From 0fca4a8ba84e97b46e0dd08db7f363e27ccedc36 Mon Sep 17 00:00:00 2001 From: Juan Mesa Date: Tue, 21 Apr 2020 18:37:29 +0200 Subject: [PATCH] Add template function aws_secretsmanager Allow users to read secrets from AWS Secrets Manager via packer template functions --- go.mod | 7 +- go.sum | 57 +- template/interpolate/funcs.go | 56 +- .../aws-sdk-go/service/secretsmanager/api.go | 5424 +++++++++++++++++ .../aws-sdk-go/service/secretsmanager/doc.go | 87 + .../service/secretsmanager/errors.go | 87 + .../secretsmanageriface/interface.go | 142 + .../service/secretsmanager/service.go | 100 + .../overdrive3000/secretsmanager/.gitignore | 15 + .../overdrive3000/secretsmanager/LICENSE | 373 ++ .../overdrive3000/secretsmanager/README.md | 2 + .../secretsmanager/secretsmanager.go | 68 + .../overdrive3000/secretsmanager/types.go | 18 + vendor/modules.txt | 4 + .../pages/docs/templates/user-variables.mdx | 25 + 15 files changed, 6390 insertions(+), 75 deletions(-) create mode 100644 vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface/interface.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/secretsmanager/service.go create mode 100644 vendor/github.com/overdrive3000/secretsmanager/.gitignore create mode 100644 vendor/github.com/overdrive3000/secretsmanager/LICENSE create mode 100644 vendor/github.com/overdrive3000/secretsmanager/README.md create mode 100644 vendor/github.com/overdrive3000/secretsmanager/secretsmanager.go create mode 100644 vendor/github.com/overdrive3000/secretsmanager/types.go diff --git a/go.mod b/go.mod index 823fa6c17..ab676c700 100644 --- a/go.mod +++ b/go.mod @@ -5,10 +5,8 @@ require ( cloud.google.com/go/bigquery v1.3.0 // indirect cloud.google.com/go/pubsub v1.1.0 // indirect cloud.google.com/go/storage v1.4.0 // indirect - contrib.go.opencensus.io/exporter/ocagent v0.6.0 // indirect github.com/1and1/oneandone-cloudserver-sdk-go v1.0.1 github.com/Azure/azure-sdk-for-go v40.5.0+incompatible - github.com/Azure/go-autorest v14.0.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.10.0 github.com/Azure/go-autorest/autorest/adal v0.8.2 github.com/Azure/go-autorest/autorest/azure/auth v0.4.2 @@ -50,6 +48,7 @@ require ( github.com/exoscale/egoscale v0.18.1 github.com/fatih/camelcase v1.0.0 github.com/fatih/structtag v1.0.0 + github.com/ghodss/yaml v1.0.0 // indirect github.com/go-ini/ini v1.25.4 github.com/go-ole/go-ole v1.2.4 // indirect github.com/gobwas/glob v0.2.3 // indirect @@ -68,7 +67,6 @@ require ( github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect github.com/gorilla/websocket v0.0.0-20170319172727-a91eba7f9777 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.1.0 - github.com/grpc-ecosystem/grpc-gateway v1.14.3 // indirect github.com/hashicorp/consul v1.4.0 github.com/hashicorp/errwrap v1.0.0 github.com/hashicorp/go-checkpoint v0.0.0-20171009173528-1545e56e46de @@ -118,7 +116,6 @@ require ( github.com/mitchellh/go-fs v0.0.0-20180402234041-7b48fa161ea7 github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed - github.com/mitchellh/gox v1.0.1 // indirect github.com/mitchellh/iochan v1.0.0 github.com/mitchellh/mapstructure v0.0.0-20180111000720-b4575eea38cc github.com/mitchellh/panicwrap v0.0.0-20170106182340-fce601fe5557 @@ -132,6 +129,7 @@ require ( github.com/olekukonko/tablewriter v0.0.0-20180105111133-96aac992fc8b github.com/oracle/oci-go-sdk v1.8.0 github.com/outscale/osc-go v0.0.1 + github.com/overdrive3000/secretsmanager v0.0.0-20200421092817-bcdff577c37a github.com/packer-community/winrmcp v0.0.0-20180921204643-0fd363d6159a github.com/pierrec/lz4 v2.0.5+incompatible github.com/pkg/errors v0.8.1 @@ -179,6 +177,7 @@ require ( gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/ini.v1 v1.42.0 // indirect gopkg.in/jarcoal/httpmock.v1 v1.0.0-20181117152235-275e9df93516 // indirect + gopkg.in/resty.v1 v1.12.0 // indirect gopkg.in/yaml.v2 v2.2.7 // indirect ) diff --git a/go.sum b/go.sum index 2b35ae269..4f14348ff 100644 --- a/go.sum +++ b/go.sum @@ -19,21 +19,11 @@ cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+ cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.4.0 h1:KDdqY5VTXBTqpSbctVTt0mVvfanP6JZzNzLE0qNY100= cloud.google.com/go/storage v1.4.0/go.mod h1:ZusYJWlOshgSBGbt6K3GnB3MT3H1xs2id9+TCl4fDBA= -contrib.go.opencensus.io/exporter/ocagent v0.5.0 h1:TKXjQSRS0/cCDrP7KvkgU6SmILtF/yV2TOs/02K/WZQ= -contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= -contrib.go.opencensus.io/exporter/ocagent v0.6.0 h1:Z1n6UAyr0QwM284yUuh5Zd8JlvxUGAhFZcgMJkMPrGM= -contrib.go.opencensus.io/exporter/ocagent v0.6.0/go.mod h1:zmKjrJcdo0aYcVS7bmEeSEBLPA9YJp5bjrofdU3pIXs= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/1and1/oneandone-cloudserver-sdk-go v1.0.1 h1:RMTyvS5bjvSWiUcfqfr/E2pxHEMrALvU+E12n6biymg= github.com/1and1/oneandone-cloudserver-sdk-go v1.0.1/go.mod h1:61apmbkVJH4kg+38ftT+/l0XxdUCVnHggqcOTqZRSEE= -github.com/Azure/azure-sdk-for-go v30.0.0+incompatible h1:6o1Yzl7wTBYg+xw0pY4qnalaPmEQolubEEdepo1/kmI= -github.com/Azure/azure-sdk-for-go v30.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v40.5.0+incompatible h1:CVQNKuUepSFBo6BW6gM1J9slPHLRcjn6vaw+j+causw= github.com/Azure/azure-sdk-for-go v40.5.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/go-autorest v12.0.0+incompatible h1:N+VqClcomLGD/sHb3smbSYYtNMgKpVV3Cd5r5i8z6bQ= -github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest v14.0.0+incompatible h1:r/ug62X9o8vikt53/nkAPmFmzfSrCCAplPH7wa+mK0U= -github.com/Azure/go-autorest v14.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0= github.com/Azure/go-autorest/autorest v0.10.0 h1:mvdtztBqcL8se7MdrUweNieTNi4kfNG6GOJuurQJpuY= @@ -75,8 +65,6 @@ github.com/PuerkitoBio/goquery v1.5.0 h1:uGvmFXOA73IKluu/F84Xd1tt/z07GYm8X49XKHP github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg= github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk= github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= -github.com/Telmate/proxmox-api-go v0.0.0-20200116224409-320525bf3340 h1:bOjy6c07dpipWm11dL92FbtmXGnDywOm2uKzG4CePuY= -github.com/Telmate/proxmox-api-go v0.0.0-20200116224409-320525bf3340/go.mod h1:OGWyIMJ87/k/GCz8CGiWB2HOXsOVDM6Lpe/nFPkC4IQ= github.com/Telmate/proxmox-api-go v0.0.0-20200225212220-a29566462efd h1:Moss3RtB00h4omKW+leNGIGIfmHcnkZPTJ5d0A0fY14= github.com/Telmate/proxmox-api-go v0.0.0-20200225212220-a29566462efd/go.mod h1:OGWyIMJ87/k/GCz8CGiWB2HOXsOVDM6Lpe/nFPkC4IQ= github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14= @@ -97,7 +85,6 @@ github.com/antchfx/xpath v0.0.0-20170728053731-b5c552e1acbd h1:S3Fr6QnkpW9VRjiEY github.com/antchfx/xpath v0.0.0-20170728053731-b5c552e1acbd/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk= github.com/antchfx/xquery v0.0.0-20170730121040-eb8c3c172607 h1:BFFG6KP8ASFBg2ptWsJn8p8RDufBjBDKIxLU7BTYGOM= github.com/antchfx/xquery v0.0.0-20170730121040-eb8c3c172607/go.mod h1:LzD22aAzDP8/dyiCKFp31He4m2GPjl0AFyzDtZzUu9M= -github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-cidr v1.0.1 h1:NmIwLZ/KdsjIUlhf+/Np40atNXm/+lZ5txfTJ/SpF+U= @@ -122,8 +109,6 @@ github.com/aws/aws-sdk-go v1.24.1 h1:B2NRyTV1/+h+Dg8Bh7vnuvW6QZz/NBL+uzgC2uILDMI github.com/aws/aws-sdk-go v1.24.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/azr/flock v0.0.0-20190823144736-958d66434653 h1:2H3Cu0cbG8iszfcgnANwC/cm0YkPJIQvaJ9/tSpwh9o= github.com/azr/flock v0.0.0-20190823144736-958d66434653/go.mod h1:EI7lzWWilX2K3ZMZ7Ta+E4DZtWzMC2tbn3cM3oVPuAU= -github.com/azr/go-cty v1.1.1-0.20200203143058-28fcda2fe0cc h1:CPIyQPU8jk51LOCR3XUI6hiJHtRqw7fg0kLwCgZPQvs= -github.com/azr/go-cty v1.1.1-0.20200203143058-28fcda2fe0cc/go.mod h1:YO23e2L18AG+ZYQfSobnY4G65nvwvprPCxBHkufUH1k= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY= @@ -134,8 +119,6 @@ github.com/bmatcuk/doublestar v1.1.5 h1:2bNwBOmhyFEFcoB3tGvTD5xanq+4kyOZlB8wFYbM github.com/bmatcuk/doublestar v1.1.5/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= github.com/c2h5oh/datasize v0.0.0-20171227191756-4eba002a5eae h1:2Zmk+8cNvAGuY8AyvZuWpUdpQUAXwfom4ReVMe/CTIo= github.com/c2h5oh/datasize v0.0.0-20171227191756-4eba002a5eae/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= -github.com/census-instrumentation/opencensus-proto v0.2.0 h1:LzQXZOgg4CQfE6bFvXGM30YZL1WW/M337pXml+GrcZ4= -github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cheggaaa/pb v1.0.27 h1:wIkZHkNfC7R6GI5w7l/PdAdzXzlrbcI3p8OAlnkTsnc= @@ -210,8 +193,6 @@ github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3/go. github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9 h1:uHTyIjqVhYRhLbJ8nIiOJHkEZZ+5YoOsAbD3sk82NiE= -github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= @@ -264,11 +245,6 @@ github.com/gorilla/websocket v0.0.0-20170319172727-a91eba7f9777 h1:JIM+OacoOJRU3 github.com/gorilla/websocket v0.0.0-20170319172727-a91eba7f9777/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/grpc-ecosystem/go-grpc-middleware v1.1.0 h1:THDBEeQ9xZ8JEaCLyLQqXMMdRqNr0QAUJTIkQAUtFjg= github.com/grpc-ecosystem/go-grpc-middleware v1.1.0/go.mod h1:f5nM7jw/oeRSadq3xCzHAvxcr8HZnzsqU6ILg/0NiiE= -github.com/grpc-ecosystem/grpc-gateway v1.8.5 h1:2+KSC78XiO6Qy0hIjfc1OD9H+hsaJdJlb8Kqsd41CTE= -github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.4/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.14.3 h1:OCJlWkOUoTnl0neNGlf4fUm3TmbEtguw7vR+nGtnDjY= -github.com/grpc-ecosystem/grpc-gateway v1.14.3/go.mod h1:6CwZWGDSPRJidgKAtJVvND6soZe6fT7iteq8wDPdhb0= github.com/hashicorp/consul v1.4.0 h1:PQTW4xCuAExEiSbhrsFsikzbW5gVBoi74BjUvYFyKHw= github.com/hashicorp/consul v1.4.0/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -289,8 +265,6 @@ github.com/hashicorp/go-cty-funcs/uuid v0.0.0-20200203151509-c92509f48b18 h1:CxY github.com/hashicorp/go-cty-funcs/uuid v0.0.0-20200203151509-c92509f48b18/go.mod h1:QFbv9KeSic7KIgfOYbUW02G4LxOf3Fh9Ylm4n174LUQ= github.com/hashicorp/go-getter v1.3.1-0.20190906090232-a0f878cb75da h1:HAasZmyRrb7/paYuww5RfVwY3wkFpsbMNYwBxOSZquY= github.com/hashicorp/go-getter v1.3.1-0.20190906090232-a0f878cb75da/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= -github.com/hashicorp/go-getter/v2 v2.0.0-20200206160058-e2a28063d6e7 h1:ODZKizgWGz4diUEZwCgf8qgIn/D+qVW/JOdVVV/z7k8= -github.com/hashicorp/go-getter/v2 v2.0.0-20200206160058-e2a28063d6e7/go.mod h1:jlmxRRjTpY0KdWrV1Uq38GUVskrjIZUrjOAybo0OArw= github.com/hashicorp/go-getter/v2 v2.0.0-20200318090939-0b1d527d9793 h1:jH222Ag2I+p5tq5IagFwCfj5CnRzqcGW8RgcQ8jEPMs= github.com/hashicorp/go-getter/v2 v2.0.0-20200318090939-0b1d527d9793/go.mod h1:jlmxRRjTpY0KdWrV1Uq38GUVskrjIZUrjOAybo0OArw= github.com/hashicorp/go-immutable-radix v1.0.0 h1:AKDB1HM5PWEA7i4nhcpwOrO2byshxBjXVn/J/3+z5/0= @@ -315,7 +289,6 @@ github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.1.0 h1:bPIoEKD27tNdebFGGxxYwcL4nepeY4j1QP23PFRGzg0= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E= @@ -423,8 +396,6 @@ github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed/go.mod h1:3rdaFaC github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 h1:DpOJ2HYzCv8LZP15IdmG+YdwD2luVPHITV96TkirNBM= github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI= -github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4= github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -453,6 +424,8 @@ github.com/oracle/oci-go-sdk v1.8.0 h1:4SO45bKV0I3/Mn1os3ANDZmV0eSE5z5CLdSUIkxty github.com/oracle/oci-go-sdk v1.8.0/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= github.com/outscale/osc-go v0.0.1 h1:hvBtORyu7sWSKW1norGlfIP8C7c2aegI2Vkq75SRPCE= github.com/outscale/osc-go v0.0.1/go.mod h1:hJLmXzqU/t07qQYh90I0TqZzu9s85Zs6FMrxk3ukiFM= +github.com/overdrive3000/secretsmanager v0.0.0-20200421092817-bcdff577c37a h1:75mTB6HzCWbVMbrOoC3Uul0ISN4hM2q3l8dyipdJHxM= +github.com/overdrive3000/secretsmanager v0.0.0-20200421092817-bcdff577c37a/go.mod h1:fSmoHV04Lsb4wDnlkjL/Vq1r1ZygVlLge05o1agvVa4= github.com/packer-community/winrmcp v0.0.0-20180921204643-0fd363d6159a h1:A3QMuteviunoaY/8ex+RKFqwhcZJ/Cf3fCW3IwL2wx4= github.com/packer-community/winrmcp v0.0.0-20180921204643-0fd363d6159a/go.mod h1:f6Izs6JvFTdnRbziASagjZ2vmf55NSIkC/weStxCHqk= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c h1:Lgl0gzECD8GnQ5QCWA8o6BtfL6mDH5rQgM4/fX3avOs= @@ -474,8 +447,6 @@ github.com/profitbricks/profitbricks-sdk-go v4.0.2+incompatible/go.mod h1:T3/Wrz github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/renstrom/fuzzysearch v0.0.0-20160331204855-2d205ac6ec17 h1:4qPms2txLWMLXKzqlnYSulKRS4cS9aYgPtAEpUelQok= github.com/renstrom/fuzzysearch v0.0.0-20160331204855-2d205ac6ec17/go.mod h1:SAEjPB4voP88qmWJXI7mA5m15uNlEnuHLx4Eu2mPGpQ= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735 h1:7YvPJVmEeFHR1Tj9sZEYsmarJEQfMVYpd/Vyy/A8dqE= @@ -516,10 +487,6 @@ github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJy github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/temoto/robotstxt v1.1.1 h1:Gh8RCs8ouX3hRSxxK7B1mO5RFByQ4CmJZDwgom++JaA= github.com/temoto/robotstxt v1.1.1/go.mod h1:+1AmkuG3IYkh1kv0d2qEB9Le88ehNO0zwOr3ujewlOo= -github.com/tencentcloud/tencentcloud-sdk-go v3.0.97+incompatible h1:y2gZtLpcWqFzSFbQSKwv1gL+NocPRM0ktGh7Dlb8U7s= -github.com/tencentcloud/tencentcloud-sdk-go v3.0.97+incompatible/go.mod h1:0PfYow01SHPMhKY31xa+EFz2RStxIqj6JFAJS+IkCi4= -github.com/tencentcloud/tencentcloud-sdk-go v3.0.121+incompatible h1:/5EEPgCRsWdGgZsM7YRLhYE9gpE9+kUGoIfGCrFYU0s= -github.com/tencentcloud/tencentcloud-sdk-go v3.0.121+incompatible/go.mod h1:0PfYow01SHPMhKY31xa+EFz2RStxIqj6JFAJS+IkCi4= github.com/tencentcloud/tencentcloud-sdk-go v3.0.155+incompatible h1:M+Q7+SIBnUZbV0ec+HAOtv2M/wmOUsfjEOpQxM3u4xI= github.com/tencentcloud/tencentcloud-sdk-go v3.0.155+incompatible/go.mod h1:0PfYow01SHPMhKY31xa+EFz2RStxIqj6JFAJS+IkCi4= github.com/ucloud/ucloud-sdk-go v0.12.0 h1:VCFN3jWg/G4wvwjG6qG5AhFuAT1JdmGvY6+4WHbuJcw= @@ -552,8 +519,6 @@ go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -620,10 +585,6 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk= -golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -641,8 +602,6 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6 h1:bjcUS9ztw9kFmmIxJInhon/0 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -650,7 +609,6 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5 h1:x6r4Jo0KNzOOzYd8lbcRsqjuqEASK6ob3auvWYM4/8U= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -663,10 +621,7 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0 h1:HyfiK1WMnHj5FXFXatD+Qs1A/xC2Run6RzeW1SyHxpc= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190712062909-fae7ac547cb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU= -golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= @@ -733,16 +688,12 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190716160619-c506a9f90610/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115221424-83cc0476cb11 h1:51D++eCgOHufw5VfDE9Uzqyyc+OyQIjb9hkYy9LN5Fk= -google.golang.org/genproto v0.0.0-20191115221424-83cc0476cb11/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200325114520-5b2d0af7952b h1:j5eujPLMak6H9l2EM381rW9X47/HPUyESXWJW9lVSsQ= google.golang.org/genproto v0.0.0-20200325114520-5b2d0af7952b/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -750,9 +701,7 @@ google.golang.org/grpc v1.20.1 h1:Hz2g2wirWK7H0qIIhGIqRGTuMwTE8HEKFnDZZ7lm9NU= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1 h1:j6XxA85m/6txkUCHvzlV5f+HBNl/1r5cZ2A/3IEFOO8= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -773,10 +722,8 @@ gopkg.in/jarcoal/httpmock.v1 v1.0.0-20181117152235-275e9df93516 h1:H6trpavCIuipd gopkg.in/jarcoal/httpmock.v1 v1.0.0-20181117152235-275e9df93516/go.mod h1:d3R+NllX3X5e0zlG1Rful3uLvsGC/Q3OHut5464DEQw= gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/template/interpolate/funcs.go b/template/interpolate/funcs.go index 2871399b2..1c18ab751 100644 --- a/template/interpolate/funcs.go +++ b/template/interpolate/funcs.go @@ -16,6 +16,7 @@ import ( "github.com/hashicorp/packer/version" vaultapi "github.com/hashicorp/vault/api" strftime "github.com/jehiah/go-strftime" + awssmapi "github.com/overdrive3000/secretsmanager" ) // InitTime is the UTC time when this package was initialized. It is @@ -29,22 +30,23 @@ func init() { // Funcs are the interpolation funcs that are available within interpolations. var FuncGens = map[string]interface{}{ - "build_name": funcGenBuildName, - "build_type": funcGenBuildType, - "env": funcGenEnv, - "isotime": funcGenIsotime, - "strftime": funcGenStrftime, - "pwd": funcGenPwd, - "split": funcGenSplitter, - "template_dir": funcGenTemplateDir, - "timestamp": funcGenTimestamp, - "uuid": funcGenUuid, - "user": funcGenUser, - "packer_version": funcGenPackerVersion, - "consul_key": funcGenConsul, - "vault": funcGenVault, - "sed": funcGenSed, - "build": funcGenBuild, + "build_name": funcGenBuildName, + "build_type": funcGenBuildType, + "env": funcGenEnv, + "isotime": funcGenIsotime, + "strftime": funcGenStrftime, + "pwd": funcGenPwd, + "split": funcGenSplitter, + "template_dir": funcGenTemplateDir, + "timestamp": funcGenTimestamp, + "uuid": funcGenUuid, + "user": funcGenUser, + "packer_version": funcGenPackerVersion, + "consul_key": funcGenConsul, + "vault": funcGenVault, + "sed": funcGenSed, + "build": funcGenBuild, + "aws_secretsmanager": funcGenAwsSecrets, "replace": replace, "replace_all": replace_all, @@ -324,6 +326,28 @@ func funcGenVault(ctx *Context) interface{} { } } +func funcGenAwsSecrets(ctx *Context) interface{} { + return func(name string) (string, error) { + if !ctx.EnableEnv { + // The error message doesn't have to be that detailed since + // semantic checks should catch this. + return "", errors.New("AWS Secrets Manager vars are only allowed in the variables section") + } + // client uses AWS SDK CredentialChain method. So,credentials can + // be loaded from credential file, environment variables, or IAM + // roles. + client, err := awssmapi.New() + if err != nil { + return "", errors.New(fmt.Sprintf("Error getting AWS Secrets Manager client: %s", err)) + } + secret, err := client.GetSecret(name) + if err != nil { + return "", errors.New(fmt.Sprintf("Error getting secret: %s", err)) + } + return secret, nil + } +} + func funcGenSed(ctx *Context) interface{} { return func(expression string, inputString string) (string, error) { return "", errors.New("template function `sed` is deprecated " + diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go new file mode 100644 index 000000000..b002302ed --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go @@ -0,0 +1,5424 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package secretsmanager + +import ( + "fmt" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +const opCancelRotateSecret = "CancelRotateSecret" + +// CancelRotateSecretRequest generates a "aws/request.Request" representing the +// client's request for the CancelRotateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CancelRotateSecret for more information on using the CancelRotateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CancelRotateSecretRequest method. +// req, resp := client.CancelRotateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret +func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput) { + op := &request.Operation{ + Name: opCancelRotateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CancelRotateSecretInput{} + } + + output = &CancelRotateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// CancelRotateSecret API operation for AWS Secrets Manager. +// +// Disables automatic scheduled rotation and cancels the rotation of a secret +// if one is currently in progress. +// +// To re-enable scheduled rotation, call RotateSecret with AutomaticallyRotateAfterDays +// set to a value greater than 0. This will immediately rotate your secret and +// then enable the automatic schedule. +// +// If you cancel a rotation that is in progress, it can leave the VersionStage +// labels in an unexpected state. Depending on what step of the rotation was +// in progress, you might need to remove the staging label AWSPENDING from the +// partially created version, specified by the VersionId response value. You +// should also evaluate the partially rotated new version to see if it should +// be deleted, which you can do by removing all staging labels from the new +// version's VersionStage field. +// +// To successfully start a rotation, the staging label AWSPENDING must be in +// one of the following states: +// +// * Not be attached to any version at all +// +// * Attached to the same version as the staging label AWSCURRENT +// +// If the staging label AWSPENDING is attached to a different version than the +// version with AWSCURRENT then the attempt to rotate fails. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:CancelRotateSecret +// +// Related operations +// +// * To configure rotation for a secret or to manually trigger a rotation, +// use RotateSecret. +// +// * To get the rotation configuration details for a secret, use DescribeSecret. +// +// * To list all of the currently available secrets, use ListSecrets. +// +// * To list all of the versions currently associated with a secret, use +// ListSecretVersionIds. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation CancelRotateSecret for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret +func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error) { + req, out := c.CancelRotateSecretRequest(input) + return out, req.Send() +} + +// CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See CancelRotateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error) { + req, out := c.CancelRotateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateSecret = "CreateSecret" + +// CreateSecretRequest generates a "aws/request.Request" representing the +// client's request for the CreateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSecret for more information on using the CreateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateSecretRequest method. +// req, resp := client.CreateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret +func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput) { + op := &request.Operation{ + Name: opCreateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateSecretInput{} + } + + output = &CreateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSecret API operation for AWS Secrets Manager. +// +// Creates a new secret. A secret in Secrets Manager consists of both the protected +// secret data and the important information needed to manage the secret. +// +// Secrets Manager stores the encrypted secret data in one of a collection of +// "versions" associated with the secret. Each version contains a copy of the +// encrypted secret data. Each version is associated with one or more "staging +// labels" that identify where the version is in the rotation cycle. The SecretVersionsToStages +// field of the secret contains the mapping of staging labels to the active +// versions of the secret. Versions without a staging label are considered deprecated +// and are not included in the list. +// +// You provide the secret data to be encrypted by putting text in either the +// SecretString parameter or binary data in the SecretBinary parameter, but +// not both. If you include SecretString or SecretBinary then Secrets Manager +// also creates an initial secret version and automatically attaches the staging +// label AWSCURRENT to the new version. +// +// * If you call an operation that needs to encrypt or decrypt the SecretString +// or SecretBinary for a secret in the same account as the calling user and +// that secret doesn't specify a AWS KMS encryption key, Secrets Manager +// uses the account's default AWS managed customer master key (CMK) with +// the alias aws/secretsmanager. If this key doesn't already exist in your +// account then Secrets Manager creates it for you automatically. All users +// and roles in the same AWS account automatically have access to use the +// default CMK. Note that if an Secrets Manager API call results in AWS having +// to create the account's AWS-managed CMK, it can result in a one-time significant +// delay in returning the result. +// +// * If the secret is in a different AWS account from the credentials calling +// an API that requires encryption or decryption of the secret value then +// you must create and use a custom AWS KMS CMK because you can't access +// the default CMK for the account using credentials from a different AWS +// account. Store the ARN of the CMK in the secret when you create the secret +// or when you update it by including it in the KMSKeyId. If you call an +// API that must encrypt or decrypt SecretString or SecretBinary using credentials +// from a different account then the AWS KMS key policy must grant cross-account +// access to that other account's user or role for both the kms:GenerateDataKey +// and kms:Decrypt operations. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:CreateSecret +// +// * kms:GenerateDataKey - needed only if you use a customer-managed AWS +// KMS key to encrypt the secret. You do not need this permission to use +// the account's default AWS managed CMK for Secrets Manager. +// +// * kms:Decrypt - needed only if you use a customer-managed AWS KMS key +// to encrypt the secret. You do not need this permission to use the account's +// default AWS managed CMK for Secrets Manager. +// +// * secretsmanager:TagResource - needed only if you include the Tags parameter. +// +// Related operations +// +// * To delete a secret, use DeleteSecret. +// +// * To modify an existing secret, use UpdateSecret. +// +// * To create a new version of a secret, use PutSecretValue. +// +// * To retrieve the encrypted secure string and secure binary values, use +// GetSecretValue. +// +// * To retrieve all other details for a secret, use DescribeSecret. This +// does not include the encrypted secure string and secure binary values. +// +// * To retrieve the list of secret versions associated with the current +// secret, use DescribeSecret and examine the SecretVersionsToStages response +// value. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation CreateSecret for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeLimitExceededException "LimitExceededException" +// The request failed because it would exceed one of the Secrets Manager internal +// limits. +// +// * ErrCodeEncryptionFailure "EncryptionFailure" +// Secrets Manager can't encrypt the protected secret text using the provided +// KMS key. Check that the customer master key (CMK) is available, enabled, +// and not in an invalid state. For more information, see How Key State Affects +// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// +// * ErrCodeResourceExistsException "ResourceExistsException" +// A resource with the ID you requested already exists. +// +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" +// The policy document that you provided isn't valid. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// * ErrCodePreconditionNotMetException "PreconditionNotMetException" +// The request failed because you did not complete all the prerequisite steps. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret +func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error) { + req, out := c.CreateSecretRequest(input) + return out, req.Send() +} + +// CreateSecretWithContext is the same as CreateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error) { + req, out := c.CreateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteResourcePolicy = "DeleteResourcePolicy" + +// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteResourcePolicyRequest method. +// req, resp := client.DeleteResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy +func (c *SecretsManager) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { + op := &request.Operation{ + Name: opDeleteResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteResourcePolicyInput{} + } + + output = &DeleteResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteResourcePolicy API operation for AWS Secrets Manager. +// +// Deletes the resource-based permission policy that's attached to the secret. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:DeleteResourcePolicy +// +// Related operations +// +// * To attach a resource policy to a secret, use PutResourcePolicy. +// +// * To retrieve the current resource-based policy that's attached to a secret, +// use GetResourcePolicy. +// +// * To list all of the currently available secrets, use ListSecrets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation DeleteResourcePolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy +func (c *SecretsManager) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) + return out, req.Send() +} + +// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { + req, out := c.DeleteResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteSecret = "DeleteSecret" + +// DeleteSecretRequest generates a "aws/request.Request" representing the +// client's request for the DeleteSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteSecret for more information on using the DeleteSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteSecretRequest method. +// req, resp := client.DeleteSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret +func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput) { + op := &request.Operation{ + Name: opDeleteSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteSecretInput{} + } + + output = &DeleteSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteSecret API operation for AWS Secrets Manager. +// +// Deletes an entire secret and all of its versions. You can optionally include +// a recovery window during which you can restore the secret. If you don't specify +// a recovery window value, the operation defaults to 30 days. Secrets Manager +// attaches a DeletionDate stamp to the secret that specifies the end of the +// recovery window. At the end of the recovery window, Secrets Manager deletes +// the secret permanently. +// +// At any time before recovery window ends, you can use RestoreSecret to remove +// the DeletionDate and cancel the deletion of the secret. +// +// You cannot access the encrypted secret information in any secret that is +// scheduled for deletion. If you need to access that information, you must +// cancel the deletion with RestoreSecret and then retrieve the information. +// +// * There is no explicit operation to delete a version of a secret. Instead, +// remove all staging labels from the VersionStage field of a version. That +// marks the version as deprecated and allows Secrets Manager to delete it +// as needed. Versions that do not have any staging labels do not show up +// in ListSecretVersionIds unless you specify IncludeDeprecated. +// +// * The permanent secret deletion at the end of the waiting period is performed +// as a background task with low priority. There is no guarantee of a specific +// time after the recovery window for the actual delete operation to occur. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:DeleteSecret +// +// Related operations +// +// * To create a secret, use CreateSecret. +// +// * To cancel deletion of a version of a secret before the recovery window +// has expired, use RestoreSecret. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation DeleteSecret for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret +func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error) { + req, out := c.DeleteSecretRequest(input) + return out, req.Send() +} + +// DeleteSecretWithContext is the same as DeleteSecret with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error) { + req, out := c.DeleteSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDescribeSecret = "DescribeSecret" + +// DescribeSecretRequest generates a "aws/request.Request" representing the +// client's request for the DescribeSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeSecret for more information on using the DescribeSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeSecretRequest method. +// req, resp := client.DescribeSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret +func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput) { + op := &request.Operation{ + Name: opDescribeSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeSecretInput{} + } + + output = &DescribeSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeSecret API operation for AWS Secrets Manager. +// +// Retrieves the details of a secret. It does not include the encrypted fields. +// Only those fields that are populated with a value are returned in the response. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:DescribeSecret +// +// Related operations +// +// * To create a secret, use CreateSecret. +// +// * To modify a secret, use UpdateSecret. +// +// * To retrieve the encrypted secret information in a version of the secret, +// use GetSecretValue. +// +// * To list all of the secrets in the AWS account, use ListSecrets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation DescribeSecret for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret +func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error) { + req, out := c.DescribeSecretRequest(input) + return out, req.Send() +} + +// DescribeSecretWithContext is the same as DescribeSecret with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error) { + req, out := c.DescribeSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetRandomPassword = "GetRandomPassword" + +// GetRandomPasswordRequest generates a "aws/request.Request" representing the +// client's request for the GetRandomPassword operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetRandomPassword for more information on using the GetRandomPassword +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetRandomPasswordRequest method. +// req, resp := client.GetRandomPasswordRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword +func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput) { + op := &request.Operation{ + Name: opGetRandomPassword, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetRandomPasswordInput{} + } + + output = &GetRandomPasswordOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetRandomPassword API operation for AWS Secrets Manager. +// +// Generates a random password of the specified complexity. This operation is +// intended for use in the Lambda rotation function. Per best practice, we recommend +// that you specify the maximum length and include every character type that +// the system you are generating a password for can support. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:GetRandomPassword +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation GetRandomPassword for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword +func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error) { + req, out := c.GetRandomPasswordRequest(input) + return out, req.Send() +} + +// GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of +// the ability to pass a context and additional request options. +// +// See GetRandomPassword for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error) { + req, out := c.GetRandomPasswordRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetResourcePolicy = "GetResourcePolicy" + +// GetResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetResourcePolicy for more information on using the GetResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetResourcePolicyRequest method. +// req, resp := client.GetResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy +func (c *SecretsManager) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) { + op := &request.Operation{ + Name: opGetResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetResourcePolicyInput{} + } + + output = &GetResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetResourcePolicy API operation for AWS Secrets Manager. +// +// Retrieves the JSON text of the resource-based policy document that's attached +// to the specified secret. The JSON request string input and response output +// are shown formatted with white space and line breaks for better readability. +// Submit your input as a single line JSON string. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:GetResourcePolicy +// +// Related operations +// +// * To attach a resource policy to a secret, use PutResourcePolicy. +// +// * To delete the resource-based policy that's attached to a secret, use +// DeleteResourcePolicy. +// +// * To list all of the currently available secrets, use ListSecrets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation GetResourcePolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy +func (c *SecretsManager) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) { + req, out := c.GetResourcePolicyRequest(input) + return out, req.Send() +} + +// GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) { + req, out := c.GetResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetSecretValue = "GetSecretValue" + +// GetSecretValueRequest generates a "aws/request.Request" representing the +// client's request for the GetSecretValue operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSecretValue for more information on using the GetSecretValue +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetSecretValueRequest method. +// req, resp := client.GetSecretValueRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue +func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput) { + op := &request.Operation{ + Name: opGetSecretValue, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetSecretValueInput{} + } + + output = &GetSecretValueOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSecretValue API operation for AWS Secrets Manager. +// +// Retrieves the contents of the encrypted fields SecretString or SecretBinary +// from the specified version of a secret, whichever contains content. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:GetSecretValue +// +// * kms:Decrypt - required only if you use a customer-managed AWS KMS key +// to encrypt the secret. You do not need this permission to use the account's +// default AWS managed CMK for Secrets Manager. +// +// Related operations +// +// * To create a new version of the secret with different encrypted information, +// use PutSecretValue. +// +// * To retrieve the non-encrypted details for the secret, use DescribeSecret. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation GetSecretValue for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeDecryptionFailure "DecryptionFailure" +// Secrets Manager can't decrypt the protected secret text using the provided +// KMS key. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue +func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error) { + req, out := c.GetSecretValueRequest(input) + return out, req.Send() +} + +// GetSecretValueWithContext is the same as GetSecretValue with the addition of +// the ability to pass a context and additional request options. +// +// See GetSecretValue for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error) { + req, out := c.GetSecretValueRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListSecretVersionIds = "ListSecretVersionIds" + +// ListSecretVersionIdsRequest generates a "aws/request.Request" representing the +// client's request for the ListSecretVersionIds operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListSecretVersionIds for more information on using the ListSecretVersionIds +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListSecretVersionIdsRequest method. +// req, resp := client.ListSecretVersionIdsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds +func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput) { + op := &request.Operation{ + Name: opListSecretVersionIds, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListSecretVersionIdsInput{} + } + + output = &ListSecretVersionIdsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSecretVersionIds API operation for AWS Secrets Manager. +// +// Lists all of the versions attached to the specified secret. The output does +// not include the SecretString or SecretBinary fields. By default, the list +// includes only versions that have at least one staging label in VersionStage +// attached. +// +// Always check the NextToken response parameter when calling any of the List* +// operations. These operations can occasionally return an empty or shorter +// than expected list of results even when there are more results available. +// When this happens, the NextToken response parameter contains a value to pass +// to the next call to the same API to request the next part of the list. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:ListSecretVersionIds +// +// Related operations +// +// * To list the secrets in an account, use ListSecrets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation ListSecretVersionIds for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" +// You provided an invalid NextToken value. +// +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds +func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error) { + req, out := c.ListSecretVersionIdsRequest(input) + return out, req.Send() +} + +// ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of +// the ability to pass a context and additional request options. +// +// See ListSecretVersionIds for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error) { + req, out := c.ListSecretVersionIdsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSecretVersionIds method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSecretVersionIds operation. +// pageNum := 0 +// err := client.ListSecretVersionIdsPages(params, +// func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error { + return c.ListSecretVersionIdsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSecretVersionIdsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSecretVersionIdsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListSecretVersionIdsOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opListSecrets = "ListSecrets" + +// ListSecretsRequest generates a "aws/request.Request" representing the +// client's request for the ListSecrets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListSecrets for more information on using the ListSecrets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListSecretsRequest method. +// req, resp := client.ListSecretsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets +func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput) { + op := &request.Operation{ + Name: opListSecrets, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListSecretsInput{} + } + + output = &ListSecretsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSecrets API operation for AWS Secrets Manager. +// +// Lists all of the secrets that are stored by Secrets Manager in the AWS account. +// To list the versions currently stored for a specific secret, use ListSecretVersionIds. +// The encrypted fields SecretString and SecretBinary are not included in the +// output. To get that information, call the GetSecretValue operation. +// +// Always check the NextToken response parameter when calling any of the List* +// operations. These operations can occasionally return an empty or shorter +// than expected list of results even when there are more results available. +// When this happens, the NextToken response parameter contains a value to pass +// to the next call to the same API to request the next part of the list. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:ListSecrets +// +// Related operations +// +// * To list the versions attached to a secret, use ListSecretVersionIds. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation ListSecrets for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" +// You provided an invalid NextToken value. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets +func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error) { + req, out := c.ListSecretsRequest(input) + return out, req.Send() +} + +// ListSecretsWithContext is the same as ListSecrets with the addition of +// the ability to pass a context and additional request options. +// +// See ListSecrets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error) { + req, out := c.ListSecretsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListSecretsPages iterates over the pages of a ListSecrets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSecrets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSecrets operation. +// pageNum := 0 +// err := client.ListSecretsPages(params, +// func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error { + return c.ListSecretsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSecretsPagesWithContext same as ListSecretsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSecretsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSecretsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*ListSecretsOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opPutResourcePolicy = "PutResourcePolicy" + +// PutResourcePolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutResourcePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutResourcePolicy for more information on using the PutResourcePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the PutResourcePolicyRequest method. +// req, resp := client.PutResourcePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy +func (c *SecretsManager) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { + op := &request.Operation{ + Name: opPutResourcePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutResourcePolicyInput{} + } + + output = &PutResourcePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutResourcePolicy API operation for AWS Secrets Manager. +// +// Attaches the contents of the specified resource-based permission policy to +// a secret. A resource-based policy is optional. Alternatively, you can use +// IAM identity-based policies that specify the secret's Amazon Resource Name +// (ARN) in the policy statement's Resources element. You can also use a combination +// of both identity-based and resource-based policies. The affected users and +// roles receive the permissions that are permitted by all of the relevant policies. +// For more information, see Using Resource-Based Policies for AWS Secrets Manager +// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). +// For the complete description of the AWS policy syntax and grammar, see IAM +// JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) +// in the IAM User Guide. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:PutResourcePolicy +// +// Related operations +// +// * To retrieve the resource policy that's attached to a secret, use GetResourcePolicy. +// +// * To delete the resource-based policy that's attached to a secret, use +// DeleteResourcePolicy. +// +// * To list all of the currently available secrets, use ListSecrets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation PutResourcePolicy for usage and error information. +// +// Returned Error Codes: +// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" +// The policy document that you provided isn't valid. +// +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy +func (c *SecretsManager) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + return out, req.Send() +} + +// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See PutResourcePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { + req, out := c.PutResourcePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opPutSecretValue = "PutSecretValue" + +// PutSecretValueRequest generates a "aws/request.Request" representing the +// client's request for the PutSecretValue operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutSecretValue for more information on using the PutSecretValue +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the PutSecretValueRequest method. +// req, resp := client.PutSecretValueRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue +func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput) { + op := &request.Operation{ + Name: opPutSecretValue, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutSecretValueInput{} + } + + output = &PutSecretValueOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutSecretValue API operation for AWS Secrets Manager. +// +// Stores a new encrypted secret value in the specified secret. To do this, +// the operation creates a new version and attaches it to the secret. The version +// can contain a new SecretString value or a new SecretBinary value. You can +// also specify the staging labels that are initially attached to the new version. +// +// The Secrets Manager console uses only the SecretString field. To add binary +// data to a secret with the SecretBinary field you must use the AWS CLI or +// one of the AWS SDKs. +// +// * If this operation creates the first version for the secret then Secrets +// Manager automatically attaches the staging label AWSCURRENT to the new +// version. +// +// * If another version of this secret already exists, then this operation +// does not automatically move any staging labels other than those that you +// explicitly specify in the VersionStages parameter. +// +// * If this operation moves the staging label AWSCURRENT from another version +// to this version (because you included it in the StagingLabels parameter) +// then Secrets Manager also automatically moves the staging label AWSPREVIOUS +// to the version that AWSCURRENT was removed from. +// +// * This operation is idempotent. If a version with a VersionId with the +// same value as the ClientRequestToken parameter already exists and you +// specify the same secret data, the operation succeeds but does nothing. +// However, if the secret data is different, then the operation fails because +// you cannot modify an existing version; you can only create new ones. +// +// * If you call an operation that needs to encrypt or decrypt the SecretString +// or SecretBinary for a secret in the same account as the calling user and +// that secret doesn't specify a AWS KMS encryption key, Secrets Manager +// uses the account's default AWS managed customer master key (CMK) with +// the alias aws/secretsmanager. If this key doesn't already exist in your +// account then Secrets Manager creates it for you automatically. All users +// and roles in the same AWS account automatically have access to use the +// default CMK. Note that if an Secrets Manager API call results in AWS having +// to create the account's AWS-managed CMK, it can result in a one-time significant +// delay in returning the result. +// +// * If the secret is in a different AWS account from the credentials calling +// an API that requires encryption or decryption of the secret value then +// you must create and use a custom AWS KMS CMK because you can't access +// the default CMK for the account using credentials from a different AWS +// account. Store the ARN of the CMK in the secret when you create the secret +// or when you update it by including it in the KMSKeyId. If you call an +// API that must encrypt or decrypt SecretString or SecretBinary using credentials +// from a different account then the AWS KMS key policy must grant cross-account +// access to that other account's user or role for both the kms:GenerateDataKey +// and kms:Decrypt operations. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:PutSecretValue +// +// * kms:GenerateDataKey - needed only if you use a customer-managed AWS +// KMS key to encrypt the secret. You do not need this permission to use +// the account's default AWS managed CMK for Secrets Manager. +// +// Related operations +// +// * To retrieve the encrypted value you store in the version of a secret, +// use GetSecretValue. +// +// * To create a secret, use CreateSecret. +// +// * To get the details for a secret, use DescribeSecret. +// +// * To list the versions attached to a secret, use ListSecretVersionIds. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation PutSecretValue for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeLimitExceededException "LimitExceededException" +// The request failed because it would exceed one of the Secrets Manager internal +// limits. +// +// * ErrCodeEncryptionFailure "EncryptionFailure" +// Secrets Manager can't encrypt the protected secret text using the provided +// KMS key. Check that the customer master key (CMK) is available, enabled, +// and not in an invalid state. For more information, see How Key State Affects +// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// +// * ErrCodeResourceExistsException "ResourceExistsException" +// A resource with the ID you requested already exists. +// +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue +func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error) { + req, out := c.PutSecretValueRequest(input) + return out, req.Send() +} + +// PutSecretValueWithContext is the same as PutSecretValue with the addition of +// the ability to pass a context and additional request options. +// +// See PutSecretValue for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error) { + req, out := c.PutSecretValueRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRestoreSecret = "RestoreSecret" + +// RestoreSecretRequest generates a "aws/request.Request" representing the +// client's request for the RestoreSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RestoreSecret for more information on using the RestoreSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the RestoreSecretRequest method. +// req, resp := client.RestoreSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret +func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput) { + op := &request.Operation{ + Name: opRestoreSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RestoreSecretInput{} + } + + output = &RestoreSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// RestoreSecret API operation for AWS Secrets Manager. +// +// Cancels the scheduled deletion of a secret by removing the DeletedDate time +// stamp. This makes the secret accessible to query once again. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:RestoreSecret +// +// Related operations +// +// * To delete a secret, use DeleteSecret. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation RestoreSecret for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret +func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error) { + req, out := c.RestoreSecretRequest(input) + return out, req.Send() +} + +// RestoreSecretWithContext is the same as RestoreSecret with the addition of +// the ability to pass a context and additional request options. +// +// See RestoreSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error) { + req, out := c.RestoreSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRotateSecret = "RotateSecret" + +// RotateSecretRequest generates a "aws/request.Request" representing the +// client's request for the RotateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RotateSecret for more information on using the RotateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the RotateSecretRequest method. +// req, resp := client.RotateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret +func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput) { + op := &request.Operation{ + Name: opRotateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RotateSecretInput{} + } + + output = &RotateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// RotateSecret API operation for AWS Secrets Manager. +// +// Configures and starts the asynchronous process of rotating this secret. If +// you include the configuration parameters, the operation sets those values +// for the secret and then immediately starts a rotation. If you do not include +// the configuration parameters, the operation starts a rotation with the values +// already stored in the secret. After the rotation completes, the protected +// service and its clients all use the new version of the secret. +// +// This required configuration information includes the ARN of an AWS Lambda +// function and the time between scheduled rotations. The Lambda rotation function +// creates a new version of the secret and creates or updates the credentials +// on the protected service to match. After testing the new credentials, the +// function marks the new secret with the staging label AWSCURRENT so that your +// clients all immediately begin to use the new version. For more information +// about rotating secrets and how to configure a Lambda function to rotate the +// secrets for your protected service, see Rotating Secrets in AWS Secrets Manager +// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) +// in the AWS Secrets Manager User Guide. +// +// Secrets Manager schedules the next rotation when the previous one is complete. +// Secrets Manager schedules the date by adding the rotation interval (number +// of days) to the actual date of the last rotation. The service chooses the +// hour within that 24-hour date window randomly. The minute is also chosen +// somewhat randomly, but weighted towards the top of the hour and influenced +// by a variety of factors that help distribute load. +// +// The rotation function must end with the versions of the secret in one of +// two states: +// +// * The AWSPENDING and AWSCURRENT staging labels are attached to the same +// version of the secret, or +// +// * The AWSPENDING staging label is not attached to any version of the secret. +// +// If instead the AWSPENDING staging label is present but is not attached to +// the same version as AWSCURRENT then any later invocation of RotateSecret +// assumes that a previous rotation request is still in progress and returns +// an error. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:RotateSecret +// +// * lambda:InvokeFunction (on the function specified in the secret's metadata) +// +// Related operations +// +// * To list the secrets in your account, use ListSecrets. +// +// * To get the details for a version of a secret, use DescribeSecret. +// +// * To create a new version of a secret, use CreateSecret. +// +// * To attach staging labels to or remove staging labels from a version +// of a secret, use UpdateSecretVersionStage. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation RotateSecret for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret +func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error) { + req, out := c.RotateSecretRequest(input) + return out, req.Send() +} + +// RotateSecretWithContext is the same as RotateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See RotateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error) { + req, out := c.RotateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTagResource = "TagResource" + +// TagResourceRequest generates a "aws/request.Request" representing the +// client's request for the TagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagResource for more information on using the TagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource +func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { + op := &request.Operation{ + Name: opTagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &TagResourceInput{} + } + + output = &TagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagResource API operation for AWS Secrets Manager. +// +// Attaches one or more tags, each consisting of a key name and a value, to +// the specified secret. Tags are part of the secret's overall metadata, and +// are not associated with any specific version of the secret. This operation +// only appends tags to the existing list of tags. To remove tags, you must +// use UntagResource. +// +// The following basic restrictions apply to tags: +// +// * Maximum number of tags per secret—50 +// +// * Maximum key length—127 Unicode characters in UTF-8 +// +// * Maximum value length—255 Unicode characters in UTF-8 +// +// * Tag keys and values are case sensitive. +// +// * Do not use the aws: prefix in your tag names or values because it is +// reserved for AWS use. You can't edit or delete tag names or values with +// this prefix. Tags with this prefix do not count against your tags per +// secret limit. +// +// * If your tagging schema will be used across multiple services and resources, +// remember that other services might have restrictions on allowed characters. +// Generally allowed characters are: letters, spaces, and numbers representable +// in UTF-8, plus the following special characters: + - = . _ : / @. +// +// If you use tags as part of your security strategy, then adding or removing +// a tag can change permissions. If successfully completing this operation would +// result in you losing your permissions for this secret, then the operation +// is blocked and returns an Access Denied error. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:TagResource +// +// Related operations +// +// * To remove one or more tags from the collection attached to a secret, +// use UntagResource. +// +// * To view the list of tags attached to a secret, use DescribeSecret. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation TagResource for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource +func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + return out, req.Send() +} + +// TagResourceWithContext is the same as TagResource with the addition of +// the ability to pass a context and additional request options. +// +// See TagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagResource = "UntagResource" + +// UntagResourceRequest generates a "aws/request.Request" representing the +// client's request for the UntagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagResource for more information on using the UntagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource +func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { + op := &request.Operation{ + Name: opUntagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UntagResourceInput{} + } + + output = &UntagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagResource API operation for AWS Secrets Manager. +// +// Removes one or more tags from the specified secret. +// +// This operation is idempotent. If a requested tag is not attached to the secret, +// no error is returned and the secret metadata is unchanged. +// +// If you use tags as part of your security strategy, then removing a tag can +// change permissions. If successfully completing this operation would result +// in you losing your permissions for this secret, then the operation is blocked +// and returns an Access Denied error. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:UntagResource +// +// Related operations +// +// * To add one or more tags to the collection attached to a secret, use +// TagResource. +// +// * To view the list of tags attached to a secret, use DescribeSecret. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation UntagResource for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource +func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + return out, req.Send() +} + +// UntagResourceWithContext is the same as UntagResource with the addition of +// the ability to pass a context and additional request options. +// +// See UntagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateSecret = "UpdateSecret" + +// UpdateSecretRequest generates a "aws/request.Request" representing the +// client's request for the UpdateSecret operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateSecret for more information on using the UpdateSecret +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UpdateSecretRequest method. +// req, resp := client.UpdateSecretRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret +func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput) { + op := &request.Operation{ + Name: opUpdateSecret, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateSecretInput{} + } + + output = &UpdateSecretOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateSecret API operation for AWS Secrets Manager. +// +// Modifies many of the details of the specified secret. If you include a ClientRequestToken +// and either SecretString or SecretBinary then it also creates a new version +// attached to the secret. +// +// To modify the rotation configuration of a secret, use RotateSecret instead. +// +// The Secrets Manager console uses only the SecretString parameter and therefore +// limits you to encrypting and storing only a text string. To encrypt and store +// binary data as part of the version of a secret, you must use either the AWS +// CLI or one of the AWS SDKs. +// +// * If a version with a VersionId with the same value as the ClientRequestToken +// parameter already exists, the operation results in an error. You cannot +// modify an existing version, you can only create a new version. +// +// * If you include SecretString or SecretBinary to create a new secret version, +// Secrets Manager automatically attaches the staging label AWSCURRENT to +// the new version. +// +// * If you call an operation that needs to encrypt or decrypt the SecretString +// or SecretBinary for a secret in the same account as the calling user and +// that secret doesn't specify a AWS KMS encryption key, Secrets Manager +// uses the account's default AWS managed customer master key (CMK) with +// the alias aws/secretsmanager. If this key doesn't already exist in your +// account then Secrets Manager creates it for you automatically. All users +// and roles in the same AWS account automatically have access to use the +// default CMK. Note that if an Secrets Manager API call results in AWS having +// to create the account's AWS-managed CMK, it can result in a one-time significant +// delay in returning the result. +// +// * If the secret is in a different AWS account from the credentials calling +// an API that requires encryption or decryption of the secret value then +// you must create and use a custom AWS KMS CMK because you can't access +// the default CMK for the account using credentials from a different AWS +// account. Store the ARN of the CMK in the secret when you create the secret +// or when you update it by including it in the KMSKeyId. If you call an +// API that must encrypt or decrypt SecretString or SecretBinary using credentials +// from a different account then the AWS KMS key policy must grant cross-account +// access to that other account's user or role for both the kms:GenerateDataKey +// and kms:Decrypt operations. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:UpdateSecret +// +// * kms:GenerateDataKey - needed only if you use a custom AWS KMS key to +// encrypt the secret. You do not need this permission to use the account's +// AWS managed CMK for Secrets Manager. +// +// * kms:Decrypt - needed only if you use a custom AWS KMS key to encrypt +// the secret. You do not need this permission to use the account's AWS managed +// CMK for Secrets Manager. +// +// Related operations +// +// * To create a new secret, use CreateSecret. +// +// * To add only a new version to an existing secret, use PutSecretValue. +// +// * To get the details for a secret, use DescribeSecret. +// +// * To list the versions contained in a secret, use ListSecretVersionIds. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation UpdateSecret for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeLimitExceededException "LimitExceededException" +// The request failed because it would exceed one of the Secrets Manager internal +// limits. +// +// * ErrCodeEncryptionFailure "EncryptionFailure" +// Secrets Manager can't encrypt the protected secret text using the provided +// KMS key. Check that the customer master key (CMK) is available, enabled, +// and not in an invalid state. For more information, see How Key State Affects +// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// +// * ErrCodeResourceExistsException "ResourceExistsException" +// A resource with the ID you requested already exists. +// +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" +// The policy document that you provided isn't valid. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// * ErrCodePreconditionNotMetException "PreconditionNotMetException" +// The request failed because you did not complete all the prerequisite steps. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret +func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error) { + req, out := c.UpdateSecretRequest(input) + return out, req.Send() +} + +// UpdateSecretWithContext is the same as UpdateSecret with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateSecret for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error) { + req, out := c.UpdateSecretRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateSecretVersionStage = "UpdateSecretVersionStage" + +// UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the +// client's request for the UpdateSecretVersionStage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UpdateSecretVersionStageRequest method. +// req, resp := client.UpdateSecretVersionStageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage +func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput) { + op := &request.Operation{ + Name: opUpdateSecretVersionStage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateSecretVersionStageInput{} + } + + output = &UpdateSecretVersionStageOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateSecretVersionStage API operation for AWS Secrets Manager. +// +// Modifies the staging labels attached to a version of a secret. Staging labels +// are used to track a version as it progresses through the secret rotation +// process. You can attach a staging label to only one version of a secret at +// a time. If a staging label to be added is already attached to another version, +// then it is moved--removed from the other version first and then attached +// to this one. For more information about staging labels, see Staging Labels +// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label) +// in the AWS Secrets Manager User Guide. +// +// The staging labels that you specify in the VersionStage parameter are added +// to the existing list of staging labels--they don't replace it. +// +// You can move the AWSCURRENT staging label to this version by including it +// in this call. +// +// Whenever you move AWSCURRENT, Secrets Manager automatically moves the label +// AWSPREVIOUS to the version that AWSCURRENT was removed from. +// +// If this action results in the last label being removed from a version, then +// the version is considered to be 'deprecated' and can be deleted by Secrets +// Manager. +// +// Minimum permissions +// +// To run this command, you must have the following permissions: +// +// * secretsmanager:UpdateSecretVersionStage +// +// Related operations +// +// * To get the list of staging labels that are currently associated with +// a version of a secret, use DescribeSecret and examine the SecretVersionsToStages +// response value. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Secrets Manager's +// API operation UpdateSecretVersionStage for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceNotFoundException "ResourceNotFoundException" +// We can't find the resource that you asked for. +// +// * ErrCodeInvalidParameterException "InvalidParameterException" +// You provided an invalid value for a parameter. +// +// * ErrCodeInvalidRequestException "InvalidRequestException" +// You provided a parameter value that is not valid for the current state of +// the resource. +// +// Possible causes: +// +// * You tried to perform the operation on a secret that's currently marked +// deleted. +// +// * You tried to enable rotation on a secret that doesn't already have a +// Lambda function ARN configured and you didn't include such an ARN as a +// parameter in this call. +// +// * ErrCodeLimitExceededException "LimitExceededException" +// The request failed because it would exceed one of the Secrets Manager internal +// limits. +// +// * ErrCodeInternalServiceError "InternalServiceError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage +func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error) { + req, out := c.UpdateSecretVersionStageRequest(input) + return out, req.Send() +} + +// UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateSecretVersionStage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error) { + req, out := c.UpdateSecretVersionStageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +type CancelRotateSecretInput struct { + _ struct{} `type:"structure"` + + // Specifies the secret for which you want to cancel a rotation request. You + // can specify either the Amazon Resource Name (ARN) or the friendly name of + // the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s CancelRotateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelRotateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CancelRotateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CancelRotateSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *CancelRotateSecretInput) SetSecretId(v string) *CancelRotateSecretInput { + s.SecretId = &v + return s +} + +type CancelRotateSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret for which rotation was canceled. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret for which rotation was canceled. + Name *string `min:"1" type:"string"` + + // The unique identifier of the version of the secret that was created during + // the rotation. This version might not be complete, and should be evaluated + // for possible deletion. At the very least, you should remove the VersionStage + // value AWSPENDING to enable this version to be deleted. Failing to clean up + // a cancelled rotation can block you from successfully starting future rotations. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation +func (s CancelRotateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelRotateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *CancelRotateSecretOutput) SetARN(v string) *CancelRotateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *CancelRotateSecretOutput) SetName(v string) *CancelRotateSecretOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *CancelRotateSecretOutput) SetVersionId(v string) *CancelRotateSecretOutput { + s.VersionId = &v + return s +} + +type CreateSecretInput struct { + _ struct{} `type:"structure"` + + // (Optional) If you include SecretString or SecretBinary, then an initial version + // is created as part of the secret, and this parameter specifies a unique identifier + // for the new version. + // + // If you use the AWS CLI or one of the AWS SDK to call this operation, then + // you can leave this parameter empty. The CLI or SDK generates a random UUID + // for you and includes it as the value for this parameter in the request. If + // you don't use the SDK and instead generate a raw HTTP request to the Secrets + // Manager service endpoint, then you must generate a ClientRequestToken yourself + // for the new version and include that value in the request. + // + // This value helps ensure idempotency. Secrets Manager uses this value to prevent + // the accidental creation of duplicate versions if there are failures and retries + // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) + // value to ensure uniqueness of your versions within the specified secret. + // + // * If the ClientRequestToken value isn't already associated with a version + // of the secret then a new version of the secret is created. + // + // * If a version with this value already exists and that version's SecretString + // and SecretBinary values are the same as those in the request, then the + // request is ignored (the operation is idempotent). + // + // * If a version with this value already exists and that version's SecretString + // and SecretBinary values are different from those in the request then the + // request fails because you cannot modify an existing version. Instead, + // use PutSecretValue to create a new version. + // + // This value becomes the VersionId of the new version. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // (Optional) Specifies a user-provided description of the secret. + Description *string `type:"string"` + + // (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master + // key (CMK) to be used to encrypt the SecretString or SecretBinary values in + // the versions stored in this secret. + // + // You can specify any of the supported ways to identify a AWS KMS key ID. If + // you need to reference a CMK in a different account, you can use only the + // key ARN or the alias ARN. + // + // If you don't specify this value, then Secrets Manager defaults to using the + // AWS account's default CMK (the one named aws/secretsmanager). If a AWS KMS + // CMK with that name doesn't yet exist, then Secrets Manager creates it for + // you automatically the first time it needs to encrypt a version's SecretString + // or SecretBinary fields. + // + // You can use the account's default CMK to encrypt and decrypt only if you + // call this operation using credentials from the same account that owns the + // secret. If the secret is in a different account, then you must create a custom + // CMK and specify the ARN in this field. + KmsKeyId *string `type:"string"` + + // Specifies the friendly name of the new secret. + // + // The secret name must be ASCII letters, digits, or the following characters + // : /_+=.@- + // + // Don't end your secret name with a hyphen followed by six characters. If you + // do so, you risk confusion and unexpected results when searching for a secret + // by partial ARN. This is because Secrets Manager automatically adds a hyphen + // and six random characters at the end of the ARN. + // + // Name is a required field + Name *string `min:"1" type:"string" required:"true"` + + // (Optional) Specifies binary data that you want to encrypt and store in the + // new version of the secret. To use this parameter in the command-line tools, + // we recommend that you store your binary data in a file and then use the appropriate + // technique for your tool to pass the contents of the file as a parameter. + // + // Either SecretString or SecretBinary must have a value, but not both. They + // cannot both be empty. + // + // This parameter is not available using the Secrets Manager console. It can + // be accessed only by using the AWS CLI or one of the AWS SDKs. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `type:"blob" sensitive:"true"` + + // (Optional) Specifies text data that you want to encrypt and store in this + // new version of the secret. + // + // Either SecretString or SecretBinary must have a value, but not both. They + // cannot both be empty. + // + // If you create a secret by using the Secrets Manager console then Secrets + // Manager puts the protected secret text in only the SecretString parameter. + // The Secrets Manager console stores the information as a JSON structure of + // key/value pairs that the Lambda rotation function knows how to parse. + // + // For storing multiple values, we recommend that you use a JSON text string + // argument and specify key/value pairs. For information on how to format a + // JSON parameter for the various command line tool environments, see Using + // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) + // in the AWS CLI User Guide. For example: + // + // [{"username":"bob"},{"password":"abc123xyz456"}] + // + // If your command-line tool or SDK requires quotation marks around the parameter, + // you should use single quotes to avoid confusion with the double quotes required + // in the JSON text. + SecretString *string `type:"string" sensitive:"true"` + + // (Optional) Specifies a list of user-defined tags that are attached to the + // secret. Each tag is a "Key" and "Value" pair of strings. This operation only + // appends tags to the existing list of tags. To remove tags, you must use UntagResource. + // + // * Secrets Manager tag key names are case sensitive. A tag with the key + // "ABC" is a different tag from one with key "abc". + // + // * If you check tags in IAM policy Condition elements as part of your security + // strategy, then adding or removing a tag can change permissions. If the + // successful completion of this operation would result in you losing your + // permissions for this secret, then this operation is blocked and returns + // an Access Denied error. + // + // This parameter requires a JSON text string argument. For information on how + // to format a JSON parameter for the various command line tool environments, + // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) + // in the AWS CLI User Guide. For example: + // + // [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] + // + // If your command-line tool or SDK requires quotation marks around the parameter, + // you should use single quotes to avoid confusion with the double quotes required + // in the JSON text. + // + // The following basic restrictions apply to tags: + // + // * Maximum number of tags per secret—50 + // + // * Maximum key length—127 Unicode characters in UTF-8 + // + // * Maximum value length—255 Unicode characters in UTF-8 + // + // * Tag keys and values are case sensitive. + // + // * Do not use the aws: prefix in your tag names or values because it is + // reserved for AWS use. You can't edit or delete tag names or values with + // this prefix. Tags with this prefix do not count against your tags per + // secret limit. + // + // * If your tagging schema will be used across multiple services and resources, + // remember that other services might have restrictions on allowed characters. + // Generally allowed characters are: letters, spaces, and numbers representable + // in UTF-8, plus the following special characters: + - = . _ : / @. + Tags []*Tag `type:"list"` +} + +// String returns the string representation +func (s CreateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSecretInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput { + s.ClientRequestToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput { + s.KmsKeyId = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateSecretInput) SetName(v string) *CreateSecretInput { + s.Name = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput { + s.SecretBinary = v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput { + s.SecretString = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput { + s.Tags = v + return s +} + +type CreateSecretOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the secret that you just created. + // + // Secrets Manager automatically adds several random characters to the name + // at the end of the ARN when you initially create a secret. This affects only + // the ARN and not the actual friendly name. This ensures that if you create + // a new secret with the same name as an old secret that you previously deleted, + // then users with access to the old secret don't automatically get access to + // the new secret because the ARNs are different. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret that you just created. + Name *string `min:"1" type:"string"` + + // The unique identifier that's associated with the version of the secret you + // just created. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation +func (s CreateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *CreateSecretOutput) SetARN(v string) *CreateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateSecretOutput) SetName(v string) *CreateSecretOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput { + s.VersionId = &v + return s +} + +type DeleteResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // Specifies the secret that you want to delete the attached resource-based + // policy for. You can specify either the Amazon Resource Name (ARN) or the + // friendly name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *DeleteResourcePolicyInput) SetSecretId(v string) *DeleteResourcePolicyInput { + s.SecretId = &v + return s +} + +type DeleteResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that the resource-based policy was deleted for. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret that the resource-based policy was deleted + // for. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s DeleteResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *DeleteResourcePolicyOutput) SetARN(v string) *DeleteResourcePolicyOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeleteResourcePolicyOutput) SetName(v string) *DeleteResourcePolicyOutput { + s.Name = &v + return s +} + +type DeleteSecretInput struct { + _ struct{} `type:"structure"` + + // (Optional) Specifies that the secret is to be deleted without any recovery + // window. You can't use both this parameter and the RecoveryWindowInDays parameter + // in the same API call. + // + // An asynchronous background process performs the actual deletion, so there + // can be a short delay before the operation completes. If you write code to + // delete and then immediately recreate a secret with the same name, ensure + // that your code includes appropriate back off and retry logic. + // + // Use this parameter with caution. This parameter causes the operation to skip + // the normal waiting period before the permanent deletion that AWS would normally + // impose with the RecoveryWindowInDays parameter. If you delete a secret with + // the ForceDeleteWithouRecovery parameter, then you have no opportunity to + // recover the secret. It is permanently lost. + ForceDeleteWithoutRecovery *bool `type:"boolean"` + + // (Optional) Specifies the number of days that Secrets Manager waits before + // it can delete the secret. You can't use both this parameter and the ForceDeleteWithoutRecovery + // parameter in the same API call. + // + // This value can range from 7 to 30 days. The default value is 30. + RecoveryWindowInDays *int64 `type:"long"` + + // Specifies the secret that you want to delete. You can specify either the + // Amazon Resource Name (ARN) or the friendly name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetForceDeleteWithoutRecovery sets the ForceDeleteWithoutRecovery field's value. +func (s *DeleteSecretInput) SetForceDeleteWithoutRecovery(v bool) *DeleteSecretInput { + s.ForceDeleteWithoutRecovery = &v + return s +} + +// SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value. +func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput { + s.RecoveryWindowInDays = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput { + s.SecretId = &v + return s +} + +type DeleteSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that is now scheduled for deletion. + ARN *string `min:"20" type:"string"` + + // The date and time after which this secret can be deleted by Secrets Manager + // and can no longer be restored. This value is the date and time of the delete + // request plus the number of days specified in RecoveryWindowInDays. + DeletionDate *time.Time `type:"timestamp"` + + // The friendly name of the secret that is now scheduled for deletion. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s DeleteSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *DeleteSecretOutput) SetARN(v string) *DeleteSecretOutput { + s.ARN = &v + return s +} + +// SetDeletionDate sets the DeletionDate field's value. +func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput { + s.DeletionDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeleteSecretOutput) SetName(v string) *DeleteSecretOutput { + s.Name = &v + return s +} + +type DescribeSecretInput struct { + _ struct{} `type:"structure"` + + // The identifier of the secret whose details you want to retrieve. You can + // specify either the Amazon Resource Name (ARN) or the friendly name of the + // secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribeSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput { + s.SecretId = &v + return s +} + +type DescribeSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // This value exists if the secret is scheduled for deletion. Some time after + // the specified date and time, Secrets Manager deletes the secret and all of + // its versions. + // + // If a secret is scheduled for deletion, then its details, including the encrypted + // secret information, is not accessible. To cancel a scheduled deletion and + // restore access, use RestoreSecret. + DeletedDate *time.Time `type:"timestamp"` + + // The user-provided description of the secret. + Description *string `type:"string"` + + // The ARN or alias of the AWS KMS customer master key (CMK) that's used to + // encrypt the SecretString or SecretBinary fields in each version of the secret. + // If you don't provide a key, then Secrets Manager defaults to encrypting the + // secret fields with the default AWS KMS CMK (the one named awssecretsmanager) + // for this account. + KmsKeyId *string `type:"string"` + + // The last date that this secret was accessed. This value is truncated to midnight + // of the date and therefore shows only the date, not the time. + LastAccessedDate *time.Time `type:"timestamp"` + + // The last date and time that this secret was modified in any way. + LastChangedDate *time.Time `type:"timestamp"` + + // The most recent date and time that the Secrets Manager rotation process was + // successfully completed. This value is null if the secret has never rotated. + LastRotatedDate *time.Time `type:"timestamp"` + + // The user-provided friendly name of the secret. + Name *string `min:"1" type:"string"` + + OwningService *string `min:"1" type:"string"` + + // Specifies whether automatic rotation is enabled for this secret. + // + // To enable rotation, use RotateSecret with AutomaticallyRotateAfterDays set + // to a value greater than 0. To disable rotation, use CancelRotateSecret. + RotationEnabled *bool `type:"boolean"` + + // The ARN of a Lambda function that's invoked by Secrets Manager to rotate + // the secret either automatically per the schedule or manually by a call to + // RotateSecret. + RotationLambdaARN *string `type:"string"` + + // A structure that contains the rotation configuration for this secret. + RotationRules *RotationRulesType `type:"structure"` + + // The list of user-defined tags that are associated with the secret. To add + // tags to a secret, use TagResource. To remove tags, use UntagResource. + Tags []*Tag `type:"list"` + + // A list of all of the currently assigned VersionStage staging labels and the + // VersionId that each is attached to. Staging labels are used to keep track + // of the different versions during the rotation process. + // + // A version that does not have any staging labels attached is considered deprecated + // and subject to deletion. Such versions are not included in this list. + VersionIdsToStages map[string][]*string `type:"map"` +} + +// String returns the string representation +func (s DescribeSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *DescribeSecretOutput) SetARN(v string) *DescribeSecretOutput { + s.ARN = &v + return s +} + +// SetDeletedDate sets the DeletedDate field's value. +func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput { + s.DeletedDate = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *DescribeSecretOutput) SetKmsKeyId(v string) *DescribeSecretOutput { + s.KmsKeyId = &v + return s +} + +// SetLastAccessedDate sets the LastAccessedDate field's value. +func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput { + s.LastAccessedDate = &v + return s +} + +// SetLastChangedDate sets the LastChangedDate field's value. +func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput { + s.LastChangedDate = &v + return s +} + +// SetLastRotatedDate sets the LastRotatedDate field's value. +func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput { + s.LastRotatedDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *DescribeSecretOutput) SetName(v string) *DescribeSecretOutput { + s.Name = &v + return s +} + +// SetOwningService sets the OwningService field's value. +func (s *DescribeSecretOutput) SetOwningService(v string) *DescribeSecretOutput { + s.OwningService = &v + return s +} + +// SetRotationEnabled sets the RotationEnabled field's value. +func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput { + s.RotationEnabled = &v + return s +} + +// SetRotationLambdaARN sets the RotationLambdaARN field's value. +func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput { + s.RotationLambdaARN = &v + return s +} + +// SetRotationRules sets the RotationRules field's value. +func (s *DescribeSecretOutput) SetRotationRules(v *RotationRulesType) *DescribeSecretOutput { + s.RotationRules = v + return s +} + +// SetTags sets the Tags field's value. +func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput { + s.Tags = v + return s +} + +// SetVersionIdsToStages sets the VersionIdsToStages field's value. +func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput { + s.VersionIdsToStages = v + return s +} + +type GetRandomPasswordInput struct { + _ struct{} `type:"structure"` + + // A string that includes characters that should not be included in the generated + // password. The default is that all characters from the included sets can be + // used. + ExcludeCharacters *string `type:"string"` + + // Specifies that the generated password should not include lowercase letters. + // The default if you do not include this switch parameter is that lowercase + // letters can be included. + ExcludeLowercase *bool `type:"boolean"` + + // Specifies that the generated password should not include digits. The default + // if you do not include this switch parameter is that digits can be included. + ExcludeNumbers *bool `type:"boolean"` + + // Specifies that the generated password should not include punctuation characters. + // The default if you do not include this switch parameter is that punctuation + // characters can be included. + // + // The following are the punctuation characters that can be included in the + // generated password if you don't explicitly exclude them with ExcludeCharacters + // or ExcludePunctuation: + // + // ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ + ExcludePunctuation *bool `type:"boolean"` + + // Specifies that the generated password should not include uppercase letters. + // The default if you do not include this switch parameter is that uppercase + // letters can be included. + ExcludeUppercase *bool `type:"boolean"` + + // Specifies that the generated password can include the space character. The + // default if you do not include this switch parameter is that the space character + // is not included. + IncludeSpace *bool `type:"boolean"` + + // The desired length of the generated password. The default value if you do + // not include this parameter is 32 characters. + PasswordLength *int64 `min:"1" type:"long"` + + // A boolean value that specifies whether the generated password must include + // at least one of every allowed character type. The default value is True and + // the operation requires at least one of every character type. + RequireEachIncludedType *bool `type:"boolean"` +} + +// String returns the string representation +func (s GetRandomPasswordInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetRandomPasswordInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetRandomPasswordInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetRandomPasswordInput"} + if s.PasswordLength != nil && *s.PasswordLength < 1 { + invalidParams.Add(request.NewErrParamMinValue("PasswordLength", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetExcludeCharacters sets the ExcludeCharacters field's value. +func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput { + s.ExcludeCharacters = &v + return s +} + +// SetExcludeLowercase sets the ExcludeLowercase field's value. +func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput { + s.ExcludeLowercase = &v + return s +} + +// SetExcludeNumbers sets the ExcludeNumbers field's value. +func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput { + s.ExcludeNumbers = &v + return s +} + +// SetExcludePunctuation sets the ExcludePunctuation field's value. +func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput { + s.ExcludePunctuation = &v + return s +} + +// SetExcludeUppercase sets the ExcludeUppercase field's value. +func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput { + s.ExcludeUppercase = &v + return s +} + +// SetIncludeSpace sets the IncludeSpace field's value. +func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput { + s.IncludeSpace = &v + return s +} + +// SetPasswordLength sets the PasswordLength field's value. +func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput { + s.PasswordLength = &v + return s +} + +// SetRequireEachIncludedType sets the RequireEachIncludedType field's value. +func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput { + s.RequireEachIncludedType = &v + return s +} + +type GetRandomPasswordOutput struct { + _ struct{} `type:"structure"` + + // A string with the generated password. + RandomPassword *string `type:"string" sensitive:"true"` +} + +// String returns the string representation +func (s GetRandomPasswordOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetRandomPasswordOutput) GoString() string { + return s.String() +} + +// SetRandomPassword sets the RandomPassword field's value. +func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput { + s.RandomPassword = &v + return s +} + +type GetResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // Specifies the secret that you want to retrieve the attached resource-based + // policy for. You can specify either the Amazon Resource Name (ARN) or the + // friendly name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *GetResourcePolicyInput) SetSecretId(v string) *GetResourcePolicyInput { + s.SecretId = &v + return s +} + +type GetResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that the resource-based policy was retrieved for. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret that the resource-based policy was retrieved + // for. + Name *string `min:"1" type:"string"` + + // A JSON-formatted string that describes the permissions that are associated + // with the attached secret. These permissions are combined with any permissions + // that are associated with the user or role that attempts to access this secret. + // The combined permissions specify who can access the secret and what actions + // they can perform. For more information, see Authentication and Access Control + // for AWS Secrets Manager (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html) + // in the AWS Secrets Manager User Guide. + ResourcePolicy *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GetResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *GetResourcePolicyOutput) SetARN(v string) *GetResourcePolicyOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *GetResourcePolicyOutput) SetName(v string) *GetResourcePolicyOutput { + s.Name = &v + return s +} + +// SetResourcePolicy sets the ResourcePolicy field's value. +func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicyOutput { + s.ResourcePolicy = &v + return s +} + +type GetSecretValueInput struct { + _ struct{} `type:"structure"` + + // Specifies the secret containing the version that you want to retrieve. You + // can specify either the Amazon Resource Name (ARN) or the friendly name of + // the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // Specifies the unique identifier of the version of the secret that you want + // to retrieve. If you specify this parameter then don't specify VersionStage. + // If you don't specify either a VersionStage or VersionId then the default + // is to perform the operation on the version with the VersionStage value of + // AWSCURRENT. + // + // This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) + // value with 32 hexadecimal digits. + VersionId *string `min:"32" type:"string"` + + // Specifies the secret version that you want to retrieve by the staging label + // attached to the version. + // + // Staging labels are used to keep track of different versions during the rotation + // process. If you use this parameter then don't specify VersionId. If you don't + // specify either a VersionStage or VersionId, then the default is to perform + // the operation on the version with the VersionStage value of AWSCURRENT. + VersionStage *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GetSecretValueInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetSecretValueInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetSecretValueInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetSecretValueInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.VersionId != nil && len(*s.VersionId) < 32 { + invalidParams.Add(request.NewErrParamMinLen("VersionId", 32)) + } + if s.VersionStage != nil && len(*s.VersionStage) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput { + s.SecretId = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput { + s.VersionId = &v + return s +} + +// SetVersionStage sets the VersionStage field's value. +func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput { + s.VersionStage = &v + return s +} + +type GetSecretValueOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The date and time that this version of the secret was created. + CreatedDate *time.Time `type:"timestamp"` + + // The friendly name of the secret. + Name *string `min:"1" type:"string"` + + // The decrypted part of the protected secret information that was originally + // provided as binary data in the form of a byte array. The response parameter + // represents the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4) + // string. + // + // This parameter is not used if the secret is created by the Secrets Manager + // console. + // + // If you store custom information in this field of the secret, then you must + // code your Lambda rotation function to parse and interpret whatever you store + // in the SecretString or SecretBinary fields. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `type:"blob" sensitive:"true"` + + // The decrypted part of the protected secret information that was originally + // provided as a string. + // + // If you create this secret by using the Secrets Manager console then only + // the SecretString parameter contains data. Secrets Manager stores the information + // as a JSON structure of key/value pairs that the Lambda rotation function + // knows how to parse. + // + // If you store custom information in the secret by using the CreateSecret, + // UpdateSecret, or PutSecretValue API operations instead of the Secrets Manager + // console, or by using the Other secret type in the console, then you must + // code your Lambda rotation function to parse and interpret those values. + SecretString *string `type:"string" sensitive:"true"` + + // The unique identifier of this version of the secret. + VersionId *string `min:"32" type:"string"` + + // A list of all of the staging labels currently attached to this version of + // the secret. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation +func (s GetSecretValueOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetSecretValueOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *GetSecretValueOutput) SetARN(v string) *GetSecretValueOutput { + s.ARN = &v + return s +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput { + s.CreatedDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *GetSecretValueOutput) SetName(v string) *GetSecretValueOutput { + s.Name = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput { + s.SecretBinary = v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput { + s.SecretString = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput { + s.VersionId = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput { + s.VersionStages = v + return s +} + +type ListSecretVersionIdsInput struct { + _ struct{} `type:"structure"` + + // (Optional) Specifies that you want the results to include versions that do + // not have any staging labels attached to them. Such versions are considered + // deprecated and are subject to deletion by Secrets Manager as needed. + IncludeDeprecated *bool `type:"boolean"` + + // (Optional) Limits the number of results that you want to include in the response. + // If you don't include this parameter, it defaults to a value that's specific + // to the operation. If additional items exist beyond the maximum you specify, + // the NextToken response element is present and has a value (isn't null). Include + // that value as the NextToken request parameter in the next call to the operation + // to get the next part of the results. Note that Secrets Manager might return + // fewer results than the maximum even when there are more results available. + // You should check NextToken after every operation to ensure that you receive + // all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // (Optional) Use this parameter in a request if you receive a NextToken response + // in a previous request that indicates that there's more output available. + // In a subsequent call, set it to the value of the previous call's NextToken + // response to indicate where the output should continue from. + NextToken *string `min:"1" type:"string"` + + // The identifier for the secret containing the versions you want to list. You + // can specify either the Amazon Resource Name (ARN) or the friendly name of + // the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListSecretVersionIdsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListSecretVersionIdsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListSecretVersionIdsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListSecretVersionIdsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIncludeDeprecated sets the IncludeDeprecated field's value. +func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput { + s.IncludeDeprecated = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListSecretVersionIdsInput) SetMaxResults(v int64) *ListSecretVersionIdsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretVersionIdsInput) SetNextToken(v string) *ListSecretVersionIdsInput { + s.NextToken = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *ListSecretVersionIdsInput) SetSecretId(v string) *ListSecretVersionIdsInput { + s.SecretId = &v + return s +} + +type ListSecretVersionIdsOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) for the secret. + // + // Secrets Manager automatically adds several random characters to the name + // at the end of the ARN when you initially create a secret. This affects only + // the ARN and not the actual friendly name. This ensures that if you create + // a new secret with the same name as an old secret that you previously deleted, + // then users with access to the old secret don't automatically get access to + // the new secret because the ARNs are different. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret. + Name *string `min:"1" type:"string"` + + // If present in the response, this value indicates that there's more output + // available than what's included in the current response. This can occur even + // when the response includes no values at all, such as when you ask for a filtered + // view of a very long list. Use this value in the NextToken request parameter + // in a subsequent call to the operation to continue processing and get the + // next part of the output. You should repeat this until the NextToken response + // element comes back empty (as null). + NextToken *string `min:"1" type:"string"` + + // The list of the currently available versions of the specified secret. + Versions []*SecretVersionsListEntry `type:"list"` +} + +// String returns the string representation +func (s ListSecretVersionIdsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListSecretVersionIdsOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *ListSecretVersionIdsOutput) SetARN(v string) *ListSecretVersionIdsOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *ListSecretVersionIdsOutput) SetName(v string) *ListSecretVersionIdsOutput { + s.Name = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretVersionIdsOutput) SetNextToken(v string) *ListSecretVersionIdsOutput { + s.NextToken = &v + return s +} + +// SetVersions sets the Versions field's value. +func (s *ListSecretVersionIdsOutput) SetVersions(v []*SecretVersionsListEntry) *ListSecretVersionIdsOutput { + s.Versions = v + return s +} + +type ListSecretsInput struct { + _ struct{} `type:"structure"` + + // (Optional) Limits the number of results that you want to include in the response. + // If you don't include this parameter, it defaults to a value that's specific + // to the operation. If additional items exist beyond the maximum you specify, + // the NextToken response element is present and has a value (isn't null). Include + // that value as the NextToken request parameter in the next call to the operation + // to get the next part of the results. Note that Secrets Manager might return + // fewer results than the maximum even when there are more results available. + // You should check NextToken after every operation to ensure that you receive + // all of the results. + MaxResults *int64 `min:"1" type:"integer"` + + // (Optional) Use this parameter in a request if you receive a NextToken response + // in a previous request that indicates that there's more output available. + // In a subsequent call, set it to the value of the previous call's NextToken + // response to indicate where the output should continue from. + NextToken *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListSecretsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListSecretsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListSecretsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListSecretsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput { + s.NextToken = &v + return s +} + +type ListSecretsOutput struct { + _ struct{} `type:"structure"` + + // If present in the response, this value indicates that there's more output + // available than what's included in the current response. This can occur even + // when the response includes no values at all, such as when you ask for a filtered + // view of a very long list. Use this value in the NextToken request parameter + // in a subsequent call to the operation to continue processing and get the + // next part of the output. You should repeat this until the NextToken response + // element comes back empty (as null). + NextToken *string `min:"1" type:"string"` + + // A list of the secrets in the account. + SecretList []*SecretListEntry `type:"list"` +} + +// String returns the string representation +func (s ListSecretsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListSecretsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput { + s.NextToken = &v + return s +} + +// SetSecretList sets the SecretList field's value. +func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput { + s.SecretList = v + return s +} + +type PutResourcePolicyInput struct { + _ struct{} `type:"structure"` + + // A JSON-formatted string that's constructed according to the grammar and syntax + // for an AWS resource-based policy. The policy in the string identifies who + // can access or manage this secret and its versions. For information on how + // to format a JSON parameter for the various command line tool environments, + // see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) + // in the AWS CLI User Guide. + // + // ResourcePolicy is a required field + ResourcePolicy *string `min:"1" type:"string" required:"true"` + + // Specifies the secret that you want to attach the resource-based policy to. + // You can specify either the ARN or the friendly name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s PutResourcePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutResourcePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutResourcePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} + if s.ResourcePolicy == nil { + invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) + } + if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourcePolicy sets the ResourcePolicy field's value. +func (s *PutResourcePolicyInput) SetResourcePolicy(v string) *PutResourcePolicyInput { + s.ResourcePolicy = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *PutResourcePolicyInput) SetSecretId(v string) *PutResourcePolicyInput { + s.SecretId = &v + return s +} + +type PutResourcePolicyOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that the resource-based policy was retrieved for. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret that the resource-based policy was retrieved + // for. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s PutResourcePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutResourcePolicyOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *PutResourcePolicyOutput) SetARN(v string) *PutResourcePolicyOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *PutResourcePolicyOutput) SetName(v string) *PutResourcePolicyOutput { + s.Name = &v + return s +} + +type PutSecretValueInput struct { + _ struct{} `type:"structure"` + + // (Optional) Specifies a unique identifier for the new version of the secret. + // + // If you use the AWS CLI or one of the AWS SDK to call this operation, then + // you can leave this parameter empty. The CLI or SDK generates a random UUID + // for you and includes that in the request. If you don't use the SDK and instead + // generate a raw HTTP request to the Secrets Manager service endpoint, then + // you must generate a ClientRequestToken yourself for new versions and include + // that value in the request. + // + // This value helps ensure idempotency. Secrets Manager uses this value to prevent + // the accidental creation of duplicate versions if there are failures and retries + // during the Lambda rotation function's processing. We recommend that you generate + // a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value + // to ensure uniqueness within the specified secret. + // + // * If the ClientRequestToken value isn't already associated with a version + // of the secret then a new version of the secret is created. + // + // * If a version with this value already exists and that version's SecretString + // or SecretBinary values are the same as those in the request then the request + // is ignored (the operation is idempotent). + // + // * If a version with this value already exists and that version's SecretString + // and SecretBinary values are different from those in the request then the + // request fails because you cannot modify an existing secret version. You + // can only create new versions to store new secret values. + // + // This value becomes the VersionId of the new version. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // (Optional) Specifies binary data that you want to encrypt and store in the + // new version of the secret. To use this parameter in the command-line tools, + // we recommend that you store your binary data in a file and then use the appropriate + // technique for your tool to pass the contents of the file as a parameter. + // Either SecretBinary or SecretString must have a value, but not both. They + // cannot both be empty. + // + // This parameter is not accessible if the secret using the Secrets Manager + // console. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `type:"blob" sensitive:"true"` + + // Specifies the secret to which you want to add a new version. You can specify + // either the Amazon Resource Name (ARN) or the friendly name of the secret. + // The secret must already exist. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // (Optional) Specifies text data that you want to encrypt and store in this + // new version of the secret. Either SecretString or SecretBinary must have + // a value, but not both. They cannot both be empty. + // + // If you create this secret by using the Secrets Manager console then Secrets + // Manager puts the protected secret text in only the SecretString parameter. + // The Secrets Manager console stores the information as a JSON structure of + // key/value pairs that the default Lambda rotation function knows how to parse. + // + // For storing multiple values, we recommend that you use a JSON text string + // argument and specify key/value pairs. For information on how to format a + // JSON parameter for the various command line tool environments, see Using + // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) + // in the AWS CLI User Guide. + // + // For example: + // + // [{"username":"bob"},{"password":"abc123xyz456"}] + // + // If your command-line tool or SDK requires quotation marks around the parameter, + // you should use single quotes to avoid confusion with the double quotes required + // in the JSON text. + SecretString *string `type:"string" sensitive:"true"` + + // (Optional) Specifies a list of staging labels that are attached to this version + // of the secret. These staging labels are used to track the versions through + // the rotation process by the Lambda rotation function. + // + // A staging label must be unique to a single version of the secret. If you + // specify a staging label that's already associated with a different version + // of the same secret then that staging label is automatically removed from + // the other version and attached to this version. + // + // If you do not specify a value for VersionStages then Secrets Manager automatically + // moves the staging label AWSCURRENT to this new version. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation +func (s PutSecretValueInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutSecretValueInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutSecretValueInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutSecretValueInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.VersionStages != nil && len(s.VersionStages) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput { + s.ClientRequestToken = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput { + s.SecretBinary = v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput { + s.SecretId = &v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput { + s.SecretString = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput { + s.VersionStages = v + return s +} + +type PutSecretValueOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) for the secret for which you just created + // a version. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret for which you just created or updated a version. + Name *string `min:"1" type:"string"` + + // The unique identifier of the version of the secret you just created or updated. + VersionId *string `min:"32" type:"string"` + + // The list of staging labels that are currently attached to this version of + // the secret. Staging labels are used to track a version as it progresses through + // the secret rotation process. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation +func (s PutSecretValueOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutSecretValueOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *PutSecretValueOutput) SetARN(v string) *PutSecretValueOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *PutSecretValueOutput) SetName(v string) *PutSecretValueOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput { + s.VersionId = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput { + s.VersionStages = v + return s +} + +type RestoreSecretInput struct { + _ struct{} `type:"structure"` + + // Specifies the secret that you want to restore from a previously scheduled + // deletion. You can specify either the Amazon Resource Name (ARN) or the friendly + // name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s RestoreSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RestoreSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RestoreSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RestoreSecretInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput { + s.SecretId = &v + return s +} + +type RestoreSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that was restored. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret that was restored. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s RestoreSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RestoreSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *RestoreSecretOutput) SetARN(v string) *RestoreSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *RestoreSecretOutput) SetName(v string) *RestoreSecretOutput { + s.Name = &v + return s +} + +type RotateSecretInput struct { + _ struct{} `type:"structure"` + + // (Optional) Specifies a unique identifier for the new version of the secret + // that helps ensure idempotency. + // + // If you use the AWS CLI or one of the AWS SDK to call this operation, then + // you can leave this parameter empty. The CLI or SDK generates a random UUID + // for you and includes that in the request for this parameter. If you don't + // use the SDK and instead generate a raw HTTP request to the Secrets Manager + // service endpoint, then you must generate a ClientRequestToken yourself for + // new versions and include that value in the request. + // + // You only need to specify your own value if you are implementing your own + // retry logic and want to ensure that a given secret is not created twice. + // We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) + // value to ensure uniqueness within the specified secret. + // + // Secrets Manager uses this value to prevent the accidental creation of duplicate + // versions if there are failures and retries during the function's processing. + // This value becomes the VersionId of the new version. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // (Optional) Specifies the ARN of the Lambda function that can rotate the secret. + RotationLambdaARN *string `type:"string"` + + // A structure that defines the rotation configuration for this secret. + RotationRules *RotationRulesType `type:"structure"` + + // Specifies the secret that you want to rotate. You can specify either the + // Amazon Resource Name (ARN) or the friendly name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s RotateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RotateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RotateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RotateSecretInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.RotationRules != nil { + if err := s.RotationRules.Validate(); err != nil { + invalidParams.AddNested("RotationRules", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput { + s.ClientRequestToken = &v + return s +} + +// SetRotationLambdaARN sets the RotationLambdaARN field's value. +func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput { + s.RotationLambdaARN = &v + return s +} + +// SetRotationRules sets the RotationRules field's value. +func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput { + s.RotationRules = v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput { + s.SecretId = &v + return s +} + +type RotateSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret. + Name *string `min:"1" type:"string"` + + // The ID of the new version of the secret created by the rotation started by + // this request. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation +func (s RotateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RotateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *RotateSecretOutput) SetARN(v string) *RotateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *RotateSecretOutput) SetName(v string) *RotateSecretOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput { + s.VersionId = &v + return s +} + +// A structure that defines the rotation configuration for the secret. +type RotationRulesType struct { + _ struct{} `type:"structure"` + + // Specifies the number of days between automatic scheduled rotations of the + // secret. + // + // Secrets Manager schedules the next rotation when the previous one is complete. + // Secrets Manager schedules the date by adding the rotation interval (number + // of days) to the actual date of the last rotation. The service chooses the + // hour within that 24-hour date window randomly. The minute is also chosen + // somewhat randomly, but weighted towards the top of the hour and influenced + // by a variety of factors that help distribute load. + AutomaticallyAfterDays *int64 `min:"1" type:"long"` +} + +// String returns the string representation +func (s RotationRulesType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RotationRulesType) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RotationRulesType) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RotationRulesType"} + if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 { + invalidParams.Add(request.NewErrParamMinValue("AutomaticallyAfterDays", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value. +func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType { + s.AutomaticallyAfterDays = &v + return s +} + +// A structure that contains the details about a secret. It does not include +// the encrypted SecretString and SecretBinary values. To get those values, +// use the GetSecretValue operation. +type SecretListEntry struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the secret. + // + // For more information about ARNs in Secrets Manager, see Policy Resources + // (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources) + // in the AWS Secrets Manager User Guide. + ARN *string `min:"20" type:"string"` + + // The date and time on which this secret was deleted. Not present on active + // secrets. The secret can be recovered until the number of days in the recovery + // window has passed, as specified in the RecoveryWindowInDays parameter of + // the DeleteSecret operation. + DeletedDate *time.Time `type:"timestamp"` + + // The user-provided description of the secret. + Description *string `type:"string"` + + // The ARN or alias of the AWS KMS customer master key (CMK) that's used to + // encrypt the SecretString and SecretBinary fields in each version of the secret. + // If you don't provide a key, then Secrets Manager defaults to encrypting the + // secret fields with the default KMS CMK (the one named awssecretsmanager) + // for this account. + KmsKeyId *string `type:"string"` + + // The last date that this secret was accessed. This value is truncated to midnight + // of the date and therefore shows only the date, not the time. + LastAccessedDate *time.Time `type:"timestamp"` + + // The last date and time that this secret was modified in any way. + LastChangedDate *time.Time `type:"timestamp"` + + // The last date and time that the rotation process for this secret was invoked. + LastRotatedDate *time.Time `type:"timestamp"` + + // The friendly name of the secret. You can use forward slashes in the name + // to represent a path hierarchy. For example, /prod/databases/dbserver1 could + // represent the secret for a server named dbserver1 in the folder databases + // in the folder prod. + Name *string `min:"1" type:"string"` + + OwningService *string `min:"1" type:"string"` + + // Indicated whether automatic, scheduled rotation is enabled for this secret. + RotationEnabled *bool `type:"boolean"` + + // The ARN of an AWS Lambda function that's invoked by Secrets Manager to rotate + // and expire the secret either automatically per the schedule or manually by + // a call to RotateSecret. + RotationLambdaARN *string `type:"string"` + + // A structure that defines the rotation configuration for the secret. + RotationRules *RotationRulesType `type:"structure"` + + // A list of all of the currently assigned SecretVersionStage staging labels + // and the SecretVersionId that each is attached to. Staging labels are used + // to keep track of the different versions during the rotation process. + // + // A version that does not have any SecretVersionStage is considered deprecated + // and subject to deletion. Such versions are not included in this list. + SecretVersionsToStages map[string][]*string `type:"map"` + + // The list of user-defined tags that are associated with the secret. To add + // tags to a secret, use TagResource. To remove tags, use UntagResource. + Tags []*Tag `type:"list"` +} + +// String returns the string representation +func (s SecretListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecretListEntry) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *SecretListEntry) SetARN(v string) *SecretListEntry { + s.ARN = &v + return s +} + +// SetDeletedDate sets the DeletedDate field's value. +func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry { + s.DeletedDate = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecretListEntry) SetDescription(v string) *SecretListEntry { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry { + s.KmsKeyId = &v + return s +} + +// SetLastAccessedDate sets the LastAccessedDate field's