From 52bc2d8ab48200e729d0cca7cc6dee7db4e5dac4 Mon Sep 17 00:00:00 2001 From: awstools Date: Fri, 23 Aug 2024 18:25:49 +0000 Subject: [PATCH] feat(client-qbusiness): Amazon QBusiness: Enable support for SAML and OIDC federation through AWS IAM Identity Provider integration. --- .../src/commands/CreateApplicationCommand.ts | 5 + .../commands/CreateWebExperienceCommand.ts | 9 + .../src/commands/GetApplicationCommand.ts | 9 + .../src/commands/GetWebExperienceCommand.ts | 9 + .../src/commands/ListApplicationsCommand.ts | 1 + .../src/commands/UpdateApplicationCommand.ts | 4 + .../commands/UpdateWebExperienceCommand.ts | 9 + .../client-qbusiness/src/models/models_0.ts | 279 +++++++++++++++++- .../src/protocols/Aws_restJson1.ts | 36 +++ codegen/sdk-codegen/aws-models/qbusiness.json | 242 ++++++++++++++- 10 files changed, 593 insertions(+), 10 deletions(-) diff --git a/clients/client-qbusiness/src/commands/CreateApplicationCommand.ts b/clients/client-qbusiness/src/commands/CreateApplicationCommand.ts index e71a1181c09b5..27523f22940ea 100644 --- a/clients/client-qbusiness/src/commands/CreateApplicationCommand.ts +++ b/clients/client-qbusiness/src/commands/CreateApplicationCommand.ts @@ -48,7 +48,12 @@ export interface CreateApplicationCommandOutput extends CreateApplicationRespons * const input = { // CreateApplicationRequest * displayName: "STRING_VALUE", // required * roleArn: "STRING_VALUE", + * identityType: "AWS_IAM_IDP_SAML" || "AWS_IAM_IDP_OIDC" || "AWS_IAM_IDC", + * iamIdentityProviderArn: "STRING_VALUE", * identityCenterInstanceArn: "STRING_VALUE", + * clientIdsForOIDC: [ // ClientIdsForOIDC + * "STRING_VALUE", + * ], * description: "STRING_VALUE", * encryptionConfiguration: { // EncryptionConfiguration * kmsKeyId: "STRING_VALUE", diff --git a/clients/client-qbusiness/src/commands/CreateWebExperienceCommand.ts b/clients/client-qbusiness/src/commands/CreateWebExperienceCommand.ts index 79e9018b324f2..aa505041c0044 100644 --- a/clients/client-qbusiness/src/commands/CreateWebExperienceCommand.ts +++ b/clients/client-qbusiness/src/commands/CreateWebExperienceCommand.ts @@ -49,6 +49,15 @@ export interface CreateWebExperienceCommandOutput extends CreateWebExperienceRes * }, * ], * clientToken: "STRING_VALUE", + * identityProviderConfiguration: { // IdentityProviderConfiguration Union: only one key present + * samlConfiguration: { // SamlProviderConfiguration + * authenticationUrl: "STRING_VALUE", // required + * }, + * openIDConnectConfiguration: { // OpenIDConnectProviderConfiguration + * secretsArn: "STRING_VALUE", // required + * secretsRole: "STRING_VALUE", // required + * }, + * }, * }; * const command = new CreateWebExperienceCommand(input); * const response = await client.send(command); diff --git a/clients/client-qbusiness/src/commands/GetApplicationCommand.ts b/clients/client-qbusiness/src/commands/GetApplicationCommand.ts index ae0ff0b377609..d973ceb19ec13 100644 --- a/clients/client-qbusiness/src/commands/GetApplicationCommand.ts +++ b/clients/client-qbusiness/src/commands/GetApplicationCommand.ts @@ -48,6 +48,8 @@ export interface GetApplicationCommandOutput extends GetApplicationResponse, __M * // displayName: "STRING_VALUE", * // applicationId: "STRING_VALUE", * // applicationArn: "STRING_VALUE", + * // identityType: "AWS_IAM_IDP_SAML" || "AWS_IAM_IDP_OIDC" || "AWS_IAM_IDC", + * // iamIdentityProviderArn: "STRING_VALUE", * // identityCenterApplicationArn: "STRING_VALUE", * // roleArn: "STRING_VALUE", * // status: "CREATING" || "ACTIVE" || "DELETING" || "FAILED" || "UPDATING", @@ -70,6 +72,13 @@ export interface GetApplicationCommandOutput extends GetApplicationResponse, __M * // personalizationConfiguration: { // PersonalizationConfiguration * // personalizationControlMode: "ENABLED" || "DISABLED", // required * // }, + * // autoSubscriptionConfiguration: { // AutoSubscriptionConfiguration + * // autoSubscribe: "ENABLED" || "DISABLED", // required + * // defaultSubscriptionType: "Q_LITE" || "Q_BUSINESS", + * // }, + * // clientIdsForOIDC: [ // ClientIdsForOIDC + * // "STRING_VALUE", + * // ], * // }; * * ``` diff --git a/clients/client-qbusiness/src/commands/GetWebExperienceCommand.ts b/clients/client-qbusiness/src/commands/GetWebExperienceCommand.ts index 9d924e8ba4f13..0c6336bb0b72b 100644 --- a/clients/client-qbusiness/src/commands/GetWebExperienceCommand.ts +++ b/clients/client-qbusiness/src/commands/GetWebExperienceCommand.ts @@ -54,6 +54,15 @@ export interface GetWebExperienceCommandOutput extends GetWebExperienceResponse, * // welcomeMessage: "STRING_VALUE", * // samplePromptsControlMode: "ENABLED" || "DISABLED", * // roleArn: "STRING_VALUE", + * // identityProviderConfiguration: { // IdentityProviderConfiguration Union: only one key present + * // samlConfiguration: { // SamlProviderConfiguration + * // authenticationUrl: "STRING_VALUE", // required + * // }, + * // openIDConnectConfiguration: { // OpenIDConnectProviderConfiguration + * // secretsArn: "STRING_VALUE", // required + * // secretsRole: "STRING_VALUE", // required + * // }, + * // }, * // authenticationConfiguration: { // WebExperienceAuthConfiguration Union: only one key present * // samlConfiguration: { // SamlConfiguration * // metadataXML: "STRING_VALUE", // required diff --git a/clients/client-qbusiness/src/commands/ListApplicationsCommand.ts b/clients/client-qbusiness/src/commands/ListApplicationsCommand.ts index 4106e7c0205ab..caa0368e71cef 100644 --- a/clients/client-qbusiness/src/commands/ListApplicationsCommand.ts +++ b/clients/client-qbusiness/src/commands/ListApplicationsCommand.ts @@ -50,6 +50,7 @@ export interface ListApplicationsCommandOutput extends ListApplicationsResponse, * // createdAt: new Date("TIMESTAMP"), * // updatedAt: new Date("TIMESTAMP"), * // status: "CREATING" || "ACTIVE" || "DELETING" || "FAILED" || "UPDATING", + * // identityType: "AWS_IAM_IDP_SAML" || "AWS_IAM_IDP_OIDC" || "AWS_IAM_IDC", * // }, * // ], * // }; diff --git a/clients/client-qbusiness/src/commands/UpdateApplicationCommand.ts b/clients/client-qbusiness/src/commands/UpdateApplicationCommand.ts index 38fd010d31239..dc35d7a0498e2 100644 --- a/clients/client-qbusiness/src/commands/UpdateApplicationCommand.ts +++ b/clients/client-qbusiness/src/commands/UpdateApplicationCommand.ts @@ -50,6 +50,10 @@ export interface UpdateApplicationCommandOutput extends UpdateApplicationRespons * personalizationConfiguration: { // PersonalizationConfiguration * personalizationControlMode: "ENABLED" || "DISABLED", // required * }, + * autoSubscriptionConfiguration: { // AutoSubscriptionConfiguration + * autoSubscribe: "ENABLED" || "DISABLED", // required + * defaultSubscriptionType: "Q_LITE" || "Q_BUSINESS", + * }, * }; * const command = new UpdateApplicationCommand(input); * const response = await client.send(command); diff --git a/clients/client-qbusiness/src/commands/UpdateWebExperienceCommand.ts b/clients/client-qbusiness/src/commands/UpdateWebExperienceCommand.ts index 63bcc77df5c07..211b9eda09275 100644 --- a/clients/client-qbusiness/src/commands/UpdateWebExperienceCommand.ts +++ b/clients/client-qbusiness/src/commands/UpdateWebExperienceCommand.ts @@ -51,6 +51,15 @@ export interface UpdateWebExperienceCommandOutput extends UpdateWebExperienceRes * subtitle: "STRING_VALUE", * welcomeMessage: "STRING_VALUE", * samplePromptsControlMode: "ENABLED" || "DISABLED", + * identityProviderConfiguration: { // IdentityProviderConfiguration Union: only one key present + * samlConfiguration: { // SamlProviderConfiguration + * authenticationUrl: "STRING_VALUE", // required + * }, + * openIDConnectConfiguration: { // OpenIDConnectProviderConfiguration + * secretsArn: "STRING_VALUE", // required + * secretsRole: "STRING_VALUE", // required + * }, + * }, * }; * const command = new UpdateWebExperienceCommand(input); * const response = await client.send(command); diff --git a/clients/client-qbusiness/src/models/models_0.ts b/clients/client-qbusiness/src/models/models_0.ts index 5f69230be33bc..3dcb925dd3222 100644 --- a/clients/client-qbusiness/src/models/models_0.ts +++ b/clients/client-qbusiness/src/models/models_0.ts @@ -565,6 +565,21 @@ export const APISchemaType = { */ export type APISchemaType = (typeof APISchemaType)[keyof typeof APISchemaType]; +/** + * @public + * @enum + */ +export const IdentityType = { + AWS_IAM_IDC: "AWS_IAM_IDC", + AWS_IAM_IDP_OIDC: "AWS_IAM_IDP_OIDC", + AWS_IAM_IDP_SAML: "AWS_IAM_IDP_SAML", +} as const; + +/** + * @public + */ +export type IdentityType = (typeof IdentityType)[keyof typeof IdentityType]; + /** * @public * @enum @@ -617,6 +632,12 @@ export interface Application { * @public */ status?: ApplicationStatus; + + /** + *

