aws-sdk-opensearchservice 1.71.0 → 1.73.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8a0840e68243a282edfe4d82c33a7b284da8ea9cbc1d8fad18881b4c16bec260
-  data.tar.gz: 870f8dacde8679c0926f53ab5fb005d072183250df959516f82bbd0a167f735e
+  metadata.gz: d1939892da503c741327c97db95f99c45d4c8e9060de92d54d296ab052cf4bf8
+  data.tar.gz: dbffaa247fc08dbaed0ecdb382bb2a6f127e6c631dd63199d93396688dbc9985
 SHA512:
-  metadata.gz: edbe791f9578b8b4d15a1a54bdee511121d713df89f0a77754892e72bc0c35e24cceee52cfaabd2887bdc5782003bb2df376f9cfa249a995e32d35ef3c46e08a
-  data.tar.gz: e6e26e56ac8d985f6b085a87c26142d4acf3f448942b99ea7d4d443aff522f2dd7db133113856040e6b64ee348b3357020cf478a9ad258e0e7305160604a811b
+  metadata.gz: c429bc3e38fb6be0936e979c864ba92bb312ca587bfe739c513928c5d699ce5be11c4aa261ed2e6cbd128eb3cdad95c0a46f604f8c1ffe7ba9b8fca797e2dd63
+  data.tar.gz: 5064d64197c4379478fb8f62bef76c7d2649e4789dd68c8a0fe645b16eef46075748f3a226a2d6372bde3dca77eb621c0942b781b5b69cdd7d33a3a855a73dd5

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.73.0 (2025-08-04)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.72.0 (2025-07-31)
+------------------
+
+* Feature - Granular access control support for NEO-SAML with IAMFederation for AOS data source
+
 1.71.0 (2025-07-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.71.0
+1.73.0

