aws-sdk-secretsmanager 1.7.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 622a4b933adcac112482ac40c67c19d5dc880240
-  data.tar.gz: 5e68268c7f5ec33da5bec1b207ed86afcfb0d76f
+  metadata.gz: 55cd6a103d68865f9f6bff4f75ef5ab7cf71357f
+  data.tar.gz: 2a25eae02dfae1793ef6a623dacb35f5818e0156
 SHA512:
-  metadata.gz: 317e66b5a68e22e8ee5449f53d82004cabad3adc07db0587e2d1e09885637c37d964ab272f535540ecb31e9b2024d3b96bbe9766e4097a92080c8dffb9e6c1e2
-  data.tar.gz: ea4e38d3663470d49e321e6a6d122bfb6ea1bc914dda18e70b1871ee2d5bc78d7c5903ef97d5695bb34fb2a7ccf5bf1b127a502340558b257025dd1cb371a9ea
+  metadata.gz: 00b971baa9716771161875df1be81b691341b815f58eca7d389afbef71a8940f924777386008664dbaa0080cb3a1bc0d7924d1ac543fa87b38875d1ad9594a96
+  data.tar.gz: ea0024d353ae6bfe92dce7fc3b82fffecf4cf75ff788a303a092a4b77d9cf27cbce1bcdcccd87fc25805aac7021e569c3253cb1b684127beda9ec7303c9c7133

data/lib/aws-sdk-secretsmanager.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.7.0'
+  GEM_VERSION = '1.8.0'
 
