`
|
|
|
|
// (Optional) Specifies a list of staging labels that are attached to this version
|
|
// of the secret. These staging labels are used to track the versions through
|
|
// the rotation process by the Lambda rotation function.
|
|
//
|
|
// A staging label must be unique to a single version of the secret. If you
|
|
// specify a staging label that's already associated with a different version
|
|
// of the same secret then that staging label is automatically removed from
|
|
// the other version and attached to this version.
|
|
//
|
|
// If you do not specify a value for VersionStages then Secrets Manager automatically
|
|
// moves the staging label AWSCURRENT to this new version.
|
|
VersionStages []*string `min:"1" type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s PutSecretValueInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s PutSecretValueInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *PutSecretValueInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "PutSecretValueInput"}
|
|
if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
|
|
invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32))
|
|
}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
if s.VersionStages != nil && len(s.VersionStages) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetClientRequestToken sets the ClientRequestToken field's value.
|
|
func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput {
|
|
s.ClientRequestToken = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretBinary sets the SecretBinary field's value.
|
|
func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput {
|
|
s.SecretBinary = v
|
|
return s
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretString sets the SecretString field's value.
|
|
func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput {
|
|
s.SecretString = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionStages sets the VersionStages field's value.
|
|
func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput {
|
|
s.VersionStages = v
|
|
return s
|
|
}
|
|
|
|
type PutSecretValueOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The Amazon Resource Name (ARN) for the secret for which you just created
|
|
// a version.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of the secret for which you just created or updated a version.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// The unique identifier of the version of the secret you just created or updated.
|
|
VersionId *string `min:"32" type:"string"`
|
|
|
|
// The list of staging labels that are currently attached to this version of
|
|
// the secret. Staging labels are used to track a version as it progresses through
|
|
// the secret rotation process.
|
|
VersionStages []*string `min:"1" type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s PutSecretValueOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s PutSecretValueOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *PutSecretValueOutput) SetARN(v string) *PutSecretValueOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *PutSecretValueOutput) SetName(v string) *PutSecretValueOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionStages sets the VersionStages field's value.
|
|
func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput {
|
|
s.VersionStages = v
|
|
return s
|
|
}
|
|
|
|
type RestoreSecretInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// Specifies the secret that you want to restore from a previously scheduled
|
|
// deletion. You can specify either the Amazon Resource Name (ARN) or the friendly
|
|
// name of the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s RestoreSecretInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s RestoreSecretInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *RestoreSecretInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "RestoreSecretInput"}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
type RestoreSecretOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of the secret that was restored.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of the secret that was restored.
|
|
Name *string `min:"1" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s RestoreSecretOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s RestoreSecretOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *RestoreSecretOutput) SetARN(v string) *RestoreSecretOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *RestoreSecretOutput) SetName(v string) *RestoreSecretOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
type RotateSecretInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) Specifies a unique identifier for the new version of the secret
|
|
// that helps ensure idempotency.
|
|
//
|
|
// If you use the AWS CLI or one of the AWS SDK to call this operation, then
|
|
// you can leave this parameter empty. The CLI or SDK generates a random UUID
|
|
// for you and includes that in the request for this parameter. If you don't
|
|
// use the SDK and instead generate a raw HTTP request to the Secrets Manager
|
|
// service endpoint, then you must generate a ClientRequestToken yourself for
|
|
// new versions and include that value in the request.
|
|
//
|
|
// You only need to specify your own value if you are implementing your own
|
|
// retry logic and want to ensure that a given secret is not created twice.
|
|
// We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
|
|
// value to ensure uniqueness within the specified secret.
|
|
//
|
|
// Secrets Manager uses this value to prevent the accidental creation of duplicate
|
|
// versions if there are failures and retries during the function's processing.
|
|
//
|
|
// * If the ClientRequestToken value isn't already associated with a version
|
|
// of the secret then a new version of the secret is created.
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// and SecretBinary values are the same as the request, then the request
|
|
// is ignored (the operation is idempotent).