The authentication type being used by a Amazon Q Business application.

+ * @public + */ + identityType?: IdentityType; } /** @@ -789,6 +810,18 @@ export interface CreateApplicationRequest { */ roleArn?: string; + /** + *

The authentication type being used by a Amazon Q Business application.

+ * @public + */ + identityType?: IdentityType; + + /** + *

The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.

+ * @public + */ + iamIdentityProviderArn?: string; + /** *

The Amazon Resource Name (ARN) of the IAM Identity Center instance you are either * creating for—or connecting to—your Amazon Q Business application.

@@ -796,6 +829,12 @@ export interface CreateApplicationRequest { */ identityCenterInstanceArn?: string; + /** + *

The OIDC client ID for a Amazon Q Business application.

+ * @public + */ + clientIdsForOIDC?: string[]; + /** *

A description for the Amazon Q Business application.

* @public @@ -1085,6 +1124,57 @@ export interface AppliedAttachmentsConfiguration { attachmentsControlMode?: AttachmentsControlMode; } +/** + * @public + * @enum + */ +export const AutoSubscriptionStatus = { + DISABLED: "DISABLED", + ENABLED: "ENABLED", +} as const; + +/** + * @public + */ +export type AutoSubscriptionStatus = (typeof AutoSubscriptionStatus)[keyof typeof AutoSubscriptionStatus]; + +/** + * @public + * @enum + */ +export const SubscriptionType = { + Q_BUSINESS: "Q_BUSINESS", + Q_LITE: "Q_LITE", +} as const; + +/** + * @public + */ +export type SubscriptionType = (typeof SubscriptionType)[keyof typeof SubscriptionType]; + +/** + *

Subscription configuration information for an Amazon Q Business application + * using IAM identity federation for user management.

+ * @public + */ +export interface AutoSubscriptionConfiguration { + /** + *

Describes whether automatic subscriptions are enabled for an Amazon Q Business + * application using IAM identity federation for user management.

+ * @public + */ + autoSubscribe: AutoSubscriptionStatus | undefined; + + /** + *

Describes the default subscription type assigned to an Amazon Q Business + * application using IAM identity federation for user management. If the + * value for autoSubscribe is set to ENABLED you must select a + * value for this field.

+ * @public + */ + defaultSubscriptionType?: SubscriptionType; +} + /** * @public * @enum @@ -1141,6 +1231,18 @@ export interface GetApplicationResponse { */ applicationArn?: string; + /** + *

The authentication type being used by a Amazon Q Business application.

+ * @public + */ + identityType?: IdentityType; + + /** + *

The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.

+ * @public + */ + iamIdentityProviderArn?: string; + /** *

The Amazon Resource Name (ARN) of the AWS IAM Identity Center instance attached to * your Amazon Q Business application.

@@ -1214,6 +1316,19 @@ export interface GetApplicationResponse { * @public */ personalizationConfiguration?: PersonalizationConfiguration; + + /** + *

Settings for auto-subscription behavior for this application. This is only applicable + * to SAML and OIDC applications.

+ * @public + */ + autoSubscriptionConfiguration?: AutoSubscriptionConfiguration; + + /** + *

The OIDC client ID for a Amazon Q Business application.

+ * @public + */ + clientIdsForOIDC?: string[]; } /** @@ -1752,9 +1867,36 @@ export interface CreateDataSourceRequest { displayName: string | undefined; /** - *

Configuration information to connect to your data source repository. For configuration - * templates for your specific data source, see Supported - * connectors.

+ *

Configuration information to connect your data source repository to Amazon Q Business. Use this parameter to provide a JSON schema with configuration + * information specific to your data source connector.

+ *

Each data source has a JSON schema provided by Amazon Q Business that you must + * use. For example, the Amazon S3 and Web Crawler connectors require the following + * JSON schemas:

+ * + *

You can find configuration templates for your specific data source using the following + * steps:

+ *
    + *
  1. + *

    Navigate to the Supported + * connectors page in the Amazon Q Business User Guide, and + * select the data source of your choice.

    + *
    2. + *
  2. + *

    Then, from your specific data source connector page, select Using the API. You will find the JSON schema for your + * data source, including parameter descriptions, in this section.

    + *
    3. + *
* @public */ configuration: __DocumentType | undefined; @@ -3834,6 +3976,13 @@ export interface UpdateApplicationRequest { * @public */ personalizationConfiguration?: PersonalizationConfiguration; + + /** + *

An option to enable updating the default subscription type assigned to an Amazon Q Business application using IAM identity federation for user + * management.