 end

data/lib/aws-sdk-secretsmanager/client.rb

@@ -115,6 +115,14 @@ module Aws::SecretsManager
     #   Used when loading credentials from the shared credentials file
     #   at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    # @option options [Float] :retry_base_delay (0.3)
+    #   The base delay in seconds used by the default backoff function.
+    #
+    # @option options [Symbol] :retry_jitter (:none)
+    #   A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.
+    #
+    #   @see https://www.awsarchitectureblog.com/2015/03/backoff.html
+    #
     # @option options [Integer] :retry_limit (3)
     #   The maximum number of times to retry failed requests.  Only
     #   ~ 500 level server errors and certain ~ 400 level client errors
@@ -122,6 +130,9 @@ module Aws::SecretsManager
     #   checksum errors, networking errors, timeout errors and auth
     #   errors from expired credentials.
     #
+    # @option options [Integer] :retry_max_delay (0)
+    #   The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.
+    #
     # @option options [String] :secret_access_key
     #
     # @option options [String] :session_token
@@ -560,6 +571,55 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
+    # Deletes the resource-based policy currently attached to the secret.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:DeleteResourcePolicy
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To attach a resource policy to a secret, use PutResourcePolicy.
+    #
+    # * To retrieve the current resource-based policy that is attached to a
+    #   secret, use GetResourcePolicy.
+    #
+    # * To list all of the currently available secrets, use ListSecrets.
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret for which you want to delete the attached
+    #   resource-based policy. You can specify either the Amazon Resource Name
+    #   (ARN) or the friendly name of the secret.
+    #
+    # @return [Types::DeleteResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteResourcePolicyResponse#arn #arn} => String
+    #   * {Types::DeleteResourcePolicyResponse#name #name} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_resource_policy({
+    #     secret_id: "SecretIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy AWS API Documentation
+    #
+    # @overload delete_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def delete_resource_policy(params = {}, options = {})
+      req = build_request(:delete_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Deletes an entire secret and all of its versions. You can optionally
     # include a recovery window during which you can restore the secret. If
     # you don't specify a recovery window value, the operation defaults to
@@ -884,6 +944,60 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
+    # Retrieves the JSON text of the resource-based policy attached to the
+    # specified secret. The JSON request string input and response output
+    # are shown formatted with whitespace and line breaks for better
+    # readability. Submit your input as a single line JSON string.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:GetResourcePolicy
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To attach a resource policy to a secret, use PutResourcePolicy.
+    #
+    # * To delete the resource-based policy that is attached to a secret,
+    #   use DeleteResourcePolicy.
+    #
+    # * To list all of the currently available secrets, use ListSecrets.
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret for which you want to retrieve the attached
+    #   resource-based policy. You can specify either the Amazon Resource Name
+    #   (ARN) or the friendly name of the secret.
+    #
+    # @return [Types::GetResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResourcePolicyResponse#arn #arn} => String
+    #   * {Types::GetResourcePolicyResponse#name #name} => String
+    #   * {Types::GetResourcePolicyResponse#resource_policy #resource_policy} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resource_policy({
+    #     secret_id: "SecretIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.resource_policy #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy AWS API Documentation
+    #
+    # @overload get_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def get_resource_policy(params = {}, options = {})
+      req = build_request(:get_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Retrieves the contents of the encrypted fields `SecretString` or
     # `SecretBinary` from the specified version of a secret, whichever
     # contains content.
@@ -1256,6 +1370,83 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
+    # Attaches the contents of the specified resource-based policy to a
+    # secret. A resource-based policy is optional. Alternatively, you can
+    # use IAM user-based policies that specify the secret's ARN in the
+    # policy statement's `Resources` element. You can also use a
+    # combination of both identity- an resource-based policies. The affected
+    # users and roles receive the permissions permitted by all of the
+    # relevant policies. For more information, see [Using Resource-Based
+    # Policies for AWS Secrets Manager][1]. For the complete description of
+    # the AWS policy syntax and grammar, see [IAM JSON Policy Reference][2]
+    # in the *IAM User Guide*.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:PutResourcePolicy
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To retrieve the resource policy attached to a secret, use
+    #   GetResourcePolicy.
+    #
+    # * To delete the resource-based policy that is attached to a secret,
+    #   use DeleteResourcePolicy.
+    #
+    # * To list all of the currently available secrets, use ListSecrets.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html
+    # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret to which you want to attach the resource-based
+    #   policy. You can specify either the Amazon Resource Name (ARN) or the
+    #   friendly name of the secret.
+    #
+    # @option params [required, String] :resource_policy
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an AWS resource-based policy. The policy in the string
+    #   identifies who can access or manage this secret and its versions. For
+    #   information on how to format a JSON parameter for the various command
+    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
+    #   CLI User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutResourcePolicyResponse#arn #arn} => String
+    #   * {Types::PutResourcePolicyResponse#name #name} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_resource_policy({
+    #     secret_id: "SecretIdType", # required
+    #     resource_policy: "NonEmptyResourcePolicyType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy AWS API Documentation
+    #
+    # @overload put_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def put_resource_policy(params = {}, options = {})
+      req = build_request(:put_resource_policy, params)
+      req.send_request(options)
+    end
+
     # Stores a new encrypted secret value in the specified secret. To do
     # this, the operation creates a new version and attaches it to the
     # secret. The version can contain a new `SecretString` value or a new
@@ -2320,7 +2511,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.7.0'
+      context[:gem_version] = '1.8.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/client_api.rb

@@ -20,6 +20,8 @@ module Aws::SecretsManager
     CreateSecretResponse = Shapes::StructureShape.new(name: 'CreateSecretResponse')
     CreatedDateType = Shapes::TimestampShape.new(name: 'CreatedDateType')
     DecryptionFailure = Shapes::StructureShape.new(name: 'DecryptionFailure')
+    DeleteResourcePolicyRequest = Shapes::StructureShape.new(name: 'DeleteResourcePolicyRequest')
+    DeleteResourcePolicyResponse = Shapes::StructureShape.new(name: 'DeleteResourcePolicyResponse')
     DeleteSecretRequest = Shapes::StructureShape.new(name: 'DeleteSecretRequest')
     DeleteSecretResponse = Shapes::StructureShape.new(name: 'DeleteSecretResponse')
     DeletedDateType = Shapes::TimestampShape.new(name: 'DeletedDateType')
@@ -36,6 +38,8 @@ module Aws::SecretsManager
     ExcludeUppercaseType = Shapes::BooleanShape.new(name: 'ExcludeUppercaseType')
     GetRandomPasswordRequest = Shapes::StructureShape.new(name: 'GetRandomPasswordRequest')
     GetRandomPasswordResponse = Shapes::StructureShape.new(name: 'GetRandomPasswordResponse')
+    GetResourcePolicyRequest = Shapes::StructureShape.new(name: 'GetResourcePolicyRequest')
+    GetResourcePolicyResponse = Shapes::StructureShape.new(name: 'GetResourcePolicyResponse')
     GetSecretValueRequest = Shapes::StructureShape.new(name: 'GetSecretValueRequest')
     GetSecretValueResponse = Shapes::StructureShape.new(name: 'GetSecretValueResponse')
     IncludeSpaceType = Shapes::BooleanShape.new(name: 'IncludeSpaceType')
@@ -56,7 +60,11 @@ module Aws::SecretsManager
     MaxResultsType = Shapes::IntegerShape.new(name: 'MaxResultsType')
     NameType = Shapes::StringShape.new(name: 'NameType')
     NextTokenType = Shapes::StringShape.new(name: 'NextTokenType')
+    NonEmptyResourcePolicyType = Shapes::StringShape.new(name: 'NonEmptyResourcePolicyType')
     PasswordLengthType = Shapes::IntegerShape.new(name: 'PasswordLengthType')
+    PreconditionNotMetException = Shapes::StructureShape.new(name: 'PreconditionNotMetException')
+    PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest')
+    PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
     PutSecretValueRequest = Shapes::StructureShape.new(name: 'PutSecretValueRequest')
     PutSecretValueResponse = Shapes::StructureShape.new(name: 'PutSecretValueResponse')
     RandomPasswordType = Shapes::StringShape.new(name: 'RandomPasswordType')
@@ -118,6 +126,13 @@ module Aws::SecretsManager
     CreateSecretResponse.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
     CreateSecretResponse.struct_class = Types::CreateSecretResponse
 
+    DeleteResourcePolicyRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    DeleteResourcePolicyRequest.struct_class = Types::DeleteResourcePolicyRequest
+
+    DeleteResourcePolicyResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    DeleteResourcePolicyResponse.add_member(:name, Shapes::ShapeRef.new(shape: NameType, location_name: "Name"))
+    DeleteResourcePolicyResponse.struct_class = Types::DeleteResourcePolicyResponse
+
     DeleteSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
     DeleteSecretRequest.add_member(:recovery_window_in_days, Shapes::ShapeRef.new(shape: RecoveryWindowInDaysType, location_name: "RecoveryWindowInDays", metadata: {"box"=>true}))
     DeleteSecretRequest.struct_class = Types::DeleteSecretRequest
@@ -158,6 +173,14 @@ module Aws::SecretsManager
     GetRandomPasswordResponse.add_member(:random_password, Shapes::ShapeRef.new(shape: RandomPasswordType, location_name: "RandomPassword"))
     GetRandomPasswordResponse.struct_class = Types::GetRandomPasswordResponse
 
+    GetResourcePolicyRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    GetResourcePolicyRequest.struct_class = Types::GetResourcePolicyRequest
+
+    GetResourcePolicyResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    GetResourcePolicyResponse.add_member(:name, Shapes::ShapeRef.new(shape: NameType, location_name: "Name"))
+    GetResourcePolicyResponse.add_member(:resource_policy, Shapes::ShapeRef.new(shape: NonEmptyResourcePolicyType, location_name: "ResourcePolicy"))
+    GetResourcePolicyResponse.struct_class = Types::GetResourcePolicyResponse
+
     GetSecretValueRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
     GetSecretValueRequest.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
     GetSecretValueRequest.add_member(:version_stage, Shapes::ShapeRef.new(shape: SecretVersionStageType, location_name: "VersionStage"))
@@ -192,6 +215,14 @@ module Aws::SecretsManager
     ListSecretsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
     ListSecretsResponse.struct_class = Types::ListSecretsResponse
 
+    PutResourcePolicyRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    PutResourcePolicyRequest.add_member(:resource_policy, Shapes::ShapeRef.new(shape: NonEmptyResourcePolicyType, required: true, location_name: "ResourcePolicy"))
+    PutResourcePolicyRequest.struct_class = Types::PutResourcePolicyRequest
+
+    PutResourcePolicyResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    PutResourcePolicyResponse.add_member(:name, Shapes::ShapeRef.new(shape: NameType, location_name: "Name"))
+    PutResourcePolicyResponse.struct_class = Types::PutResourcePolicyResponse
+
     PutSecretValueRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
     PutSecretValueRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: ClientRequestTokenType, location_name: "ClientRequestToken", metadata: {"idempotencyToken"=>true}))
     PutSecretValueRequest.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
@@ -337,6 +368,18 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
+      end)
+
+      api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: DeleteResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
       end)
 
       api.add_operation(:delete_secret, Seahorse::Model::Operation.new.tap do |o|
@@ -372,6 +415,17 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
       end)
 
+      api.add_operation(:get_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+      end)
+
       api.add_operation(:get_secret_value, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetSecretValue"
         o.http_method = "POST"
@@ -419,6 +473,19 @@ module Aws::SecretsManager
         )
       end)
 
+      api.add_operation(:put_resource_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutResourcePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutResourcePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutResourcePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+      end)
+
       api.add_operation(:put_secret_value, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutSecretValue"
         o.http_method = "POST"
@@ -465,6 +532,7 @@ module Aws::SecretsManager
         o.input = Shapes::ShapeRef.new(shape: TagResourceRequest)
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
       end)
@@ -476,6 +544,7 @@ module Aws::SecretsManager
         o.input = Shapes::ShapeRef.new(shape: UntagResourceRequest)
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
       end)
@@ -494,6 +563,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
       end)
 
       api.add_operation(:update_secret_version_stage, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-secretsmanager/types.rb

@@ -291,6 +291,44 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteResourcePolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Specifies the secret for which you want to delete the attached
+    #   resource-based policy. You can specify either the Amazon Resource
+    #   Name (ARN) or the friendly name of the secret.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicyRequest AWS API Documentation
+    #
+    class DeleteResourcePolicyRequest < Struct.new(
+      :secret_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] arn
+    #   The ARN of the secret for which the resource-based policy was
+    #   deleted.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The friendly name of the secret for which the resource-based policy
+    #   was deleted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicyResponse AWS API Documentation
+    #
+    class DeleteResourcePolicyResponse < Struct.new(
+      :arn,
+      :name)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteSecretRequest
     #   data as a hash:
     #
@@ -552,6 +590,59 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetResourcePolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Specifies the secret for which you want to retrieve the attached
+    #   resource-based policy. You can specify either the Amazon Resource
+    #   Name (ARN) or the friendly name of the secret.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicyRequest AWS API Documentation
+    #
+    class GetResourcePolicyRequest < Struct.new(
+      :secret_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] arn
+    #   The ARN of the secret for which the resource-based policy was
+    #   retrieved.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The friendly name of the secret for which the resource-based policy
+    #   was retrieved.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_policy
+    #   A JSON-formatted string that describes the permissions associated
+    #   with the attached secret. These permissions are combined with any
+    #   permissions associated with the user or role who attempts to access
+    #   this secret. The combined permissions specify who can access the
+    #   secret and what actions they can perform. For more information, see
+    #   [Authentication and Access Control for AWS Secrets Manager][1] in
+    #   the *AWS Secrets Manager User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicyResponse AWS API Documentation
+    #
+    class GetResourcePolicyResponse < Struct.new(
+      :arn,
+      :name,
+      :resource_policy)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetSecretValueRequest
     #   data as a hash:
     #
@@ -829,6 +920,59 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutResourcePolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #         resource_policy: "NonEmptyResourcePolicyType", # required
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Specifies the secret to which you want to attach the resource-based
+    #   policy. You can specify either the Amazon Resource Name (ARN) or the
+    #   friendly name of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_policy
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an AWS resource-based policy. The policy in the string
+    #   identifies who can access or manage this secret and its versions.
+    #   For information on how to format a JSON parameter for the various
+    #   command line tool environments, see [Using JSON for Parameters][1]
+    #   in the *AWS CLI User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
+    #
+    class PutResourcePolicyRequest < Struct.new(
+      :secret_id,
+      :resource_policy)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] arn
+    #   The ARN of the secret for which the resource-based policy was
+    #   retrieved.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The friendly name of the secret for which the resource-based policy
+    #   was retrieved.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyResponse AWS API Documentation
+    #
+    class PutResourcePolicyResponse < Struct.new(
+      :arn,
+      :name)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutSecretValueRequest
     #   data as a hash:
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-05 00:00:00.000000000 Z
+date: 2018-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core