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// and SecretBinary values are different from the request then an error occurs
|
|
// because you cannot modify an existing secret value.
|
|
//
|
|
// This value becomes the SecretVersionId of the new version.
|
|
ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`
|
|
|
|
// (Optional) Specifies the ARN of the Lambda function that can rotate the secret.
|
|
RotationLambdaARN *string `type:"string"`
|
|
|
|
// A structure that defines the rotation configuration for this secret.
|
|
RotationRules *RotationRulesType `type:"structure"`
|
|
|
|
// Specifies the secret that you want to rotate. You can specify either the
|
|
// Amazon Resource Name (ARN) or the friendly name of the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s RotateSecretInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s RotateSecretInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *RotateSecretInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "RotateSecretInput"}
|
|
if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
|
|
invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32))
|
|
}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
if s.RotationRules != nil {
|
|
if err := s.RotationRules.Validate(); err != nil {
|
|
invalidParams.AddNested("RotationRules", err.(request.ErrInvalidParams))
|
|
}
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetClientRequestToken sets the ClientRequestToken field's value.
|
|
func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput {
|
|
s.ClientRequestToken = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationLambdaARN sets the RotationLambdaARN field's value.
|
|
func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput {
|
|
s.RotationLambdaARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationRules sets the RotationRules field's value.
|
|
func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput {
|
|
s.RotationRules = v
|
|
return s
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
type RotateSecretOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of the secret.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of the secret.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// The ID of the new version of the secret created by the rotation started by
|
|
// this request.
|
|
VersionId *string `min:"32" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s RotateSecretOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s RotateSecretOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *RotateSecretOutput) SetARN(v string) *RotateSecretOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *RotateSecretOutput) SetName(v string) *RotateSecretOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
// A structure that defines the rotation configuration for the secret.
|
|
type RotationRulesType struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// Specifies the number of days between automatic scheduled rotations of the
|
|
// secret.
|
|
AutomaticallyAfterDays *int64 `min:"1" type:"long"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s RotationRulesType) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s RotationRulesType) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *RotationRulesType) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "RotationRulesType"}
|
|
if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 {
|
|
invalidParams.Add(request.NewErrParamMinValue("AutomaticallyAfterDays", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value.
|
|
func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType {
|
|
s.AutomaticallyAfterDays = &v
|
|
return s
|
|
}
|
|
|
|
// A structure that contains the details about a secret. It does not include
|
|
// the encrypted SecretString and SecretBinary values. To get those values,
|
|
// use the GetSecretValue operation.
|
|
type SecretListEntry struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The Amazon Resource Name (ARN) of the secret.
|
|
//
|
|
// For more information about ARNs in Secrets Manager, see Policy Resources
|
|
// (http://docs.aws.amazon.com/http:/docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources)
|
|
// in the AWS Secrets Manager User Guide.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The date and time on which this secret was deleted. Not present on active
|
|
// secrets. The secret can be recovered until the number of days in the recovery
|
|
// window has passed, as specified in the RecoveryWindowInDays parameter of
|
|
// the DeleteSecret operation.
|
|
DeletedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The user-provided description of the secret.
|
|
Description *string `type:"string"`
|
|
|
|
// The ARN or alias of the AWS KMS customer master key (CMK) that's used to
|
|
// encrypt the SecretString and SecretBinary fields in each version of the secret.
|
|
// If you don't provide a key, then Secrets Manager defaults to encrypting the
|
|
// secret fields with the default KMS CMK (the one named awssecretsmanager)
|
|
// for this account.
|
|
KmsKeyId *string `type:"string"`
|
|
|
|
// The last date that this secret was accessed. This value is truncated to midnight
|
|
// of the date and therefore shows only the date, not the time.
|
|
LastAccessedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The last date and time that this secret was modified in any way.
|
|
LastChangedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The last date and time that the rotation process for this secret was invoked.
|
|
LastRotatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The friendly name of the secret. You can use forward slashes in the name
|
|
// to represent a path hierarchy. For example, /prod/databases/dbserver1 could
|
|
// represent the secret for a server named dbserver1 in the folder databases
|
|
// in the folder prod.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// Indicated whether automatic, scheduled rotation is enabled for this secret.
|
|
RotationEnabled *bool `type:"boolean"`
|
|
|
|
// The ARN of an AWS Lambda function that's invoked by Secrets Manager to rotate
|
|
// and expire the secret either automatically per the schedule or manually by
|
|
// a call to RotateSecret.
|
|
RotationLambdaARN *string `type:"string"`
|
|
|
|
// A structure that defines the rotation configuration for the secret.
|
|
RotationRules *RotationRulesType `type:"structure"`
|
|
|
|
// A list of all of the currently assigned SecretVersionStage staging labels
|
|
// and the SecretVersionId that each is attached to. Staging labels are used
|
|
// to keep track of the different versions during the rotation process.
|
|
//
|
|
// A version that does not have any SecretVersionStage is considered deprecated
|
|
// and subject to deletion. Such versions are not included in this list.
|
|
SecretVersionsToStages map[string][]*string `type:"map"`
|
|
|
|
// The list of user-defined tags that are associated with the secret. To add
|
|
// tags to a secret, use TagResource. To remove tags, use UntagResource.
|
|
Tags []*Tag `type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s SecretListEntry) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s SecretListEntry) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *SecretListEntry) SetARN(v string) *SecretListEntry {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetDeletedDate sets the DeletedDate field's value.
|
|
func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry {
|
|
s.DeletedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetDescription sets the Description field's value.
|
|
func (s *SecretListEntry) SetDescription(v string) *SecretListEntry {
|
|
s.Description = &v
|
|
return s
|
|
}
|
|
|
|
// SetKmsKeyId sets the KmsKeyId field's value.
|
|
func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry {
|
|
s.KmsKeyId = &v
|
|
return s
|
|
}
|
|
|
|
// SetLastAccessedDate sets the LastAccessedDate field's value.
|
|
func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry {
|
|
s.LastAccessedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetLastChangedDate sets the LastChangedDate field's value.
|
|
func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry {
|
|
s.LastChangedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetLastRotatedDate sets the LastRotatedDate field's value.
|
|
func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry {
|
|
s.LastRotatedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *SecretListEntry) SetName(v string) *SecretListEntry {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationEnabled sets the RotationEnabled field's value.
|
|
func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry {
|
|
s.RotationEnabled = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationLambdaARN sets the RotationLambdaARN field's value.
|
|
func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry {
|
|
s.RotationLambdaARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetRotationRules sets the RotationRules field's value.
|
|
func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry {
|
|
s.RotationRules = v
|
|
return s
|
|
}
|
|
|
|
// SetSecretVersionsToStages sets the SecretVersionsToStages field's value.
|
|
func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry {
|
|
s.SecretVersionsToStages = v
|
|
return s
|
|
}
|
|
|
|
// SetTags sets the Tags field's value.
|
|
func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry {
|
|
s.Tags = v
|
|
return s
|
|
}
|
|
|
|
// A structure that contains information about one version of a secret.
|
|
type SecretVersionsListEntry struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The date and time this version of the secret was created.
|
|
CreatedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The date that this version of the secret was last accessed. Note that the
|
|
// resolution of this field is at the date level and does not include the time.
|
|
LastAccessedDate *time.Time `type:"timestamp" timestampFormat:"unix"`
|
|
|
|
// The unique version identifier of this version of the secret.
|
|
VersionId *string `min:"32" type:"string"`
|
|
|
|
// An array of staging labels that are currently associated with this version
|
|
// of the secret.
|
|
VersionStages []*string `min:"1" type:"list"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s SecretVersionsListEntry) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s SecretVersionsListEntry) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetCreatedDate sets the CreatedDate field's value.
|
|
func (s *SecretVersionsListEntry) SetCreatedDate(v time.Time) *SecretVersionsListEntry {
|
|
s.CreatedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetLastAccessedDate sets the LastAccessedDate field's value.
|
|
func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry {
|
|
s.LastAccessedDate = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *SecretVersionsListEntry) SetVersionId(v string) *SecretVersionsListEntry {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionStages sets the VersionStages field's value.
|
|
func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry {
|
|
s.VersionStages = v
|
|
return s
|
|
}
|
|
|
|
// A structure that contains information about a tag.
|
|
type Tag struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The key identifier, or name, of the tag.
|
|
Key *string `min:"1" type:"string"`
|
|
|
|
// The string value that's associated with the key of the tag.
|
|
Value *string `type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s Tag) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s Tag) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *Tag) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "Tag"}
|
|
if s.Key != nil && len(*s.Key) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("Key", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetKey sets the Key field's value.
|
|
func (s *Tag) SetKey(v string) *Tag {
|
|
s.Key = &v
|
|
return s
|
|
}
|
|
|
|
// SetValue sets the Value field's value.
