RubyGems - aws-sdk-secretsmanager - Versions diffs - 1.55.0 → 1.58.0 - Mend

aws-sdk-secretsmanager 1.55.0 → 1.58.0

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/VERSION +1 -1
data/lib/aws-sdk-secretsmanager/client.rb +207 -20
data/lib/aws-sdk-secretsmanager/client_api.rb +8 -0
data/lib/aws-sdk-secretsmanager/types.rb +101 -18
data/lib/aws-sdk-secretsmanager.rb +1 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99fc2c2363aa6d21002711d003ee38e38a7ae19a76241052cffacd2a52b75c44
-  data.tar.gz: 18652eb739c40dfb70e1fde31df707ee00c0240de29a463887aa98ebe50b8f96
+  metadata.gz: f09659a24e0631b1aaaa0f7100cfbbf33abf64736e66c68277a10fd458213668
+  data.tar.gz: 9185e9fea293199255512f4ccc289063207f96af16903adfb4d3a68d8ea8c3d6
 SHA512:
-  metadata.gz: a994a9da89e78e6dbeda365153f0395a26da133f96f1139cf615a2b12b61a78e93cbb8643bd86bac0ae2aa071e01afb8e1c99336213bdd4448f0774bd5c9bf29
-  data.tar.gz: 27d3a83d680e4d05ed663ef1b30b530f0ee62a4f90a475f1d99c8937c5ab8b950d2a8cf5a7a36503a46b80baa987d530c876137e155ffc31cf3284c4971da97d
+  metadata.gz: d650b64de401e99dbef7f94e7200b768932ae05757b42b252304733a689f6bd7b12de097aa144c129f17d143e199dd5d2458a6e838b34248692b6e65837836e3
+  data.tar.gz: 343e78a03f8c96b304d460c015d1651a7ee5f1eff152db46bb479f96ba331ab45e18236de50e326170845d61726d651b354c280657f0b29d79adaefc1472135e

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,21 @@
 Unreleased Changes
 ------------------
+1.58.0 (2022-02-24)
+------------------
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+1.57.0 (2022-02-03)
+------------------
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+1.56.0 (2022-01-28)
+------------------
+* Feature - Feature are ready to release on Jan 28th
 1.55.0 (2021-12-21)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.55.0
1	+ 1.58.0

data/lib/aws-sdk-secretsmanager/client.rb CHANGED Viewed

@@ -27,7 +27,9 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
@@ -74,7 +76,9 @@ module Aws::SecretsManager
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
@@ -372,6 +376,15 @@ module Aws::SecretsManager
     #
     #  </note>
     #
+    # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -451,9 +464,15 @@ module Aws::SecretsManager
     # to encrypt the secret, and you must create and use a customer managed
     # KMS key.
     #
+    # <b>Required permissions: </b> `secretsmanager:CreateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :name
     #   The name of the new secret.
@@ -687,6 +706,15 @@ module Aws::SecretsManager
     # Deletes the resource-based permission policy attached to the secret.
     # To attach a policy to a secret, use PutResourcePolicy.
     #
+    # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`.
+    # For more information, see [ IAM policy actions for Secrets Manager][1]
+    # and [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete the attached resource-based
     #   policy for.
@@ -756,9 +784,15 @@ module Aws::SecretsManager
     # secret value. To access that information, first cancel the deletion
     # with RestoreSecret and then retrieve the information.
     #
+    # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete.
@@ -843,6 +877,15 @@ module Aws::SecretsManager
     # secret value. Secrets Manager only returns fields that have a value in
     # the response.
     #
+    # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -927,6 +970,8 @@ module Aws::SecretsManager
     #   resp.rotation_enabled #=> Boolean
     #   resp.rotation_lambda_arn #=> String
     #   resp.rotation_rules.automatically_after_days #=> Integer
+    #   resp.rotation_rules.duration #=> String
+    #   resp.rotation_rules.schedule_expression #=> String
     #   resp.last_rotated_date #=> Time
     #   resp.last_changed_date #=> Time
     #   resp.last_accessed_date #=> Time
@@ -960,6 +1005,15 @@ module Aws::SecretsManager
     # length and include every character type that the system you are
     # generating a password for can support.
     #
+    # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [Integer] :password_length
     #   The length of the password. If you don't include this parameter, the
     #   default length is 32 characters.
@@ -1048,9 +1102,15 @@ module Aws::SecretsManager
     # attached to a secret, see [Permissions policies attached to a
     # secret][1].
     #
+    # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For
+    # more information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve the attached resource-based
@@ -1106,17 +1166,22 @@ module Aws::SecretsManager
     # `SecretBinary` from the specified version of a secret, whichever
     # contains content.
     #
-    # For information about retrieving the secret value in the console, see
-    # [Retrieve secrets][1].