data/lib/aws-sdk-opensearchservice/client.rb

@@ -95,8 +95,8 @@ module Aws::OpenSearchService
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials used for authentication. This can be an instance of any one of the
-    #     following classes:
+    #     Your AWS credentials used for authentication. This can be any class that includes and implements
+    #     `Aws::CredentialProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
@@ -124,8 +124,7 @@ module Aws::OpenSearchService
     #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
     #       from the Cognito Identity service.
     #
-    #     When `:credentials` are not configured directly, the following
-    #     locations will be searched for credentials:
+    #     When `:credentials` are not configured directly, the following locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
     #
@@ -139,12 +138,10 @@ module Aws::OpenSearchService
     #
     #     * `~/.aws/config`
     #
-    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
-    #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
-    #       to `true`.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive.
+    #       Construct and pass an instance of `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts. Instance profile credential fetching can be disabled by
+    #       setting `ENV['AWS_EC2_METADATA_DISABLED']` to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -377,8 +374,8 @@ module Aws::OpenSearchService
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     Your Bearer token used for authentication. This can be an instance of any one of the
-    #     following classes:
+    #     Your Bearer token used for authentication. This can be any class that includes and implements
+    #     `Aws::TokenProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
     #       tokens.
@@ -1274,6 +1271,11 @@ module Aws::OpenSearchService
     #         roles_key: "RolesKey",
     #         public_key: "String",
     #       },
+    #       iam_federation_options: {
+    #         enabled: false,
+    #         subject_key: "IAMFederationSubjectKey",
+    #         roles_key: "IAMFederationRolesKey",
+    #       },
     #       anonymous_auth_enabled: false,
     #     },
     #     identity_center_options: {
@@ -1408,6 +1410,9 @@ module Aws::OpenSearchService
     #   resp.domain_status.advanced_security_options.jwt_options.subject_key #=> String
     #   resp.domain_status.advanced_security_options.jwt_options.roles_key #=> String
     #   resp.domain_status.advanced_security_options.jwt_options.public_key #=> String
+    #   resp.domain_status.advanced_security_options.iam_federation_options.enabled #=> Boolean
+    #   resp.domain_status.advanced_security_options.iam_federation_options.subject_key #=> String
+    #   resp.domain_status.advanced_security_options.iam_federation_options.roles_key #=> String
     #   resp.domain_status.advanced_security_options.anonymous_auth_disable_date #=> Time
     #   resp.domain_status.advanced_security_options.anonymous_auth_enabled #=> Boolean
     #   resp.domain_status.identity_center_options.enabled_api_access #=> Boolean
@@ -1872,6 +1877,9 @@ module Aws::OpenSearchService
     #   resp.domain_status.advanced_security_options.jwt_options.subject_key #=> String
     #   resp.domain_status.advanced_security_options.jwt_options.roles_key #=> String
     #   resp.domain_status.advanced_security_options.jwt_options.public_key #=> String
+    #   resp.domain_status.advanced_security_options.iam_federation_options.enabled #=> Boolean
+    #   resp.domain_status.advanced_security_options.iam_federation_options.subject_key #=> String
+    #   resp.domain_status.advanced_security_options.iam_federation_options.roles_key #=> String
     #   resp.domain_status.advanced_security_options.anonymous_auth_disable_date #=> Time
     #   resp.domain_status.advanced_security_options.anonymous_auth_enabled #=> Boolean
     #   resp.domain_status.identity_center_options.enabled_api_access #=> Boolean
@@ -2194,6 +2202,9 @@ module Aws::OpenSearchService
     #   resp.domain_status.advanced_security_options.jwt_options.subject_key #=> String
     #   resp.domain_status.advanced_security_options.jwt_options.roles_key #=> String
     #   resp.domain_status.advanced_security_options.jwt_options.public_key #=> String
+    #   resp.domain_status.advanced_security_options.iam_federation_options.enabled #=> Boolean
+    #   resp.domain_status.advanced_security_options.iam_federation_options.subject_key #=> String
+    #   resp.domain_status.advanced_security_options.iam_federation_options.roles_key #=> String
     #   resp.domain_status.advanced_security_options.anonymous_auth_disable_date #=> Time
     #   resp.domain_status.advanced_security_options.anonymous_auth_enabled #=> Boolean
     #   resp.domain_status.identity_center_options.enabled_api_access #=> Boolean
@@ -2489,6 +2500,9 @@ module Aws::OpenSearchService
     #   resp.domain_config.advanced_security_options.options.jwt_options.subject_key #=> String
     #   resp.domain_config.advanced_security_options.options.jwt_options.roles_key #=> String
     #   resp.domain_config.advanced_security_options.options.jwt_options.public_key #=> String
+    #   resp.domain_config.advanced_security_options.options.iam_federation_options.enabled #=> Boolean
+    #   resp.domain_config.advanced_security_options.options.iam_federation_options.subject_key #=> String
+    #   resp.domain_config.advanced_security_options.options.iam_federation_options.roles_key #=> String
     #   resp.domain_config.advanced_security_options.options.anonymous_auth_disable_date #=> Time
     #   resp.domain_config.advanced_security_options.options.anonymous_auth_enabled #=> Boolean
     #   resp.domain_config.advanced_security_options.status.creation_date #=> Time
@@ -2765,6 +2779,9 @@ module Aws::OpenSearchService
     #   resp.domain_status_list[0].advanced_security_options.jwt_options.subject_key #=> String
     #   resp.domain_status_list[0].advanced_security_options.jwt_options.roles_key #=> String
     #   resp.domain_status_list[0].advanced_security_options.jwt_options.public_key #=> String
+    #   resp.domain_status_list[0].advanced_security_options.iam_federation_options.enabled #=> Boolean
+    #   resp.domain_status_list[0].advanced_security_options.iam_federation_options.subject_key #=> String
+    #   resp.domain_status_list[0].advanced_security_options.iam_federation_options.roles_key #=> String
     #   resp.domain_status_list[0].advanced_security_options.anonymous_auth_disable_date #=> Time
     #   resp.domain_status_list[0].advanced_security_options.anonymous_auth_enabled #=> Boolean
     #   resp.domain_status_list[0].identity_center_options.enabled_api_access #=> Boolean
@@ -2929,6 +2946,9 @@ module Aws::OpenSearchService
     #   resp.dry_run_config.advanced_security_options.jwt_options.subject_key #=> String
     #   resp.dry_run_config.advanced_security_options.jwt_options.roles_key #=> String
     #   resp.dry_run_config.advanced_security_options.jwt_options.public_key #=> String
+    #   resp.dry_run_config.advanced_security_options.iam_federation_options.enabled #=> Boolean
+    #   resp.dry_run_config.advanced_security_options.iam_federation_options.subject_key #=> String
+    #   resp.dry_run_config.advanced_security_options.iam_federation_options.roles_key #=> String
     #   resp.dry_run_config.advanced_security_options.anonymous_auth_disable_date #=> Time
     #   resp.dry_run_config.advanced_security_options.anonymous_auth_enabled #=> Boolean
     #   resp.dry_run_config.identity_center_options.enabled_api_access #=> Boolean
@@ -5207,6 +5227,11 @@ module Aws::OpenSearchService
     #         roles_key: "RolesKey",
     #         public_key: "String",
     #       },
+    #       iam_federation_options: {
+    #         enabled: false,
+    #         subject_key: "IAMFederationSubjectKey",
+    #         roles_key: "IAMFederationRolesKey",
+    #       },
     #       anonymous_auth_enabled: false,
     #     },
     #     identity_center_options: {
@@ -5383,6 +5408,9 @@ module Aws::OpenSearchService
     #   resp.domain_config.advanced_security_options.options.jwt_options.subject_key #=> String
     #   resp.domain_config.advanced_security_options.options.jwt_options.roles_key #=> String
     #   resp.domain_config.advanced_security_options.options.jwt_options.public_key #=> String
+    #   resp.domain_config.advanced_security_options.options.iam_federation_options.enabled #=> Boolean
+    #   resp.domain_config.advanced_security_options.options.iam_federation_options.subject_key #=> String
+    #   resp.domain_config.advanced_security_options.options.iam_federation_options.roles_key #=> String
     #   resp.domain_config.advanced_security_options.options.anonymous_auth_disable_date #=> Time
     #   resp.domain_config.advanced_security_options.options.anonymous_auth_enabled #=> Boolean
     #   resp.domain_config.advanced_security_options.status.creation_date #=> Time
@@ -5815,7 +5843,7 @@ module Aws::OpenSearchService
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-opensearchservice'
-      context[:gem_version] = '1.71.0'
+      context[:gem_version] = '1.73.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-opensearchservice/client_api.rb