|
|
func (s *Tag) SetValue(v string) *Tag {
|
|
s.Value = &v
|
|
return s
|
|
}
|
|
|
|
type TagResourceInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The identifier for the secret that you want to attach tags to. You can specify
|
|
// either the Amazon Resource Name (ARN) or the friendly name of the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
|
|
// The tags to attach to the secret. Each element in the list consists of a
|
|
// Key and a Value.
|
|
//
|
|
// This parameter to the API requires a JSON text string argument. For information
|
|
// on how to format a JSON parameter for the various command line tool environments,
|
|
// see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
|
|
// in the AWS CLI User Guide. For the AWS CLI, you can also use the syntax:
|
|
// --Tags Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]
|
|
//
|
|
// Tags is a required field
|
|
Tags []*Tag `type:"list" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s TagResourceInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s TagResourceInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *TagResourceInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
if s.Tags == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("Tags"))
|
|
}
|
|
if s.Tags != nil {
|
|
for i, v := range s.Tags {
|
|
if v == nil {
|
|
continue
|
|
}
|
|
if err := v.Validate(); err != nil {
|
|
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
|
|
}
|
|
}
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
// SetTags sets the Tags field's value.
|
|
func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
|
|
s.Tags = v
|
|
return s
|
|
}
|
|
|
|
type TagResourceOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s TagResourceOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s TagResourceOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
type UntagResourceInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The identifier for the secret that you want to remove tags from. You can
|
|
// specify either the Amazon Resource Name (ARN) or the friendly name of the
|
|
// secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
|
|
// A list of tag key names to remove from the secret. You don't specify the
|
|
// value. Both the key and its associated value are removed.
|
|
//
|
|
// This parameter to the API requires a JSON text string argument. For information
|
|
// on how to format a JSON parameter for the various command line tool environments,
|
|
// see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
|
|
// in the AWS CLI User Guide.
|
|
//
|
|
// TagKeys is a required field
|
|
TagKeys []*string `type:"list" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s UntagResourceInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s UntagResourceInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *UntagResourceInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
if s.TagKeys == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("TagKeys"))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
// SetTagKeys sets the TagKeys field's value.
|
|
func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
|
|
s.TagKeys = v
|
|
return s
|
|
}
|
|
|
|
type UntagResourceOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s UntagResourceOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s UntagResourceOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
type UpdateSecretInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) If you want to add a new version to the secret, this parameter
|
|
// specifies a unique identifier for the new version that helps ensure idempotency.
|
|
//
|
|
// If you use the AWS CLI or one of the AWS SDK to call this operation, then
|
|
// you can leave this parameter empty. The CLI or SDK generates a random UUID
|
|
// for you and includes that in the request. If you don't use the SDK and instead
|
|
// generate a raw HTTP request to the Secrets Manager service endpoint, then
|
|
// you must generate a ClientRequestToken yourself for new versions and include
|
|
// that value in the request.
|
|
//
|
|
// You typically only need to interact with this value if you implement your
|
|
// own retry logic and want to ensure that a given secret is not created twice.
|
|
// We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
|
|
// value to ensure uniqueness within the specified secret.
|
|
//
|
|
// Secrets Manager uses this value to prevent the accidental creation of duplicate
|
|
// versions if there are failures and retries during the Lambda rotation function's
|
|
// processing.
|
|
//
|
|
// * If the ClientRequestToken value isn't already associated with a version
|
|
// of the secret then a new version of the secret is created.
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// and SecretBinary values are the same as those in the request then the
|
|
// request is ignored (the operation is idempotent).
|
|
//
|
|
// * If a version with this value already exists and that version's SecretString
|
|
// and SecretBinary values are different from the request then an error occurs
|
|
// because you cannot modify an existing secret value.
|
|
//
|
|
// This value becomes the SecretVersionId of the new version.
|
|
ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`
|
|
|
|
// (Optional) Specifies a user-provided description of the secret.
|
|
Description *string `type:"string"`
|
|
|
|
// (Optional) Specifies the ARN or alias of the KMS customer master key (CMK)
|
|
// to be used to encrypt the protected text in the versions of this secret.
|
|
//
|
|
// If you don't specify this value, then Secrets Manager defaults to using the
|
|
// default CMK in the account (the one named aws/secretsmanager). If a KMS CMK
|
|
// with that name doesn't exist, then Secrets Manager creates it for you automatically
|
|
// the first time it needs to encrypt a version's Plaintext or PlaintextString
|
|
// fields.