value. +func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry { + s.LastAccessedDate = &v + return s +} + +// SetLastChangedDate sets the LastChangedDate field's value. +func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry { + s.LastChangedDate = &v + return s +} + +// SetLastRotatedDate sets the LastRotatedDate field's value. +func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry { + s.LastRotatedDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *SecretListEntry) SetName(v string) *SecretListEntry { + s.Name = &v + return s +} + +// SetOwningService sets the OwningService field's value. +func (s *SecretListEntry) SetOwningService(v string) *SecretListEntry { + s.OwningService = &v + return s +} + +// SetRotationEnabled sets the RotationEnabled field's value. +func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry { + s.RotationEnabled = &v + return s +} + +// SetRotationLambdaARN sets the RotationLambdaARN field's value. +func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry { + s.RotationLambdaARN = &v + return s +} + +// SetRotationRules sets the RotationRules field's value. +func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry { + s.RotationRules = v + return s +} + +// SetSecretVersionsToStages sets the SecretVersionsToStages field's value. +func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry { + s.SecretVersionsToStages = v + return s +} + +// SetTags sets the Tags field's value. +func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry { + s.Tags = v + return s +} + +// A structure that contains information about one version of a secret. +type SecretVersionsListEntry struct { + _ struct{} `type:"structure"` + + // The date and time this version of the secret was created. + CreatedDate *time.Time `type:"timestamp"` + + // The date that this version of the secret was last accessed. Note that the + // resolution of this field is at the date level and does not include the time. + LastAccessedDate *time.Time `type:"timestamp"` + + // The unique version identifier of this version of the secret. + VersionId *string `min:"32" type:"string"` + + // An array of staging labels that are currently associated with this version + // of the secret. + VersionStages []*string `min:"1" type:"list"` +} + +// String returns the string representation +func (s SecretVersionsListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecretVersionsListEntry) GoString() string { + return s.String() +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *SecretVersionsListEntry) SetCreatedDate(v time.Time) *SecretVersionsListEntry { + s.CreatedDate = &v + return s +} + +// SetLastAccessedDate sets the LastAccessedDate field's value. +func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry { + s.LastAccessedDate = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *SecretVersionsListEntry) SetVersionId(v string) *SecretVersionsListEntry { + s.VersionId = &v + return s +} + +// SetVersionStages sets the VersionStages field's value. +func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry { + s.VersionStages = v + return s +} + +// A structure that contains information about a tag. +type Tag struct { + _ struct{} `type:"structure"` + + // The key identifier, or name, of the tag. + Key *string `min:"1" type:"string"` + + // The string value that's associated with the key of the tag. + Value *string `type:"string"` +} + +// String returns the string representation +func (s Tag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Tag) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.Key != nil && len(*s.Key) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Key", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKey sets the Key field's value. +func (s *Tag) SetKey(v string) *Tag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *Tag) SetValue(v string) *Tag { + s.Value = &v + return s +} + +type TagResourceInput struct { + _ struct{} `type:"structure"` + + // The identifier for the secret that you want to attach tags to. You can specify + // either the Amazon Resource Name (ARN) or the friendly name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // The tags to attach to the secret. Each element in the list consists of a + // Key and a Value. + // + // This parameter to the API requires a JSON text string argument. For information + // on how to format a JSON parameter for the various command line tool environments, + // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) + // in the AWS CLI User Guide. For the AWS CLI, you can also use the syntax: + // --Tags Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…] + // + // Tags is a required field + Tags []*Tag `type:"list" required:"true"` +} + +// String returns the string representation +func (s TagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput { + s.SecretId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { + s.Tags = v + return s +} + +type TagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s TagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TagResourceOutput) GoString() string { + return s.String() +} + +type UntagResourceInput struct { + _ struct{} `type:"structure"` + + // The identifier for the secret that you want to remove tags from. You can + // specify either the Amazon Resource Name (ARN) or the friendly name of the + // secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // A list of tag key names to remove from the secret. You don't specify the + // value. Both the key and its associated value are removed. + // + // This parameter to the API requires a JSON text string argument. For information + // on how to format a JSON parameter for the various command line tool environments, + // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) + // in the AWS CLI User Guide. + // + // TagKeys is a required field + TagKeys []*string `type:"list" required:"true"` +} + +// String returns the string representation +func (s UntagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UntagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretId sets the SecretId field's value. +func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput { + s.SecretId = &v + return s +} + +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} + +type UntagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s UntagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UntagResourceOutput) GoString() string { + return s.String() +} + +type UpdateSecretInput struct { + _ struct{} `type:"structure"` + + // (Optional) If you want to add a new version to the secret, this parameter + // specifies a unique identifier for the new version that helps ensure idempotency. + // + // If you use the AWS CLI or one of the AWS SDK to call this operation, then + // you can leave this parameter empty. The CLI or SDK generates a random UUID + // for you and includes that in the request. If you don't use the SDK and instead + // generate a raw HTTP request to the Secrets Manager service endpoint, then + // you must generate a ClientRequestToken yourself for new versions and include + // that value in the request. + // + // You typically only need to interact with this value if you implement your + // own retry logic and want to ensure that a given secret is not created twice. + // We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) + // value to ensure uniqueness within the specified secret. + // + // Secrets Manager uses this value to prevent the accidental creation of duplicate + // versions if there are failures and retries during the Lambda rotation function's + // processing. + // + // * If the ClientRequestToken value isn't already associated with a version + // of the secret then a new version of the secret is created. + // + // * If a version with this value already exists and that version's SecretString + // and SecretBinary values are the same as those in the request then the + // request is ignored (the operation is idempotent). + // + // * If a version with this value already exists and that version's SecretString + // and SecretBinary values are different from the request then an error occurs + // because you cannot modify an existing secret value. + // + // This value becomes the VersionId of the new version. + ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` + + // (Optional) Specifies an updated user-provided description of the secret. + Description *string `type:"string"` + + // (Optional) Specifies an updated ARN or alias of the AWS KMS customer master + // key (CMK) to be used to encrypt the protected text in new versions of this + // secret. + // + // You can only use the account's default CMK to encrypt and decrypt if you + // call this operation using credentials from the same account that owns the + // secret. If the secret is in a different account, then you must create a custom + // CMK and provide the ARN of that CMK in this field. The user making the call + // must have permissions to both the secret and the CMK in their respective + // accounts. + KmsKeyId *string `type:"string"` + + // (Optional) Specifies updated binary data that you want to encrypt and store + // in the new version of the secret. To use this parameter in the command-line + // tools, we recommend that you store your binary data in a file and then use + // the appropriate technique for your tool to pass the contents of the file + // as a parameter. Either SecretBinary or SecretString must have a value, but + // not both. They cannot both be empty. + // + // This parameter is not accessible using the Secrets Manager console. + // + // SecretBinary is automatically base64 encoded/decoded by the SDK. + SecretBinary []byte `type:"blob" sensitive:"true"` + + // Specifies the secret that you want to modify or to which you want to add + // a new version. You can specify either the Amazon Resource Name (ARN) or the + // friendly name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // (Optional) Specifies updated text data that you want to encrypt and store + // in this new version of the secret. Either SecretBinary or SecretString must + // have a value, but not both. They cannot both be empty. + // + // If you create this secret by using the Secrets Manager console then Secrets + // Manager puts the protected secret text in only the SecretString parameter. + // The Secrets Manager console stores the information as a JSON structure of + // key/value pairs that the default Lambda rotation function knows how to parse. + // + // For storing multiple values, we recommend that you use a JSON text string + // argument and specify key/value pairs. For information on how to format a + // JSON parameter for the various command line tool environments, see Using + // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) + // in the AWS CLI User Guide. For example: + // + // [{"username":"bob"},{"password":"abc123xyz456"}] + // + // If your command-line tool or SDK requires quotation marks around the parameter, + // you should use single quotes to avoid confusion with the double quotes required + // in the JSON text. You can also 'escape' the double quote character in the + // embedded JSON text by prefacing each with a backslash. For example, the following + // string is surrounded by double-quotes. All of the embedded double quotes + // are escaped: + // + // "[{\"username\":\"bob\"},{\"password\":\"abc123xyz456\"}]" + SecretString *string `type:"string" sensitive:"true"` +} + +// String returns the string representation +func (s UpdateSecretInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateSecretInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateSecretInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateSecretInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput { + s.ClientRequestToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput { + s.KmsKeyId = &v + return s +} + +// SetSecretBinary sets the SecretBinary field's value. +func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput { + s.SecretBinary = v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput { + s.SecretId = &v + return s +} + +// SetSecretString sets the SecretString field's value. +func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput { + s.SecretString = &v + return s +} + +type UpdateSecretOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret that was updated. + // + // Secrets Manager automatically adds several random characters to the name + // at the end of the ARN when you initially create a secret. This affects only + // the ARN and not the actual friendly name. This ensures that if you create + // a new secret with the same name as an old secret that you previously deleted, + // then users with access to the old secret don't automatically get access to + // the new secret because the ARNs are different. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret that was updated. + Name *string `min:"1" type:"string"` + + // If a new version of the secret was created by this operation, then VersionId + // contains the unique identifier of the new version. + VersionId *string `min:"32" type:"string"` +} + +// String returns the string representation +func (s UpdateSecretOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateSecretOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *UpdateSecretOutput) SetARN(v string) *UpdateSecretOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *UpdateSecretOutput) SetName(v string) *UpdateSecretOutput { + s.Name = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput { + s.VersionId = &v + return s +} + +type UpdateSecretVersionStageInput struct { + _ struct{} `type:"structure"` + + // (Optional) The secret version ID that you want to add the staging label to. + // If you want to remove a label from a version, then do not specify this parameter. + // + // If the staging label is already attached to a different version of the secret, + // then you must also specify the RemoveFromVersionId parameter. + MoveToVersionId *string `min:"32" type:"string"` + + // Specifies the secret version ID of the version that the staging label is + // to be removed from. If the staging label you are trying to attach to one + // version is already attached to a different version, then you must include + // this parameter and specify the version that the label is to be removed from. + // If the label is attached and you either do not specify this parameter, or + // the version ID does not match, then the operation fails. + RemoveFromVersionId *string `min:"32" type:"string"` + + // Specifies the secret with the version whose list of staging labels you want + // to modify. You can specify either the Amazon Resource Name (ARN) or the friendly + // name of the secret. + // + // If you specify an ARN, we generally recommend that you specify a complete + // ARN. You can specify a partial ARN too—for example, if you don’t include + // the final hyphen and six random characters that Secrets Manager adds at the + // end of the ARN when you created the secret. A partial ARN match can work + // as long as it uniquely matches only one secret. However, if your secret has + // a name that ends in a hyphen followed by six characters (before Secrets Manager + // adds the hyphen and six characters to the ARN) and you try to use that as + // a partial ARN, then those characters cause Secrets Manager to assume that + // you’re specifying a complete ARN. This confusion can cause unexpected results. + // To avoid this situation, we recommend that you don’t create secret names + // that end with a hyphen followed by six characters. + // + // SecretId is a required field + SecretId *string `min:"1" type:"string" required:"true"` + + // The staging label to add to this version. + // + // VersionStage is a required field + VersionStage *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdateSecretVersionStageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateSecretVersionStageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateSecretVersionStageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"} + if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 { + invalidParams.Add(request.NewErrParamMinLen("MoveToVersionId", 32)) + } + if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 { + invalidParams.Add(request.NewErrParamMinLen("RemoveFromVersionId", 32)) + } + if s.SecretId == nil { + invalidParams.Add(request.NewErrParamRequired("SecretId")) + } + if s.SecretId != nil && len(*s.SecretId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) + } + if s.VersionStage == nil { + invalidParams.Add(request.NewErrParamRequired("VersionStage")) + } + if s.VersionStage != nil && len(*s.VersionStage) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMoveToVersionId sets the MoveToVersionId field's value. +func (s *UpdateSecretVersionStageInput) SetMoveToVersionId(v string) *UpdateSecretVersionStageInput { + s.MoveToVersionId = &v + return s +} + +// SetRemoveFromVersionId sets the RemoveFromVersionId field's value. +func (s *UpdateSecretVersionStageInput) SetRemoveFromVersionId(v string) *UpdateSecretVersionStageInput { + s.RemoveFromVersionId = &v + return s +} + +// SetSecretId sets the SecretId field's value. +func (s *UpdateSecretVersionStageInput) SetSecretId(v string) *UpdateSecretVersionStageInput { + s.SecretId = &v + return s +} + +// SetVersionStage sets the VersionStage field's value. +func (s *UpdateSecretVersionStageInput) SetVersionStage(v string) *UpdateSecretVersionStageInput { + s.VersionStage = &v + return s +} + +type UpdateSecretVersionStageOutput struct { + _ struct{} `type:"structure"` + + // The ARN of the secret with the staging label that was modified. + ARN *string `min:"20" type:"string"` + + // The friendly name of the secret with the staging label that was modified. + Name *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s UpdateSecretVersionStageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateSecretVersionStageOutput) GoString() string { + return s.String() +} + +// SetARN sets the ARN field's value. +func (s *UpdateSecretVersionStageOutput) SetARN(v string) *UpdateSecretVersionStageOutput { + s.ARN = &v + return s +} + +// SetName sets the Name field's value. +func (s *UpdateSecretVersionStageOutput) SetName(v string) *UpdateSecretVersionStageOutput { + s.Name = &v + return s +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go new file mode 100644 index 000000000..b931ba87c --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/doc.go @@ -0,0 +1,87 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package secretsmanager provides the client and types for making API +// requests to AWS Secrets Manager. +// +// AWS Secrets Manager is a web service that enables you to store, manage, and +// retrieve, secrets. +// +// This guide provides descriptions of the Secrets Manager API. For more information +// about using this service, see the AWS Secrets Manager User Guide (https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html). +// +// API Version +// +// This version of the Secrets Manager API Reference documents the Secrets Manager +// API version 2017-10-17. +// +// As an alternative to using the API directly, you can use one of the AWS SDKs, +// which consist of libraries and sample code for various programming languages +// and platforms (such as Java, Ruby, .NET, iOS, and Android). The SDKs provide +// a convenient way to create programmatic access to AWS Secrets Manager. For +// example, the SDKs take care of cryptographically signing requests, managing +// errors, and retrying requests automatically. For more information about the +// AWS SDKs, including how to download and install them, see Tools for Amazon +// Web Services (http://aws.amazon.com/tools/). +// +// We recommend that you use the AWS SDKs to make programmatic API calls to +// Secrets Manager. However, you also can use the Secrets Manager HTTP Query +// API to make direct calls to the Secrets Manager web service. To learn more +// about the Secrets Manager HTTP Query API, see Making Query Requests (https://docs.aws.amazon.com/secretsmanager/latest/userguide/query-requests.html) +// in the AWS Secrets Manager User Guide. +// +// Secrets Manager supports GET and POST requests for all actions. That is, +// the API doesn't require you to use GET for some actions and POST for others. +// However, GET requests are subject to the limitation size of a URL. Therefore, +// for operations that require larger sizes, use a POST request. +// +// Support and Feedback for AWS Secrets Manager +// +// We welcome your feedback. Send your comments to awssecretsmanager-feedback@amazon.com +// (mailto:awssecretsmanager-feedback@amazon.com), or post your feedback and +// questions in the AWS Secrets Manager Discussion Forum (http://forums.aws.amazon.com/forum.jspa?forumID=296). +// For more information about the AWS Discussion Forums, see Forums Help (http://forums.aws.amazon.com/help.jspa). +// +// How examples are presented +// +// The JSON that AWS Secrets Manager expects as your request parameters and +// that the service returns as a response to HTTP query requests are single, +// long strings without line breaks or white space formatting. The JSON shown +// in the examples is formatted with both line breaks and white space to improve +// readability. When example input parameters would also result in long strings +// that extend beyond the screen, we insert line breaks to enhance readability. +// You should always submit the input as a single JSON text string. +// +// Logging API Requests +// +// AWS Secrets