@@ -260,6 +260,10 @@ module Aws::OpenSearchService
     GetUpgradeStatusRequest = Shapes::StructureShape.new(name: 'GetUpgradeStatusRequest')
     GetUpgradeStatusResponse = Shapes::StructureShape.new(name: 'GetUpgradeStatusResponse')
     HostedZoneId = Shapes::StringShape.new(name: 'HostedZoneId')
+    IAMFederationOptionsInput = Shapes::StructureShape.new(name: 'IAMFederationOptionsInput')
+    IAMFederationOptionsOutput = Shapes::StructureShape.new(name: 'IAMFederationOptionsOutput')
+    IAMFederationRolesKey = Shapes::StringShape.new(name: 'IAMFederationRolesKey')
+    IAMFederationSubjectKey = Shapes::StringShape.new(name: 'IAMFederationSubjectKey')
     IPAddressType = Shapes::StringShape.new(name: 'IPAddressType')
     IPAddressTypeStatus = Shapes::StructureShape.new(name: 'IPAddressTypeStatus')
     IamIdentityCenterOptions = Shapes::StructureShape.new(name: 'IamIdentityCenterOptions')
@@ -613,6 +617,7 @@ module Aws::OpenSearchService
     AdvancedSecurityOptions.add_member(:internal_user_database_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "InternalUserDatabaseEnabled"))
     AdvancedSecurityOptions.add_member(:saml_options, Shapes::ShapeRef.new(shape: SAMLOptionsOutput, location_name: "SAMLOptions"))
     AdvancedSecurityOptions.add_member(:jwt_options, Shapes::ShapeRef.new(shape: JWTOptionsOutput, location_name: "JWTOptions"))
+    AdvancedSecurityOptions.add_member(:iam_federation_options, Shapes::ShapeRef.new(shape: IAMFederationOptionsOutput, location_name: "IAMFederationOptions"))
     AdvancedSecurityOptions.add_member(:anonymous_auth_disable_date, Shapes::ShapeRef.new(shape: DisableTimestamp, location_name: "AnonymousAuthDisableDate"))
     AdvancedSecurityOptions.add_member(:anonymous_auth_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "AnonymousAuthEnabled"))
     AdvancedSecurityOptions.struct_class = Types::AdvancedSecurityOptions
@@ -622,6 +627,7 @@ module Aws::OpenSearchService
     AdvancedSecurityOptionsInput.add_member(:master_user_options, Shapes::ShapeRef.new(shape: MasterUserOptions, location_name: "MasterUserOptions"))
     AdvancedSecurityOptionsInput.add_member(:saml_options, Shapes::ShapeRef.new(shape: SAMLOptionsInput, location_name: "SAMLOptions"))
     AdvancedSecurityOptionsInput.add_member(:jwt_options, Shapes::ShapeRef.new(shape: JWTOptionsInput, location_name: "JWTOptions"))
+    AdvancedSecurityOptionsInput.add_member(:iam_federation_options, Shapes::ShapeRef.new(shape: IAMFederationOptionsInput, location_name: "IAMFederationOptions"))
     AdvancedSecurityOptionsInput.add_member(:anonymous_auth_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "AnonymousAuthEnabled"))
     AdvancedSecurityOptionsInput.struct_class = Types::AdvancedSecurityOptionsInput
 