|
|
//
|
|
// You can only use the account's default CMK to encrypt and decrypt if you
|
|
// call this operation using credentials from the same account that owns the
|
|
// secret. If the secret is in a different account, then you must create a custom
|
|
// CMK and provide the ARN in this field.
|
|
KmsKeyId *string `type:"string"`
|
|
|
|
// (Optional) Specifies binary data that you want to encrypt and store in the
|
|
// new version of the secret. To use this parameter in the command-line tools,
|
|
// we recommend that you store your binary data in a file and then use the appropriate
|
|
// technique for your tool to pass the contents of the file as a parameter.
|
|
// Either SecretBinary or SecretString must have a value, but not both. They
|
|
// cannot both be empty.
|
|
//
|
|
// This parameter is not accessible using the Secrets Manager console.
|
|
//
|
|
// SecretBinary is automatically base64 encoded/decoded by the SDK.
|
|
SecretBinary []byte `type:"blob"`
|
|
|
|
// Specifies the secret that you want to update or to which you want to add
|
|
// a new version. You can specify either the Amazon Resource Name (ARN) or the
|
|
// friendly name of the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
|
|
// (Optional) Specifies text data that you want to encrypt and store in this
|
|
// new version of the secret. Either SecretBinary or SecretString must have
|
|
// a value, but not both. They cannot both be empty.
|
|
//
|
|
// If you create this secret by using the Secrets Manager console then Secrets
|
|
// Manager puts the protected secret text in only the SecretString parameter.
|
|
// The Secrets Manager console stores the information as a JSON structure of
|
|
// key/value pairs that the default Lambda rotation function knows how to parse.
|
|
//
|
|
// For storing multiple values, we recommend that you use a JSON text string
|
|
// argument and specify key/value pairs. For information on how to format a
|
|
// JSON parameter for the various command line tool environments, see Using
|
|
// JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
|
|
// in the AWS CLI User Guide.
|
|
SecretString *string `type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s UpdateSecretInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s UpdateSecretInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *UpdateSecretInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "UpdateSecretInput"}
|
|
if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 {
|
|
invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32))
|
|
}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetClientRequestToken sets the ClientRequestToken field's value.
|
|
func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput {
|
|
s.ClientRequestToken = &v
|
|
return s
|
|
}
|
|
|
|
// SetDescription sets the Description field's value.
|
|
func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput {
|
|
s.Description = &v
|
|
return s
|
|
}
|
|
|
|
// SetKmsKeyId sets the KmsKeyId field's value.
|
|
func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput {
|
|
s.KmsKeyId = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretBinary sets the SecretBinary field's value.
|
|
func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput {
|
|
s.SecretBinary = v
|
|
return s
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretString sets the SecretString field's value.
|
|
func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput {
|
|
s.SecretString = &v
|
|
return s
|
|
}
|
|
|
|
type UpdateSecretOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of this secret.
|
|
//
|
|
// Secrets Manager automatically adds several random characters to the name
|
|
// at the end of the ARN when you initially create a secret. This affects only
|
|
// the ARN and not the actual friendly name. This ensures that if you create
|
|
// a new secret with the same name as an old secret that you previously deleted,
|
|
// then users with access to the old secret don't automatically get access to
|
|
// the new secret because the ARNs are different.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of this secret.
|
|
Name *string `min:"1" type:"string"`
|
|
|
|
// If a version of the secret was created or updated by this operation, then
|
|
// its unique identifier is returned.
|
|
VersionId *string `min:"32" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s UpdateSecretOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s UpdateSecretOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *UpdateSecretOutput) SetARN(v string) *UpdateSecretOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *UpdateSecretOutput) SetName(v string) *UpdateSecretOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionId sets the VersionId field's value.
|
|
func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput {
|
|
s.VersionId = &v
|
|
return s
|
|
}
|
|
|
|
type UpdateSecretVersionStageInput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// (Optional) The secret version ID that you want to add the staging labels
|
|
// to.
|
|
//
|
|
// If any of the staging labels are already attached to a different version
|
|
// of the secret, then they are removed from that version before adding them
|
|
// to this version.
|
|
MoveToVersionId *string `min:"32" type:"string"`
|
|
|
|
// (Optional) Specifies the secret version ID of the version that the staging
|
|
// labels are to be removed from.