+    # We recommend that you cache your secret values by using client-side
+    # caching. Caching secrets improves speed and reduces your costs. For
+    # more information, see [Cache secrets for your applications][1].
     #
-    # To run this command, you must have `secretsmanager:GetSecretValue`
-    # permissions. If the secret is encrypted using a customer-managed key
-    # instead of the Amazon Web Services managed key `aws/secretsmanager`,
-    # then you also need `kms:Decrypt` permissions for that key.
+    # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the
+    # secret is encrypted using a customer-managed key instead of the Amazon
+    # Web Services managed key `aws/secretsmanager`, then you also need
+    # `kms:Decrypt` permissions for that key. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve.
@@ -1216,10 +1281,14 @@ module Aws::SecretsManager
     # To get the secret value from `SecretString` or `SecretBinary`, call
     # GetSecretValue.
     #
-    # **Minimum permissions**
+    # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`.
+    # For more information, see [ IAM policy actions for Secrets Manager][1]
+    # and [Authentication and access control in Secrets Manager][2].
     #
-    # To run this command, you must have
-    # `secretsmanager:ListSecretVersionIds` permissions.
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret whose versions you want to list.
@@ -1333,14 +1402,15 @@ module Aws::SecretsManager
     # For information about finding secrets in the console, see [Enhanced
     # search capabilities for secrets in Secrets Manager][1].
     #
-    # **Minimum permissions**
-    #
-    # To run this command, you must have `secretsmanager:ListSecrets`
-    # permissions.
+    # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [Integer] :max_results
     #   The number of results to include in the response.
@@ -1427,6 +1497,8 @@ module Aws::SecretsManager
     #   resp.secret_list[0].rotation_enabled #=> Boolean
     #   resp.secret_list[0].rotation_lambda_arn #=> String
     #   resp.secret_list[0].rotation_rules.automatically_after_days #=> Integer
+    #   resp.secret_list[0].rotation_rules.duration #=> String
+    #   resp.secret_list[0].rotation_rules.schedule_expression #=> String
     #   resp.secret_list[0].last_rotated_date #=> Time
     #   resp.secret_list[0].last_changed_date #=> Time
     #   resp.secret_list[0].last_accessed_date #=> Time
@@ -1458,10 +1530,15 @@ module Aws::SecretsManager
     # For information about attaching a policy in the console, see [Attach a
     # permissions policy to a secret][2].
     #
+    # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For
+    # more information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][1].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to attach the resource-based policy.
@@ -1558,6 +1635,15 @@ module Aws::SecretsManager
     # fails because you can't modify an existing version; you can only
     # create new ones.
     #
+    # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to add a new version to.
     #
@@ -1699,6 +1785,16 @@ module Aws::SecretsManager
     # For a secret that is replicated to other Regions, deletes the secret
     # replicas from the Regions you specify.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:RemoveRegionsFromReplication`. For more information,
+    # see [ IAM policy actions for Secrets Manager][1] and [Authentication
+    # and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -1738,9 +1834,16 @@ module Aws::SecretsManager
     # Replicates the secret to a new Regions. See [Multi-Region secrets][1].
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to replicate.
@@ -1793,6 +1896,15 @@ module Aws::SecretsManager
     # `DeletedDate` time stamp. You can access a secret again after it has
     # been restored.
     #
+    # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to restore.
     #
@@ -1864,14 +1976,19 @@ module Aws::SecretsManager
     # `RotateSecret` assumes that a previous rotation request is still in
     # progress and returns an error.
     #
-    # To run this command, you must have `secretsmanager:RotateSecret`
-    # permissions and `lambda:InvokeFunction` permissions on the function
-    # specified in the secret's metadata.
+    # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4]. You also
+    # need `lambda:InvokeFunction` permissions on the rotation function. For
+    # more information, see [ Permissions for rotation][5].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to rotate.
