aws-sdk-qldb 1.13.0 → 1.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b51e45924592dfac1c049a1dfcee8ea7f09ddce77268ac96735a3745459f116
-  data.tar.gz: 9866d74a0ecb2b8201a4197d6d93fb793a3e7fbe97a6f700e6e0103f8dd546b1
+  metadata.gz: b855a08fcf61fe9ab43c75c07bdf8d94e7a0def11d2f33d61608bbab93d099ee
+  data.tar.gz: d3352328214a2cd14a07b6243d7e36322517ad47aa804a81c39056729ff9e119
 SHA512:
-  metadata.gz: 6aabde6d19ab517e73f2628a2cbca09050427ecc89ddbb9c9f20864747040bd9287bf3bdde79f7e189d48850f142ad3a6c7419eb4c6f8706b0bc88f1b3bad2fb
-  data.tar.gz: f02845595d681ab149f1c800b204b131a820e5cc746df3b6ad528a80f3674e115bcef347120e26368b712277f05a1a578a0d524b8caca0ad05b98fcc730cde69
+  metadata.gz: 25e3d4a5839cf6d3aa07f2658746e77d5d61020fc68c3882355d4a7e70844fd1f5c9d50bb1d9b6fd031113434d3b666fefdfec6443c459914db49a195599c5a5
+  data.tar.gz: fc783f746b0f652e372b76da4e26bc3a787d76f2a5728b76995af0627bf877a32e12e1eacb5629de0b30883dabec81a3576c6ff00c2825ff332c6216c88febe2

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.14.0 (2021-05-26)
+------------------
+
+* Feature - Support STANDARD permissions mode in CreateLedger and DescribeLedger. Add UpdateLedgerPermissionsMode to update permissions mode on existing ledgers.
+
 1.13.0 (2021-03-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.13.0
+1.14.0

data/lib/aws-sdk-qldb.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-qldb/customizations'
 # @!group service
 module Aws::QLDB
 
-  GEM_VERSION = '1.13.0'
+  GEM_VERSION = '1.14.0'
 
 end

data/lib/aws-sdk-qldb/client.rb

@@ -384,6 +384,31 @@ module Aws::QLDB
     #
     # @option params [required, String] :permissions_mode
     #   The permissions mode to assign to the ledger that you want to create.
+    #   This parameter can have one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access control
+    #     with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have `SendCommand` permissions for this
+    #     ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
+    #     tables in the specified ledger. This mode disregards any table-level
+    #     or command-level IAM permissions policies that you create for the
+    #     ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables access
+    #     control with finer granularity for ledgers, tables, and PartiQL
+    #     commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands to
+    #     run, you must create IAM permissions policies for specific table
+    #     resources and PartiQL actions, in addition to `SendCommand` API
+    #     permissions for the ledger.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
     #
     # @option params [Boolean] :deletion_protection
     #   The flag that prevents a ledger from being deleted by any user. If not
@@ -402,6 +427,7 @@ module Aws::QLDB
     #   * {Types::CreateLedgerResponse#arn #arn} => String
     #   * {Types::CreateLedgerResponse#state #state} => String
     #   * {Types::CreateLedgerResponse#creation_date_time #creation_date_time} => Time
+    #   * {Types::CreateLedgerResponse#permissions_mode #permissions_mode} => String
     #   * {Types::CreateLedgerResponse#deletion_protection #deletion_protection} => Boolean
     #
     # @example Request syntax with placeholder values
@@ -411,7 +437,7 @@ module Aws::QLDB
     #     tags: {
     #       "TagKey" => "TagValue",
     #     },
-    #     permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL
+    #     permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
     #     deletion_protection: false,
     #   })
     #
@@ -421,6 +447,7 @@ module Aws::QLDB
     #   resp.arn #=> String
     #   resp.state #=> String, one of "CREATING", "ACTIVE", "DELETING", "DELETED"
     #   resp.creation_date_time #=> Time
+    #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
     #   resp.deletion_protection #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedger AWS API Documentation
@@ -576,6 +603,7 @@ module Aws::QLDB
     #   * {Types::DescribeLedgerResponse#arn #arn} => String
     #   * {Types::DescribeLedgerResponse#state #state} => String
     #   * {Types::DescribeLedgerResponse#creation_date_time #creation_date_time} => Time
+    #   * {Types::DescribeLedgerResponse#permissions_mode #permissions_mode} => String
     #   * {Types::DescribeLedgerResponse#deletion_protection #deletion_protection} => Boolean
     #
     # @example Request syntax with placeholder values
@@ -590,6 +618,7 @@ module Aws::QLDB
     #   resp.arn #=> String
     #   resp.state #=> String, one of "CREATING", "ACTIVE", "DELETING", "DELETED"
     #   resp.creation_date_time #=> Time
+    #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
     #   resp.deletion_protection #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedger AWS API Documentation
@@ -1330,6 +1359,67 @@ module Aws::QLDB
       req.send_request(options)
     end
 
