aws-sdk-rolesanywhere 1.14.0 → 1.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 10a15c0fede13d1ad9028644bbe1245bfe12a1cfa85b63c219a142fb3b1d6d17
-  data.tar.gz: ba0ce7465c77413722107c92e2d866e7fae8dee5ac4d079013176f3d46420f12
+  metadata.gz: 637cc3eeb39959dfe8ec404f0e487502658182569de79781e61ac5b19f061f2d
+  data.tar.gz: f32773a806ab77450aa6d59b37d9555743668aa4c32d38129da76f184d55273b
 SHA512:
-  metadata.gz: 2bb3a55c995dff380338a622791b2a0c38f450682d89135cab40663502828b9030cbb21c89a6285b1f3875c2dfe48330405dec03903eb3b0592e6e703b5e960b
-  data.tar.gz: 34376dc34533a016ebb285b2e7c98bada99ce344a9868e5af12c12d7d5eb89bb30b56394b16187dd3c8e3fa46fd4ea9d7062ac82d699dc48d99f926b2186bebf
+  metadata.gz: fde4c015e45d4adceed8c7658b4c323d19fb28e8be5bbcdcd04c5c4d9b67d542a3ac3def181b07735089d7d3e11fa8053d55c8a3ff995e2cfc6ebe66feaa970f
+  data.tar.gz: 8f7ee5ab7e9d6da70e735f16ed7e32ff1dde06255aebae05f64a9aab92faea47217bafe87bcbcbd96b62ff1efa52b145def55febb9fcfb632e93fe0b87bb0299

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.15.0 (2024-04-18)
+------------------
+
+* Feature - This release introduces the PutAttributeMapping and DeleteAttributeMapping APIs. IAM Roles Anywhere now provides the capability to define a set of mapping rules, allowing customers to specify which data is extracted from their X.509 end-entity certificates.
+
 1.14.0 (2024-04-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.14.0
+1.15.0

data/lib/aws-sdk-rolesanywhere/client.rb

@@ -453,6 +453,10 @@ module Aws::RolesAnywhere
     #
     # @example Response structure
     #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
     #   resp.profile.created_at #=> Time
     #   resp.profile.created_by #=> String
     #   resp.profile.duration_seconds #=> Integer
@@ -560,6 +564,62 @@ module Aws::RolesAnywhere
       req.send_request(options)
     end
 
+    # Delete an entry from the attribute mapping rules enforced by a given
+    # profile.
+    #
+    # @option params [required, String] :certificate_field
+    #   Fields (x509Subject, x509Issuer and x509SAN) within X.509
+    #   certificates.
+    #
+    # @option params [required, String] :profile_id
+    #   The unique identifier of the profile.
+    #
+    # @option params [Array<String>] :specifiers
+    #   A list of specifiers of a certificate field; for example, CN, OU, UID
+    #   from a Subject.
+    #
+    # @return [Types::DeleteAttributeMappingResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteAttributeMappingResponse#profile #profile} => Types::ProfileDetail
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_attribute_mapping({
+    #     certificate_field: "x509Subject", # required, accepts x509Subject, x509Issuer, x509SAN
+    #     profile_id: "Uuid", # required
+    #     specifiers: ["String"],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
+    #   resp.profile.created_at #=> Time
+    #   resp.profile.created_by #=> String
+    #   resp.profile.duration_seconds #=> Integer
+    #   resp.profile.enabled #=> Boolean
+    #   resp.profile.managed_policy_arns #=> Array
+    #   resp.profile.managed_policy_arns[0] #=> String
+    #   resp.profile.name #=> String
+    #   resp.profile.profile_arn #=> String
+    #   resp.profile.profile_id #=> String
+    #   resp.profile.require_instance_properties #=> Boolean
+    #   resp.profile.role_arns #=> Array
+    #   resp.profile.role_arns[0] #=> String
+    #   resp.profile.session_policy #=> String
+    #   resp.profile.updated_at #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteAttributeMapping AWS API Documentation
+    #
+    # @overload delete_attribute_mapping(params = {})
+    # @param [Hash] params ({})
+    def delete_attribute_mapping(params = {}, options = {})
+      req = build_request(:delete_attribute_mapping, params)
+      req.send_request(options)
+    end
+
     # Deletes a certificate revocation list (CRL).
     #
     # <b>Required permissions: </b> `rolesanywhere:DeleteCrl`.
@@ -616,6 +676,10 @@ module Aws::RolesAnywhere
     #
     # @example Response structure
     #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
     #   resp.profile.created_at #=> Time
     #   resp.profile.created_by #=> String
     #   resp.profile.duration_seconds #=> Integer
@@ -741,6 +805,10 @@ module Aws::RolesAnywhere
     #
     # @example Response structure
     #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
     #   resp.profile.created_at #=> Time
     #   resp.profile.created_by #=> String
     #   resp.profile.duration_seconds #=> Integer
@@ -868,6 +936,10 @@ module Aws::RolesAnywhere
     #
     # @example Response structure
     #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
     #   resp.profile.created_at #=> Time
     #   resp.profile.created_by #=> String
     #   resp.profile.duration_seconds #=> Integer
@@ -993,6 +1065,10 @@ module Aws::RolesAnywhere
     #
     # @example Response structure
     #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
     #   resp.profile.created_at #=> Time
     #   resp.profile.created_by #=> String
     #   resp.profile.duration_seconds #=> Integer
@@ -1256,6 +1332,10 @@ module Aws::RolesAnywhere
     #
     #   resp.next_token #=> String
     #   resp.profiles #=> Array
+    #   resp.profiles[0].attribute_mappings #=> Array
+    #   resp.profiles[0].attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profiles[0].attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profiles[0].attribute_mappings[0].mapping_rules[0].specifier #=> String
     #   resp.profiles[0].created_at #=> Time
     #   resp.profiles[0].created_by #=> String
     #   resp.profiles[0].duration_seconds #=> Integer
@@ -1416,6 +1496,66 @@ module Aws::RolesAnywhere
       req.send_request(options)
     end
 
+    # Put an entry in the attribute mapping rules that will be enforced by a
+    # given profile. A mapping specifies a certificate field and one or more
+    # specifiers that have contextual meanings.
+    #
+    # @option params [required, String] :certificate_field
+    #   Fields (x509Subject, x509Issuer and x509SAN) within X.509
+    #   certificates.
+    #
+    # @option params [required, Array<Types::MappingRule>] :mapping_rules
+    #   A list of mapping entries for every supported specifier or sub-field.
+    #
+    # @option params [required, String] :profile_id
+    #   The unique identifier of the profile.
+    #
+    # @return [Types::PutAttributeMappingResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutAttributeMappingResponse#profile #profile} => Types::ProfileDetail
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_attribute_mapping({
+    #     certificate_field: "x509Subject", # required, accepts x509Subject, x509Issuer, x509SAN
+    #     mapping_rules: [ # required
+    #       {
+    #         specifier: "MappingRuleSpecifierString", # required
+    #       },
+    #     ],
+    #     profile_id: "Uuid", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
+    #   resp.profile.created_at #=> Time
+    #   resp.profile.created_by #=> String
+    #   resp.profile.duration_seconds #=> Integer
+    #   resp.profile.enabled #=> Boolean
+    #   resp.profile.managed_policy_arns #=> Array
+    #   resp.profile.managed_policy_arns[0] #=> String
+    #   resp.profile.name #=> String
+    #   resp.profile.profile_arn #=> String
+    #   resp.profile.profile_id #=> String
+    #   resp.profile.require_instance_properties #=> Boolean
+    #   resp.profile.role_arns #=> Array
+    #   resp.profile.role_arns[0] #=> String
+    #   resp.profile.session_policy #=> String
+    #   resp.profile.updated_at #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/PutAttributeMapping AWS API Documentation
+    #
+    # @overload put_attribute_mapping(params = {})
+    # @param [Hash] params ({})
+    def put_attribute_mapping(params = {}, options = {})
+      req = build_request(:put_attribute_mapping, params)
+      req.send_request(options)
+    end
+
     # Attaches a list of *notification settings* to a trust anchor.
     #
     # A notification setting includes information such as event name,
@@ -1691,6 +1831,10 @@ module Aws::RolesAnywhere
     #
     # @example Response structure
     #
+    #   resp.profile.attribute_mappings #=> Array
+    #   resp.profile.attribute_mappings[0].certificate_field #=> String, one of "x509Subject", "x509Issuer", "x509SAN"
+    #   resp.profile.attribute_mappings[0].mapping_rules #=> Array
+    #   resp.profile.attribute_mappings[0].mapping_rules[0].specifier #=> String
     #   resp.profile.created_at #=> Time
     #   resp.profile.created_by #=> String
     #   resp.profile.duration_seconds #=> Integer
@@ -1792,7 +1936,7 @@ module Aws::RolesAnywhere
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-rolesanywhere'
-      context[:gem_version] = '1.14.0'
+      context[:gem_version] = '1.15.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-rolesanywhere/client_api.rb

