From b12b5ddb1f610aa7b4fe4ad200e9e45279d26727 Mon Sep 17 00:00:00 2001 From: AsyncAws <61784373+async-aws-bot@users.noreply.github.com> Date: Thu, 13 Jun 2024 03:06:51 -0700 Subject: [PATCH] Update generated code (#1727) update generated code --- CHANGELOG.md | 4 +++ composer.json | 2 +- src/Input/CreateSecretRequest.php | 6 +++++ src/Input/GetSecretValueRequest.php | 2 +- src/Input/PutSecretValueRequest.php | 39 +++++++++++++++++++++++++++ src/Input/UpdateSecretRequest.php | 6 +++++ src/Result/GetSecretValueResponse.php | 6 +++++ src/SecretsManagerClient.php | 5 ++-- 8 files changed, 66 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5caa2b9..0fd5b27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## NOT RELEASED +### Added + +- AWS api-change: Introducing RotationToken parameter for PutSecretValue API + ### Changed - Add `Accept: application/json` header in request to fix incompatibility with 3rd party providers diff --git a/composer.json b/composer.json index bc1e202..30aab5f 100644 --- a/composer.json +++ b/composer.json @@ -29,7 +29,7 @@ }, "extra": { "branch-alias": { - "dev-master": "2.2-dev" + "dev-master": "2.3-dev" } } } diff --git a/src/Input/CreateSecretRequest.php b/src/Input/CreateSecretRequest.php index 456ef97..9626900 100644 --- a/src/Input/CreateSecretRequest.php +++ b/src/Input/CreateSecretRequest.php @@ -91,6 +91,9 @@ final class CreateSecretRequest extends Input * * This parameter is not available in the Secrets Manager console. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretBinary; @@ -105,6 +108,9 @@ final class CreateSecretRequest extends Input * only the `SecretString` parameter. The Secrets Manager console stores the information as a JSON structure of * key/value pairs that a Lambda rotation function can parse. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretString; diff --git a/src/Input/GetSecretValueRequest.php b/src/Input/GetSecretValueRequest.php index 1793896..2602b16 100644 --- a/src/Input/GetSecretValueRequest.php +++ b/src/Input/GetSecretValueRequest.php @@ -10,7 +10,7 @@ final class GetSecretValueRequest extends Input { /** - * The ARN or name of the secret to retrieve. + * The ARN or name of the secret to retrieve. To retrieve a secret from another account, you must use an ARN. * * For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a * partial ARN [^1]. diff --git a/src/Input/PutSecretValueRequest.php b/src/Input/PutSecretValueRequest.php index 05aeabe..6f4c50e 100644 --- a/src/Input/PutSecretValueRequest.php +++ b/src/Input/PutSecretValueRequest.php @@ -63,6 +63,9 @@ final class PutSecretValueRequest extends Input * * You can't access this value from the Secrets Manager console. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretBinary; @@ -74,6 +77,9 @@ final class PutSecretValueRequest extends Input * * We recommend you create the secret string as JSON key/value pairs, as shown in the example. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretString; @@ -94,6 +100,21 @@ final class PutSecretValueRequest extends Input */ private $versionStages; + /** + * A unique identifier that indicates the source of the request. For cross-account rotation (when you rotate a secret in + * one account by using a Lambda rotation function in another account) and the Lambda rotation function assumes an IAM + * role to call Secrets Manager, Secrets Manager validates the identity with the rotation token. For more information, + * see How rotation works [^1]. + * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * + * [^1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html + * + * @var string|null + */ + private $rotationToken; + /** * @param array{ * SecretId?: string, @@ -101,6 +122,7 @@ final class PutSecretValueRequest extends Input * SecretBinary?: null|string, * SecretString?: null|string, * VersionStages?: null|string[], + * RotationToken?: null|string, * '@region'?: string|null, * } $input */ @@ -111,6 +133,7 @@ public function __construct(array $input = []) $this->secretBinary = $input['SecretBinary'] ?? null; $this->secretString = $input['SecretString'] ?? null; $this->versionStages = $input['VersionStages'] ?? null; + $this->rotationToken = $input['RotationToken'] ?? null; parent::__construct($input); } @@ -121,6 +144,7 @@ public function __construct(array $input = []) * SecretBinary?: null|string, * SecretString?: null|string, * VersionStages?: null|string[], + * RotationToken?: null|string, * '@region'?: string|null, * }|PutSecretValueRequest $input */ @@ -134,6 +158,11 @@ public function getClientRequestToken(): ?string return $this->clientRequestToken; } + public function getRotationToken(): ?string + { + return $this->rotationToken; + } + public function getSecretBinary(): ?string { return $this->secretBinary; @@ -190,6 +219,13 @@ public function setClientRequestToken(?string $value): self return $this; } + public function setRotationToken(?string $value): self + { + $this->rotationToken = $value; + + return $this; + } + public function setSecretBinary(?string $value): self { $this->secretBinary = $value; @@ -246,6 +282,9 @@ private function requestBody(): array $payload['VersionStages'][$index] = $listValue; } } + if (null !== $v = $this->rotationToken) { + $payload['RotationToken'] = $v; + } return $payload; } diff --git a/src/Input/UpdateSecretRequest.php b/src/Input/UpdateSecretRequest.php index 7937fc6..8e9c832 100644 --- a/src/Input/UpdateSecretRequest.php +++ b/src/Input/UpdateSecretRequest.php @@ -85,6 +85,9 @@ final class UpdateSecretRequest extends Input * * You can't access this parameter in the Secrets Manager console. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretBinary; @@ -95,6 +98,9 @@ final class UpdateSecretRequest extends Input * * Either `SecretBinary` or `SecretString` must have a value, but not both. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretString; diff --git a/src/Result/GetSecretValueResponse.php b/src/Result/GetSecretValueResponse.php index 38acf4d..1ca410b 100644 --- a/src/Result/GetSecretValueResponse.php +++ b/src/Result/GetSecretValueResponse.php @@ -36,6 +36,9 @@ class GetSecretValueResponse extends Result * If the secret was created by using the Secrets Manager console, or if the secret value was originally provided as a * string, then this field is omitted. The secret value appears in `SecretString` instead. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretBinary; @@ -47,6 +50,9 @@ class GetSecretValueResponse extends Result * If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of * key/value pairs. * + * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. + * If you create your own log entries, you must also avoid logging the information in this field. + * * @var string|null */ private $secretString; diff --git a/src/SecretsManagerClient.php b/src/SecretsManagerClient.php index 5a1ec9f..2c9fc82 100644 --- a/src/SecretsManagerClient.php +++ b/src/SecretsManagerClient.php @@ -331,8 +331,8 @@ public function listSecrets($input = []): ListSecretsResponse * new ones. * * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in - * request parameters except `SecretBinary` or `SecretString` because it might be logged. For more information, see - * Logging Secrets Manager events with CloudTrail [^1]. + * request parameters except `SecretBinary`, `SecretString`, or `RotationToken` because it might be logged. For more + * information, see Logging Secrets Manager events with CloudTrail [^1]. * * **Required permissions: **`secretsmanager:PutSecretValue`. For more information, see IAM policy actions for Secrets * Manager [^2] and Authentication and access control in Secrets Manager [^3]. @@ -350,6 +350,7 @@ public function listSecrets($input = []): ListSecretsResponse * SecretBinary?: null|string, * SecretString?: null|string, * VersionStages?: null|string[], + * RotationToken?: null|string, * '@region'?: string|null, * }|PutSecretValueRequest $input *