|
|
//
|
|
// If you want to move a label to a new version, you do not have to explicitly
|
|
// remove it with this parameter. Adding a label using the MoveToVersionId parameter
|
|
// automatically removes it from the old version. However, if you do include
|
|
// both the "MoveTo" and "RemoveFrom" parameters, then the move is successful
|
|
// only if the staging labels are actually present on the "RemoveFrom" version.
|
|
// If a staging label was on a different version than "RemoveFrom", then the
|
|
// request fails.
|
|
RemoveFromVersionId *string `min:"32" type:"string"`
|
|
|
|
// Specifies the secret with the version whose list of staging labels you want
|
|
// to modify. You can specify either the Amazon Resource Name (ARN) or the friendly
|
|
// name of the secret.
|
|
//
|
|
// SecretId is a required field
|
|
SecretId *string `min:"1" type:"string" required:"true"`
|
|
|
|
// The list of staging labels to add to this version.
|
|
//
|
|
// VersionStage is a required field
|
|
VersionStage *string `min:"1" type:"string" required:"true"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s UpdateSecretVersionStageInput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s UpdateSecretVersionStageInput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// Validate inspects the fields of the type to determine if they are valid.
|
|
func (s *UpdateSecretVersionStageInput) Validate() error {
|
|
invalidParams := request.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"}
|
|
if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 {
|
|
invalidParams.Add(request.NewErrParamMinLen("MoveToVersionId", 32))
|
|
}
|
|
if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 {
|
|
invalidParams.Add(request.NewErrParamMinLen("RemoveFromVersionId", 32))
|
|
}
|
|
if s.SecretId == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("SecretId"))
|
|
}
|
|
if s.SecretId != nil && len(*s.SecretId) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("SecretId", 1))
|
|
}
|
|
if s.VersionStage == nil {
|
|
invalidParams.Add(request.NewErrParamRequired("VersionStage"))
|
|
}
|
|
if s.VersionStage != nil && len(*s.VersionStage) < 1 {
|
|
invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1))
|
|
}
|
|
|
|
if invalidParams.Len() > 0 {
|
|
return invalidParams
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetMoveToVersionId sets the MoveToVersionId field's value.
|
|
func (s *UpdateSecretVersionStageInput) SetMoveToVersionId(v string) *UpdateSecretVersionStageInput {
|
|
s.MoveToVersionId = &v
|
|
return s
|
|
}
|
|
|
|
// SetRemoveFromVersionId sets the RemoveFromVersionId field's value.
|
|
func (s *UpdateSecretVersionStageInput) SetRemoveFromVersionId(v string) *UpdateSecretVersionStageInput {
|
|
s.RemoveFromVersionId = &v
|
|
return s
|
|
}
|
|
|
|
// SetSecretId sets the SecretId field's value.
|
|
func (s *UpdateSecretVersionStageInput) SetSecretId(v string) *UpdateSecretVersionStageInput {
|
|
s.SecretId = &v
|
|
return s
|
|
}
|
|
|
|
// SetVersionStage sets the VersionStage field's value.
|
|
func (s *UpdateSecretVersionStageInput) SetVersionStage(v string) *UpdateSecretVersionStageInput {
|
|
s.VersionStage = &v
|
|
return s
|
|
}
|
|
|
|
type UpdateSecretVersionStageOutput struct {
|
|
_ struct{} `type:"structure"`
|
|
|
|
// The ARN of the secret with the staging labels that were modified.
|
|
ARN *string `min:"20" type:"string"`
|
|
|
|
// The friendly name of the secret with the staging labels that were modified.
|
|
Name *string `min:"1" type:"string"`
|
|
}
|
|
|
|
// String returns the string representation
|
|
func (s UpdateSecretVersionStageOutput) String() string {
|
|
return awsutil.Prettify(s)
|
|
}
|
|
|
|
// GoString returns the string representation
|
|
func (s UpdateSecretVersionStageOutput) GoString() string {
|
|
return s.String()
|
|
}
|
|
|
|
// SetARN sets the ARN field's value.
|
|
func (s *UpdateSecretVersionStageOutput) SetARN(v string) *UpdateSecretVersionStageOutput {
|
|
s.ARN = &v
|
|
return s
|
|
}
|
|
|
|
// SetName sets the Name field's value.
|
|
func (s *UpdateSecretVersionStageOutput) SetName(v string) *UpdateSecretVersionStageOutput {
|
|
s.Name = &v
|
|
return s
|
|
}
|