aws-sdk-directoryservice 1.33.0 → 1.38.0

data/lib/aws-sdk-directoryservice/errors.rb

@@ -34,6 +34,7 @@ module Aws::DirectoryService
   # * {CertificateInUseException}
   # * {CertificateLimitExceededException}
   # * {ClientException}
+  # * {DirectoryAlreadyInRegionException}
   # * {DirectoryAlreadySharedException}
   # * {DirectoryDoesNotExistException}
   # * {DirectoryLimitExceededException}
@@ -44,6 +45,7 @@ module Aws::DirectoryService
   # * {EntityDoesNotExistException}
   # * {InsufficientPermissionsException}
   # * {InvalidCertificateException}
+  # * {InvalidClientAuthStatusException}
   # * {InvalidLDAPSStatusException}
   # * {InvalidNextTokenException}
   # * {InvalidParameterException}
@@ -52,6 +54,7 @@ module Aws::DirectoryService
   # * {IpRouteLimitExceededException}
   # * {NoAvailableCertificateException}
   # * {OrganizationsException}
+  # * {RegionLimitExceededException}
   # * {ServiceException}
   # * {ShareLimitExceededException}
   # * {SnapshotLimitExceededException}
@@ -205,6 +208,26 @@ module Aws::DirectoryService
       end
     end
 
+    class DirectoryAlreadyInRegionException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::DirectoryService::Types::DirectoryAlreadyInRegionException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+
+      # @return [String]
+      def request_id
+        @data[:request_id]
+      end
+    end
+
     class DirectoryAlreadySharedException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -405,6 +428,26 @@ module Aws::DirectoryService
       end
     end
 
+    class InvalidClientAuthStatusException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::DirectoryService::Types::InvalidClientAuthStatusException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+
+      # @return [String]
+      def request_id
+        @data[:request_id]
+      end
+    end
+
     class InvalidLDAPSStatusException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -565,6 +608,26 @@ module Aws::DirectoryService
       end
     end
 
+    class RegionLimitExceededException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::DirectoryService::Types::RegionLimitExceededException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+
+      # @return [String]
+      def request_id
+        @data[:request_id]
+      end
+    end
+
     class ServiceException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-directoryservice/types.rb

