aws-sdk-eks 1.47.0 → 1.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -24,6 +24,8 @@ module Aws::EKS
24
24
  AddonVersionInfo = Shapes::StructureShape.new(name: 'AddonVersionInfo')
25
25
  AddonVersionInfoList = Shapes::ListShape.new(name: 'AddonVersionInfoList')
26
26
  Addons = Shapes::ListShape.new(name: 'Addons')
27
+ AssociateIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'AssociateIdentityProviderConfigRequest')
28
+ AssociateIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'AssociateIdentityProviderConfigResponse')
27
29
  AutoScalingGroup = Shapes::StructureShape.new(name: 'AutoScalingGroup')
28
30
  AutoScalingGroupList = Shapes::ListShape.new(name: 'AutoScalingGroupList')
29
31
  BadRequestException = Shapes::StructureShape.new(name: 'BadRequestException')
@@ -64,10 +66,14 @@ module Aws::EKS
64
66
  DescribeClusterResponse = Shapes::StructureShape.new(name: 'DescribeClusterResponse')
65
67
  DescribeFargateProfileRequest = Shapes::StructureShape.new(name: 'DescribeFargateProfileRequest')
66
68
  DescribeFargateProfileResponse = Shapes::StructureShape.new(name: 'DescribeFargateProfileResponse')
69
+ DescribeIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'DescribeIdentityProviderConfigRequest')
70
+ DescribeIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'DescribeIdentityProviderConfigResponse')
67
71
  DescribeNodegroupRequest = Shapes::StructureShape.new(name: 'DescribeNodegroupRequest')
68
72
  DescribeNodegroupResponse = Shapes::StructureShape.new(name: 'DescribeNodegroupResponse')
69
73
  DescribeUpdateRequest = Shapes::StructureShape.new(name: 'DescribeUpdateRequest')
70
74
  DescribeUpdateResponse = Shapes::StructureShape.new(name: 'DescribeUpdateResponse')
75
+ DisassociateIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'DisassociateIdentityProviderConfigRequest')
76
+ DisassociateIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'DisassociateIdentityProviderConfigResponse')
71
77
  EncryptionConfig = Shapes::StructureShape.new(name: 'EncryptionConfig')
72
78
  EncryptionConfigList = Shapes::ListShape.new(name: 'EncryptionConfigList')
73
79
  ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
@@ -80,6 +86,9 @@ module Aws::EKS
80
86
  FargateProfileStatus = Shapes::StringShape.new(name: 'FargateProfileStatus')
81
87
  FargateProfilesRequestMaxResults = Shapes::IntegerShape.new(name: 'FargateProfilesRequestMaxResults')
82
88
  Identity = Shapes::StructureShape.new(name: 'Identity')
89
+ IdentityProviderConfig = Shapes::StructureShape.new(name: 'IdentityProviderConfig')
90
+ IdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'IdentityProviderConfigResponse')
91
+ IdentityProviderConfigs = Shapes::ListShape.new(name: 'IdentityProviderConfigs')
83
92
  InvalidParameterException = Shapes::StructureShape.new(name: 'InvalidParameterException')
84
93
  InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
85
94
  Issue = Shapes::StructureShape.new(name: 'Issue')
@@ -95,6 +104,9 @@ module Aws::EKS
95
104
  ListClustersResponse = Shapes::StructureShape.new(name: 'ListClustersResponse')
96
105
  ListFargateProfilesRequest = Shapes::StructureShape.new(name: 'ListFargateProfilesRequest')
97
106
  ListFargateProfilesResponse = Shapes::StructureShape.new(name: 'ListFargateProfilesResponse')
107
+ ListIdentityProviderConfigsRequest = Shapes::StructureShape.new(name: 'ListIdentityProviderConfigsRequest')
108
+ ListIdentityProviderConfigsRequestMaxResults = Shapes::IntegerShape.new(name: 'ListIdentityProviderConfigsRequestMaxResults')
109
+ ListIdentityProviderConfigsResponse = Shapes::StructureShape.new(name: 'ListIdentityProviderConfigsResponse')
98
110
  ListNodegroupsRequest = Shapes::StructureShape.new(name: 'ListNodegroupsRequest')
99
111
  ListNodegroupsRequestMaxResults = Shapes::IntegerShape.new(name: 'ListNodegroupsRequestMaxResults')
100
112
  ListNodegroupsResponse = Shapes::StructureShape.new(name: 'ListNodegroupsResponse')
@@ -116,6 +128,8 @@ module Aws::EKS
116
128
  NodegroupStatus = Shapes::StringShape.new(name: 'NodegroupStatus')
117
129
  NotFoundException = Shapes::StructureShape.new(name: 'NotFoundException')
118
130
  OIDC = Shapes::StructureShape.new(name: 'OIDC')
131
+ OidcIdentityProviderConfig = Shapes::StructureShape.new(name: 'OidcIdentityProviderConfig')
132
+ OidcIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'OidcIdentityProviderConfigRequest')
119
133
  Provider = Shapes::StructureShape.new(name: 'Provider')
120
134
  RemoteAccessConfig = Shapes::StructureShape.new(name: 'RemoteAccessConfig')
121
135
  ResolveConflicts = Shapes::StringShape.new(name: 'ResolveConflicts')
@@ -156,10 +170,14 @@ module Aws::EKS
156
170
  UpdateType = Shapes::StringShape.new(name: 'UpdateType')
157
171
  VpcConfigRequest = Shapes::StructureShape.new(name: 'VpcConfigRequest')
158
172
  VpcConfigResponse = Shapes::StructureShape.new(name: 'VpcConfigResponse')
173
+ configStatus = Shapes::StringShape.new(name: 'configStatus')
159
174
  labelKey = Shapes::StringShape.new(name: 'labelKey')
160
175
  labelValue = Shapes::StringShape.new(name: 'labelValue')
161
176
  labelsKeyList = Shapes::ListShape.new(name: 'labelsKeyList')
162
177
  labelsMap = Shapes::MapShape.new(name: 'labelsMap')
178
+ requiredClaimsKey = Shapes::StringShape.new(name: 'requiredClaimsKey')
179
+ requiredClaimsMap = Shapes::MapShape.new(name: 'requiredClaimsMap')
180
+ requiredClaimsValue = Shapes::StringShape.new(name: 'requiredClaimsValue')
163
181
 
164
182
  Addon.add_member(:addon_name, Shapes::ShapeRef.new(shape: String, location_name: "addonName"))
165
183
  Addon.add_member(:cluster_name, Shapes::ShapeRef.new(shape: ClusterName, location_name: "clusterName"))
@@ -197,6 +215,16 @@ module Aws::EKS
197
215
 