@@ -1912,6 +2029,23 @@ module Aws::SecretsManager
     # @option params [Types::RotationRulesType] :rotation_rules
     #   A structure that defines the rotation configuration for this secret.
     #
+    # @option params [Boolean] :rotate_immediately
+    #   Specifies whether to rotate the secret immediately or wait until the
+    #   next scheduled rotation window. The rotation schedule is defined in
+    #   RotateSecretRequest$RotationRules.
+    #
+    #   If you don't immediately rotate the secret, Secrets Manager tests the
+    #   rotation configuration by running the [ `testSecret` step][1] of the
+    #   Lambda rotation function. The test creates an `AWSPENDING` version of
+    #   the secret and then removes it.
+    #
+    #   If you don't specify this value, then by default, Secrets Manager
+    #   rotates the secret immediately.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #
     # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::RotateSecretResponse#arn #arn} => String
@@ -1926,7 +2060,10 @@ module Aws::SecretsManager
     #     rotation_lambda_arn: "RotationLambdaARNType",
     #     rotation_rules: {
     #       automatically_after_days: 1,
+    #       duration: "DurationType",
+    #       schedule_expression: "ScheduleExpressionType",
     #     },
+    #     rotate_immediately: false,
     #   })
     #
     # @example Response structure
@@ -1950,6 +2087,16 @@ module Aws::SecretsManager
     # You must call this operation from the Region in which you want to
     # promote the replica to a primary secret.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:StopReplicationToReplica`. For more information, see [
+    # IAM policy actions for Secrets Manager][1] and [Authentication and
+    # access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN of the primary secret.
     #
@@ -2007,6 +2154,15 @@ module Aws::SecretsManager
     # operation would result in you losing your permissions for this secret,
     # then the operation is blocked and returns an Access Denied error.
     #
+    # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The identifier for the secret to attach tags to. You can specify
     #   either the Amazon Resource Name (ARN) or the friendly name of the
@@ -2081,6 +2237,15 @@ module Aws::SecretsManager
     # would result in you losing your permissions for this secret, then the
     # operation is blocked and returns an Access Denied error.
     #
+    # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -2172,9 +2337,18 @@ module Aws::SecretsManager
     # to encrypt the secret, and you must create and use a customer managed
     # key.
     #
-    # To run this command, you must have `secretsmanager:UpdateSecret`
-    # permissions. If you use a customer managed key, you must also have
-    # `kms:GenerateDataKey` and `kms:Decrypt` permissions .
+    # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2]. If you use
+    # a customer managed key, you must also have `kms:GenerateDataKey` and
+    # `kms:Decrypt` permissions on the key. For more information, see [
+    # Secret encryption and decryption][3].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -2350,9 +2524,16 @@ module Aws::SecretsManager
     # then the version is considered to be 'deprecated' and can be deleted
     # by Secrets Manager.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:UpdateSecretVersionStage`. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or the name of the secret with the version and staging
@@ -2477,9 +2658,15 @@ module Aws::SecretsManager
     #
     # * Verifies the policy does not lock out a caller.
     #
+    # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`.
+    # For more information, see [ IAM policy actions for Secrets Manager][2]
+    # and [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [String] :secret_id
     #   This field is reserved for internal use.
@@ -2552,7 +2739,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.55.0'
+      context[:gem_version] = '1.58.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-secretsmanager/client_api.rb CHANGED Viewed

@@ -32,6 +32,7 @@ module Aws::SecretsManager
     DescribeSecretRequest = Shapes::StructureShape.new(name: 'DescribeSecretRequest')
     DescribeSecretResponse = Shapes::StructureShape.new(name: 'DescribeSecretResponse')
     DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
+    DurationType = Shapes::StringShape.new(name: 'DurationType')
     EncryptionFailure = Shapes::StructureShape.new(name: 'EncryptionFailure')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     ExcludeCharactersType = Shapes::StringShape.new(name: 'ExcludeCharactersType')
@@ -99,6 +100,7 @@ module Aws::SecretsManager
     RotationEnabledType = Shapes::BooleanShape.new(name: 'RotationEnabledType')
     RotationLambdaARNType = Shapes::StringShape.new(name: 'RotationLambdaARNType')
     RotationRulesType = Shapes::StructureShape.new(name: 'RotationRulesType')
+    ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
     SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
     SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
     SecretIdType = Shapes::StringShape.new(name: 'SecretIdType')
@@ -368,6 +370,7 @@ module Aws::SecretsManager
     RotateSecretRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: ClientRequestTokenType, location_name: "ClientRequestToken", metadata: {"idempotencyToken"=>true}))
     RotateSecretRequest.add_member(:rotation_lambda_arn, Shapes::ShapeRef.new(shape: RotationLambdaARNType, location_name: "RotationLambdaARN"))
     RotateSecretRequest.add_member(:rotation_rules, Shapes::ShapeRef.new(shape: RotationRulesType, location_name: "RotationRules"))
+    RotateSecretRequest.add_member(:rotate_immediately, Shapes::ShapeRef.new(shape: BooleanType, location_name: "RotateImmediately", metadata: {"box"=>true}))
     RotateSecretRequest.struct_class = Types::RotateSecretRequest
     RotateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -376,6 +379,8 @@ module Aws::SecretsManager
     RotateSecretResponse.struct_class = Types::RotateSecretResponse
     RotationRulesType.add_member(:automatically_after_days, Shapes::ShapeRef.new(shape: AutomaticallyRotateAfterDaysType, location_name: "AutomaticallyAfterDays", metadata: {"box"=>true}))
+    RotationRulesType.add_member(:duration, Shapes::ShapeRef.new(shape: DurationType, location_name: "Duration"))
+    RotationRulesType.add_member(:schedule_expression, Shapes::ShapeRef.new(shape: ScheduleExpressionType, location_name: "ScheduleExpression"))
     RotationRulesType.struct_class = Types::RotationRulesType
     SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -517,6 +522,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
       api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
@@ -652,6 +658,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
       api.add_operation(:remove_regions_from_replication, Seahorse::Model::Operation.new.tap do |o|
@@ -753,6 +760,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
       api.add_operation(:update_secret_version_stage, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-secretsmanager/types.rb CHANGED Viewed

@@ -956,7 +956,7 @@ module Aws::SecretsManager
       include Aws::Structure
     end
-    # The parameter name is invalid value.
+    # The parameter name or value is invalid.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1634,7 +1634,10 @@ module Aws::SecretsManager
     #         rotation_lambda_arn: "RotationLambdaARNType",
     #         rotation_rules: {
     #           automatically_after_days: 1,
+    #           duration: "DurationType",
+    #           schedule_expression: "ScheduleExpressionType",
     #         },
+    #         rotate_immediately: false,
     #       }
     #
     # @!attribute [rw] secret_id
@@ -1682,13 +1685,32 @@ module Aws::SecretsManager
     #   A structure that defines the rotation configuration for this secret.
     #   @return [Types::RotationRulesType]
     #
+    # @!attribute [rw] rotate_immediately
+    #   Specifies whether to rotate the secret immediately or wait until the
+    #   next scheduled rotation window. The rotation schedule is defined in
+    #   RotateSecretRequest$RotationRules.
+    #
+    #   If you don't immediately rotate the secret, Secrets Manager tests
+    #   the rotation configuration by running the [ `testSecret` step][1] of
+    #   the Lambda rotation function. The test creates an `AWSPENDING`
+    #   version of the secret and then removes it.
+    #
+    #   If you don't specify this value, then by default, Secrets Manager
+    #   rotates the secret immediately.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
     #
     class RotateSecretRequest < Struct.new(
       :secret_id,
       :client_request_token,
       :rotation_lambda_arn,
-      :rotation_rules)
+      :rotation_rules,
+      :rotate_immediately)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1722,32 +1744,79 @@ module Aws::SecretsManager
     #
     #       {
     #         automatically_after_days: 1,
+    #         duration: "DurationType",
+    #         schedule_expression: "ScheduleExpressionType",
     #       }
     #
     # @!attribute [rw] automatically_after_days
-    #   Specifies the number of days between automatic scheduled rotations
-    #   of the secret.
-    #
-    #   Secrets Manager schedules the next rotation when the previous one is
-    #   complete. Secrets Manager schedules the date by adding the rotation
-    #   interval (number of days) to the actual date of the last rotation.
-    #   The service chooses the hour within that 24-hour date window
-    #   randomly. The minute is also chosen somewhat randomly, but weighted
-    #   towards the top of the hour and influenced by a variety of factors
-    #   that help distribute load.
+    #   The number of days between automatic scheduled rotations of the
+    #   secret. You can use this value to check that your secret meets your
+    #   compliance guidelines for how often secrets must be rotated.
+    #
+    #   In `DescribeSecret` and `ListSecrets`, this value is calculated from
+    #   the rotation schedule after every successful rotation. In
+    #   `RotateSecret`, you can set the rotation schedule in `RotationRules`
+    #   with `AutomaticallyAfterDays` or `ScheduleExpression`, but not both.
     #   @return [Integer]
     #
+    # @!attribute [rw] duration
+    #   The length of the rotation window in hours, for example `3h` for a
+    #   three hour window. Secrets Manager rotates your secret at any time
+    #   during this window. The window must not go into the next UTC day. If
+    #   you don't specify this value, the window automatically ends at the
+    #   end of the UTC day. The window begins according to the
+    #   `ScheduleExpression`. For more information, including examples, see
+    #   [Schedule expressions in Secrets Manager rotation][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
+    #   @return [String]
+    #
+    # @!attribute [rw] schedule_expression
+    #   A `cron()` or `rate()` expression that defines the schedule for
+    #   rotating your secret. Secrets Manager rotation schedules use UTC
+    #   time zone.
+    #
+    #   Secrets Manager `rate()` expressions represent the interval in days
+    #   that you want to rotate your secret, for example `rate(10 days)`. If
+    #   you use a `rate()` expression, the rotation window opens at
+    #   midnight, and Secrets Manager rotates your secret any time that day
+    #   after midnight. You can set a `Duration` to shorten the rotation
+    #   window.
+    #
+    #   You can use a `cron()` expression to create rotation schedules that
+    #   are more detailed than a rotation interval. For more information,
+    #   including examples, see [Schedule expressions in Secrets Manager
+    #   rotation][1]. If you use a `cron()` expression, Secrets Manager
+    #   rotates your secret any time during that day after the window opens.
+    #   For example, `cron(0 8 1 * ? *)` represents a rotation window that
+    #   occurs on the first day of every month beginning at 8:00 AM UTC.
+    #   Secrets Manager rotates the secret any time that day after 8:00 AM.
+    #   You can set a `Duration` to shorten the rotation window.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotationRulesType AWS API Documentation
     #
     class RotationRulesType < Struct.new(
-      :automatically_after_days)
+      :automatically_after_days,
+      :duration,
+      :schedule_expression)
       SENSITIVE = []
       include Aws::Structure
     end
     # A structure that contains the details about a secret. It does not
     # include the encrypted `SecretString` and `SecretBinary` values. To get
-    # those values, use the GetSecretValue operation.
+    # those values, use [GetSecretValue][1] .
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
     #
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) of the secret.
@@ -1778,7 +1847,11 @@ module Aws::SecretsManager
     # @!attribute [rw] rotation_lambda_arn
     #   The ARN of an Amazon Web Services Lambda function invoked by Secrets
     #   Manager to rotate and expire the secret either automatically per the
-    #   schedule or manually by a call to RotateSecret.
+    #   schedule or manually by a call to [ `RotateSecret` ][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
@@ -1805,13 +1878,23 @@ module Aws::SecretsManager
     #   The date and time the deletion of the secret occurred. Not present
     #   on active secrets. The secret can be recovered until the number of
     #   days in the recovery window has passed, as specified in the
-    #   `RecoveryWindowInDays` parameter of the DeleteSecret operation.
+    #   `RecoveryWindowInDays` parameter of the [ `DeleteSecret` ][1]
+    #   operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html
     #   @return [Time]
     #
     # @!attribute [rw] tags
     #   The list of user-defined tags associated with the secret. To add
-    #   tags to a secret, use TagResource. To remove tags, use
-    #   UntagResource.
+    #   tags to a secret, use [ `TagResource` ][1]. To remove tags, use [
+    #   `UntagResource` ][2].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html
+    #   [2]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] secret_versions_to_stages

data/lib/aws-sdk-secretsmanager.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @!group service
 module Aws::SecretsManager
-  GEM_VERSION = '1.55.0'
+  GEM_VERSION = '1.58.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.55.0
+  version: 1.58.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.125.0
+        version: 3.127.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.125.0
+        version: 3.127.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement