From 157b80b62fa1cc6c286f9c76e7ceabb06946b904 Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 4 Sep 2024 18:18:00 +0000 Subject: [PATCH] feat(client-s3-control): Amazon Simple Storage Service /S3 Access Grants / Features : This release launches new Access Grants API - ListCallerAccessGrants. --- clients/client-s3-control/README.md | 8 + clients/client-s3-control/src/S3Control.ts | 24 ++ .../client-s3-control/src/S3ControlClient.ts | 6 + .../CreateAccessGrantsInstanceCommand.ts | 2 + .../GetAccessGrantsInstanceCommand.ts | 6 + .../ListAccessGrantsInstancesCommand.ts | 2 + .../commands/ListCallerAccessGrantsCommand.ts | 105 +++++++ .../ListStorageLensConfigurationsCommand.ts | 3 +- .../commands/ListStorageLensGroupsCommand.ts | 3 +- .../client-s3-control/src/commands/index.ts | 1 + .../client-s3-control/src/models/models_0.ts | 265 +++++++++++------- .../client-s3-control/src/models/models_1.ts | 77 ++++- .../ListCallerAccessGrantsPaginator.ts | 24 ++ .../client-s3-control/src/pagination/index.ts | 1 + .../src/protocols/Aws_restXml.ts | 117 +++++++- 15 files changed, 537 insertions(+), 107 deletions(-) create mode 100644 clients/client-s3-control/src/commands/ListCallerAccessGrantsCommand.ts create mode 100644 clients/client-s3-control/src/pagination/ListCallerAccessGrantsPaginator.ts diff --git a/clients/client-s3-control/README.md b/clients/client-s3-control/README.md index 482b039729f5..972042b52b52 100644 --- a/clients/client-s3-control/README.md +++ b/clients/client-s3-control/README.md @@ -722,6 +722,14 @@ ListAccessPointsForObjectLambda [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/s3-control/command/ListAccessPointsForObjectLambdaCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-s3-control/Interface/ListAccessPointsForObjectLambdaCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-s3-control/Interface/ListAccessPointsForObjectLambdaCommandOutput/) + +
+ +ListCallerAccessGrants + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/s3-control/command/ListCallerAccessGrantsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-s3-control/Interface/ListCallerAccessGrantsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-s3-control/Interface/ListCallerAccessGrantsCommandOutput/) +
diff --git a/clients/client-s3-control/src/S3Control.ts b/clients/client-s3-control/src/S3Control.ts index 33aae9a6ac04..d31f5482d394 100644 --- a/clients/client-s3-control/src/S3Control.ts +++ b/clients/client-s3-control/src/S3Control.ts @@ -315,6 +315,11 @@ import { ListAccessPointsForObjectLambdaCommandInput, ListAccessPointsForObjectLambdaCommandOutput, } from "./commands/ListAccessPointsForObjectLambdaCommand"; +import { + ListCallerAccessGrantsCommand, + ListCallerAccessGrantsCommandInput, + ListCallerAccessGrantsCommandOutput, +} from "./commands/ListCallerAccessGrantsCommand"; import { ListJobsCommand, ListJobsCommandInput, ListJobsCommandOutput } from "./commands/ListJobsCommand"; import { ListMultiRegionAccessPointsCommand, @@ -510,6 +515,7 @@ const commands = { ListAccessGrantsLocationsCommand, ListAccessPointsCommand, ListAccessPointsForObjectLambdaCommand, + ListCallerAccessGrantsCommand, ListJobsCommand, ListMultiRegionAccessPointsCommand, ListRegionalBucketsCommand, @@ -1607,6 +1613,24 @@ export interface S3Control { cb: (err: any, data?: ListAccessPointsForObjectLambdaCommandOutput) => void ): void; + /** + * @see {@link ListCallerAccessGrantsCommand} + */ + listCallerAccessGrants(): Promise; + listCallerAccessGrants( + args: ListCallerAccessGrantsCommandInput, + options?: __HttpHandlerOptions + ): Promise; + listCallerAccessGrants( + args: ListCallerAccessGrantsCommandInput, + cb: (err: any, data?: ListCallerAccessGrantsCommandOutput) => void + ): void; + listCallerAccessGrants( + args: ListCallerAccessGrantsCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: ListCallerAccessGrantsCommandOutput) => void + ): void; + /** * @see {@link ListJobsCommand} */ diff --git a/clients/client-s3-control/src/S3ControlClient.ts b/clients/client-s3-control/src/S3ControlClient.ts index 316cdfdf1804..8dafd450d332 100644 --- a/clients/client-s3-control/src/S3ControlClient.ts +++ b/clients/client-s3-control/src/S3ControlClient.ts @@ -265,6 +265,10 @@ import { ListAccessPointsForObjectLambdaCommandInput, ListAccessPointsForObjectLambdaCommandOutput, } from "./commands/ListAccessPointsForObjectLambdaCommand"; +import { + ListCallerAccessGrantsCommandInput, + ListCallerAccessGrantsCommandOutput, +} from "./commands/ListCallerAccessGrantsCommand"; import { ListJobsCommandInput, ListJobsCommandOutput } from "./commands/ListJobsCommand"; import { ListMultiRegionAccessPointsCommandInput, @@ -429,6 +433,7 @@ export type ServiceInputTypes = | ListAccessGrantsLocationsCommandInput | ListAccessPointsCommandInput | ListAccessPointsForObjectLambdaCommandInput + | ListCallerAccessGrantsCommandInput | ListJobsCommandInput | ListMultiRegionAccessPointsCommandInput | ListRegionalBucketsCommandInput @@ -526,6 +531,7 @@ export type ServiceOutputTypes = | ListAccessGrantsLocationsCommandOutput | ListAccessPointsCommandOutput | ListAccessPointsForObjectLambdaCommandOutput + | ListCallerAccessGrantsCommandOutput | ListJobsCommandOutput | ListMultiRegionAccessPointsCommandOutput | ListRegionalBucketsCommandOutput diff --git a/clients/client-s3-control/src/commands/CreateAccessGrantsInstanceCommand.ts b/clients/client-s3-control/src/commands/CreateAccessGrantsInstanceCommand.ts index 7ad961284f25..c69ecc0b4e20 100644 --- a/clients/client-s3-control/src/commands/CreateAccessGrantsInstanceCommand.ts +++ b/clients/client-s3-control/src/commands/CreateAccessGrantsInstanceCommand.ts @@ -64,6 +64,8 @@ export interface CreateAccessGrantsInstanceCommandOutput extends CreateAccessGra * // AccessGrantsInstanceId: "STRING_VALUE", * // AccessGrantsInstanceArn: "STRING_VALUE", * // IdentityCenterArn: "STRING_VALUE", + * // IdentityCenterInstanceArn: "STRING_VALUE", + * // IdentityCenterApplicationArn: "STRING_VALUE", * // }; * * ``` diff --git a/clients/client-s3-control/src/commands/GetAccessGrantsInstanceCommand.ts b/clients/client-s3-control/src/commands/GetAccessGrantsInstanceCommand.ts index 0df3f669bc87..7f43f4a79971 100644 --- a/clients/client-s3-control/src/commands/GetAccessGrantsInstanceCommand.ts +++ b/clients/client-s3-control/src/commands/GetAccessGrantsInstanceCommand.ts @@ -37,6 +37,10 @@ export interface GetAccessGrantsInstanceCommandOutput extends GetAccessGrantsIns *

You must have the s3:GetAccessGrantsInstance permission to use this operation.

* * + * + *

+ * GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.

+ * * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -52,6 +56,8 @@ export interface GetAccessGrantsInstanceCommandOutput extends GetAccessGrantsIns * // AccessGrantsInstanceArn: "STRING_VALUE", * // AccessGrantsInstanceId: "STRING_VALUE", * // IdentityCenterArn: "STRING_VALUE", + * // IdentityCenterInstanceArn: "STRING_VALUE", + * // IdentityCenterApplicationArn: "STRING_VALUE", * // CreatedAt: new Date("TIMESTAMP"), * // }; * diff --git a/clients/client-s3-control/src/commands/ListAccessGrantsInstancesCommand.ts b/clients/client-s3-control/src/commands/ListAccessGrantsInstancesCommand.ts index 697d945c47c6..8f6331ffb75f 100644 --- a/clients/client-s3-control/src/commands/ListAccessGrantsInstancesCommand.ts +++ b/clients/client-s3-control/src/commands/ListAccessGrantsInstancesCommand.ts @@ -58,6 +58,8 @@ export interface ListAccessGrantsInstancesCommandOutput extends ListAccessGrants * // AccessGrantsInstanceArn: "STRING_VALUE", * // CreatedAt: new Date("TIMESTAMP"), * // IdentityCenterArn: "STRING_VALUE", + * // IdentityCenterInstanceArn: "STRING_VALUE", + * // IdentityCenterApplicationArn: "STRING_VALUE", * // }, * // ], * // }; diff --git a/clients/client-s3-control/src/commands/ListCallerAccessGrantsCommand.ts b/clients/client-s3-control/src/commands/ListCallerAccessGrantsCommand.ts new file mode 100644 index 000000000000..f6a0fe5bd24c --- /dev/null +++ b/clients/client-s3-control/src/commands/ListCallerAccessGrantsCommand.ts @@ -0,0 +1,105 @@ +// smithy-typescript generated code +import { getProcessArnablesPlugin } from "@aws-sdk/middleware-sdk-s3-control"; +import { getApplyMd5BodyChecksumPlugin } from "@smithy/middleware-apply-body-checksum"; +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { commonParams } from "../endpoint/EndpointParameters"; +import { ListCallerAccessGrantsRequest, ListCallerAccessGrantsResult } from "../models/models_0"; +import { de_ListCallerAccessGrantsCommand, se_ListCallerAccessGrantsCommand } from "../protocols/Aws_restXml"; +import { S3ControlClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../S3ControlClient"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link ListCallerAccessGrantsCommand}. + */ +export interface ListCallerAccessGrantsCommandInput extends ListCallerAccessGrantsRequest {} +/** + * @public + * + * The output of {@link ListCallerAccessGrantsCommand}. + */ +export interface ListCallerAccessGrantsCommandOutput extends ListCallerAccessGrantsResult, __MetadataBearer {} + +/** + *

Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.

+ *
+ *
Permissions
+ *
+ *

You must have the s3:ListCallerAccessGrants permission to use this operation.

+ *
+ *
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { S3ControlClient, ListCallerAccessGrantsCommand } from "@aws-sdk/client-s3-control"; // ES Modules import + * // const { S3ControlClient, ListCallerAccessGrantsCommand } = require("@aws-sdk/client-s3-control"); // CommonJS import + * const client = new S3ControlClient(config); + * const input = { // ListCallerAccessGrantsRequest + * AccountId: "STRING_VALUE", + * GrantScope: "STRING_VALUE", + * NextToken: "STRING_VALUE", + * MaxResults: Number("int"), + * AllowedByApplication: true || false, + * }; + * const command = new ListCallerAccessGrantsCommand(input); + * const response = await client.send(command); + * // { // ListCallerAccessGrantsResult + * // NextToken: "STRING_VALUE", + * // CallerAccessGrantsList: [ // CallerAccessGrantsList + * // { // ListCallerAccessGrantsEntry + * // Permission: "READ" || "WRITE" || "READWRITE", + * // GrantScope: "STRING_VALUE", + * // ApplicationArn: "STRING_VALUE", + * // }, + * // ], + * // }; + * + * ``` + * + * @param ListCallerAccessGrantsCommandInput - {@link ListCallerAccessGrantsCommandInput} + * @returns {@link ListCallerAccessGrantsCommandOutput} + * @see {@link ListCallerAccessGrantsCommandInput} for command's `input` shape. + * @see {@link ListCallerAccessGrantsCommandOutput} for command's `response` shape. + * @see {@link S3ControlClientResolvedConfig | config} for S3ControlClient's `config` shape. + * + * @throws {@link S3ControlServiceException} + *

Base exception class for all service exceptions from S3Control service.

+ * + * @public + */ +export class ListCallerAccessGrantsCommand extends $Command + .classBuilder< + ListCallerAccessGrantsCommandInput, + ListCallerAccessGrantsCommandOutput, + S3ControlClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep({ + ...commonParams, + RequiresAccountId: { type: "staticContextParams", value: true }, + AccountId: { type: "contextParams", name: "AccountId" }, + }) + .m(function (this: any, Command: any, cs: any, config: S3ControlClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + getProcessArnablesPlugin(config), + getApplyMd5BodyChecksumPlugin(config), + ]; + }) + .s("AWSS3ControlServiceV20180820", "ListCallerAccessGrants", {}) + .n("S3ControlClient", "ListCallerAccessGrantsCommand") + .f(void 0, void 0) + .ser(se_ListCallerAccessGrantsCommand) + .de(de_ListCallerAccessGrantsCommand) + .build() {} diff --git a/clients/client-s3-control/src/commands/ListStorageLensConfigurationsCommand.ts b/clients/client-s3-control/src/commands/ListStorageLensConfigurationsCommand.ts index 6ee98e627b09..1975f286c071 100644 --- a/clients/client-s3-control/src/commands/ListStorageLensConfigurationsCommand.ts +++ b/clients/client-s3-control/src/commands/ListStorageLensConfigurationsCommand.ts @@ -6,7 +6,8 @@ import { Command as $Command } from "@smithy/smithy-client"; import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; -import { ListStorageLensConfigurationsRequest, ListStorageLensConfigurationsResult } from "../models/models_0"; +import { ListStorageLensConfigurationsRequest } from "../models/models_0"; +import { ListStorageLensConfigurationsResult } from "../models/models_1"; import { de_ListStorageLensConfigurationsCommand, se_ListStorageLensConfigurationsCommand, diff --git a/clients/client-s3-control/src/commands/ListStorageLensGroupsCommand.ts b/clients/client-s3-control/src/commands/ListStorageLensGroupsCommand.ts index d351fa9ef87c..a41ed3bf324c 100644 --- a/clients/client-s3-control/src/commands/ListStorageLensGroupsCommand.ts +++ b/clients/client-s3-control/src/commands/ListStorageLensGroupsCommand.ts @@ -6,8 +6,7 @@ import { Command as $Command } from "@smithy/smithy-client"; import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; -import { ListStorageLensGroupsRequest } from "../models/models_0"; -import { ListStorageLensGroupsResult } from "../models/models_1"; +import { ListStorageLensGroupsRequest, ListStorageLensGroupsResult } from "../models/models_1"; import { de_ListStorageLensGroupsCommand, se_ListStorageLensGroupsCommand } from "../protocols/Aws_restXml"; import { S3ControlClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../S3ControlClient"; diff --git a/clients/client-s3-control/src/commands/index.ts b/clients/client-s3-control/src/commands/index.ts index e509b95acad1..b4fede9ee0fd 100644 --- a/clients/client-s3-control/src/commands/index.ts +++ b/clients/client-s3-control/src/commands/index.ts @@ -64,6 +64,7 @@ export * from "./ListAccessGrantsInstancesCommand"; export * from "./ListAccessGrantsLocationsCommand"; export * from "./ListAccessPointsCommand"; export * from "./ListAccessPointsForObjectLambdaCommand"; +export * from "./ListCallerAccessGrantsCommand"; export * from "./ListJobsCommand"; export * from "./ListMultiRegionAccessPointsCommand"; export * from "./ListRegionalBucketsCommand"; diff --git a/clients/client-s3-control/src/models/models_0.ts b/clients/client-s3-control/src/models/models_0.ts index db55de02081e..6d6cb688e578 100644 --- a/clients/client-s3-control/src/models/models_0.ts +++ b/clients/client-s3-control/src/models/models_0.ts @@ -68,10 +68,24 @@ export interface ListAccessGrantsInstanceEntry { CreatedAt?: Date; /** + * @deprecated + * *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

* @public */ IdentityCenterArn?: string; + + /** + *

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

+ * @public + */ + IdentityCenterInstanceArn?: string; + + /** + *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

+ * @public + */ + IdentityCenterApplicationArn?: string; } /** @@ -312,7 +326,7 @@ export interface AccessPoint { *

The virtual private cloud (VPC) configuration for this access point, if one exists.

* *

This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other - * Amazon Web Services.

+ * Amazon Web Servicesservices.

* * @public */ @@ -586,7 +600,7 @@ export interface AccountLevel { */ export interface AssociateAccessGrantsIdentityCenterRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -698,7 +712,7 @@ export interface PublicAccessBlockConfiguration { /** *

Specifies whether Amazon S3 should restrict public bucket policies for buckets in this * account. Setting this element to TRUE restricts access to buckets with public - * policies to only Amazon Web Service principals and authorized users within this + * policies to only Amazon Web Servicesservice principals and authorized users within this * account.

*

Enabling this setting doesn't affect previously stored bucket policies, except that * public and cross-account access within any public bucket policy, including non-public @@ -964,7 +978,7 @@ export interface Tag { */ export interface CreateAccessGrantRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -1105,7 +1119,7 @@ export interface CreateAccessGrantResult { */ export interface CreateAccessGrantsInstanceRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -1140,16 +1154,30 @@ export interface CreateAccessGrantsInstanceResult { AccessGrantsInstanceId?: string; /** - *

The Amazon Resource Name (ARN) of the S3 Access Grants instance.

+ *

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

* @public */ AccessGrantsInstanceArn?: string; /** - *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance passed in the request. S3 Access Grants creates this Identity Center application for this specific S3 Access Grants instance.

+ * @deprecated + * + *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

* @public */ IdentityCenterArn?: string; + + /** + *

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

+ * @public + */ + IdentityCenterInstanceArn?: string; + + /** + *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

+ * @public + */ + IdentityCenterApplicationArn?: string; } /** @@ -1157,7 +1185,7 @@ export interface CreateAccessGrantsInstanceResult { */ export interface CreateAccessGrantsLocationRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -1834,21 +1862,21 @@ export interface JobManifest { export interface KeyNameConstraint { /** *

If provided, the generated manifest includes objects where the specified string appears - * at the start of the object key string.

+ * at the start of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

* @public */ MatchAnyPrefix?: string[]; /** *

If provided, the generated manifest includes objects where the specified string appears - * at the end of the object key string.

+ * at the end of the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

* @public */ MatchAnySuffix?: string[]; /** *

If provided, the generated manifest includes objects where the specified string appears - * anywhere within the object key string.

+ * anywhere within the object key string. Each KeyNameConstraint filter accepts an array of strings with a length of 1 string.

* @public */ MatchAnySubstring?: string[]; @@ -2059,7 +2087,7 @@ export interface S3JobManifestGenerator { ExpectedBucketOwner?: string; /** - *

The source bucket used by the ManifestGenerator.

+ *

The ARN of the source bucket used by the ManifestGenerator.

* *

* Directory buckets - Directory buckets aren't supported @@ -3535,7 +3563,7 @@ export interface CreateStorageLensGroupRequest { */ export interface DeleteAccessGrantRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -3552,7 +3580,7 @@ export interface DeleteAccessGrantRequest { */ export interface DeleteAccessGrantsInstanceRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -3563,7 +3591,7 @@ export interface DeleteAccessGrantsInstanceRequest { */ export interface DeleteAccessGrantsInstanceResourcePolicyRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -3574,7 +3602,7 @@ export interface DeleteAccessGrantsInstanceResourcePolicyRequest { */ export interface DeleteAccessGrantsLocationRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -4211,7 +4239,7 @@ export interface DescribeMultiRegionAccessPointOperationResult { */ export interface DissociateAccessGrantsIdentityCenterRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -4222,7 +4250,7 @@ export interface DissociateAccessGrantsIdentityCenterRequest { */ export interface GetAccessGrantRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -4312,7 +4340,7 @@ export interface GetAccessGrantResult { */ export interface GetAccessGrantsInstanceRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -4335,11 +4363,25 @@ export interface GetAccessGrantsInstanceResult { AccessGrantsInstanceId?: string; /** - *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

+ * @deprecated + * + *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

* @public */ IdentityCenterArn?: string; + /** + *

The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.

+ * @public + */ + IdentityCenterInstanceArn?: string; + + /** + *

If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.

+ * @public + */ + IdentityCenterApplicationArn?: string; + /** *

The date and time when you created the S3 Access Grants instance.

* @public @@ -4386,7 +4428,7 @@ export interface GetAccessGrantsInstanceForPrefixResult { */ export interface GetAccessGrantsInstanceResourcePolicyRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -4420,7 +4462,7 @@ export interface GetAccessGrantsInstanceResourcePolicyResult { */ export interface GetAccessGrantsLocationRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -4518,7 +4560,7 @@ export interface GetAccessPointResult { *

Contains the virtual private cloud (VPC) configuration for the specified access point.

* *

This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other - * Amazon Web Services.

+ * Amazon Web Servicesservices.

* * @public */ @@ -5199,7 +5241,10 @@ export interface DeleteMarkerReplication { /** *

Specifies encryption-related information for an Amazon S3 bucket that is a destination for - * replicated objects.

+ * replicated objects. If you're specifying a customer managed KMS key, we recommend using a fully qualified + * KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the + * requester’s account. This behavior can result in data that's encrypted with a KMS key + * that belongs to the requester, and not the bucket owner.

* *

This is not supported by Amazon S3 on Outposts buckets.

* @@ -5878,7 +5923,7 @@ export type Privilege = (typeof Privilege)[keyof typeof Privilege]; */ export interface GetDataAccessRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -6761,7 +6806,7 @@ export interface GetStorageLensGroupResult { */ export interface ListAccessGrantsRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -6859,7 +6904,7 @@ export interface ListAccessGrantsResult { */ export interface ListAccessGrantsInstancesRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -6899,7 +6944,7 @@ export interface ListAccessGrantsInstancesResult { */ export interface ListAccessGrantsLocationsRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -7068,6 +7113,97 @@ export interface ListAccessPointsForObjectLambdaResult { NextToken?: string; } +/** + * @public + */ +export interface ListCallerAccessGrantsRequest { + /** + *

The Amazon Web Services account ID of the S3 Access Grants instance.

+ * @public + */ + AccountId?: string; + + /** + *

The S3 path of the data that you would like to access. Must start with s3://. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment.

+ * @public + */ + GrantScope?: string; + + /** + *

A pagination token to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

+ * @public + */ + NextToken?: string; + + /** + *

The maximum number of access grants that you would like returned in the List Caller Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.

+ * @public + */ + MaxResults?: number; + + /** + *

If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller's Identity Center application or for any other applications (ALL).

+ * @public + */ + AllowedByApplication?: boolean; +} + +/** + *

Part of ListCallerAccessGrantsResult. Each entry includes the + * permission level (READ, WRITE, or READWRITE) and the grant scope of the access grant. If the grant also includes an application ARN, the grantee can only access the S3 data through this application.

+ * @public + */ +export interface ListCallerAccessGrantsEntry { + /** + *

The type of permission granted, which can be one of the following values:

+ *
    + *
  • + *

    + * READ - Grants read-only access to the S3 data.

    + *
    • + *
  • + *

    + * WRITE - Grants write-only access to the S3 data.

    + *
    • + *
  • + *

    + * READWRITE - Grants both read and write access to the S3 data.

    + *
    • + *
+ * @public + */ + Permission?: Permission; + + /** + *

The S3 path of the data to which you have been granted access.

+ * @public + */ + GrantScope?: string; + + /** + *

The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

+ * @public + */ + ApplicationArn?: string; +} + +/** + * @public + */ +export interface ListCallerAccessGrantsResult { + /** + *

A pagination token that you can use to request the next page of results. Pass this value into a subsequent List Caller Access Grants request in order to retrieve the next page of results.

+ * @public + */ + NextToken?: string; + + /** + *

A list of the caller's access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.

+ * @public + */ + CallerAccessGrantsList?: ListCallerAccessGrantsEntry[]; +} + /** *

* @public @@ -7394,79 +7530,6 @@ export interface ListStorageLensConfigurationsRequest { NextToken?: string; } -/** - *

Part of ListStorageLensConfigurationResult. Each entry includes the - * description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its - * Amazon Resource Name (ARN), and config ID.

- * @public - */ -export interface ListStorageLensConfigurationEntry { - /** - *

A container for the S3 Storage Lens configuration ID.

- * @public - */ - Id: string | undefined; - - /** - *

The ARN of the S3 Storage Lens configuration. This property is read-only.

- * @public - */ - StorageLensArn: string | undefined; - - /** - *

A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in - * your designated S3 Storage Lens home Region.

- * @public - */ - HomeRegion: string | undefined; - - /** - *

A container for whether the S3 Storage Lens configuration is enabled. This property is - * required.

- * @public - */ - IsEnabled?: boolean; -} - -/** - * @public - */ -export interface ListStorageLensConfigurationsResult { - /** - *

If the request produced more than the maximum number of S3 Storage Lens configuration results, - * you can pass this value into a subsequent request to retrieve the next page of - * results.

- * @public - */ - NextToken?: string; - - /** - *

A list of S3 Storage Lens configurations.

- * @public - */ - StorageLensConfigurationList?: ListStorageLensConfigurationEntry[]; -} - -/** - * @public - */ -export interface ListStorageLensGroupsRequest { - /** - *

- * The Amazon Web Services account ID that owns the Storage Lens groups. - *

- * @public - */ - AccountId?: string; - - /** - *

The token for the next set of results, or null if there are no more results. - *

- * @public - */ - NextToken?: string; -} - /** * @internal */ diff --git a/clients/client-s3-control/src/models/models_1.ts b/clients/client-s3-control/src/models/models_1.ts index 7ee8eddbd79d..51c4066460d1 100644 --- a/clients/client-s3-control/src/models/models_1.ts +++ b/clients/client-s3-control/src/models/models_1.ts @@ -19,6 +19,79 @@ import { import { S3ControlServiceException as __BaseException } from "./S3ControlServiceException"; +/** + *

Part of ListStorageLensConfigurationResult. Each entry includes the + * description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its + * Amazon Resource Name (ARN), and config ID.

+ * @public + */ +export interface ListStorageLensConfigurationEntry { + /** + *

A container for the S3 Storage Lens configuration ID.

+ * @public + */ + Id: string | undefined; + + /** + *

The ARN of the S3 Storage Lens configuration. This property is read-only.

+ * @public + */ + StorageLensArn: string | undefined; + + /** + *

A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in + * your designated S3 Storage Lens home Region.

+ * @public + */ + HomeRegion: string | undefined; + + /** + *

A container for whether the S3 Storage Lens configuration is enabled. This property is + * required.

+ * @public + */ + IsEnabled?: boolean; +} + +/** + * @public + */ +export interface ListStorageLensConfigurationsResult { + /** + *

If the request produced more than the maximum number of S3 Storage Lens configuration results, + * you can pass this value into a subsequent request to retrieve the next page of + * results.

+ * @public + */ + NextToken?: string; + + /** + *

A list of S3 Storage Lens configurations.

+ * @public + */ + StorageLensConfigurationList?: ListStorageLensConfigurationEntry[]; +} + +/** + * @public + */ +export interface ListStorageLensGroupsRequest { + /** + *

+ * The Amazon Web Services account ID that owns the Storage Lens groups. + *

+ * @public + */ + AccountId?: string; + + /** + *

The token for the next set of results, or null if there are no more results. + *

+ * @public + */ + NextToken?: string; +} + /** *

* Each entry contains a Storage Lens group that exists in the specified home Region. @@ -114,7 +187,7 @@ export interface ListTagsForResourceResult { */ export interface PutAccessGrantsInstanceResourcePolicyRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; @@ -692,7 +765,7 @@ export interface UntagResourceResult {} */ export interface UpdateAccessGrantsLocationRequest { /** - *

The ID of the Amazon Web Services account that is making this request.

+ *

The Amazon Web Services account ID of the S3 Access Grants instance.

* @public */ AccountId?: string; diff --git a/clients/client-s3-control/src/pagination/ListCallerAccessGrantsPaginator.ts b/clients/client-s3-control/src/pagination/ListCallerAccessGrantsPaginator.ts new file mode 100644 index 000000000000..b5edfac5e22b --- /dev/null +++ b/clients/client-s3-control/src/pagination/ListCallerAccessGrantsPaginator.ts @@ -0,0 +1,24 @@ +// smithy-typescript generated code +import { createPaginator } from "@smithy/core"; +import { Paginator } from "@smithy/types"; + +import { + ListCallerAccessGrantsCommand, + ListCallerAccessGrantsCommandInput, + ListCallerAccessGrantsCommandOutput, +} from "../commands/ListCallerAccessGrantsCommand"; +import { S3ControlClient } from "../S3ControlClient"; +import { S3ControlPaginationConfiguration } from "./Interfaces"; + +/** + * @public + */ +export const paginateListCallerAccessGrants: ( + config: S3ControlPaginationConfiguration, + input: ListCallerAccessGrantsCommandInput, + ...rest: any[] +) => Paginator = createPaginator< + S3ControlPaginationConfiguration, + ListCallerAccessGrantsCommandInput, + ListCallerAccessGrantsCommandOutput +>(S3ControlClient, ListCallerAccessGrantsCommand, "NextToken", "NextToken", "MaxResults"); diff --git a/clients/client-s3-control/src/pagination/index.ts b/clients/client-s3-control/src/pagination/index.ts index 92292f6d10f8..31d4e4b7f67b 100644 --- a/clients/client-s3-control/src/pagination/index.ts +++ b/clients/client-s3-control/src/pagination/index.ts @@ -5,6 +5,7 @@ export * from "./ListAccessGrantsLocationsPaginator"; export * from "./ListAccessGrantsPaginator"; export * from "./ListAccessPointsForObjectLambdaPaginator"; export * from "./ListAccessPointsPaginator"; +export * from "./ListCallerAccessGrantsPaginator"; export * from "./ListJobsPaginator"; export * from "./ListMultiRegionAccessPointsPaginator"; export * from "./ListRegionalBucketsPaginator"; diff --git a/clients/client-s3-control/src/protocols/Aws_restXml.ts b/clients/client-s3-control/src/protocols/Aws_restXml.ts index 21ab41b3dc71..6e0ebcec646b 100644 --- a/clients/client-s3-control/src/protocols/Aws_restXml.ts +++ b/clients/client-s3-control/src/protocols/Aws_restXml.ts @@ -236,6 +236,10 @@ import { ListAccessPointsForObjectLambdaCommandInput, ListAccessPointsForObjectLambdaCommandOutput, } from "../commands/ListAccessPointsForObjectLambdaCommand"; +import { + ListCallerAccessGrantsCommandInput, + ListCallerAccessGrantsCommandOutput, +} from "../commands/ListCallerAccessGrantsCommand"; import { ListJobsCommandInput, ListJobsCommandOutput } from "../commands/ListJobsCommand"; import { ListMultiRegionAccessPointsCommandInput, @@ -379,7 +383,7 @@ import { ListAccessGrantEntry, ListAccessGrantsInstanceEntry, ListAccessGrantsLocationsEntry, - ListStorageLensConfigurationEntry, + ListCallerAccessGrantsEntry, MatchObjectAge, MatchObjectSize, Metrics, @@ -464,6 +468,7 @@ import { import { JobStatusException, LifecycleConfiguration, + ListStorageLensConfigurationEntry, ListStorageLensGroupEntry, Tagging, TooManyTagsException, @@ -2578,6 +2583,41 @@ export const se_ListAccessPointsForObjectLambdaCommand = async ( return b.build(); }; +/** + * serializeAws_restXmlListCallerAccessGrantsCommand + */ +export const se_ListCallerAccessGrantsCommand = async ( + input: ListCallerAccessGrantsCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const b = rb(input, context); + const headers: any = map({}, isSerializableHeaderValue, { + [_xaai]: input[_AI]!, + }); + b.bp("/v20180820/accessgrantsinstance/caller/grants"); + const query: any = map({ + [_gra]: [, input[_GS]!], + [_nT]: [, input[_NT]!], + [_mR]: [() => input.MaxResults !== void 0, () => input[_MR]!.toString()], + [_aBA]: [() => input.AllowedByApplication !== void 0, () => input[_ABA]!.toString()], + }); + let body: any; + let { hostname: resolvedHostname } = await context.endpoint(); + if (context.disableHostPrefix !== true) { + resolvedHostname = "{AccountId}." + resolvedHostname; + if (input.AccountId === undefined) { + throw new Error("Empty value provided for input host prefix: AccountId."); + } + resolvedHostname = resolvedHostname.replace("{AccountId}", input.AccountId!); + if (!__isValidHostname(resolvedHostname)) { + throw new Error("ValidationError: prefixed hostname must be hostname compatible."); + } + } + b.hn(resolvedHostname); + b.m("GET").h(headers).q(query).b(body); + return b.build(); +}; + /** * serializeAws_restXmlListJobsCommand */ @@ -3637,9 +3677,15 @@ export const de_CreateAccessGrantsInstanceCommand = async ( if (data[_CA] != null) { contents[_CA] = __expectNonNull(__parseRfc3339DateTimeWithOffset(data[_CA])); } + if (data[_ICAA] != null) { + contents[_ICAA] = __expectString(data[_ICAA]); + } if (data[_ICA] != null) { contents[_ICA] = __expectString(data[_ICA]); } + if (data[_ICIA] != null) { + contents[_ICIA] = __expectString(data[_ICIA]); + } return contents; }; @@ -4249,9 +4295,15 @@ export const de_GetAccessGrantsInstanceCommand = async ( if (data[_CA] != null) { contents[_CA] = __expectNonNull(__parseRfc3339DateTimeWithOffset(data[_CA])); } + if (data[_ICAA] != null) { + contents[_ICAA] = __expectString(data[_ICAA]); + } if (data[_ICA] != null) { contents[_ICA] = __expectString(data[_ICA]); } + if (data[_ICIA] != null) { + contents[_ICIA] = __expectString(data[_ICIA]); + } return contents; }; @@ -4978,6 +5030,31 @@ export const de_ListAccessPointsForObjectLambdaCommand = async ( return contents; }; +/** + * deserializeAws_restXmlListCallerAccessGrantsCommand + */ +export const de_ListCallerAccessGrantsCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_CommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + if (data.CallerAccessGrantsList === "") { + contents[_CAGL] = []; + } else if (data[_CAGL] != null && data[_CAGL][_AG] != null) { + contents[_CAGL] = de_CallerAccessGrantsList(__getArrayIfSingleItem(data[_CAGL][_AG]), context); + } + if (data[_NT] != null) { + contents[_NT] = __expectString(data[_NT]); + } + return contents; +}; + /** * deserializeAws_restXmlListJobsCommand */ @@ -7977,6 +8054,17 @@ const de_Buckets = (output: any, context: __SerdeContext): string[] => { }); }; +/** + * deserializeAws_restXmlCallerAccessGrantsList + */ +const de_CallerAccessGrantsList = (output: any, context: __SerdeContext): ListCallerAccessGrantsEntry[] => { + return (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_ListCallerAccessGrantsEntry(entry, context); + }); +}; + /** * deserializeAws_restXmlCloudWatchMetrics */ @@ -8743,6 +8831,12 @@ const de_ListAccessGrantsInstanceEntry = (output: any, context: __SerdeContext): if (output[_ICA] != null) { contents[_ICA] = __expectString(output[_ICA]); } + if (output[_ICIA] != null) { + contents[_ICIA] = __expectString(output[_ICIA]); + } + if (output[_ICAA] != null) { + contents[_ICAA] = __expectString(output[_ICAA]); + } return contents; }; @@ -8769,6 +8863,23 @@ const de_ListAccessGrantsLocationsEntry = (output: any, context: __SerdeContext) return contents; }; +/** + * deserializeAws_restXmlListCallerAccessGrantsEntry + */ +const de_ListCallerAccessGrantsEntry = (output: any, context: __SerdeContext): ListCallerAccessGrantsEntry => { + const contents: any = {}; + if (output[_P] != null) { + contents[_P] = __expectString(output[_P]); + } + if (output[_GS] != null) { + contents[_GS] = __expectString(output[_GS]); + } + if (output[_AA] != null) { + contents[_AA] = __expectString(output[_AA]); + } + return contents; +}; + /** * deserializeAws_restXmlListStorageLensConfigurationEntry */ @@ -10437,6 +10548,7 @@ const isSerializableHeaderValue = (value: any): boolean => const _A = "Alias"; const _AA = "ApplicationArn"; const _AAGICR = "AssociateAccessGrantsIdentityCenterRequest"; +const _ABA = "AllowedByApplication"; const _ACG = "AccessControlGrants"; const _ACL = "ACL"; const _ACLc = "AccessControlList"; @@ -10499,6 +10611,7 @@ const _C = "Configuration"; const _CA = "CreatedAt"; const _CACL = "CannedAccessControlList"; const _CAGIR = "CreateAccessGrantsInstanceRequest"; +const _CAGL = "CallerAccessGrantsList"; const _CAGLR = "CreateAccessGrantsLocationRequest"; const _CAGR = "CreateAccessGrantRequest"; const _CAPFOLR = "CreateAccessPointForObjectLambdaRequest"; @@ -10596,6 +10709,7 @@ const _I = "Include"; const _IAMRA = "IAMRoleArn"; const _ICA = "IdentityCenterArn"; const _ICAA = "IdentityCenterApplicationArn"; +const _ICIA = "IdentityCenterInstanceArn"; const _ID = "ID"; const _IE = "IsEnabled"; const _IP = "IsPublic"; @@ -10907,6 +11021,7 @@ const _V = "Value"; const _VC = "VpcConfiguration"; const _VCe = "VersioningConfiguration"; const _VI = "VpcId"; +const _aBA = "allowedByApplication"; const _aa = "application_arn"; const _b = "bucket"; const _dS = "durationSeconds";