@@ -15,8 +15,11 @@ module Aws::RolesAnywhere
 
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AmazonResourceName = Shapes::StringShape.new(name: 'AmazonResourceName')
+    AttributeMapping = Shapes::StructureShape.new(name: 'AttributeMapping')
+    AttributeMappings = Shapes::ListShape.new(name: 'AttributeMappings')
     Blob = Shapes::BlobShape.new(name: 'Blob')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
+    CertificateField = Shapes::StringShape.new(name: 'CertificateField')
     CreateProfileRequest = Shapes::StructureShape.new(name: 'CreateProfileRequest')
     CreateProfileRequestDurationSecondsInteger = Shapes::IntegerShape.new(name: 'CreateProfileRequestDurationSecondsInteger')
     CreateTrustAnchorRequest = Shapes::StructureShape.new(name: 'CreateTrustAnchorRequest')
@@ -25,6 +28,8 @@ module Aws::RolesAnywhere
     CrlDetail = Shapes::StructureShape.new(name: 'CrlDetail')
     CrlDetailResponse = Shapes::StructureShape.new(name: 'CrlDetailResponse')
     CrlDetails = Shapes::ListShape.new(name: 'CrlDetails')
+    DeleteAttributeMappingRequest = Shapes::StructureShape.new(name: 'DeleteAttributeMappingRequest')
+    DeleteAttributeMappingResponse = Shapes::StructureShape.new(name: 'DeleteAttributeMappingResponse')
     ImportCrlRequest = Shapes::StructureShape.new(name: 'ImportCrlRequest')
     ImportCrlRequestCrlDataBlob = Shapes::BlobShape.new(name: 'ImportCrlRequestCrlDataBlob')
     InstanceProperties = Shapes::ListShape.new(name: 'InstanceProperties')
@@ -43,6 +48,9 @@ module Aws::RolesAnywhere
     ListTrustAnchorsResponse = Shapes::StructureShape.new(name: 'ListTrustAnchorsResponse')
     ManagedPolicyList = Shapes::ListShape.new(name: 'ManagedPolicyList')
     ManagedPolicyListMemberString = Shapes::StringShape.new(name: 'ManagedPolicyListMemberString')
+    MappingRule = Shapes::StructureShape.new(name: 'MappingRule')
+    MappingRuleSpecifierString = Shapes::StringShape.new(name: 'MappingRuleSpecifierString')
+    MappingRules = Shapes::ListShape.new(name: 'MappingRules')
     NotificationChannel = Shapes::StringShape.new(name: 'NotificationChannel')
     NotificationEvent = Shapes::StringShape.new(name: 'NotificationEvent')
     NotificationSetting = Shapes::StructureShape.new(name: 'NotificationSetting')
@@ -58,6 +66,8 @@ module Aws::RolesAnywhere
     ProfileDetail = Shapes::StructureShape.new(name: 'ProfileDetail')
     ProfileDetailResponse = Shapes::StructureShape.new(name: 'ProfileDetailResponse')
     ProfileDetails = Shapes::ListShape.new(name: 'ProfileDetails')
+    PutAttributeMappingRequest = Shapes::StructureShape.new(name: 'PutAttributeMappingRequest')
+    PutAttributeMappingResponse = Shapes::StructureShape.new(name: 'PutAttributeMappingResponse')
     PutNotificationSettingsRequest = Shapes::StructureShape.new(name: 'PutNotificationSettingsRequest')
     PutNotificationSettingsResponse = Shapes::StructureShape.new(name: 'PutNotificationSettingsResponse')
     ResetNotificationSettingsRequest = Shapes::StructureShape.new(name: 'ResetNotificationSettingsRequest')
@@ -73,6 +83,7 @@ module Aws::RolesAnywhere
     Source = Shapes::StructureShape.new(name: 'Source')
     SourceData = Shapes::UnionShape.new(name: 'SourceData')
     SourceDataX509CertificateDataString = Shapes::StringShape.new(name: 'SourceDataX509CertificateDataString')
+    SpecifierList = Shapes::ListShape.new(name: 'SpecifierList')
     String = Shapes::StringShape.new(name: 'String')
     SubjectDetail = Shapes::StructureShape.new(name: 'SubjectDetail')
     SubjectDetailResponse = Shapes::StructureShape.new(name: 'SubjectDetailResponse')
@@ -106,6 +117,12 @@ module Aws::RolesAnywhere
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
 
+    AttributeMapping.add_member(:certificate_field, Shapes::ShapeRef.new(shape: CertificateField, location_name: "certificateField"))
+    AttributeMapping.add_member(:mapping_rules, Shapes::ShapeRef.new(shape: MappingRules, location_name: "mappingRules"))
+    AttributeMapping.struct_class = Types::AttributeMapping
+
+    AttributeMappings.member = Shapes::ShapeRef.new(shape: AttributeMapping)
+
     CreateProfileRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: CreateProfileRequestDurationSecondsInteger, location_name: "durationSeconds"))
     CreateProfileRequest.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "enabled"))
     CreateProfileRequest.add_member(:managed_policy_arns, Shapes::ShapeRef.new(shape: ManagedPolicyList, location_name: "managedPolicyArns"))
@@ -148,6 +165,14 @@ module Aws::RolesAnywhere
 
     CrlDetails.member = Shapes::ShapeRef.new(shape: CrlDetail)
 
+    DeleteAttributeMappingRequest.add_member(:certificate_field, Shapes::ShapeRef.new(shape: CertificateField, required: true, location: "querystring", location_name: "certificateField"))
+    DeleteAttributeMappingRequest.add_member(:profile_id, Shapes::ShapeRef.new(shape: Uuid, required: true, location: "uri", location_name: "profileId"))
+    DeleteAttributeMappingRequest.add_member(:specifiers, Shapes::ShapeRef.new(shape: SpecifierList, location: "querystring", location_name: "specifiers"))
+    DeleteAttributeMappingRequest.struct_class = Types::DeleteAttributeMappingRequest
+
+    DeleteAttributeMappingResponse.add_member(:profile, Shapes::ShapeRef.new(shape: ProfileDetail, required: true, location_name: "profile"))
+    DeleteAttributeMappingResponse.struct_class = Types::DeleteAttributeMappingResponse
+
     ImportCrlRequest.add_member(:crl_data, Shapes::ShapeRef.new(shape: ImportCrlRequestCrlDataBlob, required: true, location_name: "crlData"))
     ImportCrlRequest.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "enabled"))
     ImportCrlRequest.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "name"))
@@ -193,6 +218,11 @@ module Aws::RolesAnywhere
 
     ManagedPolicyList.member = Shapes::ShapeRef.new(shape: ManagedPolicyListMemberString)
 
+    MappingRule.add_member(:specifier, Shapes::ShapeRef.new(shape: MappingRuleSpecifierString, required: true, location_name: "specifier"))
+    MappingRule.struct_class = Types::MappingRule
+
+    MappingRules.member = Shapes::ShapeRef.new(shape: MappingRule)
+
     NotificationSetting.add_member(:channel, Shapes::ShapeRef.new(shape: NotificationChannel, location_name: "channel"))
     NotificationSetting.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "enabled"))
     NotificationSetting.add_member(:event, Shapes::ShapeRef.new(shape: NotificationEvent, required: true, location_name: "event"))
@@ -216,6 +246,7 @@ module Aws::RolesAnywhere
 
     NotificationSettings.member = Shapes::ShapeRef.new(shape: NotificationSetting)
 
+    ProfileDetail.add_member(:attribute_mappings, Shapes::ShapeRef.new(shape: AttributeMappings, location_name: "attributeMappings"))
     ProfileDetail.add_member(:created_at, Shapes::ShapeRef.new(shape: SyntheticTimestamp_date_time, location_name: "createdAt"))
     ProfileDetail.add_member(:created_by, Shapes::ShapeRef.new(shape: String, location_name: "createdBy"))
     ProfileDetail.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: Integer, location_name: "durationSeconds"))
@@ -235,6 +266,14 @@ module Aws::RolesAnywhere
 
     ProfileDetails.member = Shapes::ShapeRef.new(shape: ProfileDetail)
 
+    PutAttributeMappingRequest.add_member(:certificate_field, Shapes::ShapeRef.new(shape: CertificateField, required: true, location_name: "certificateField"))
+    PutAttributeMappingRequest.add_member(:mapping_rules, Shapes::ShapeRef.new(shape: MappingRules, required: true, location_name: "mappingRules"))
+    PutAttributeMappingRequest.add_member(:profile_id, Shapes::ShapeRef.new(shape: Uuid, required: true, location: "uri", location_name: "profileId"))
+    PutAttributeMappingRequest.struct_class = Types::PutAttributeMappingRequest
+
+    PutAttributeMappingResponse.add_member(:profile, Shapes::ShapeRef.new(shape: ProfileDetail, required: true, location_name: "profile"))
+    PutAttributeMappingResponse.struct_class = Types::PutAttributeMappingResponse
+
     PutNotificationSettingsRequest.add_member(:notification_settings, Shapes::ShapeRef.new(shape: NotificationSettings, required: true, location_name: "notificationSettings"))
     PutNotificationSettingsRequest.add_member(:trust_anchor_id, Shapes::ShapeRef.new(shape: Uuid, required: true, location_name: "trustAnchorId"))
     PutNotificationSettingsRequest.struct_class = Types::PutNotificationSettingsRequest
@@ -278,6 +317,8 @@ module Aws::RolesAnywhere
     SourceData.add_member_subclass(:unknown, Types::SourceData::Unknown)
     SourceData.struct_class = Types::SourceData
 
+    SpecifierList.member = Shapes::ShapeRef.new(shape: String)
+
     SubjectDetail.add_member(:created_at, Shapes::ShapeRef.new(shape: SyntheticTimestamp_date_time, location_name: "createdAt"))
     SubjectDetail.add_member(:credentials, Shapes::ShapeRef.new(shape: CredentialSummaries, location_name: "credentials"))
     SubjectDetail.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "enabled"))
@@ -400,6 +441,17 @@ module Aws::RolesAnywhere
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:delete_attribute_mapping, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteAttributeMapping"
+        o.http_method = "DELETE"
+        o.http_request_uri = "/profiles/{profileId}/mappings"
+        o.input = Shapes::ShapeRef.new(shape: DeleteAttributeMappingRequest)
+        o.output = Shapes::ShapeRef.new(shape: DeleteAttributeMappingResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:delete_crl, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteCrl"
         o.http_method = "DELETE"
@@ -611,6 +663,17 @@ module Aws::RolesAnywhere
         )
       end)
 