+    # Updates the permissions mode of a ledger.
+    #
+    # @option params [required, String] :name
+    #   The name of the ledger.
+    #
+    # @option params [required, String] :permissions_mode
+    #   The permissions mode to assign to the ledger. This parameter can have
+    #   one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access control
+    #     with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have `SendCommand` permissions for this
+    #     ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
+    #     tables in the specified ledger. This mode disregards any table-level
+    #     or command-level IAM permissions policies that you create for the
+    #     ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables access
+    #     control with finer granularity for ledgers, tables, and PartiQL
+    #     commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands to
+    #     run, you must create IAM permissions policies for specific table
+    #     resources and PartiQL actions, in addition to `SendCommand` API
+    #     permissions for the ledger.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
+    #
+    # @return [Types::UpdateLedgerPermissionsModeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateLedgerPermissionsModeResponse#name #name} => String
+    #   * {Types::UpdateLedgerPermissionsModeResponse#arn #arn} => String
+    #   * {Types::UpdateLedgerPermissionsModeResponse#permissions_mode #permissions_mode} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_ledger_permissions_mode({
+    #     name: "LedgerName", # required
+    #     permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.name #=> String
+    #   resp.arn #=> String
+    #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsMode AWS API Documentation
+    #
+    # @overload update_ledger_permissions_mode(params = {})
+    # @param [Hash] params ({})
+    def update_ledger_permissions_mode(params = {}, options = {})
+      req = build_request(:update_ledger_permissions_mode, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -1343,7 +1433,7 @@ module Aws::QLDB
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-qldb'
-      context[:gem_version] = '1.13.0'
+      context[:gem_version] = '1.14.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-qldb/client_api.rb

@@ -90,6 +90,8 @@ module Aws::QLDB
     UniqueId = Shapes::StringShape.new(name: 'UniqueId')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
+    UpdateLedgerPermissionsModeRequest = Shapes::StructureShape.new(name: 'UpdateLedgerPermissionsModeRequest')
+    UpdateLedgerPermissionsModeResponse = Shapes::StructureShape.new(name: 'UpdateLedgerPermissionsModeResponse')
     UpdateLedgerRequest = Shapes::StructureShape.new(name: 'UpdateLedgerRequest')
     UpdateLedgerResponse = Shapes::StructureShape.new(name: 'UpdateLedgerResponse')
     ValueHolder = Shapes::StructureShape.new(name: 'ValueHolder')
@@ -111,6 +113,7 @@ module Aws::QLDB
     CreateLedgerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
     CreateLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
     CreateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
+    CreateLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     CreateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
     CreateLedgerResponse.struct_class = Types::CreateLedgerResponse
 
@@ -138,6 +141,7 @@ module Aws::QLDB
     DescribeLedgerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
     DescribeLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
     DescribeLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
+    DescribeLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     DescribeLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
     DescribeLedgerResponse.struct_class = Types::DescribeLedgerResponse
 
@@ -321,6 +325,15 @@ module Aws::QLDB
 
     UntagResourceResponse.struct_class = Types::UntagResourceResponse
 
+    UpdateLedgerPermissionsModeRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
+    UpdateLedgerPermissionsModeRequest.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, required: true, location_name: "PermissionsMode"))
+    UpdateLedgerPermissionsModeRequest.struct_class = Types::UpdateLedgerPermissionsModeRequest
+
+    UpdateLedgerPermissionsModeResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
+    UpdateLedgerPermissionsModeResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
+    UpdateLedgerPermissionsModeResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
+    UpdateLedgerPermissionsModeResponse.struct_class = Types::UpdateLedgerPermissionsModeResponse
+
     UpdateLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
     UpdateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
     UpdateLedgerRequest.struct_class = Types::UpdateLedgerRequest
@@ -571,6 +584,16 @@ module Aws::QLDB
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
+
+      api.add_operation(:update_ledger_permissions_mode, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateLedgerPermissionsMode"
+        o.http_method = "PATCH"
+        o.http_request_uri = "/ledgers/{name}/permissions-mode"
+        o.input = Shapes::ShapeRef.new(shape: UpdateLedgerPermissionsModeRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateLedgerPermissionsModeResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
     end
 
   end

data/lib/aws-sdk-qldb/types.rb

@@ -55,7 +55,7 @@ module Aws::QLDB
     #         tags: {
     #           "TagKey" => "TagValue",
     #         },
-    #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL
+    #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
     #         deletion_protection: false,
     #       }
     #
@@ -79,7 +79,31 @@ module Aws::QLDB
     #
     # @!attribute [rw] permissions_mode
     #   The permissions mode to assign to the ledger that you want to
-    #   create.
+    #   create. This parameter can have one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access
+    #     control with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have `SendCommand` permissions for this
+    #     ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
+    #     tables in the specified ledger. This mode disregards any
+    #     table-level or command-level IAM permissions policies that you
+    #     create for the ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables
+    #     access control with finer granularity for ledgers, tables, and
+    #     PartiQL commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands
+    #     to run, you must create IAM permissions policies for specific
+    #     table resources and PartiQL actions, in addition to `SendCommand`
+    #     API permissions for the ledger.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] deletion_protection
@@ -124,6 +148,10 @@ module Aws::QLDB
     #   12:00:00 AM January 1, 1970 UTC.)
     #   @return [Time]
     #
+    # @!attribute [rw] permissions_mode
+    #   The permissions mode of the ledger that you created.
+    #   @return [String]
+    #
     # @!attribute [rw] deletion_protection
     #   The flag that prevents a ledger from being deleted by any user. If
     #   not provided on ledger creation, this feature is enabled (`true`) by
@@ -144,6 +172,7 @@ module Aws::QLDB
       :arn,
       :state,
       :creation_date_time,
+      :permissions_mode,
       :deletion_protection)
       SENSITIVE = []
       include Aws::Structure
@@ -281,6 +310,10 @@ module Aws::QLDB
     #   12:00:00 AM January 1, 1970 UTC.)
     #   @return [Time]
     #
+    # @!attribute [rw] permissions_mode
+    #   The permissions mode of the ledger.
+    #   @return [String]
+    #
     # @!attribute [rw] deletion_protection
     #   The flag that prevents a ledger from being deleted by any user. If
     #   not provided on ledger creation, this feature is enabled (`true`) by
@@ -301,6 +334,7 @@ module Aws::QLDB
       :arn,
       :state,
       :creation_date_time,
+      :permissions_mode,
       :deletion_protection)
       SENSITIVE = []
       include Aws::Structure
@@ -1441,6 +1475,78 @@ module Aws::QLDB
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass UpdateLedgerPermissionsModeRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "LedgerName", # required
+    #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the ledger.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_mode
+    #   The permissions mode to assign to the ledger. This parameter can
+    #   have one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access
+    #     control with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have `SendCommand` permissions for this
+    #     ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
+    #     tables in the specified ledger. This mode disregards any
+    #     table-level or command-level IAM permissions policies that you
+    #     create for the ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables
+    #     access control with finer granularity for ledgers, tables, and
+    #     PartiQL commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands
+    #     to run, you must create IAM permissions policies for specific
+    #     table resources and PartiQL actions, in addition to `SendCommand`
+    #     API permissions for the ledger.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeRequest AWS API Documentation
+    #
+    class UpdateLedgerPermissionsModeRequest < Struct.new(
+      :name,
+      :permissions_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the ledger.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) for the ledger.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_mode
+    #   The current permissions mode of the ledger.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeResponse AWS API Documentation
+    #
+    class UpdateLedgerPermissionsModeResponse < Struct.new(
+      :name,
+      :arn,
+      :permissions_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateLedgerRequest
     #   data as a hash:
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-qldb
 version: !ruby/object:Gem::Version
-  version: 1.13.0
+  version: 1.14.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -66,8 +66,8 @@ homepage: https://github.com/aws/aws-sdk-ruby
 licenses:
 - Apache-2.0
 metadata:
-  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-qldb
-  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-qldb/CHANGELOG.md
+  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-qldb
+  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-qldb/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -83,8 +83,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: AWS SDK for Ruby - QLDB