Manager supports AWS CloudTrail, a service that records AWS API +// calls for your AWS account and delivers log files to an Amazon S3 bucket. +// By using information that's collected by AWS CloudTrail, you can determine +// which requests were successfully made to Secrets Manager, who made the request, +// when it was made, and so on. For more about AWS Secrets Manager and its support +// for AWS CloudTrail, see Logging AWS Secrets Manager Events with AWS CloudTrail +// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail) +// in the AWS Secrets Manager User Guide. To learn more about CloudTrail, including +// how to turn it on and find your log files, see the AWS CloudTrail User Guide +// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). +// +// See https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17 for more information on this service. +// +// See secretsmanager package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/ +// +// Using the Client +// +// To contact AWS Secrets Manager with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the AWS Secrets Manager client SecretsManager for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/#New +package secretsmanager diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go new file mode 100644 index 000000000..b3c0c48fd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/errors.go @@ -0,0 +1,87 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package secretsmanager + +const ( + + // ErrCodeDecryptionFailure for service response error code + // "DecryptionFailure". + // + // Secrets Manager can't decrypt the protected secret text using the provided + // KMS key. + ErrCodeDecryptionFailure = "DecryptionFailure" + + // ErrCodeEncryptionFailure for service response error code + // "EncryptionFailure". + // + // Secrets Manager can't encrypt the protected secret text using the provided + // KMS key. Check that the customer master key (CMK) is available, enabled, + // and not in an invalid state. For more information, see How Key State Affects + // Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). + ErrCodeEncryptionFailure = "EncryptionFailure" + + // ErrCodeInternalServiceError for service response error code + // "InternalServiceError". + // + // An error occurred on the server side. + ErrCodeInternalServiceError = "InternalServiceError" + + // ErrCodeInvalidNextTokenException for service response error code + // "InvalidNextTokenException". + // + // You provided an invalid NextToken value. + ErrCodeInvalidNextTokenException = "InvalidNextTokenException" + + // ErrCodeInvalidParameterException for service response error code + // "InvalidParameterException". + // + // You provided an invalid value for a parameter. + ErrCodeInvalidParameterException = "InvalidParameterException" + + // ErrCodeInvalidRequestException for service response error code + // "InvalidRequestException". + // + // You provided a parameter value that is not valid for the current state of + // the resource. + // + // Possible causes: + // + // * You tried to perform the operation on a secret that's currently marked + // deleted. + // + // * You tried to enable rotation on a secret that doesn't already have a + // Lambda function ARN configured and you didn't include such an ARN as a + // parameter in this call. + ErrCodeInvalidRequestException = "InvalidRequestException" + + // ErrCodeLimitExceededException for service response error code + // "LimitExceededException". + // + // The request failed because it would exceed one of the Secrets Manager internal + // limits. + ErrCodeLimitExceededException = "LimitExceededException" + + // ErrCodeMalformedPolicyDocumentException for service response error code + // "MalformedPolicyDocumentException". + // + // The policy document that you provided isn't valid. + ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocumentException" + + // ErrCodePreconditionNotMetException for service response error code + // "PreconditionNotMetException". + // + // The request failed because you did not complete all the prerequisite steps. + ErrCodePreconditionNotMetException = "PreconditionNotMetException" + + // ErrCodeResourceExistsException for service response error code + // "ResourceExistsException". + // + // A resource with the ID you requested already exists. + ErrCodeResourceExistsException = "ResourceExistsException" + + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // We can't find the resource that you asked for. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface/interface.go new file mode 100644 index 000000000..cf7b46f96 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface/interface.go @@ -0,0 +1,142 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package secretsmanageriface provides an interface to enable mocking the AWS Secrets Manager service client +// for testing your code. +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. +package secretsmanageriface + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/secretsmanager" +) + +// SecretsManagerAPI provides an interface to enable mocking the +// secretsmanager.SecretsManager service client's API operation, +// paginators, and waiters. This make unit testing your code that calls out +// to the SDK's service client's calls easier. +// +// The best way to use this interface is so the SDK's service client's calls +// can be stubbed out for unit testing your code with the SDK without needing +// to inject custom request handlers into the SDK's request pipeline. +// +// // myFunc uses an SDK service client to make a request to +// // AWS Secrets Manager. +// func myFunc(svc secretsmanageriface.SecretsManagerAPI) bool { +// // Make svc.CancelRotateSecret request +// } +// +// func main() { +// sess := session.New() +// svc := secretsmanager.New(sess) +// +// myFunc(svc) +// } +// +// In your _test.go file: +// +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockSecretsManagerClient struct { +// secretsmanageriface.SecretsManagerAPI +// } +// func (m *mockSecretsManagerClient) CancelRotateSecret(input *secretsmanager.CancelRotateSecretInput) (*secretsmanager.CancelRotateSecretOutput, error) { +// // mock response/functionality +// } +// +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockSecretsManagerClient{} +// +// myfunc(mockSvc) +// +// // Verify myFunc's functionality +// } +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. Its suggested to use the pattern above for testing, or using +// tooling to generate mocks to satisfy the interfaces. +type SecretsManagerAPI interface { + CancelRotateSecret(*secretsmanager.CancelRotateSecretInput) (*secretsmanager.CancelRotateSecretOutput, error) + CancelRotateSecretWithContext(aws.Context, *secretsmanager.CancelRotateSecretInput, ...request.Option) (*secretsmanager.CancelRotateSecretOutput, error) + CancelRotateSecretRequest(*secretsmanager.CancelRotateSecretInput) (*request.Request, *secretsmanager.CancelRotateSecretOutput) + + CreateSecret(*secretsmanager.CreateSecretInput) (*secretsmanager.CreateSecretOutput, error) + CreateSecretWithContext(aws.Context, *secretsmanager.CreateSecretInput, ...request.Option) (*secretsmanager.CreateSecretOutput, error) + CreateSecretRequest(*secretsmanager.CreateSecretInput) (*request.Request, *secretsmanager.CreateSecretOutput) + + DeleteResourcePolicy(*secretsmanager.DeleteResourcePolicyInput) (*secretsmanager.DeleteResourcePolicyOutput, error) + DeleteResourcePolicyWithContext(aws.Context, *secretsmanager.DeleteResourcePolicyInput, ...request.Option) (*secretsmanager.DeleteResourcePolicyOutput, error) + DeleteResourcePolicyRequest(*secretsmanager.DeleteResourcePolicyInput) (*request.Request, *secretsmanager.DeleteResourcePolicyOutput) + + DeleteSecret(*secretsmanager.DeleteSecretInput) (*secretsmanager.DeleteSecretOutput, error) + DeleteSecretWithContext(aws.Context, *secretsmanager.DeleteSecretInput, ...request.Option) (*secretsmanager.DeleteSecretOutput, error) + DeleteSecretRequest(*secretsmanager.DeleteSecretInput) (*request.Request, *secretsmanager.DeleteSecretOutput) + + DescribeSecret(*secretsmanager.DescribeSecretInput) (*secretsmanager.DescribeSecretOutput, error) + DescribeSecretWithContext(aws.Context, *secretsmanager.DescribeSecretInput, ...request.Option) (*secretsmanager.DescribeSecretOutput, error) + DescribeSecretRequest(*secretsmanager.DescribeSecretInput) (*request.Request, *secretsmanager.DescribeSecretOutput) + + GetRandomPassword(*secretsmanager.GetRandomPasswordInput) (*secretsmanager.GetRandomPasswordOutput, error) + GetRandomPasswordWithContext(aws.Context, *secretsmanager.GetRandomPasswordInput, ...request.Option) (*secretsmanager.GetRandomPasswordOutput, error) + GetRandomPasswordRequest(*secretsmanager.GetRandomPasswordInput) (*request.Request, *secretsmanager.GetRandomPasswordOutput) + + GetResourcePolicy(*secretsmanager.GetResourcePolicyInput) (*secretsmanager.GetResourcePolicyOutput, error) + GetResourcePolicyWithContext(aws.Context, *secretsmanager.GetResourcePolicyInput, ...request.Option) (*secretsmanager.GetResourcePolicyOutput, error) + GetResourcePolicyRequest(*secretsmanager.GetResourcePolicyInput) (*request.Request, *secretsmanager.GetResourcePolicyOutput) + + GetSecretValue(*secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error) + GetSecretValueWithContext(aws.Context, *secretsmanager.GetSecretValueInput, ...request.Option) (*secretsmanager.GetSecretValueOutput, error) + GetSecretValueRequest(*secretsmanager.GetSecretValueInput) (*request.Request, *secretsmanager.GetSecretValueOutput) + + ListSecretVersionIds(*secretsmanager.ListSecretVersionIdsInput) (*secretsmanager.ListSecretVersionIdsOutput, error) + ListSecretVersionIdsWithContext(aws.Context, *secretsmanager.ListSecretVersionIdsInput, ...request.Option) (*secretsmanager.ListSecretVersionIdsOutput, error) + ListSecretVersionIdsRequest(*secretsmanager.ListSecretVersionIdsInput) (*request.Request, *secretsmanager.ListSecretVersionIdsOutput) + + ListSecretVersionIdsPages(*secretsmanager.ListSecretVersionIdsInput, func(*secretsmanager.ListSecretVersionIdsOutput, bool) bool) error + ListSecretVersionIdsPagesWithContext(aws.Context, *secretsmanager.ListSecretVersionIdsInput, func(*secretsmanager.ListSecretVersionIdsOutput, bool) bool, ...request.Option) error + + ListSecrets(*secretsmanager.ListSecretsInput) (*secretsmanager.ListSecretsOutput, error) + ListSecretsWithContext(aws.Context, *secretsmanager.ListSecretsInput, ...request.Option) (*secretsmanager.ListSecretsOutput, error) + ListSecretsRequest(*secretsmanager.ListSecretsInput) (*request.Request, *secretsmanager.ListSecretsOutput) + + ListSecretsPages(*secretsmanager.ListSecretsInput, func(*secretsmanager.ListSecretsOutput, bool) bool) error + ListSecretsPagesWithContext(aws.Context, *secretsmanager.ListSecretsInput, func(*secretsmanager.ListSecretsOutput, bool) bool, ...request.Option) error + + PutResourcePolicy(*secretsmanager.PutResourcePolicyInput) (*secretsmanager.PutResourcePolicyOutput, error) + PutResourcePolicyWithContext(aws.Context, *secretsmanager.PutResourcePolicyInput, ...request.Option) (*secretsmanager.PutResourcePolicyOutput, error) + PutResourcePolicyRequest(*secretsmanager.PutResourcePolicyInput) (*request.Request, *secretsmanager.PutResourcePolicyOutput) + + PutSecretValue(*secretsmanager.PutSecretValueInput) (*secretsmanager.PutSecretValueOutput, error) + PutSecretValueWithContext(aws.Context, *secretsmanager.PutSecretValueInput, ...request.Option) (*secretsmanager.PutSecretValueOutput, error) + PutSecretValueRequest(*secretsmanager.PutSecretValueInput) (*request.Request, *secretsmanager.PutSecretValueOutput) + + RestoreSecret(*secretsmanager.RestoreSecretInput) (*secretsmanager.RestoreSecretOutput, error) + RestoreSecretWithContext(aws.Context, *secretsmanager.RestoreSecretInput, ...request.Option) (*secretsmanager.RestoreSecretOutput, error) + RestoreSecretRequest(*secretsmanager.RestoreSecretInput) (*request.Request, *secretsmanager.RestoreSecretOutput) + + RotateSecret(*secretsmanager.RotateSecretInput) (*secretsmanager.RotateSecretOutput, error) + RotateSecretWithContext(aws.Context, *secretsmanager.RotateSecretInput, ...request.Option) (*secretsmanager.RotateSecretOutput, error) + RotateSecretRequest(*secretsmanager.RotateSecretInput) (*request.Request, *secretsmanager.RotateSecretOutput) + + TagResource(*secretsmanager.TagResourceInput) (*secretsmanager.TagResourceOutput, error) + TagResourceWithContext(aws.Context, *secretsmanager.TagResourceInput, ...request.Option) (*secretsmanager.TagResourceOutput, error) + TagResourceRequest(*secretsmanager.TagResourceInput) (*request.Request, *secretsmanager.TagResourceOutput) + + UntagResource(*secretsmanager.UntagResourceInput) (*secretsmanager.UntagResourceOutput, error) + UntagResourceWithContext(aws.Context, *secretsmanager.UntagResourceInput, ...request.Option) (*secretsmanager.UntagResourceOutput, error) + UntagResourceRequest(*secretsmanager.UntagResourceInput) (*request.Request, *secretsmanager.UntagResourceOutput) + + UpdateSecret(*secretsmanager.UpdateSecretInput) (*secretsmanager.UpdateSecretOutput, error) + UpdateSecretWithContext(aws.Context, *secretsmanager.UpdateSecretInput, ...request.Option) (*secretsmanager.UpdateSecretOutput, error) + UpdateSecretRequest(*secretsmanager.UpdateSecretInput) (*request.Request, *secretsmanager.UpdateSecretOutput) + + UpdateSecretVersionStage(*secretsmanager.UpdateSecretVersionStageInput) (*secretsmanager.UpdateSecretVersionStageOutput, error) + UpdateSecretVersionStageWithContext(aws.Context, *secretsmanager.UpdateSecretVersionStageInput, ...request.Option) (*secretsmanager.UpdateSecretVersionStageOutput, error) + UpdateSecretVersionStageRequest(*secretsmanager.UpdateSecretVersionStageInput) (*request.Request, *secretsmanager.UpdateSecretVersionStageOutput) +} + +var _ SecretsManagerAPI = (*secretsmanager.SecretsManager)(nil) diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/service.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/service.go new file mode 100644 index 000000000..c4758e96d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/service.go @@ -0,0 +1,100 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package secretsmanager + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +// SecretsManager provides the API operation methods for making requests to +// AWS Secrets Manager. See this package's package overview docs +// for details on the service. +// +// SecretsManager methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type SecretsManager struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "secretsmanager" // Name of service. + EndpointsID = ServiceName // ID to lookup a service endpoint with. + ServiceID = "Secrets Manager" // ServiceID is a unique identifer of a specific service. +) + +// New creates a new instance of the SecretsManager client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// // Create a SecretsManager client from just a session. +// svc := secretsmanager.New(mySession) +// +// // Create a SecretsManager client with additional configuration +// svc := secretsmanager.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *SecretsManager { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "secretsmanager" + } + return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *SecretsManager { + svc := &SecretsManager{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + Endpoint: endpoint, + APIVersion: "2017-10-17", + JSONVersion: "1.1", + TargetPrefix: "secretsmanager", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a SecretsManager operation and runs any +// custom request initialization. +func (c *SecretsManager) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/github.com/overdrive3000/secretsmanager/.gitignore b/vendor/github.com/overdrive3000/secretsmanager/.gitignore new file mode 100644 index 000000000..66fd13c90 --- /dev/null +++ b/vendor/github.com/overdrive3000/secretsmanager/.gitignore @@ -0,0 +1,15 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Dependency directories (remove the comment below to include it) +# vendor/ diff --git a/vendor/github.com/overdrive3000/secretsmanager/LICENSE b/vendor/github.com/overdrive3000/secretsmanager/LICENSE new file mode 100644 index 000000000..a612ad981 --- /dev/null +++ b/vendor/github.com/overdrive3000/secretsmanager/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/vendor/github.com/overdrive3000/secretsmanager/README.md b/vendor/github.com/overdrive3000/secretsmanager/README.md new file mode 100644 index 000000000..d635a400f --- /dev/null +++ b/vendor/github.com/overdrive3000/secretsmanager/README.md @@ -0,0 +1,2 @@ +# secretsmanager +Simple go package to get secrets from AWS Secrets Manager diff --git a/vendor/github.com/overdrive3000/secretsmanager/secretsmanager.go b/vendor/github.com/overdrive3000/secretsmanager/secretsmanager.go new file mode 100644 index 000000000..95968a657 --- /dev/null +++ b/vendor/github.com/overdrive3000/secretsmanager/secretsmanager.go @@ -0,0 +1,68 @@ +// Package secretsmanager provide methods to get data from +// AWS Secret Manager +package secretsmanager + +import ( + "encoding/json" + "errors" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/secretsmanager" +) + +// New creates an AWS Session Manager Client +func New() (*Secret, error) { + sess := session.Must(session.NewSession()) + + var c *aws.Config + s := Secret{ + Client: secretsmanager.New(sess, c), + } + return &s, nil +} + +// GetSecret return an AWS Secret Manager secret +// in plain text from a given secret name +func (s *Secret) GetSecret(name string) (string, error) { + params := &secretsmanager.GetSecretValueInput{ + SecretId: aws.String(name), + VersionStage: aws.String("AWSCURRENT"), + } + + resp, err := s.Client.GetSecretValue(params) + if err != nil { + return "", err + } + + if resp.SecretString == nil { + return "", errors.New("Secret is not string") + } + + secret := SecretString{ + Name: *resp.Name, + Secret: *resp.SecretString, + } + value, err := getSecretValue(&secret) + if err != nil { + return "", err + } + + return value, nil +} + +func getSecretValue(s *SecretString) (string, error) { + var secretValue map[string]string + + blob := []byte(s.Secret) + + err := json.Unmarshal(blob, &secretValue) + if err != nil { + return "", err + } + + for _, v := range secretValue { + return v, nil + } + return "", errors.New("Secret not found") +} diff --git a/vendor/github.com/overdrive3000/secretsmanager/types.go b/vendor/github.com/overdrive3000/secretsmanager/types.go new file mode 100644 index 000000000..a5de481e0 --- /dev/null +++ b/vendor/github.com/overdrive3000/secretsmanager/types.go @@ -0,0 +1,18 @@ +package secretsmanager + +import ( + "github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface" +) + +// Secret represents an AWS Secrets Manager +// client +type Secret struct { + Client secretsmanageriface.SecretsManagerAPI +} + +// SecretString is a concret representation +// of an AWS Secrets Manager Secret String +type SecretString struct { + Name string + Secret string +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 223e425a2..8e62b2d53 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -158,6 +158,8 @@ github.com/aws/aws-sdk-go/service/iam github.com/aws/aws-sdk-go/service/s3 github.com/aws/aws-sdk-go/service/s3/s3iface github.com/aws/aws-sdk-go/service/s3/s3manager +github.com/aws/aws-sdk-go/service/secretsmanager +github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts/stsiface # github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d @@ -485,6 +487,8 @@ github.com/oracle/oci-go-sdk/core # github.com/outscale/osc-go v0.0.1 github.com/outscale/osc-go/oapi github.com/outscale/osc-go/utils +# github.com/overdrive3000/secretsmanager v0.0.0-20200421092817-bcdff577c37a +github.com/overdrive3000/secretsmanager # github.com/packer-community/winrmcp v0.0.0-20180921204643-0fd363d6159a github.com/packer-community/winrmcp/winrmcp # github.com/pierrec/lz4 v2.0.5+incompatible diff --git a/website/pages/docs/templates/user-variables.mdx b/website/pages/docs/templates/user-variables.mdx index 772485c30..9e6672013 100644 --- a/website/pages/docs/templates/user-variables.mdx +++ b/website/pages/docs/templates/user-variables.mdx @@ -188,6 +188,31 @@ The full list of available environment variables is: and detailed documentation for usage of each of those variables can be found [here](https://www.vaultproject.io/docs/commands/#environment-variables). +## AWS Secrets Manager Variables + +Secrets can be read from [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) +and used within your template as user variables. the `aws_secretsmanager` function is +available _only_ within the default value of a user variable, allowing you to default +a user variable to an AWS Secrets Manager secret. + +```json +{ + "variables": { + "password": "{{ aws_secretsmanager `sample/app/password` }}" + } +} +``` + +This will default `password` to the secret value stored at AWS Secrets Manager. + +In order to use this function you have to configure valid AWS credentials using +one of the following methods: + +* [Environment Variables](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) +* [CLI Configuration Files](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) +* [Container Credentials](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) +* [Instance Profile Credentials](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) + ## Using array values Some templates call for array values. You can use template variables for these,