198
216
  Addons.member = Shapes::ShapeRef.new(shape: AddonInfo)
199
217
 
218
+ AssociateIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
219
+ AssociateIdentityProviderConfigRequest.add_member(:oidc, Shapes::ShapeRef.new(shape: OidcIdentityProviderConfigRequest, required: true, location_name: "oidc"))
220
+ AssociateIdentityProviderConfigRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
221
+ AssociateIdentityProviderConfigRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken"=>true}))
222
+ AssociateIdentityProviderConfigRequest.struct_class = Types::AssociateIdentityProviderConfigRequest
223
+
224
+ AssociateIdentityProviderConfigResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
225
+ AssociateIdentityProviderConfigResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
226
+ AssociateIdentityProviderConfigResponse.struct_class = Types::AssociateIdentityProviderConfigResponse
227
+
200
228
  AutoScalingGroup.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
201
229
  AutoScalingGroup.struct_class = Types::AutoScalingGroup
202
230
 
@@ -355,6 +383,13 @@ module Aws::EKS
355
383
  DescribeFargateProfileResponse.add_member(:fargate_profile, Shapes::ShapeRef.new(shape: FargateProfile, location_name: "fargateProfile"))
356
384
  DescribeFargateProfileResponse.struct_class = Types::DescribeFargateProfileResponse
357
385
 
386
+ DescribeIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
387
+ DescribeIdentityProviderConfigRequest.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfig, required: true, location_name: "identityProviderConfig"))
388
+ DescribeIdentityProviderConfigRequest.struct_class = Types::DescribeIdentityProviderConfigRequest
389
+
390
+ DescribeIdentityProviderConfigResponse.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfigResponse, location_name: "identityProviderConfig"))
391
+ DescribeIdentityProviderConfigResponse.struct_class = Types::DescribeIdentityProviderConfigResponse
392
+
358
393
  DescribeNodegroupRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
359
394
  DescribeNodegroupRequest.add_member(:nodegroup_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "nodegroupName"))
360
395
  DescribeNodegroupRequest.struct_class = Types::DescribeNodegroupRequest
@@ -371,6 +406,14 @@ module Aws::EKS
371
406
  DescribeUpdateResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
372
407
  DescribeUpdateResponse.struct_class = Types::DescribeUpdateResponse
373
408
 
409
+ DisassociateIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
410
+ DisassociateIdentityProviderConfigRequest.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfig, required: true, location_name: "identityProviderConfig"))
411
+ DisassociateIdentityProviderConfigRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken"=>true}))
412
+ DisassociateIdentityProviderConfigRequest.struct_class = Types::DisassociateIdentityProviderConfigRequest
413
+
414
+ DisassociateIdentityProviderConfigResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
415
+ DisassociateIdentityProviderConfigResponse.struct_class = Types::DisassociateIdentityProviderConfigResponse
416
+
374
417
  EncryptionConfig.add_member(:resources, Shapes::ShapeRef.new(shape: StringList, location_name: "resources"))
375
418
  EncryptionConfig.add_member(:provider, Shapes::ShapeRef.new(shape: Provider, location_name: "provider"))
376
419
  EncryptionConfig.struct_class = Types::EncryptionConfig
@@ -407,6 +450,15 @@ module Aws::EKS
407
450
  Identity.add_member(:oidc, Shapes::ShapeRef.new(shape: OIDC, location_name: "oidc"))
408
451
  Identity.struct_class = Types::Identity
409
452
 
453
+ IdentityProviderConfig.add_member(:type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "type"))
454
+ IdentityProviderConfig.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "name"))
455
+ IdentityProviderConfig.struct_class = Types::IdentityProviderConfig
456
+
457
+ IdentityProviderConfigResponse.add_member(:oidc, Shapes::ShapeRef.new(shape: OidcIdentityProviderConfig, location_name: "oidc"))
458
+ IdentityProviderConfigResponse.struct_class = Types::IdentityProviderConfigResponse
459
+
460
+ IdentityProviderConfigs.member = Shapes::ShapeRef.new(shape: IdentityProviderConfig)
461
+
410
462
  InvalidParameterException.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, location_name: "clusterName"))
411
463
  InvalidParameterException.add_member(:nodegroup_name, Shapes::ShapeRef.new(shape: String, location_name: "nodegroupName"))
412
464
  InvalidParameterException.add_member(:fargate_profile_name, Shapes::ShapeRef.new(shape: String, location_name: "fargateProfileName"))
@@ -464,6 +516,15 @@ module Aws::EKS
464
516
  ListFargateProfilesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
465
517
  ListFargateProfilesResponse.struct_class = Types::ListFargateProfilesResponse
466
518
 
519
+ ListIdentityProviderConfigsRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
520
+ ListIdentityProviderConfigsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsRequestMaxResults, location: "querystring", location_name: "maxResults"))
521
+ ListIdentityProviderConfigsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
522
+ ListIdentityProviderConfigsRequest.struct_class = Types::ListIdentityProviderConfigsRequest
523
+
524
+ ListIdentityProviderConfigsResponse.add_member(:identity_provider_configs, Shapes::ShapeRef.new(shape: IdentityProviderConfigs, location_name: "identityProviderConfigs"))
525
+ ListIdentityProviderConfigsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
526
+ ListIdentityProviderConfigsResponse.struct_class = Types::ListIdentityProviderConfigsResponse
527
+
467
528
  ListNodegroupsRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
468
529
  ListNodegroupsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListNodegroupsRequestMaxResults, location: "querystring", location_name: "maxResults"))
469
530
  ListNodegroupsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
@@ -542,6 +603,30 @@ module Aws::EKS
542
603
  OIDC.add_member(:issuer, Shapes::ShapeRef.new(shape: String, location_name: "issuer"))
543
604
  OIDC.struct_class = Types::OIDC
544
605
 
606
+ OidcIdentityProviderConfig.add_member(:identity_provider_config_name, Shapes::ShapeRef.new(shape: String, location_name: "identityProviderConfigName"))
607
+ OidcIdentityProviderConfig.add_member(:identity_provider_config_arn, Shapes::ShapeRef.new(shape: String, location_name: "identityProviderConfigArn"))
608
+ OidcIdentityProviderConfig.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, location_name: "clusterName"))
609
+ OidcIdentityProviderConfig.add_member(:issuer_url, Shapes::ShapeRef.new(shape: String, location_name: "issuerUrl"))
610
+ OidcIdentityProviderConfig.add_member(:client_id, Shapes::ShapeRef.new(shape: String, location_name: "clientId"))
611
+ OidcIdentityProviderConfig.add_member(:username_claim, Shapes::ShapeRef.new(shape: String, location_name: "usernameClaim"))
612
+ OidcIdentityProviderConfig.add_member(:username_prefix, Shapes::ShapeRef.new(shape: String, location_name: "usernamePrefix"))
613
+ OidcIdentityProviderConfig.add_member(:groups_claim, Shapes::ShapeRef.new(shape: String, location_name: "groupsClaim"))
614
+ OidcIdentityProviderConfig.add_member(:groups_prefix, Shapes::ShapeRef.new(shape: String, location_name: "groupsPrefix"))
615
+ OidcIdentityProviderConfig.add_member(:required_claims, Shapes::ShapeRef.new(shape: requiredClaimsMap, location_name: "requiredClaims"))
616
+ OidcIdentityProviderConfig.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
617
+ OidcIdentityProviderConfig.add_member(:status, Shapes::ShapeRef.new(shape: configStatus, location_name: "status"))
618
+ OidcIdentityProviderConfig.struct_class = Types::OidcIdentityProviderConfig
619
+
620
+ OidcIdentityProviderConfigRequest.add_member(:identity_provider_config_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "identityProviderConfigName"))
621
+ OidcIdentityProviderConfigRequest.add_member(:issuer_url, Shapes::ShapeRef.new(shape: String, required: true, location_name: "issuerUrl"))
622
+ OidcIdentityProviderConfigRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "clientId"))
623
+ OidcIdentityProviderConfigRequest.add_member(:username_claim, Shapes::ShapeRef.new(shape: String, location_name: "usernameClaim"))
624
+ OidcIdentityProviderConfigRequest.add_member(:username_prefix, Shapes::ShapeRef.new(shape: String, location_name: "usernamePrefix"))
625
+ OidcIdentityProviderConfigRequest.add_member(:groups_claim, Shapes::ShapeRef.new(shape: String, location_name: "groupsClaim"))
626
+ OidcIdentityProviderConfigRequest.add_member(:groups_prefix, Shapes::ShapeRef.new(shape: String, location_name: "groupsPrefix"))
627
+ OidcIdentityProviderConfigRequest.add_member(:required_claims, Shapes::ShapeRef.new(shape: requiredClaimsMap, location_name: "requiredClaims"))
628
+ OidcIdentityProviderConfigRequest.struct_class = Types::OidcIdentityProviderConfigRequest
629
+
545
630
  Provider.add_member(:key_arn, Shapes::ShapeRef.new(shape: String, location_name: "keyArn"))
546
631
  Provider.struct_class = Types::Provider
547
632
 
@@ -690,6 +775,9 @@ module Aws::EKS
690
775
  labelsMap.key = Shapes::ShapeRef.new(shape: labelKey)
691
776
  labelsMap.value = Shapes::ShapeRef.new(shape: labelValue)
692
777
 
778
+ requiredClaimsMap.key = Shapes::ShapeRef.new(shape: requiredClaimsKey)
779
+ requiredClaimsMap.value = Shapes::ShapeRef.new(shape: requiredClaimsValue)
780
+
693
781
 
694
782
  # @api private
695
783
  API = Seahorse::Model::Api.new.tap do |api|
@@ -709,6 +797,20 @@ module Aws::EKS
709
797
  "uid" => "eks-2017-11-01",
710
798
  }
711
799
 
800
+ api.add_operation(:associate_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
801
+ o.name = "AssociateIdentityProviderConfig"
802
+ o.http_method = "POST"
803
+ o.http_request_uri = "/clusters/{name}/identity-provider-configs/associate"
804
+ o.input = Shapes::ShapeRef.new(shape: AssociateIdentityProviderConfigRequest)
805
+ o.output = Shapes::ShapeRef.new(shape: AssociateIdentityProviderConfigResponse)
806
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
807
+ o.errors << Shapes::ShapeRef.new(shape: ClientException)
808
+ o.errors << Shapes::ShapeRef.new(shape: ServerException)
809
+ o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
810
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
811
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
812
+ end)
813
+
712
814
  api.add_operation(:create_addon, Seahorse::Model::Operation.new.tap do |o|
713
815
  o.name = "CreateAddon"
714
816
  o.http_method = "POST"
@@ -873,6 +975,19 @@ module Aws::EKS
873
975
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
874
976
  end)
875
977
 
978
+ api.add_operation(:describe_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
979
+ o.name = "DescribeIdentityProviderConfig"
980
+ o.http_method = "POST"
981
+ o.http_request_uri = "/clusters/{name}/identity-provider-configs/describe"
982
+ o.input = Shapes::ShapeRef.new(shape: DescribeIdentityProviderConfigRequest)
983
+ o.output = Shapes::ShapeRef.new(shape: DescribeIdentityProviderConfigResponse)
984
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
985
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
986
+ o.errors << Shapes::ShapeRef.new(shape: ClientException)
987
+ o.errors << Shapes::ShapeRef.new(shape: ServerException)
988
+ o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
989
+ end)
990
+
876
991
  api.add_operation(:describe_nodegroup, Seahorse::Model::Operation.new.tap do |o|
877
992
  o.name = "DescribeNodegroup"
878
993
  o.http_method = "GET"
@@ -898,6 +1013,20 @@ module Aws::EKS
898
1013
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
899
1014
  end)
900
1015
 
1016
+ api.add_operation(:disassociate_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
1017
+ o.name = "DisassociateIdentityProviderConfig"
1018
+ o.http_method = "POST"
1019
+ o.http_request_uri = "/clusters/{name}/identity-provider-configs/disassociate"
1020
+ o.input = Shapes::ShapeRef.new(shape: DisassociateIdentityProviderConfigRequest)
1021
+ o.output = Shapes::ShapeRef.new(shape: DisassociateIdentityProviderConfigResponse)
1022
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
1023
+ o.errors << Shapes::ShapeRef.new(shape: ClientException)
1024
+ o.errors << Shapes::ShapeRef.new(shape: ServerException)
1025
+ o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
1026
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1027
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
1028
+ end)
1029
+
901
1030
  api.add_operation(:list_addons, Seahorse::Model::Operation.new.tap do |o|
902
1031
  o.name = "ListAddons"
903
1032
  o.http_method = "GET"
@@ -953,6 +1082,25 @@ module Aws::EKS
953
1082
  )
954
1083
  end)
955
1084
 
1085
+ api.add_operation(:list_identity_provider_configs, Seahorse::Model::Operation.new.tap do |o|
1086
+ o.name = "ListIdentityProviderConfigs"
1087
+ o.http_method = "GET"
1088
+ o.http_request_uri = "/clusters/{name}/identity-provider-configs"
1089
+ o.input = Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsRequest)
1090
+ o.output = Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsResponse)
1091
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
1092
+ o.errors << Shapes::ShapeRef.new(shape: ClientException)
1093
+ o.errors << Shapes::ShapeRef.new(shape: ServerException)
1094
+ o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
1095
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1096
+ o[:pager] = Aws::Pager.new(
1097
+ limit_key: "max_results",
1098
+ tokens: {
1099
+ "next_token" => "next_token"
1100
+ }
1101
+ )
1102
+ end)
1103
+
956
1104
  api.add_operation(:list_nodegroups, Seahorse::Model::Operation.new.tap do |o|
957
1105
  o.name = "ListNodegroups"
958
1106
  o.http_method = "GET"
@@ -161,6 +161,80 @@ module Aws::EKS
161
161
  include Aws::Structure
162
162
  end
163
163
 
164
+ # @note When making an API call, you may pass AssociateIdentityProviderConfigRequest
165
+ # data as a hash:
166
+ #
167
+ # {
168
+ # cluster_name: "String", # required
169
+ # oidc: { # required
170
+ # identity_provider_config_name: "String", # required
171
+ # issuer_url: "String", # required
172
+ # client_id: "String", # required
173
+ # username_claim: "String",
174
+ # username_prefix: "String",
175
+ # groups_claim: "String",
176
+ # groups_prefix: "String",
177
+ # required_claims: {
178
+ # "requiredClaimsKey" => "requiredClaimsValue",
179
+ # },
180
+ # },
181
+ # tags: {
182
+ # "TagKey" => "TagValue",
183
+ # },
184
+ # client_request_token: "String",
185
+ # }
186
+ #
187
+ # @!attribute [rw] cluster_name
188
+ # The name of the cluster to associate the configuration to.
189
+ # @return [String]
190
+ #
191
+ # @!attribute [rw] oidc
192
+ # An object that represents an OpenID Connect (OIDC) identity provider
193
+ # configuration.
194
+ # @return [Types::OidcIdentityProviderConfigRequest]
195
+ #
196
+ # @!attribute [rw] tags
197
+ # The metadata to apply to the configuration to assist with
198
+ # categorization and organization. Each tag consists of a key and an
199
+ # optional value, both of which you define.
200
+ # @return [Hash<String,String>]
201
+ #
202
+ # @!attribute [rw] client_request_token
203
+ # Unique, case-sensitive identifier that you provide to ensure the
204
+ # idempotency of the request.
205
+ #
206
+ # **A suitable default value is auto-generated.** You should normally
207
+ # not need to pass this option.
208
+ # @return [String]
209
+ #
210
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateIdentityProviderConfigRequest AWS API Documentation
211
+ #
212
+ class AssociateIdentityProviderConfigRequest < Struct.new(
213
+ :cluster_name,
214
+ :oidc,
215
+ :tags,
216
+ :client_request_token)
217
+ SENSITIVE = []
218
+ include Aws::Structure
219
+ end
220
+
221
+ # @!attribute [rw] update
222
+ # An object representing an asynchronous update.
223
+ # @return [Types::Update]
224
+ #
225
+ # @!attribute [rw] tags
226
+ # The tags for the resource.
227
+ # @return [Hash<String,String>]
228
+ #
229
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateIdentityProviderConfigResponse AWS API Documentation
230
+ #
231
+ class AssociateIdentityProviderConfigResponse < Struct.new(
232
+ :update,
233
+ :tags)
234
+ SENSITIVE = []
235
+ include Aws::Structure
236
+ end
237
+
164
238
  # An Auto Scaling group that is associated with an Amazon EKS managed
165
239
  # node group.
166
240
  #
@@ -815,7 +889,7 @@ module Aws::EKS
815
889
  #
816
890
  #
817
891
  #
818
- # [1]: https://docs.aws.amazon.com/managed-node-groups.html#managed-node-group-capacity-types
892
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types
819
893
  # [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
820
894
  # @return [Array<String>]
821
895
  #
@@ -850,17 +924,16 @@ module Aws::EKS
850
924
  # @!attribute [rw] node_role
851
925
  # The Amazon Resource Name (ARN) of the IAM role to associate with
852
926
  # your node group. The Amazon EKS worker node `kubelet` daemon makes
853
- # calls to AWS APIs on your behalf. Worker nodes receive permissions
854
- # for these API calls through an IAM instance profile and associated
855
- # policies. Before you can launch worker nodes and register them into
856
- # a cluster, you must create an IAM role for those worker nodes to use
857
- # when they are launched. For more information, see [Amazon EKS Worker
858
- # Node IAM Role][1] in the <i> <i>Amazon EKS User Guide</i> </i>. If
859
- # you specify `launchTemplate`, then don't specify [
860
- # `IamInstanceProfile` ][2] in your launch template, or the node group
861
- # deployment will fail. For more information about using launch
862
- # templates with Amazon EKS, see [Launch template support][3] in the
863
- # Amazon EKS User Guide.
927
+ # calls to AWS APIs on your behalf. Nodes receive permissions for
928
+ # these API calls through an IAM instance profile and associated
929
+ # policies. Before you can launch nodes and register them into a
930
+ # cluster, you must create an IAM role for those nodes to use when
931
+ # they are launched. For more information, see [Amazon EKS node IAM
932
+ # role][1] in the <i> <i>Amazon EKS User Guide</i> </i>. If you
933
+ # specify `launchTemplate`, then don't specify [ `IamInstanceProfile`
934
+ # ][2] in your launch template, or the node group deployment will
935
+ # fail. For more information about using launch templates with Amazon
936
+ # EKS, see [Launch template support][3] in the Amazon EKS User Guide.
864
937
  #
865
938
  #
866
939
  #
@@ -1307,6 +1380,48 @@ module Aws::EKS
1307
1380
  include Aws::Structure
1308
1381
  end
1309
1382
 
1383
+ # @note When making an API call, you may pass DescribeIdentityProviderConfigRequest
1384
+ # data as a hash:
1385
+ #
1386
+ # {
1387
+ # cluster_name: "String", # required
1388
+ # identity_provider_config: { # required
1389
+ # type: "String", # required
1390
+ # name: "String", # required
1391
+ # },
1392
+ # }
1393
+ #
1394
+ # @!attribute [rw] cluster_name
1395
+ # The cluster name that the identity provider configuration is
1396
+ # associated to.
1397
+ # @return [String]
1398
+ #
1399
+ # @!attribute [rw] identity_provider_config
1400
+ # An object that represents an identity provider configuration.
1401
+ # @return [Types::IdentityProviderConfig]
1402
+ #
1403
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeIdentityProviderConfigRequest AWS API Documentation
1404
+ #
1405
+ class DescribeIdentityProviderConfigRequest < Struct.new(
1406
+ :cluster_name,
1407
+ :identity_provider_config)
1408
+ SENSITIVE = []
1409
+ include Aws::Structure
1410
+ end
1411
+
1412
+ # @!attribute [rw] identity_provider_config
1413
+ # The object that represents an OpenID Connect (OIDC) identity
1414
+ # provider configuration.
1415
+ # @return [Types::IdentityProviderConfigResponse]
1416
+ #
1417
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeIdentityProviderConfigResponse AWS API Documentation
1418
+ #
1419
+ class DescribeIdentityProviderConfigResponse < Struct.new(
1420
+ :identity_provider_config)
1421
+ SENSITIVE = []
1422
+ include Aws::Structure
1423
+ end
1424
+
1310
1425
  # @note When making an API call, you may pass DescribeNodegroupRequest
1311
1426
  # data as a hash:
1312
1427
  #
@@ -1398,6 +1513,56 @@ module Aws::EKS
1398
1513
  include Aws::Structure
1399
1514
  end
1400
1515
 
1516
+ # @note When making an API call, you may pass DisassociateIdentityProviderConfigRequest
1517
+ # data as a hash:
1518
+ #
1519
+ # {
1520
+ # cluster_name: "String", # required
1521
+ # identity_provider_config: { # required
1522
+ # type: "String", # required
1523
+ # name: "String", # required
1524
+ # },
1525
+ # client_request_token: "String",
1526
+ # }
1527
+ #
1528
+ # @!attribute [rw] cluster_name
1529
+ # The name of the cluster to disassociate an identity provider from.
1530
+ # @return [String]
1531
+ #
1532
+ # @!attribute [rw] identity_provider_config
1533
+ # An object that represents an identity provider configuration.
1534
+ # @return [Types::IdentityProviderConfig]
1535
+ #
1536
+ # @!attribute [rw] client_request_token
1537
+ # A unique, case-sensitive identifier that you provide to ensure the
1538
+ # idempotency of the request.
1539
+ #
1540
+ # **A suitable default value is auto-generated.** You should normally
1541
+ # not need to pass this option.
1542
+ # @return [String]
1543
+ #
1544
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateIdentityProviderConfigRequest AWS API Documentation
1545
+ #
1546
+ class DisassociateIdentityProviderConfigRequest < Struct.new(
1547
+ :cluster_name,
1548
+ :identity_provider_config,
1549
+ :client_request_token)
1550
+ SENSITIVE = []
1551
+ include Aws::Structure
1552
+ end
1553
+
1554
+ # @!attribute [rw] update
1555
+ # An object representing an asynchronous update.
1556
+ # @return [Types::Update]
1557
+ #
1558
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateIdentityProviderConfigResponse AWS API Documentation
1559
+ #
1560
+ class DisassociateIdentityProviderConfigResponse < Struct.new(
1561
+ :update)
1562
+ SENSITIVE = []
1563
+ include Aws::Structure
1564
+ end
1565
+
1401
1566
  # The encryption configuration for the cluster.
1402
1567
  #
1403
1568
  # @note When making an API call, you may pass EncryptionConfig
@@ -1574,12 +1739,11 @@ module Aws::EKS
1574
1739
  include Aws::Structure
1575
1740
  end
1576
1741
 
1577
- # An object representing an identity provider for authentication
1578
- # credentials.
1742
+ # An object representing an identity provider.
1579
1743
  #
1580
1744
  # @!attribute [rw] oidc
1581
- # The [OpenID Connect][1] identity provider information for the
1582
- # cluster.
1745
+ # An object representing the [OpenID Connect][1] identity provider
1746
+ # information.
1583
1747
  #
1584
1748
  #
1585
1749
  #
@@ -1594,6 +1758,48 @@ module Aws::EKS
1594
1758
  include Aws::Structure
1595
1759
  end
1596
1760
 
1761
+ # An object representing an identity provider configuration.
1762
+ #
1763
+ # @note When making an API call, you may pass IdentityProviderConfig
1764
+ # data as a hash:
1765
+ #
1766
+ # {
1767
+ # type: "String", # required
1768
+ # name: "String", # required
1769
+ # }
1770
+ #
1771
+ # @!attribute [rw] type
1772
+ # The type of the identity provider configuration.
1773
+ # @return [String]
1774
+ #
1775
+ # @!attribute [rw] name
1776
+ # The name of the identity provider configuration.
1777
+ # @return [String]
1778
+ #
1779
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/IdentityProviderConfig AWS API Documentation
1780
+ #
1781
+ class IdentityProviderConfig < Struct.new(
1782
+ :type,
1783
+ :name)
1784
+ SENSITIVE = []
1785
+ include Aws::Structure
1786
+ end
1787
+
1788
+ # An object that represents an identity configuration.
1789
+ #
1790
+ # @!attribute [rw] oidc
1791
+ # An object that represents an OpenID Connect (OIDC) identity provider
1792
+ # configuration.
1793
+ # @return [Types::OidcIdentityProviderConfig]
1794
+ #
1795
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/IdentityProviderConfigResponse AWS API Documentation
1796
+ #
1797
+ class IdentityProviderConfigResponse < Struct.new(
1798
+ :oidc)
1799
+ SENSITIVE = []
1800
+ include Aws::Structure
1801
+ end
1802
+
1597
1803
  # The specified parameter is invalid. Review the available parameters
1598
1804
  # for the API request.
1599
1805
  #
@@ -1721,8 +1927,8 @@ module Aws::EKS
1721
1927
  #
1722
1928
  # * **NodeCreationFailure**\: Your launched instances are unable to
1723
1929
  # register with your Amazon EKS cluster. Common causes of this
1724
- # failure are insufficient [worker node IAM role][2] permissions or
1725
- # lack of outbound internet access for the nodes.
1930
+ # failure are insufficient [node IAM role][2] permissions or lack of
1931
+ # outbound internet access for the nodes.
1726
1932
  #
1727
1933
  #
1728
1934
  #
@@ -2060,6 +2266,71 @@ module Aws::EKS
2060
2266
  include Aws::Structure
2061
2267
  end
2062
2268
 
2269
+ # @note When making an API call, you may pass ListIdentityProviderConfigsRequest
2270
+ # data as a hash:
2271
+ #
2272
+ # {
2273
+ # cluster_name: "String", # required
2274
+ # max_results: 1,
2275
+ # next_token: "String",
2276
+ # }
2277
+ #
2278
+ # @!attribute [rw] cluster_name
2279
+ # The cluster name that you want to list identity provider
2280
+ # configurations for.
2281
+ # @return [String]
2282
+ #
2283
+ # @!attribute [rw] max_results
2284
+ # The maximum number of identity provider configurations returned by
2285
+ # `ListIdentityProviderConfigs` in paginated output. When you use this
2286
+ # parameter, `ListIdentityProviderConfigs` returns only `maxResults`
2287
+ # results in a single page along with a `nextToken` response element.
2288
+ # You can see the remaining results of the initial request by sending
2289
+ # another `ListIdentityProviderConfigs` request with the returned
2290
+ # `nextToken` value. This value can be between 1 and 100. If you
2291
+ # don't use this parameter, `ListIdentityProviderConfigs` returns up
2292
+ # to 100 results and a `nextToken` value, if applicable.
2293
+ # @return [Integer]
2294
+ #
2295
+ # @!attribute [rw] next_token
2296
+ # The `nextToken` value returned from a previous paginated
2297
+ # `IdentityProviderConfigsRequest` where `maxResults` was used and the
2298
+ # results exceeded the value of that parameter. Pagination continues
2299
+ # from the end of the previous results that returned the `nextToken`
2300
+ # value.
2301
+ # @return [String]
2302
+ #
2303
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsRequest AWS API Documentation
2304
+ #
2305
+ class ListIdentityProviderConfigsRequest < Struct.new(
2306
+ :cluster_name,
2307
+ :max_results,
2308
+ :next_token)
2309
+ SENSITIVE = []
2310
+ include Aws::Structure
2311
+ end
2312
+
2313
+ # @!attribute [rw] identity_provider_configs
2314
+ # The identity provider configurations for the cluster.
2315
+ # @return [Array<Types::IdentityProviderConfig>]
2316
+ #
2317
+ # @!attribute [rw] next_token
2318
+ # The `nextToken` value returned from a previous paginated
2319
+ # `ListIdentityProviderConfigsResponse` where `maxResults` was used
2320
+ # and the results exceeded the value of that parameter. Pagination
2321
+ # continues from the end of the previous results that returned the
2322
+ # `nextToken` value.
2323
+ # @return [String]
2324
+ #
2325
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsResponse AWS API Documentation
2326
+ #
2327
+ class ListIdentityProviderConfigsResponse < Struct.new(
2328
+ :identity_provider_configs,
2329
+ :next_token)
2330
+ SENSITIVE = []
2331
+ include Aws::Structure
2332
+ end
2333
+
2063
2334
  # @note When making an API call, you may pass ListNodegroupsRequest
2064
2335
  # data as a hash:
2065
2336
  #
@@ -2365,10 +2636,10 @@ module Aws::EKS
2365
2636
  # @return [String]
2366
2637
  #
2367
2638
  # @!attribute [rw] node_role
2368
- # The IAM role associated with your node group. The Amazon EKS worker
2369
- # node `kubelet` daemon makes calls to AWS APIs on your behalf. Worker
2370
- # nodes receive permissions for these API calls through an IAM
2371
- # instance profile and associated policies.
2639
+ # The IAM role associated with your node group. The Amazon EKS node
2640
+ # `kubelet` daemon makes calls to AWS APIs on your behalf. Nodes
2641
+ # receive permissions for these API calls through an IAM instance
2642
+ # profile and associated policies.
2372
2643
  # @return [String]
2373
2644
  #
2374
2645
  # @!attribute [rw] labels
@@ -2461,7 +2732,7 @@ module Aws::EKS
2461
2732
  #
2462
2733
  # @!attribute [rw] remote_access_security_group
2463
2734
  # The remote access security group associated with the node group.
2464
- # This security group controls SSH access to the worker nodes.
2735
+ # This security group controls SSH access to the nodes.
2465
2736
  # @return [String]
2466
2737
  #
2467
2738
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupResources AWS API Documentation
@@ -2488,19 +2759,24 @@ module Aws::EKS
2488
2759
  # }
2489
2760
  #
2490
2761
  # @!attribute [rw] min_size
2491
- # The minimum number of worker nodes that the managed node group can
2492
- # scale in to. This number must be greater than zero.
2762
+ # The minimum number of nodes that the managed node group can scale in
2763
+ # to. This number must be greater than zero.
2493
2764
  # @return [Integer]
2494
2765
  #
2495
2766
  # @!attribute [rw] max_size
2496
- # The maximum number of worker nodes that the managed node group can
2497
- # scale out to. Managed node groups can support up to 100 nodes by
2498
- # default.
2767
+ # The maximum number of nodes that the managed node group can scale
2768
+ # out to. For information about the maximum number that you can
2769
+ # specify, see [Amazon EKS service quotas][1] in the *Amazon EKS User
2770
+ # Guide*.
2771
+ #
2772
+ #
2773
+ #
2774
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html
2499
2775
  # @return [Integer]
2500
2776
  #
2501
2777
  # @!attribute [rw] desired_size
2502
- # The current number of worker nodes that the managed node group
2503
- # should maintain.
2778
+ # The current number of nodes that the managed node group should
2779
+ # maintain.
2504
2780
  # @return [Integer]
2505
2781
  #
2506
2782
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupScalingConfig AWS API Documentation
@@ -2527,15 +2803,15 @@ module Aws::EKS
2527
2803
  include Aws::Structure
2528
2804
  end
2529
2805
 
2530
- # An object representing the [OpenID Connect][1] identity provider
2531
- # information for the cluster.
2806
+ # An object representing the [OpenID Connect][1] (OIDC) identity
2807
+ # provider information for the cluster.
2532
2808
  #
2533
2809
  #
2534
2810
  #
2535
2811
  # [1]: https://openid.net/connect/
2536
2812
  #
2537
2813
  # @!attribute [rw] issuer
2538
- # The issuer URL for the OpenID Connect identity provider.
2814
+ # The issuer URL for the OIDC identity provider.
2539
2815
  # @return [String]
2540
2816
  #
2541
2817
  # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OIDC AWS API Documentation
@@ -2546,6 +2822,187 @@ module Aws::EKS
2546
2822
  include Aws::Structure
2547
2823
  end
2548
2824
 
2825
+ # An object that represents the configuration for an OpenID Connect
2826
+ # (OIDC) identity provider.
2827
+ #
2828
+ # @!attribute [rw] identity_provider_config_name
2829
+ # The name of the configuration.
2830
+ # @return [String]
2831
+ #
2832
+ # @!attribute [rw] identity_provider_config_arn
2833
+ # The ARN of the configuration.
2834
+ # @return [String]
2835
+ #
2836
+ # @!attribute [rw] cluster_name
2837
+ # The cluster that the configuration is associated to.
2838
+ # @return [String]
2839
+ #
2840
+ # @!attribute [rw] issuer_url
2841
+ # The URL of the OIDC identity provider that allows the API server to
2842
+ # discover public signing keys for verifying tokens.
2843
+ # @return [String]
2844
+ #
2845
+ # @!attribute [rw] client_id
2846
+ # This is also known as *audience*. The ID of the client application
2847
+ # that makes authentication requests to the OIDC identity provider.
2848
+ # @return [String]
2849
+ #
2850
+ # @!attribute [rw] username_claim
2851
+ # The JSON Web token (JWT) claim that is used as the username.
2852
+ # @return [String]
2853
+ #
2854
+ # @!attribute [rw] username_prefix
2855
+ # The prefix that is prepended to username claims to prevent clashes
2856
+ # with existing names. The prefix can't contain `system:`
2857
+ # @return [String]
2858
+ #
2859
+ # @!attribute [rw] groups_claim
2860
+ # The JSON web token (JWT) claim that the provider uses to return your
2861
+ # groups.
2862
+ # @return [String]
2863
+ #
2864
+ # @!attribute [rw] groups_prefix
2865
+ # The prefix that is prepended to group claims to prevent clashes with
2866
+ # existing names (such as `system:` groups). For example, the value`
2867
+ # oidc:` creates group names like `oidc:engineering` and `oidc:infra`.
2868
+ # The prefix can't contain `system:`
2869
+ # @return [String]
2870
+ #
2871
+ # @!attribute [rw] required_claims
2872
+ # The key-value pairs that describe required claims in the identity
2873
+ # token. If set, each claim is verified to be present in the token
2874
+ # with a matching value.
2875
+ # @return [Hash<String,String>]
2876
+ #
2877
+ # @!attribute [rw] tags
2878
+ # The metadata to apply to the provider configuration to assist with
2879
+ # categorization and organization. Each tag consists of a key and an
2880
+ # optional value, both of which you defined.
2881
+ # @return [Hash<String,String>]
2882
+ #
2883
+ # @!attribute [rw] status
2884
+ # The status of the OIDC identity provider.
2885
+ # @return [String]
2886
+ #
2887
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OidcIdentityProviderConfig AWS API Documentation
2888
+ #
2889
+ class OidcIdentityProviderConfig < Struct.new(
2890
+ :identity_provider_config_name,
2891
+ :identity_provider_config_arn,
2892
+ :cluster_name,
2893
+ :issuer_url,
2894
+ :client_id,
2895
+ :username_claim,
2896
+ :username_prefix,
2897
+ :groups_claim,
2898
+ :groups_prefix,
2899
+ :required_claims,
2900
+ :tags,
2901
+ :status)
2902
+ SENSITIVE = []
2903
+ include Aws::Structure
2904
+ end
2905
+
2906
+ # An object representing an OpenID Connect (OIDC) configuration. Before
2907
+ # associating an OIDC identity provider to your cluster, review the
2908
+ # considerations in [Authenticating users for your cluster from an
2909
+ # OpenID Connect identity provider][1] in the *Amazon EKS User Guide*.
2910
+ #
2911
+ #
2912
+ #
2913
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html
2914
+ #
2915
+ # @note When making an API call, you may pass OidcIdentityProviderConfigRequest
2916
+ # data as a hash:
2917
+ #
2918
+ # {
2919
+ # identity_provider_config_name: "String", # required
2920
+ # issuer_url: "String", # required
2921
+ # client_id: "String", # required
2922
+ # username_claim: "String",
2923
+ # username_prefix: "String",
2924
+ # groups_claim: "String",
2925
+ # groups_prefix: "String",
2926
+ # required_claims: {
2927
+ # "requiredClaimsKey" => "requiredClaimsValue",
2928
+ # },
2929
+ # }
2930
+ #
2931
+ # @!attribute [rw] identity_provider_config_name
2932
+ # The name of the OIDC provider configuration.
2933
+ # @return [String]
2934
+ #
2935
+ # @!attribute [rw] issuer_url
2936
+ # The URL of the OpenID identity provider that allows the API server
2937
+ # to discover public signing keys for verifying tokens. The URL must
2938
+ # begin with `https://` and should correspond to the `iss` claim in
2939
+ # the provider's OIDC ID tokens. Per the OIDC standard, path
2940
+ # components are allowed but query parameters are not. Typically the
2941
+ # URL consists of only a hostname, like `https://server.example.org`
2942
+ # or `https://example.com`. This URL should point to the level below
2943
+ # `.well-known/openid-configuration` and must be publicly accessible
2944
+ # over the internet.
2945
+ # @return [String]
2946
+ #
2947
+ # @!attribute [rw] client_id
2948
+ # This is also known as *audience*. The ID for the client application
2949
+ # that makes authentication requests to the OpenID identity provider.
2950
+ # @return [String]
2951
+ #
2952
+ # @!attribute [rw] username_claim
2953
+ # The JSON Web Token (JWT) claim to use as the username. The default
2954
+ # is `sub`, which is expected to be a unique identifier of the end
2955
+ # user. You can choose other claims, such as `email` or `name`,
2956
+ # depending on the OpenID identity provider. Claims other than `email`
2957
+ # are prefixed with the issuer URL to prevent naming clashes with
2958
+ # other plug-ins.
2959
+ # @return [String]
2960
+ #
2961
+ # @!attribute [rw] username_prefix
2962
+ # The prefix that is prepended to username claims to prevent clashes
2963
+ # with existing names. If you do not provide this field, and
2964
+ # `username` is a value other than `email`, the prefix defaults to
2965
+ # `issuerurl#`. You can use the value `-` to disable all prefixing.
2966
+ # @return [String]
2967
+ #
2968
+ # @!attribute [rw] groups_claim
2969
+ # The JWT claim that the provider uses to return your groups.
2970
+ # @return [String]
2971
+ #
2972
+ # @!attribute [rw] groups_prefix
2973
+ # The prefix that is prepended to group claims to prevent clashes with
2974
+ # existing names (such as `system:` groups). For example, the value`
2975
+ # oidc:` will create group names like `oidc:engineering` and
2976
+ # `oidc:infra`.
2977
+ # @return [String]
2978
+ #
2979
+ # @!attribute [rw] required_claims
2980
+ # The key value pairs that describe required claims in the identity
2981
+ # token. If set, each claim is verified to be present in the token
2982
+ # with a matching value. For the maximum number of claims that you can
2983
+ # require, see [Amazon EKS service quotas][1] in the *Amazon EKS User
2984
+ # Guide*.
2985
+ #
2986
+ #
2987
+ #
2988
+ # [1]: https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html
2989
+ # @return [Hash<String,String>]
2990
+ #
2991
+ # @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OidcIdentityProviderConfigRequest AWS API Documentation
2992
+ #
2993
+ class OidcIdentityProviderConfigRequest < Struct.new(
2994
+ :identity_provider_config_name,
2995
+ :issuer_url,
2996
+ :client_id,
2997
+ :username_claim,
2998
+ :username_prefix,
2999
+ :groups_claim,
3000
+ :groups_prefix,
3001
+ :required_claims)
3002
+ SENSITIVE = []
3003
+ include Aws::Structure
3004
+ end
3005
+
2549
3006
  # Identifies the AWS Key Management Service (AWS KMS) customer master
2550
3007
  # key (CMK) used to encrypt the secrets.
2551
3008
  #
@@ -2590,9 +3047,9 @@ module Aws::EKS
2590
3047
  #
2591
3048
  # @!attribute [rw] ec2_ssh_key
2592
3049
  # The Amazon EC2 SSH key that provides access for SSH communication
2593
- # with the worker nodes in the managed node group. For more
2594
- # information, see [Amazon EC2 Key Pairs][1] in the *Amazon Elastic
2595
- # Compute Cloud User Guide for Linux Instances*.
3050
+ # with the nodes in the managed node group. For more information, see
3051
+ # [Amazon EC2 Key Pairs][1] in the *Amazon Elastic Compute Cloud User
3052
+ # Guide for Linux Instances*.
2596
3053
  #
2597
3054
  #
2598
3055
  #
@@ -2601,11 +3058,11 @@ module Aws::EKS
2601
3058
  #
2602
3059
  # @!attribute [rw] source_security_groups
2603
3060
  # The security groups that are allowed SSH access (port 22) to the
2604
- # worker nodes. If you specify an Amazon EC2 SSH key but do not
2605
- # specify a source security group when you create a managed node
2606
- # group, then port 22 on the worker nodes is opened to the internet
2607
- # (0.0.0.0/0). For more information, see [Security Groups for Your
2608
- # VPC][1] in the *Amazon Virtual Private Cloud User Guide*.
3061
+ # nodes. If you specify an Amazon EC2 SSH key but do not specify a
3062
+ # source security group when you create a managed node group, then
3063
+ # port 22 on the nodes is opened to the internet (0.0.0.0/0). For more
3064
+ # information, see [Security Groups for Your VPC][1] in the *Amazon
3065
+ # Virtual Private Cloud User Guide*.
2609
3066
  #
2610
3067
  #
2611
3068
  #
@@ -3348,19 +3805,18 @@ module Aws::EKS
3348
3805
  # }
3349
3806
  #
3350
3807
  # @!attribute [rw] subnet_ids
3351
- # Specify subnets for your Amazon EKS worker nodes. Amazon EKS creates
3808
+ # Specify subnets for your Amazon EKS nodes. Amazon EKS creates
3352
3809
  # cross-account elastic network interfaces in these subnets to allow
3353
- # communication between your worker nodes and the Kubernetes control
3354
- # plane.
3810
+ # communication between your nodes and the Kubernetes control plane.
3355
3811
  # @return [Array<String>]
3356
3812
  #
3357
3813
  # @!attribute [rw] security_group_ids
3358
3814
  # Specify one or more security groups for the cross-account elastic
3359
3815
  # network interfaces that Amazon EKS creates to use to allow
3360
- # communication between your worker nodes and the Kubernetes control
3361
- # plane. If you don't specify any security groups, then familiarize
3362
- # yourself with the difference between Amazon EKS defaults for
3363
- # clusters deployed with Kubernetes:
3816
+ # communication between your nodes and the Kubernetes control plane.
3817
+ # If you don't specify any security groups, then familiarize yourself
3818
+ # with the difference between Amazon EKS defaults for clusters
3819
+ # deployed with Kubernetes:
3364
3820
  #
3365
3821
  # * 1\.14 Amazon EKS platform version `eks.2` and earlier
3366
3822
  #
@@ -3394,12 +3850,12 @@ module Aws::EKS
3394
3850
  # access, Kubernetes API requests from within your cluster's VPC use
3395
3851
  # the private VPC endpoint. The default value for this parameter is
3396
3852
  # `false`, which disables private access for your Kubernetes API
3397
- # server. If you disable private access and you have worker nodes or
3398
- # AWS Fargate pods in the cluster, then ensure that
3399
- # `publicAccessCidrs` includes the necessary CIDR blocks for
3400
- # communication with the worker nodes or Fargate pods. For more
3401
- # information, see [Amazon EKS Cluster Endpoint Access Control][1] in
3402
- # the <i> <i>Amazon EKS User Guide</i> </i>.
3853
+ # server. If you disable private access and you have nodes or AWS
3854
+ # Fargate pods in the cluster, then ensure that `publicAccessCidrs`
3855
+ # includes the necessary CIDR blocks for communication with the nodes
3856
+ # or Fargate pods. For more information, see [Amazon EKS Cluster
3857
+ # Endpoint Access Control][1] in the <i> <i>Amazon EKS User Guide</i>
3858
+ # </i>.
3403
3859
  #
3404
3860
  #
3405
3861
  #
@@ -3411,8 +3867,8 @@ module Aws::EKS
3411
3867
  # Kubernetes API server endpoint. Communication to the endpoint from
3412
3868
  # addresses outside of the CIDR blocks that you specify is denied. The
3413
3869
  # default value is `0.0.0.0/0`. If you've disabled private endpoint
3414
- # access and you have worker nodes or AWS Fargate pods in the cluster,
3415
- # then ensure that you specify the necessary CIDR blocks. For more
3870
+ # access and you have nodes or AWS Fargate pods in the cluster, then
3871
+ # ensure that you specify the necessary CIDR blocks. For more
3416
3872
  # information, see [Amazon EKS Cluster Endpoint Access Control][1] in
3417
3873
  # the <i> <i>Amazon EKS User Guide</i> </i>.
3418
3874
  #
@@ -3443,7 +3899,7 @@ module Aws::EKS
3443
3899
  # @!attribute [rw] security_group_ids
3444
3900
  # The security groups associated with the cross-account elastic
3445
3901
  # network interfaces that are used to allow communication between your
3446
- # worker nodes and the Kubernetes control plane.
3902
+ # nodes and the Kubernetes control plane.
3447
3903
  # @return [Array<String>]
3448
3904
  #
3449
3905
  # @!attribute [rw] cluster_security_group_id
@@ -3468,12 +3924,12 @@ module Aws::EKS
3468
3924
  # endpoint is enabled. If the Amazon EKS private API server endpoint
3469
3925
  # is enabled, Kubernetes API requests that originate from within your
3470
3926
  # cluster's VPC use the private VPC endpoint instead of traversing
3471
- # the internet. If this value is disabled and you have worker nodes or
3472
- # AWS Fargate pods in the cluster, then ensure that
3473
- # `publicAccessCidrs` includes the necessary CIDR blocks for
3474
- # communication with the worker nodes or Fargate pods. For more
3475
- # information, see [Amazon EKS Cluster Endpoint Access Control][1] in
3476
- # the <i> <i>Amazon EKS User Guide</i> </i>.
3927
+ # the internet. If this value is disabled and you have nodes or AWS
3928
+ # Fargate pods in the cluster, then ensure that `publicAccessCidrs`
3929
+ # includes the necessary CIDR blocks for communication with the nodes
3930
+ # or Fargate pods. For more information, see [Amazon EKS Cluster
3931
+ # Endpoint Access Control][1] in the <i> <i>Amazon EKS User Guide</i>
3932
+ # </i>.
3477
3933
  #
3478
3934
  #
3479
3935
  #
@@ -3485,10 +3941,10 @@ module Aws::EKS
3485
3941
  # Kubernetes API server endpoint. Communication to the endpoint from
3486
3942
  # addresses outside of the listed CIDR blocks is denied. The default
3487
3943
  # value is `0.0.0.0/0`. If you've disabled private endpoint access
3488
- # and you have worker nodes or AWS Fargate pods in the cluster, then
3489
- # ensure that the necessary CIDR blocks are listed. For more
3490
- # information, see [Amazon EKS Cluster Endpoint Access Control][1] in
3491
- # the <i> <i>Amazon EKS User Guide</i> </i>.
3944
+ # and you have nodes or AWS Fargate pods in the cluster, then ensure
3945
+ # that the necessary CIDR blocks are listed. For more information, see
3946
+ # [Amazon EKS Cluster Endpoint Access Control][1] in the <i> <i>Amazon
3947
+ # EKS User Guide</i> </i>.
3492
3948
  #
3493
3949
  #
3494
3950
  #