+      api.add_operation(:put_attribute_mapping, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutAttributeMapping"
+        o.http_method = "PUT"
+        o.http_request_uri = "/profiles/{profileId}/mappings"
+        o.input = Shapes::ShapeRef.new(shape: PutAttributeMappingRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutAttributeMappingResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:put_notification_settings, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutNotificationSettings"
         o.http_method = "PATCH"

data/lib/aws-sdk-rolesanywhere/endpoints.rb

@@ -40,6 +40,20 @@ module Aws::RolesAnywhere
       end
     end
 
+    class DeleteAttributeMapping
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::RolesAnywhere::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class DeleteCrl
       def self.build(context)
         unless context.config.regional_endpoint
@@ -306,6 +320,20 @@ module Aws::RolesAnywhere
       end
     end
 
+    class PutAttributeMapping
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::RolesAnywhere::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class PutNotificationSettings
       def self.build(context)
         unless context.config.regional_endpoint

data/lib/aws-sdk-rolesanywhere/plugins/endpoints.rb

@@ -62,6 +62,8 @@ module Aws::RolesAnywhere
             Aws::RolesAnywhere::Endpoints::CreateProfile.build(context)
           when :create_trust_anchor
             Aws::RolesAnywhere::Endpoints::CreateTrustAnchor.build(context)
+          when :delete_attribute_mapping
+            Aws::RolesAnywhere::Endpoints::DeleteAttributeMapping.build(context)
           when :delete_crl
             Aws::RolesAnywhere::Endpoints::DeleteCrl.build(context)
           when :delete_profile
@@ -100,6 +102,8 @@ module Aws::RolesAnywhere
             Aws::RolesAnywhere::Endpoints::ListTagsForResource.build(context)
           when :list_trust_anchors
             Aws::RolesAnywhere::Endpoints::ListTrustAnchors.build(context)
+          when :put_attribute_mapping
+            Aws::RolesAnywhere::Endpoints::PutAttributeMapping.build(context)
           when :put_notification_settings
             Aws::RolesAnywhere::Endpoints::PutNotificationSettings.build(context)
           when :reset_notification_settings

data/lib/aws-sdk-rolesanywhere/types.rb

@@ -23,6 +23,27 @@ module Aws::RolesAnywhere
       include Aws::Structure
     end
 
+    # A mapping applied to the authenticating end-entity certificate.
+    #
+    # @!attribute [rw] certificate_field
+    #   Fields (x509Subject, x509Issuer and x509SAN) within X.509
+    #   certificates.
+    #   @return [String]
+    #
+    # @!attribute [rw] mapping_rules
+    #   A list of mapping entries for every supported specifier or
+    #   sub-field.
+    #   @return [Array<Types::MappingRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/AttributeMapping AWS API Documentation
+    #
+    class AttributeMapping < Struct.new(
+      :certificate_field,
+      :mapping_rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] duration_seconds
     #   Used to determine how long sessions vended using this profile are
     #   valid for. See the `Expiration` section of the [CreateSession API
@@ -223,6 +244,42 @@ module Aws::RolesAnywhere
       include Aws::Structure
     end
 
+    # @!attribute [rw] certificate_field
+    #   Fields (x509Subject, x509Issuer and x509SAN) within X.509
+    #   certificates.
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_id
+    #   The unique identifier of the profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] specifiers
+    #   A list of specifiers of a certificate field; for example, CN, OU,
+    #   UID from a Subject.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteAttributeMappingRequest AWS API Documentation
+    #
+    class DeleteAttributeMappingRequest < Struct.new(
+      :certificate_field,
+      :profile_id,
+      :specifiers)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] profile
+    #   The state of the profile after a read or write operation.
+    #   @return [Types::ProfileDetail]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteAttributeMappingResponse AWS API Documentation
+    #
+    class DeleteAttributeMappingResponse < Struct.new(
+      :profile)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] crl_data
     #   The x509 v3 specified certificate revocation list (CRL).
     #   @return [String]
@@ -401,6 +458,21 @@ module Aws::RolesAnywhere
       include Aws::Structure
     end
 
+    # A single mapping entry for each supported specifier or sub-field.
+    #
+    # @!attribute [rw] specifier
+    #   Specifier within a certificate field, such as CN, OU, or UID from
+    #   the Subject field.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/MappingRule AWS API Documentation
+    #
+    class MappingRule < Struct.new(
+      :specifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Customizable notification settings that will be applied to
     # notification events. IAM Roles Anywhere consumes these settings while
     # notifying across multiple channels - CloudWatch metrics, EventBridge,
@@ -511,6 +583,10 @@ module Aws::RolesAnywhere
 
     # The state of the profile after a read or write operation.
     #
+    # @!attribute [rw] attribute_mappings
+    #   A mapping applied to the authenticating end-entity certificate.
+    #   @return [Array<Types::AttributeMapping>]
+    #
     # @!attribute [rw] created_at
     #   The ISO-8601 timestamp when the profile was created.
     #   @return [Time]
@@ -573,6 +649,7 @@ module Aws::RolesAnywhere
     # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ProfileDetail AWS API Documentation
     #
     class ProfileDetail < Struct.new(
+      :attribute_mappings,
       :created_at,
       :created_by,
       :duration_seconds,
@@ -601,6 +678,42 @@ module Aws::RolesAnywhere
       include Aws::Structure
     end
 
+    # @!attribute [rw] certificate_field
+    #   Fields (x509Subject, x509Issuer and x509SAN) within X.509
+    #   certificates.
+    #   @return [String]
+    #
+    # @!attribute [rw] mapping_rules
+    #   A list of mapping entries for every supported specifier or
+    #   sub-field.
+    #   @return [Array<Types::MappingRule>]
+    #
+    # @!attribute [rw] profile_id
+    #   The unique identifier of the profile.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/PutAttributeMappingRequest AWS API Documentation
+    #
+    class PutAttributeMappingRequest < Struct.new(
+      :certificate_field,
+      :mapping_rules,
+      :profile_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] profile
+    #   The state of the profile after a read or write operation.
+    #   @return [Types::ProfileDetail]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/PutAttributeMappingResponse AWS API Documentation
+    #
+    class PutAttributeMappingResponse < Struct.new(
+      :profile)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] notification_settings
     #   A list of notification settings to be associated to the trust
     #   anchor.

data/lib/aws-sdk-rolesanywhere.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-rolesanywhere/customizations'
 # @!group service
 module Aws::RolesAnywhere
 
-  GEM_VERSION = '1.14.0'
+  GEM_VERSION = '1.15.0'
 
 end

data/sig/client.rbs

@@ -126,6 +126,18 @@ module Aws
                                ) -> _CreateTrustAnchorResponseSuccess
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateTrustAnchorResponseSuccess
 
+      interface _DeleteAttributeMappingResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::DeleteAttributeMappingResponse]
+        def profile: () -> Types::ProfileDetail
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RolesAnywhere/Client.html#delete_attribute_mapping-instance_method
+      def delete_attribute_mapping: (
+                                      certificate_field: ("x509Subject" | "x509Issuer" | "x509SAN"),
+                                      profile_id: ::String,
+                                      ?specifiers: Array[::String]
+                                    ) -> _DeleteAttributeMappingResponseSuccess
+                                  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DeleteAttributeMappingResponseSuccess
+
       interface _DeleteCrlResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::CrlDetailResponse]
         def crl: () -> Types::CrlDetail
@@ -333,6 +345,22 @@ module Aws
                               ) -> _ListTrustAnchorsResponseSuccess
                             | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListTrustAnchorsResponseSuccess
 
+      interface _PutAttributeMappingResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::PutAttributeMappingResponse]
+        def profile: () -> Types::ProfileDetail
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/RolesAnywhere/Client.html#put_attribute_mapping-instance_method
+      def put_attribute_mapping: (
+                                   certificate_field: ("x509Subject" | "x509Issuer" | "x509SAN"),
+                                   mapping_rules: Array[
+                                     {
+                                       specifier: ::String
+                                     },
+                                   ],
+                                   profile_id: ::String
+                                 ) -> _PutAttributeMappingResponseSuccess
+                               | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutAttributeMappingResponseSuccess
+
       interface _PutNotificationSettingsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::PutNotificationSettingsResponse]
         def trust_anchor: () -> Types::TrustAnchorDetail

data/sig/types.rbs

@@ -13,6 +13,12 @@ module Aws::RolesAnywhere
       SENSITIVE: []
     end
 
+    class AttributeMapping
+      attr_accessor certificate_field: ("x509Subject" | "x509Issuer" | "x509SAN")
+      attr_accessor mapping_rules: ::Array[Types::MappingRule]
+      SENSITIVE: []
+    end
+
     class CreateProfileRequest
       attr_accessor duration_seconds: ::Integer
       attr_accessor enabled: bool
@@ -61,6 +67,18 @@ module Aws::RolesAnywhere
       SENSITIVE: []
     end
 
+    class DeleteAttributeMappingRequest
+      attr_accessor certificate_field: ("x509Subject" | "x509Issuer" | "x509SAN")
+      attr_accessor profile_id: ::String
+      attr_accessor specifiers: ::Array[::String]
+      SENSITIVE: []
+    end
+
+    class DeleteAttributeMappingResponse
+      attr_accessor profile: Types::ProfileDetail
+      SENSITIVE: []
+    end
+
     class ImportCrlRequest
       attr_accessor crl_data: ::String
       attr_accessor enabled: bool
@@ -117,6 +135,11 @@ module Aws::RolesAnywhere
       SENSITIVE: []
     end
 
+    class MappingRule
+      attr_accessor specifier: ::String
+      SENSITIVE: []
+    end
+
     class NotificationSetting
       attr_accessor channel: ("ALL")
       attr_accessor enabled: bool
@@ -141,6 +164,7 @@ module Aws::RolesAnywhere
     end
 
     class ProfileDetail
+      attr_accessor attribute_mappings: ::Array[Types::AttributeMapping]
       attr_accessor created_at: ::Time
       attr_accessor created_by: ::String
       attr_accessor duration_seconds: ::Integer
@@ -161,6 +185,18 @@ module Aws::RolesAnywhere
       SENSITIVE: []
     end
 
+    class PutAttributeMappingRequest
+      attr_accessor certificate_field: ("x509Subject" | "x509Issuer" | "x509SAN")
+      attr_accessor mapping_rules: ::Array[Types::MappingRule]
+      attr_accessor profile_id: ::String
+      SENSITIVE: []
+    end
+
+    class PutAttributeMappingResponse
+      attr_accessor profile: Types::ProfileDetail
+      SENSITIVE: []
+    end
+
     class PutNotificationSettingsRequest
       attr_accessor notification_settings: ::Array[Types::NotificationSetting]
       attr_accessor trust_anchor_id: ::String

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-rolesanywhere
 version: !ruby/object:Gem::Version
-  version: 1.14.0
+  version: 1.15.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-02 00:00:00.000000000 Z
+date: 2024-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core