@@ -43,7 +43,7 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
-    # You do not have sufficient access to perform this action.
+    # Client authentication is not available in this region at this time.
     #
     # @!attribute [rw] message
     #   The descriptive message for the exception.
@@ -166,6 +166,47 @@ module Aws::DirectoryService
     #
     class AddIpRoutesResult < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass AddRegionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         directory_id: "DirectoryId", # required
+    #         region_name: "RegionName", # required
+    #         vpc_settings: { # required
+    #           vpc_id: "VpcId", # required
+    #           subnet_ids: ["SubnetId"], # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] directory_id
+    #   The identifier of the directory to which you want to add Region
+    #   replication.
+    #   @return [String]
+    #
+    # @!attribute [rw] region_name
+    #   The name of the Region where you want to add domain controllers for
+    #   replication. For example, `us-east-1`.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_settings
+    #   Contains VPC information for the CreateDirectory or
+    #   CreateMicrosoftAD operation.
+    #   @return [Types::DirectoryVpcSettings]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/AddRegionRequest AWS API Documentation
+    #
+    class AddRegionRequest < Struct.new(
+      :directory_id,
+      :region_name,
+      :vpc_settings)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/AddRegionResult AWS API Documentation
+    #
+    class AddRegionResult < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass AddTagsToResourceRequest
     #   data as a hash:
     #
@@ -302,6 +343,17 @@ module Aws::DirectoryService
     #   The date and time when the certificate will expire.
     #   @return [Time]
     #
+    # @!attribute [rw] type
+    #   The function that the registered certificate performs. Valid values
+    #   include `ClientLDAPS` or `ClientCertAuth`. The default value is
+    #   `ClientLDAPS`.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_cert_auth_settings
+    #   A `ClientCertAuthSettings` object that contains client certificate
+    #   authentication settings.
+    #   @return [Types::ClientCertAuthSettings]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/Certificate AWS API Documentation
     #
     class Certificate < Struct.new(
@@ -310,7 +362,9 @@ module Aws::DirectoryService
       :state_reason,
       :common_name,
       :registered_date_time,
-      :expiry_date_time)
+      :expiry_date_time,
+      :type,
+      :client_cert_auth_settings)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -392,13 +446,20 @@ module Aws::DirectoryService
     #   The date and time when the certificate will expire.
     #   @return [Time]
     #
+    # @!attribute [rw] type
+    #   The function that the registered certificate performs. Valid values
+    #   include `ClientLDAPS` or `ClientCertAuth`. The default value is
+    #   `ClientLDAPS`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/CertificateInfo AWS API Documentation
     #
     class CertificateInfo < Struct.new(
       :certificate_id,
       :common_name,
       :state,
-      :expiry_date_time)
+      :expiry_date_time,
+      :type)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -423,6 +484,31 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
+    # Contains information about the client certificate authentication
+    # settings for the `RegisterCertificate` and `DescribeCertificate`
+    # operations.
+    #
+    # @note When making an API call, you may pass ClientCertAuthSettings
+    #   data as a hash:
+    #
+    #       {
+    #         ocsp_url: "OCSPUrl",
+    #       }
+    #
+    # @!attribute [rw] ocsp_url
+    #   Specifies the URL of the default OCSP server used to check for
+    #   revocation status. A secondary value to any OCSP address found in
+    #   the AIA extension of the user certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/ClientCertAuthSettings AWS API Documentation
+    #
+    class ClientCertAuthSettings < Struct.new(
+      :ocsp_url)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A client exception has occurred.
     #
     # @!attribute [rw] message
@@ -784,6 +870,36 @@ module Aws::DirectoryService
     #
     #   If you need to change the password for the administrator account,
     #   you can use the ResetUserPassword API call.
+    #
+    #   The regex pattern for this string is made up of the following
+    #   conditions:
+    #
+    #   * Length (?=^.\\\{8,64\\}$) – Must be between 8 and 64 characters
+    #
+    #   ^
+    #
+    #   AND any 3 of the following password complexity rules required by
+    #   Active Directory:
+    #
+    #   * Numbers and upper case and lowercase
+    #     (?=.*\\d)(?=.*\[A-Z\])(?=.*\[a-z\])
+    #
+    #   * Numbers and special characters and lower case
+    #     (?=.*\\d)(?=.*\[^A-Za-z0-9\\s\])(?=.*\[a-z\])
+    #
+    #   * Special characters and upper case and lower case
+    #     (?=.*\[^A-Za-z0-9\\s\])(?=.*\[A-Z\])(?=.*\[a-z\])
+    #
+    #   * Numbers and upper case and special characters
+    #     (?=.*\\d)(?=.*\[A-Z\])(?=.*\[^A-Za-z0-9\\s\])
+    #
+    #   For additional information about how Active Directory passwords are
+    #   enforced, see [Password must meet complexity requirements][1] on the
+    #   Microsoft website.
+    #
+    #
+    #
+    #   [1]: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -1629,6 +1745,58 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeRegionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         directory_id: "DirectoryId", # required
+    #         region_name: "RegionName",
+    #         next_token: "NextToken",
+    #       }
+    #
+    # @!attribute [rw] directory_id
+    #   The identifier of the directory.
+    #   @return [String]
+    #
+    # @!attribute [rw] region_name
+    #   The name of the Region. For example, `us-east-1`.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   The `DescribeRegionsResult.NextToken` value from a previous call to
+    #   DescribeRegions. Pass null if this is the first call.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/DescribeRegionsRequest AWS API Documentation
+    #
+    class DescribeRegionsRequest < Struct.new(
+      :directory_id,
+      :region_name,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] regions_description
+    #   List of Region information related to the directory for each
+    #   replicated Region.
+    #   @return [Array<Types::RegionDescription>]
+    #
+    # @!attribute [rw] next_token
+    #   If not null, more results are available. Pass this value for the
+    #   `NextToken` parameter in a subsequent call to DescribeRegions to
+    #   retrieve the next set of items.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/DescribeRegionsResult AWS API Documentation
+    #
+    class DescribeRegionsResult < Struct.new(
+      :regions_description,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeSharedDirectoriesRequest
     #   data as a hash:
     #
@@ -1831,6 +1999,27 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
+    # The Region you specified is the same Region where the AWS Managed
+    # Microsoft AD directory was created. Specify a different Region and try
+    # again.
+    #
+    # @!attribute [rw] message
+    #   The descriptive message for the exception.
+    #   @return [String]
+    #
+    # @!attribute [rw] request_id
+    #   The AWS request identifier.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/DirectoryAlreadyInRegionException AWS API Documentation
+    #
+    class DirectoryAlreadyInRegionException < Struct.new(
+      :message,
+      :request_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The specified directory has already been shared with this AWS account.
     #
     # @!attribute [rw] message
@@ -2062,6 +2251,10 @@ module Aws::DirectoryService
     #   owner account.
     #   @return [Types::OwnerDirectoryDescription]
     #
+    # @!attribute [rw] regions_info
+    #   Lists the Regions where the directory has replicated.
+    #   @return [Types::RegionsInfo]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/DirectoryDescription AWS API Documentation
     #
     class DirectoryDescription < Struct.new(
@@ -2088,7 +2281,8 @@ module Aws::DirectoryService
       :stage_reason,
       :sso_enabled,
       :desired_number_of_domain_controllers,
-      :owner_directory_description)
+      :owner_directory_description,
+      :regions_info)
       SENSITIVE = [:share_notes]
       include Aws::Structure
     end
@@ -2288,6 +2482,36 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DisableClientAuthenticationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         directory_id: "DirectoryId", # required
+    #         type: "SmartCard", # required, accepts SmartCard
+    #       }
+    #
+    # @!attribute [rw] directory_id
+    #   The identifier of the directory
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of client authentication to disable. Currently, only the
+    #   parameter, `SmartCard` is supported.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/DisableClientAuthenticationRequest AWS API Documentation
+    #
+    class DisableClientAuthenticationRequest < Struct.new(
+      :directory_id,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/DisableClientAuthenticationResult AWS API Documentation
+    #
+    class DisableClientAuthenticationResult < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DisableLDAPSRequest
     #   data as a hash:
     #
@@ -2476,6 +2700,38 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass EnableClientAuthenticationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         directory_id: "DirectoryId", # required
+    #         type: "SmartCard", # required, accepts SmartCard
+    #       }
+    #
+    # @!attribute [rw] directory_id
+    #   The identifier of the specified directory.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of client authentication to enable. Currently only the
+    #   value `SmartCard` is supported. Smart card authentication in AD
+    #   Connector requires that you enable Kerberos Constrained Delegation
+    #   for the Service User to the LDAP service in the on-premises AD.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/EnableClientAuthenticationRequest AWS API Documentation
+    #
+    class EnableClientAuthenticationRequest < Struct.new(
+      :directory_id,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/EnableClientAuthenticationResult AWS API Documentation
+    #
+    class EnableClientAuthenticationResult < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass EnableLDAPSRequest
     #   data as a hash:
     #
@@ -2772,6 +3028,25 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
+    # Client authentication is already enabled.
+    #
+    # @!attribute [rw] message
+    #   The descriptive message for the exception.
+    #   @return [String]
+    #
+    # @!attribute [rw] request_id
+    #   The AWS request identifier.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/InvalidClientAuthStatusException AWS API Documentation
+    #
+    class InvalidClientAuthStatusException < Struct.new(
+      :message,
+      :request_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The LDAP activities could not be performed because they are limited by
     # the LDAPS status.
     #
@@ -3271,8 +3546,8 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
-    # The LDAP activities could not be performed because at least one valid
-    # certificate must be registered with the system.
+    # Client authentication setup could not be completed because at least
+    # one valid certificate must be registered in the system.
     #
     # @!attribute [rw] message
     #   The descriptive message for the exception.
@@ -3370,9 +3645,9 @@ module Aws::DirectoryService
     #       }
     #
     # @!attribute [rw] radius_servers
-    #   An array of strings that contains the IP addresses of the RADIUS
-    #   server endpoints, or the IP addresses of your RADIUS server load
-    #   balancer.
+    #   An array of strings that contains the fully qualified domain name
+    #   (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN
+    #   or IP addresses of your RADIUS server load balancer.
     #   @return [Array<String>]
     #
     # @!attribute [rw] radius_port
@@ -3422,12 +3697,115 @@ module Aws::DirectoryService
       include Aws::Structure
     end
 
+    # The replicated Region information for a directory.
+    #
+    # @!attribute [rw] directory_id
+    #   The identifier of the directory.
+    #   @return [String]
+    #
+    # @!attribute [rw] region_name
+    #   The name of the Region. For example, `us-east-1`.
+    #   @return [String]
+    #
+    # @!attribute [rw] region_type
+    #   Specifies whether the Region is the primary Region or an additional
+    #   Region.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status of the replication process for the specified Region.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_settings
+    #   Contains VPC information for the CreateDirectory or
+    #   CreateMicrosoftAD operation.
+    #   @return [Types::DirectoryVpcSettings]
+    #
+    # @!attribute [rw] desired_number_of_domain_controllers
+    #   The desired number of domain controllers in the specified Region for
+    #   the specified directory.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] launch_time
+    #   Specifies when the Region replication began.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status_last_updated_date_time
+    #   The date and time that the Region status was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_updated_date_time
+    #   The date and time that the Region description was last updated.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/RegionDescription AWS API Documentation
+    #
+    class RegionDescription < Struct.new(
+      :directory_id,
+      :region_name,
+      :region_type,
+      :status,
+      :vpc_settings,
+      :desired_number_of_domain_controllers,
+      :launch_time,
+      :status_last_updated_date_time,
+      :last_updated_date_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # You have reached the limit for maximum number of simultaneous Region
+    # replications per directory.
+    #
+    # @!attribute [rw] message
+    #   The descriptive message for the exception.
+    #   @return [String]
+    #
+    # @!attribute [rw] request_id
+    #   The AWS request identifier.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/RegionLimitExceededException AWS API Documentation
+    #
+    class RegionLimitExceededException < Struct.new(
+      :message,
+      :request_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about the Regions that are configured for
+    # multi-Region replication.
+    #
+    # @!attribute [rw] primary_region
+    #   The Region where the AWS Managed Microsoft AD directory was
+    #   originally created.
+    #   @return [String]
+    #
+    # @!attribute [rw] additional_regions
+    #   Lists the Regions where the directory has been replicated, excluding
+    #   the primary Region.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/RegionsInfo AWS API Documentation
+    #
+    class RegionsInfo < Struct.new(
+      :primary_region,
+      :additional_regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass RegisterCertificateRequest
     #   data as a hash:
     #
     #       {
     #         directory_id: "DirectoryId", # required
     #         certificate_data: "CertificateData", # required
+    #         type: "ClientCertAuth", # accepts ClientCertAuth, ClientLDAPS
+    #         client_cert_auth_settings: {
+    #           ocsp_url: "OCSPUrl",
+    #         },
     #       }
     #
     # @!attribute [rw] directory_id
@@ -3438,11 +3816,24 @@ module Aws::DirectoryService
     #   The certificate PEM string that needs to be registered.
     #   @return [String]
     #
+    # @!attribute [rw] type
+    #   The function that the registered certificate performs. Valid values
+    #   include `ClientLDAPS` or `ClientCertAuth`. The default value is
+    #   `ClientLDAPS`.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_cert_auth_settings
+    #   A `ClientCertAuthSettings` object that contains client certificate
+    #   authentication settings.
+    #   @return [Types::ClientCertAuthSettings]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/RegisterCertificateRequest AWS API Documentation
     #
     class RegisterCertificateRequest < Struct.new(
       :directory_id,
-      :certificate_data)
+      :certificate_data,
+      :type,
+      :client_cert_auth_settings)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3558,6 +3949,30 @@ module Aws::DirectoryService
     #
     class RemoveIpRoutesResult < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass RemoveRegionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         directory_id: "DirectoryId", # required
+    #       }
+    #
+    # @!attribute [rw] directory_id
+    #   The identifier of the directory for which you want to remove Region
+    #   replication.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/RemoveRegionRequest AWS API Documentation
+    #
+    class RemoveRegionRequest < Struct.new(
+      :directory_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/RemoveRegionResult AWS API Documentation
+    #
+    class RemoveRegionResult < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass RemoveTagsFromResourceRequest
     #   data as a hash:
     #