+ * @public + */ + autoSubscriptionConfiguration?: AutoSubscriptionConfiguration; } /** @@ -3841,6 +3990,100 @@ export interface UpdateApplicationRequest { */ export interface UpdateApplicationResponse {} +/** + *

Information about the OIDC-compliant identity provider (IdP) used to authenticate end + * users of an Amazon Q Business web experience.

+ * @public + */ +export interface OpenIDConnectProviderConfiguration { + /** + *

The Amazon Resource Name (ARN) of a Secrets Manager secret containing the OIDC + * client secret.

+ * @public + */ + secretsArn: string | undefined; + + /** + *

An IAM role with permissions to access KMS to decrypt + * the Secrets Manager secret containing your OIDC client secret.

+ * @public + */ + secretsRole: string | undefined; +} + +/** + *

Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate + * end users of an Amazon Q Business web experience.

+ * @public + */ +export interface SamlProviderConfiguration { + /** + *

The URL where Amazon Q Business end users will be redirected for authentication. + *

+ * @public + */ + authenticationUrl: string | undefined; +} + +/** + *

Provides information about the identity provider (IdP) used to authenticate end users + * of an Amazon Q Business web experience.

+ * @public + */ +export type IdentityProviderConfiguration = + | IdentityProviderConfiguration.OpenIDConnectConfigurationMember + | IdentityProviderConfiguration.SamlConfigurationMember + | IdentityProviderConfiguration.$UnknownMember; + +/** + * @public + */ +export namespace IdentityProviderConfiguration { + /** + *

Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate + * end users of an Amazon Q Business web experience.

+ * @public + */ + export interface SamlConfigurationMember { + samlConfiguration: SamlProviderConfiguration; + openIDConnectConfiguration?: never; + $unknown?: never; + } + + /** + *

Information about the OIDC-compliant identity provider (IdP) used to authenticate end + * users of an Amazon Q Business web experience.

+ * @public + */ + export interface OpenIDConnectConfigurationMember { + samlConfiguration?: never; + openIDConnectConfiguration: OpenIDConnectProviderConfiguration; + $unknown?: never; + } + + /** + * @public + */ + export interface $UnknownMember { + samlConfiguration?: never; + openIDConnectConfiguration?: never; + $unknown: [string, any]; + } + + export interface Visitor { + samlConfiguration: (value: SamlProviderConfiguration) => T; + openIDConnectConfiguration: (value: OpenIDConnectProviderConfiguration) => T; + _: (name: string, value: any) => T; + } + + export const visit = (value: IdentityProviderConfiguration, visitor: Visitor): T => { + if (value.samlConfiguration !== undefined) return visitor.samlConfiguration(value.samlConfiguration); + if (value.openIDConnectConfiguration !== undefined) + return visitor.openIDConnectConfiguration(value.openIDConnectConfiguration); + return visitor._(value.$unknown[0], value.$unknown[1]); + }; +} + /** * @public * @enum @@ -3895,6 +4138,11 @@ export interface CreateWebExperienceRequest { /** *

The Amazon Resource Name (ARN) of the service role attached to your web * experience.

+ * + *

You must provide this value if you're using IAM Identity Center to manage end user + * access to your application. If you're using legacy identity management to manage + * user access, you don't need to provide this value.

+ * * @public */ roleArn?: string; @@ -3914,6 +4162,13 @@ export interface CreateWebExperienceRequest { * @public */ clientToken?: string; + + /** + *

Information about the identity provider (IdP) used to authenticate end users of an + * Amazon Q Business web experience.

+ * @public + */ + identityProviderConfiguration?: IdentityProviderConfiguration; } /** @@ -4147,6 +4402,13 @@ export interface GetWebExperienceResponse { */ roleArn?: string; + /** + *

Information about the identity provider (IdP) used to authenticate end users of an + * Amazon Q Business web experience.

+ * @public + */ + identityProviderConfiguration?: IdentityProviderConfiguration; + /** * @deprecated * @@ -4302,6 +4564,13 @@ export interface UpdateWebExperienceRequest { * @public */ samplePromptsControlMode?: WebExperienceSamplePromptsControlMode; + + /** + *

Information about the identity provider (IdP) used to authenticate end users of an + * Amazon Q Business web experience.

+ * @public + */ + identityProviderConfiguration?: IdentityProviderConfiguration; } /** @@ -6642,10 +6911,6 @@ export interface PutGroupRequest { *

The list that contains your users or sub groups that belong the same group. For * example, the group "Company" includes the user "CEO" and the sub groups "Research", * "Engineering", and "Sales and Marketing".

- *

If you have more than 1000 users and/or sub groups for a single group, you need to - * provide the path to the S3 file that lists your users and sub groups for a group. Your - * sub groups can contain more than 1000 users, but the list of sub groups that belong to a - * group (and/or users) must be no more than 1000.

* @public */ groupName: string | undefined; diff --git a/clients/client-qbusiness/src/protocols/Aws_restJson1.ts b/clients/client-qbusiness/src/protocols/Aws_restJson1.ts index 3a058a2b41742..2edce487d7d66 100644 --- a/clients/client-qbusiness/src/protocols/Aws_restJson1.ts +++ b/clients/client-qbusiness/src/protocols/Aws_restJson1.ts @@ -146,6 +146,7 @@ import { AuthChallengeRequestEvent, AuthChallengeResponse, AuthChallengeResponseEvent, + AutoSubscriptionConfiguration, BasicAuthConfiguration, BlockedPhrasesConfigurationUpdate, ChatInputStream, @@ -180,6 +181,7 @@ import { GroupMembers, GroupStatusDetail, HookConfiguration, + IdentityProviderConfiguration, Index, IndexCapacityConfiguration, InlineDocumentEnrichmentConfiguration, @@ -195,6 +197,7 @@ import { NoAuthConfiguration, NumberAttributeBoostingConfiguration, OAuth2ClientCredentialConfiguration, + OpenIDConnectProviderConfiguration, PersonalizationConfiguration, Plugin, PluginAuthConfiguration, @@ -209,6 +212,7 @@ import { RuleConfiguration, S3, SamlConfiguration, + SamlProviderConfiguration, ServiceQuotaExceededException, SourceAttribution, StringAttributeBoostingConfiguration, @@ -359,11 +363,14 @@ export const se_CreateApplicationCommand = async ( body = JSON.stringify( take(input, { attachmentsConfiguration: (_) => _json(_), + clientIdsForOIDC: (_) => _json(_), clientToken: [true, (_) => _ ?? generateIdempotencyToken()], description: [], displayName: [], encryptionConfiguration: (_) => _json(_), + iamIdentityProviderArn: [], identityCenterInstanceArn: [], + identityType: [], personalizationConfiguration: (_) => _json(_), qAppsConfiguration: (_) => _json(_), roleArn: [], @@ -533,6 +540,7 @@ export const se_CreateWebExperienceCommand = async ( body = JSON.stringify( take(input, { clientToken: [true, (_) => _ ?? generateIdempotencyToken()], + identityProviderConfiguration: (_) => _json(_), roleArn: [], samplePromptsControlMode: [], subtitle: [], @@ -1287,6 +1295,7 @@ export const se_UpdateApplicationCommand = async ( body = JSON.stringify( take(input, { attachmentsConfiguration: (_) => _json(_), + autoSubscriptionConfiguration: (_) => _json(_), description: [], displayName: [], identityCenterInstanceArn: [], @@ -1482,6 +1491,7 @@ export const se_UpdateWebExperienceCommand = async ( body = JSON.stringify( take(input, { authenticationConfiguration: (_) => _json(_), + identityProviderConfiguration: (_) => _json(_), roleArn: [], samplePromptsControlMode: [], subtitle: [], @@ -1919,12 +1929,16 @@ export const de_GetApplicationCommand = async ( applicationArn: __expectString, applicationId: __expectString, attachmentsConfiguration: _json, + autoSubscriptionConfiguration: _json, + clientIdsForOIDC: _json, createdAt: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), description: __expectString, displayName: __expectString, encryptionConfiguration: _json, error: _json, + iamIdentityProviderArn: __expectString, identityCenterApplicationArn: __expectString, + identityType: __expectString, personalizationConfiguration: _json, qAppsConfiguration: _json, roleArn: __expectString, @@ -2154,6 +2168,7 @@ export const de_GetWebExperienceCommand = async ( createdAt: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), defaultEndpoint: __expectString, error: _json, + identityProviderConfiguration: (_) => _json(__expectUnion(_)), roleArn: __expectString, samplePromptsControlMode: __expectString, status: __expectString, @@ -3166,6 +3181,8 @@ const se_AttributeFilters = (input: AttributeFilter[], context: __SerdeContext): // se_AuthorizationResponseMap omitted. +// se_AutoSubscriptionConfiguration omitted. + // se_BasicAuthConfiguration omitted. // se_BlockedPhrases omitted. @@ -3174,6 +3191,8 @@ const se_AttributeFilters = (input: AttributeFilter[], context: __SerdeContext): // se_ChatModeConfiguration omitted. +// se_ClientIdsForOIDC omitted. + /** * serializeAws_restJson1ConfigurationEvent */ @@ -3346,6 +3365,8 @@ const se_HookConfiguration = (input: HookConfiguration, context: __SerdeContext) }); }; +// se_IdentityProviderConfiguration omitted. + // se_IndexCapacityConfiguration omitted. /** @@ -3406,6 +3427,8 @@ const se_MessageUsefulnessFeedback = (input: MessageUsefulnessFeedback, context: // se_OAuth2ClientCredentialConfiguration omitted. +// se_OpenIDConnectProviderConfiguration omitted. + // se_PersonalizationConfiguration omitted. // se_PluginAuthConfiguration omitted. @@ -3434,6 +3457,8 @@ const se_MessageUsefulnessFeedback = (input: MessageUsefulnessFeedback, context: // se_SamlConfiguration omitted. +// se_SamlProviderConfiguration omitted. + // se_SecurityGroupIds omitted. // se_StringAttributeBoostingConfiguration omitted. @@ -3606,6 +3631,7 @@ const de_Application = (output: any, context: __SerdeContext): Application => { applicationId: __expectString, createdAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), displayName: __expectString, + identityType: __expectString, status: __expectString, updatedAt: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), }) as any; @@ -3635,12 +3661,16 @@ const de_Applications = (output: any, context: __SerdeContext): Application[] => // de_AuthChallengeRequestEvent omitted. +// de_AutoSubscriptionConfiguration omitted. + // de_BasicAuthConfiguration omitted. // de_BlockedPhrases omitted. // de_BlockedPhrasesConfiguration omitted. +// de_ClientIdsForOIDC omitted. + // de_ContentBlockerRule omitted. // de_ContentRetrievalRule omitted. @@ -3882,6 +3912,8 @@ const de_HookConfiguration = (output: any, context: __SerdeContext): HookConfigu }) as any; }; +// de_IdentityProviderConfiguration omitted. + /** * deserializeAws_restJson1Index */ @@ -3991,6 +4023,8 @@ const de_MetadataEvent = (output: any, context: __SerdeContext): MetadataEvent = // de_OAuth2ClientCredentialConfiguration omitted. +// de_OpenIDConnectProviderConfiguration omitted. + // de_PersonalizationConfiguration omitted. /** @@ -4041,6 +4075,8 @@ const de_Plugins = (output: any, context: __SerdeContext): Plugin[] => { // de_SamlConfiguration omitted. +// de_SamlProviderConfiguration omitted. + // de_SecurityGroupIds omitted. // de_SnippetExcerpt omitted. diff --git a/codegen/sdk-codegen/aws-models/qbusiness.json b/codegen/sdk-codegen/aws-models/qbusiness.json index 2cf86ac3c1684..27353f982af8f 100644 --- a/codegen/sdk-codegen/aws-models/qbusiness.json +++ b/codegen/sdk-codegen/aws-models/qbusiness.json @@ -441,6 +441,12 @@ "traits": { "smithy.api#documentation": "

The status of the Amazon Q Business application. The application is ready to use when the\n status is ACTIVE.

" } + }, + "identityType": { + "target": "com.amazonaws.qbusiness#IdentityType", + "traits": { + "smithy.api#documentation": "

The authentication type being used by a Amazon Q Business application.

" + } } }, "traits": { @@ -925,6 +931,44 @@ "target": "com.amazonaws.qbusiness#AuthResponseValue" } }, + "com.amazonaws.qbusiness#AutoSubscriptionConfiguration": { + "type": "structure", + "members": { + "autoSubscribe": { + "target": "com.amazonaws.qbusiness#AutoSubscriptionStatus", + "traits": { + "smithy.api#documentation": "

Describes whether automatic subscriptions are enabled for an Amazon Q Business\n application using IAM identity federation for user management.

", + "smithy.api#required": {} + } + }, + "defaultSubscriptionType": { + "target": "com.amazonaws.qbusiness#SubscriptionType", + "traits": { + "smithy.api#documentation": "

Describes the default subscription type assigned to an Amazon Q Business\n application using IAM identity federation for user management. If the\n value for autoSubscribe is set to ENABLED you must select a\n value for this field.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

Subscription configuration information for an Amazon Q Business application\n using IAM identity federation for user management.

" + } + }, + "com.amazonaws.qbusiness#AutoSubscriptionStatus": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, "com.amazonaws.qbusiness#BasicAuthConfiguration": { "type": "structure", "members": { @@ -1628,6 +1672,21 @@ "smithy.api#output": {} } }, + "com.amazonaws.qbusiness#ClientIdForOIDC": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 255 + } + } + }, + "com.amazonaws.qbusiness#ClientIdsForOIDC": { + "type": "list", + "member": { + "target": "com.amazonaws.qbusiness#ClientIdForOIDC" + } + }, "com.amazonaws.qbusiness#ClientToken": { "type": "string", "traits": { @@ -1902,12 +1961,30 @@ "smithy.api#documentation": "

The Amazon Resource Name (ARN) of an IAM role with permissions to access your Amazon\n CloudWatch logs and metrics.

" } }, + "identityType": { + "target": "com.amazonaws.qbusiness#IdentityType", + "traits": { + "smithy.api#documentation": "

The authentication type being used by a Amazon Q Business application.

" + } + }, + "iamIdentityProviderArn": { + "target": "com.amazonaws.qbusiness#IamIdentityProviderArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.

" + } + }, "identityCenterInstanceArn": { "target": "com.amazonaws.qbusiness#InstanceArn", "traits": { "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the IAM Identity Center instance you are either\n creating for—or connecting to—your Amazon Q Business application.

" } }, + "clientIdsForOIDC": { + "target": "com.amazonaws.qbusiness#ClientIdsForOIDC", + "traits": { + "smithy.api#documentation": "

The OIDC client ID for a Amazon Q Business application.

" + } + }, "description": { "target": "com.amazonaws.qbusiness#Description", "traits": { @@ -2054,7 +2131,7 @@ "configuration": { "target": "com.amazonaws.qbusiness#DataSourceConfiguration", "traits": { - "smithy.api#documentation": "

Configuration information to connect to your data source repository. For configuration\n templates for your specific data source, see Supported\n connectors.

", + "smithy.api#documentation": "

Configuration information to connect your data source repository to Amazon Q Business. Use this parameter to provide a JSON schema with configuration\n information specific to your data source connector.

\n

Each data source has a JSON schema provided by Amazon Q Business that you must\n use. For example, the Amazon S3 and Web Crawler connectors require the following\n JSON schemas:

\n \n

You can find configuration templates for your specific data source using the following\n steps:

\n
    \n
  1. \n

    Navigate to the Supported\n connectors page in the Amazon Q Business User Guide, and\n select the data source of your choice.

    \n
    2. \n
  2. \n

    Then, from your specific data source connector page, select Using the API. You will find the JSON schema for your\n data source, including parameter descriptions, in this section.

    \n
    3. \n
", "smithy.api#required": {} } }, @@ -2667,7 +2744,7 @@ "roleArn": { "target": "com.amazonaws.qbusiness#RoleArn", "traits": { - "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the service role attached to your web\n experience.

" + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the service role attached to your web\n experience.

\n \n

You must provide this value if you're using IAM Identity Center to manage end user\n access to your application. If you're using legacy identity management to manage\n user access, you don't need to provide this value.

\n " } }, "tags": { @@ -2683,6 +2760,12 @@ "smithy.api#documentation": "

A token you provide to identify a request to create an Amazon Q Business web experience.\n

", "smithy.api#idempotencyToken": {} } + }, + "identityProviderConfiguration": { + "target": "com.amazonaws.qbusiness#IdentityProviderConfiguration", + "traits": { + "smithy.api#documentation": "

Information about the identity provider (IdP) used to authenticate end users of an\n Amazon Q Business web experience.

" + } } }, "traits": { @@ -5175,6 +5258,18 @@ "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the Amazon Q Business application.

" } }, + "identityType": { + "target": "com.amazonaws.qbusiness#IdentityType", + "traits": { + "smithy.api#documentation": "

The authentication type being used by a Amazon Q Business application.

" + } + }, + "iamIdentityProviderArn": { + "target": "com.amazonaws.qbusiness#IamIdentityProviderArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.

" + } + }, "identityCenterApplicationArn": { "target": "com.amazonaws.qbusiness#IdcApplicationArn", "traits": { @@ -5243,6 +5338,18 @@ "traits": { "smithy.api#documentation": "

Configuration information about chat response personalization. For more information,\n see Personalizing chat responses.

" } + }, + "autoSubscriptionConfiguration": { + "target": "com.amazonaws.qbusiness#AutoSubscriptionConfiguration", + "traits": { + "smithy.api#documentation": "

Settings for auto-subscription behavior for this application. This is only applicable\n to SAML and OIDC applications.

" + } + }, + "clientIdsForOIDC": { + "target": "com.amazonaws.qbusiness#ClientIdsForOIDC", + "traits": { + "smithy.api#documentation": "

The OIDC client ID for a Amazon Q Business application.

" + } } }, "traits": { @@ -6238,6 +6345,12 @@ "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the service role attached to your web\n experience.

" } }, + "identityProviderConfiguration": { + "target": "com.amazonaws.qbusiness#IdentityProviderConfiguration", + "traits": { + "smithy.api#documentation": "

Information about the identity provider (IdP) used to authenticate end users of an\n Amazon Q Business web experience.

" + } + }, "authenticationConfiguration": { "target": "com.amazonaws.qbusiness#WebExperienceAuthConfiguration", "traits": { @@ -6408,6 +6521,16 @@ "smithy.api#documentation": "

Provides the configuration information for invoking a Lambda function in\n Lambda to alter document metadata and content when ingesting\n documents into Amazon Q Business.

\n

You can configure your Lambda function using the\n PreExtractionHookConfiguration parameter if you want to apply advanced\n alterations on the original or raw documents.

\n

If you want to apply advanced alterations on the Amazon Q Business structured documents,\n you must configure your Lambda function using\n PostExtractionHookConfiguration.

\n

You can only invoke one Lambda function. However, this function can invoke\n other functions it requires.

\n

For more information, see Custom document enrichment.

" } }, + "com.amazonaws.qbusiness#IamIdentityProviderArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 20, + "max": 2048 + }, + "smithy.api#pattern": "^arn:aws:iam::\\d{12}:(oidc-provider|saml-provider)/[a-zA-Z0-9_\\.\\/@\\-]+$" + } + }, "com.amazonaws.qbusiness#IdcApplicationArn": { "type": "string", "traits": { @@ -6418,6 +6541,43 @@ "smithy.api#pattern": "^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$" } }, + "com.amazonaws.qbusiness#IdentityProviderConfiguration": { + "type": "union", + "members": { + "samlConfiguration": { + "target": "com.amazonaws.qbusiness#SamlProviderConfiguration" + }, + "openIDConnectConfiguration": { + "target": "com.amazonaws.qbusiness#OpenIDConnectProviderConfiguration" + } + }, + "traits": { + "smithy.api#documentation": "

Provides information about the identity provider (IdP) used to authenticate end users\n of an Amazon Q Business web experience.

" + } + }, + "com.amazonaws.qbusiness#IdentityType": { + "type": "enum", + "members": { + "AWS_IAM_IDP_SAML": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWS_IAM_IDP_SAML" + } + }, + "AWS_IAM_IDP_OIDC": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWS_IAM_IDP_OIDC" + } + }, + "AWS_IAM_IDC": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWS_IAM_IDC" + } + } + } + }, "com.amazonaws.qbusiness#Index": { "type": "structure", "members": { @@ -8494,6 +8654,28 @@ "smithy.api#documentation": "

Information about the OAuth 2.0 authentication credential/token used to configure a\n plugin.

" } }, + "com.amazonaws.qbusiness#OpenIDConnectProviderConfiguration": { + "type": "structure", + "members": { + "secretsArn": { + "target": "com.amazonaws.qbusiness#SecretArn", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of a Secrets Manager secret containing the OIDC\n client secret.

", + "smithy.api#required": {} + } + }, + "secretsRole": { + "target": "com.amazonaws.qbusiness#RoleArn", + "traits": { + "smithy.api#documentation": "

An IAM role with permissions to access KMS to decrypt\n the Secrets Manager secret containing your OIDC client secret.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Information about the OIDC-compliant identity provider (IdP) used to authenticate end\n users of an Amazon Q Business web experience.

" + } + }, "com.amazonaws.qbusiness#Payload": { "type": "string", "traits": { @@ -9030,7 +9212,7 @@ "groupName": { "target": "com.amazonaws.qbusiness#GroupName", "traits": { - "smithy.api#documentation": "

The list that contains your users or sub groups that belong the same group. For\n example, the group \"Company\" includes the user \"CEO\" and the sub groups \"Research\",\n \"Engineering\", and \"Sales and Marketing\".

\n

If you have more than 1000 users and/or sub groups for a single group, you need to\n provide the path to the S3 file that lists your users and sub groups for a group. Your\n sub groups can contain more than 1000 users, but the list of sub groups that belong to a\n group (and/or users) must be no more than 1000.

", + "smithy.api#documentation": "

The list that contains your users or sub groups that belong the same group. For\n example, the group \"Company\" includes the user \"CEO\" and the sub groups \"Research\",\n \"Engineering\", and \"Sales and Marketing\".

", "smithy.api#required": {} } }, @@ -9465,6 +9647,16 @@ } } }, + "com.amazonaws.qbusiness#SamlAuthenticationUrl": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 1284 + }, + "smithy.api#pattern": "^https://.*$" + } + }, "com.amazonaws.qbusiness#SamlConfiguration": { "type": "structure", "members": { @@ -9510,6 +9702,21 @@ "smithy.api#pattern": "^.*$" } }, + "com.amazonaws.qbusiness#SamlProviderConfiguration": { + "type": "structure", + "members": { + "authenticationUrl": { + "target": "com.amazonaws.qbusiness#SamlAuthenticationUrl", + "traits": { + "smithy.api#documentation": "

The URL where Amazon Q Business end users will be redirected for authentication.\n

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate\n end users of an Amazon Q Business web experience.

" + } + }, "com.amazonaws.qbusiness#SecretArn": { "type": "string", "traits": { @@ -9922,6 +10129,23 @@ "target": "com.amazonaws.qbusiness#SubnetId" } }, + "com.amazonaws.qbusiness#SubscriptionType": { + "type": "enum", + "members": { + "Q_LITE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Q_LITE" + } + }, + "Q_BUSINESS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Q_BUSINESS" + } + } + } + }, "com.amazonaws.qbusiness#SyncSchedule": { "type": "string", "traits": { @@ -10434,6 +10658,12 @@ "traits": { "smithy.api#documentation": "

Configuration information about chat response personalization. For more information,\n see Personalizing chat responses.

" } + }, + "autoSubscriptionConfiguration": { + "target": "com.amazonaws.qbusiness#AutoSubscriptionConfiguration", + "traits": { + "smithy.api#documentation": "

An option to enable updating the default subscription type assigned to an Amazon Q Business application using IAM identity federation for user\n management.

" + } } }, "traits": { @@ -11166,6 +11396,12 @@ "traits": { "smithy.api#documentation": "

Determines whether sample prompts are enabled in the web experience for an end\n user.

" } + }, + "identityProviderConfiguration": { + "target": "com.amazonaws.qbusiness#IdentityProviderConfiguration", + "traits": { + "smithy.api#documentation": "

Information about the identity provider (IdP) used to authenticate end users of an\n Amazon Q Business web experience.

" + } } }, "traits": {