@@ -1413,6 +1419,16 @@ module Aws::OpenSearchService
     GetUpgradeStatusResponse.add_member(:upgrade_name, Shapes::ShapeRef.new(shape: UpgradeName, location_name: "UpgradeName"))
     GetUpgradeStatusResponse.struct_class = Types::GetUpgradeStatusResponse
 
+    IAMFederationOptionsInput.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
+    IAMFederationOptionsInput.add_member(:subject_key, Shapes::ShapeRef.new(shape: IAMFederationSubjectKey, location_name: "SubjectKey"))
+    IAMFederationOptionsInput.add_member(:roles_key, Shapes::ShapeRef.new(shape: IAMFederationRolesKey, location_name: "RolesKey"))
+    IAMFederationOptionsInput.struct_class = Types::IAMFederationOptionsInput
+
+    IAMFederationOptionsOutput.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
+    IAMFederationOptionsOutput.add_member(:subject_key, Shapes::ShapeRef.new(shape: IAMFederationSubjectKey, location_name: "SubjectKey"))
+    IAMFederationOptionsOutput.add_member(:roles_key, Shapes::ShapeRef.new(shape: IAMFederationRolesKey, location_name: "RolesKey"))
+    IAMFederationOptionsOutput.struct_class = Types::IAMFederationOptionsOutput
+
     IPAddressTypeStatus.add_member(:options, Shapes::ShapeRef.new(shape: IPAddressType, required: true, location_name: "Options"))
     IPAddressTypeStatus.add_member(:status, Shapes::ShapeRef.new(shape: OptionStatus, required: true, location_name: "Status"))
     IPAddressTypeStatus.struct_class = Types::IPAddressTypeStatus

data/lib/aws-sdk-opensearchservice/types.rb

@@ -367,6 +367,11 @@ module Aws::OpenSearchService
     #   OpenSearch Service.
     #   @return [Types::JWTOptionsOutput]
     #
+    # @!attribute [rw] iam_federation_options
+    #   Container for information about the IAM federation configuration for
+    #   an OpenSearch UI application.
+    #   @return [Types::IAMFederationOptionsOutput]
+    #
     # @!attribute [rw] anonymous_auth_disable_date
     #   Date and time when the migration period will be disabled. Only
     #   necessary when [enabling fine-grained access control on an existing
@@ -394,6 +399,7 @@ module Aws::OpenSearchService
       :internal_user_database_enabled,
       :saml_options,
       :jwt_options,
+      :iam_federation_options,
       :anonymous_auth_disable_date,
       :anonymous_auth_enabled)
       SENSITIVE = []
@@ -430,6 +436,11 @@ module Aws::OpenSearchService
     #   OpenSearch Service.
     #   @return [Types::JWTOptionsInput]
     #
+    # @!attribute [rw] iam_federation_options
+    #   Container for information about the IAM federation configuration for
+    #   an OpenSearch UI application.
+    #   @return [Types::IAMFederationOptionsInput]
+    #
     # @!attribute [rw] anonymous_auth_enabled
     #   True to enable a 30-day migration period during which administrators
     #   can create role mappings. Only necessary when [enabling fine-grained
@@ -448,6 +459,7 @@ module Aws::OpenSearchService
       :master_user_options,
       :saml_options,
       :jwt_options,
+      :iam_federation_options,
       :anonymous_auth_enabled)
       SENSITIVE = []
       include Aws::Structure
@@ -4469,6 +4481,57 @@ module Aws::OpenSearchService
       include Aws::Structure
     end
 
+    # The IAM federation authentication configuration for an Amazon
+    # OpenSearch Service domain.
+    #
+    # @!attribute [rw] enabled
+    #   True to enable IAM federation authentication for a domain.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] subject_key
+    #   Element of the IAM federation assertion to use for the user name.
+    #   Default is `sub`.
+    #   @return [String]
+    #
+    # @!attribute [rw] roles_key
+    #   Element of the IAM federation assertion to use for backend roles.
+    #   Default is `roles`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/opensearch-2021-01-01/IAMFederationOptionsInput AWS API Documentation
+    #
+    class IAMFederationOptionsInput < Struct.new(
+      :enabled,
+      :subject_key,
+      :roles_key)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the IAM federation options configured for the domain.
+    #
+    # @!attribute [rw] enabled
+    #   True if IAM federation is enabled.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] subject_key
+    #   The key used for matching the IAM federation subject attribute.
+    #   @return [String]
+    #
+    # @!attribute [rw] roles_key
+    #   The key used for matching the IAM federation roles attribute.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/opensearch-2021-01-01/IAMFederationOptionsOutput AWS API Documentation
+    #
+    class IAMFederationOptionsOutput < Struct.new(
+      :enabled,
+      :subject_key,
+      :roles_key)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The IP address type status for the domain.
     #
     # @!attribute [rw] options

data/lib/aws-sdk-opensearchservice.rb

@@ -54,7 +54,7 @@ module Aws::OpenSearchService
   autoload :EndpointProvider, 'aws-sdk-opensearchservice/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-opensearchservice/endpoints'
 
-  GEM_VERSION = '1.71.0'
+  GEM_VERSION = '1.73.0'
 
 end
 

data/sig/client.rbs

@@ -362,6 +362,11 @@ module Aws
                                roles_key: ::String?,
                                public_key: ::String?
                              }?,
+                             iam_federation_options: {
+                               enabled: bool?,
+                               subject_key: ::String?,
+                               roles_key: ::String?
+                             }?,
                              anonymous_auth_enabled: bool?
                            },
                            ?identity_center_options: {
@@ -1315,6 +1320,11 @@ module Aws
                                       roles_key: ::String?,
                                       public_key: ::String?
                                     }?,
+                                    iam_federation_options: {
+                                      enabled: bool?,
+                                      subject_key: ::String?,
+                                      roles_key: ::String?
+                                    }?,
                                     anonymous_auth_enabled: bool?
                                   },
                                   ?identity_center_options: {

data/sig/types.rbs

@@ -102,6 +102,7 @@ module Aws::OpenSearchService
       attr_accessor internal_user_database_enabled: bool
       attr_accessor saml_options: Types::SAMLOptionsOutput
       attr_accessor jwt_options: Types::JWTOptionsOutput
+      attr_accessor iam_federation_options: Types::IAMFederationOptionsOutput
       attr_accessor anonymous_auth_disable_date: ::Time
       attr_accessor anonymous_auth_enabled: bool
       SENSITIVE: []
@@ -113,6 +114,7 @@ module Aws::OpenSearchService
       attr_accessor master_user_options: Types::MasterUserOptions
       attr_accessor saml_options: Types::SAMLOptionsInput
       attr_accessor jwt_options: Types::JWTOptionsInput
+      attr_accessor iam_federation_options: Types::IAMFederationOptionsInput
       attr_accessor anonymous_auth_enabled: bool
       SENSITIVE: []
     end
@@ -1133,6 +1135,20 @@ module Aws::OpenSearchService
       SENSITIVE: []
     end
 
+    class IAMFederationOptionsInput
+      attr_accessor enabled: bool
+      attr_accessor subject_key: ::String
+      attr_accessor roles_key: ::String
+      SENSITIVE: []
+    end
+
+    class IAMFederationOptionsOutput
+      attr_accessor enabled: bool
+      attr_accessor subject_key: ::String
+      attr_accessor roles_key: ::String
+      SENSITIVE: []
+    end
+
     class IPAddressTypeStatus
       attr_accessor options: ("ipv4" | "dualstack")
       attr_accessor status: Types::OptionStatus

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-opensearchservice
 version: !ruby/object:Gem::Version
-  version: 1.71.0
+  version: 1.73.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.227.0
+        version: 3.228.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.227.0
+        version: 3.228.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement