Update generated code (#1727)

update generated code
async-aws · Jun 13, 2024 · b12b5dd · b12b5dd
1 parent a550d51
commit b12b5dd
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## NOT RELEASED
 
+### Added
+
+- AWS api-change: Introducing RotationToken parameter for PutSecretValue API
+
 ### Changed
 
 - Add `Accept: application/json` header in request to fix incompatibility with 3rd party providers

diff --git a/composer.json b/composer.json
@@ -29,7 +29,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "2.2-dev"
+            "dev-master": "2.3-dev"
         }
     }
 }
diff --git a/src/Input/CreateSecretRequest.php b/src/Input/CreateSecretRequest.php
@@ -91,6 +91,9 @@ final class CreateSecretRequest extends Input
      *
      * This parameter is not available in the Secrets Manager console.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretBinary;
@@ -105,6 +108,9 @@ final class CreateSecretRequest extends Input
      * only the `SecretString` parameter. The Secrets Manager console stores the information as a JSON structure of
      * key/value pairs that a Lambda rotation function can parse.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretString;

diff --git a/src/Input/GetSecretValueRequest.php b/src/Input/GetSecretValueRequest.php
@@ -10,7 +10,7 @@
 final class GetSecretValueRequest extends Input
 {
     /**
-     * The ARN or name of the secret to retrieve.
+     * The ARN or name of the secret to retrieve. To retrieve a secret from another account, you must use an ARN.
      *
      * For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a
      * partial ARN [^1].

diff --git a/src/Input/PutSecretValueRequest.php b/src/Input/PutSecretValueRequest.php
@@ -63,6 +63,9 @@ final class PutSecretValueRequest extends Input
      *
      * You can't access this value from the Secrets Manager console.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretBinary;
@@ -74,6 +77,9 @@ final class PutSecretValueRequest extends Input
      *
      * We recommend you create the secret string as JSON key/value pairs, as shown in the example.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretString;
@@ -94,13 +100,29 @@ final class PutSecretValueRequest extends Input
      */
     private $versionStages;
 
+    /**
+     * A unique identifier that indicates the source of the request. For cross-account rotation (when you rotate a secret in
+     * one account by using a Lambda rotation function in another account) and the Lambda rotation function assumes an IAM
+     * role to call Secrets Manager, Secrets Manager validates the identity with the rotation token. For more information,
+     * see How rotation works [^1].
+     *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
+     * [^1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
+     *
+     * @var string|null
+     */
+    private $rotationToken;
+
     /**
      * @param array{
      *   SecretId?: string,
      *   ClientRequestToken?: null|string,
      *   SecretBinary?: null|string,
      *   SecretString?: null|string,
      *   VersionStages?: null|string[],
+     *   RotationToken?: null|string,
      *   '@region'?: string|null,
      * } $input
      */
@@ -111,6 +133,7 @@ public function __construct(array $input = [])
         $this->secretBinary = $input['SecretBinary'] ?? null;
         $this->secretString = $input['SecretString'] ?? null;
         $this->versionStages = $input['VersionStages'] ?? null;
+        $this->rotationToken = $input['RotationToken'] ?? null;
         parent::__construct($input);
     }
 
@@ -121,6 +144,7 @@ public function __construct(array $input = [])
      *   SecretBinary?: null|string,
      *   SecretString?: null|string,
      *   VersionStages?: null|string[],
+     *   RotationToken?: null|string,
      *   '@region'?: string|null,
      * }|PutSecretValueRequest $input
      */
@@ -134,6 +158,11 @@ public function getClientRequestToken(): ?string
         return $this->clientRequestToken;
     }
 
+    public function getRotationToken(): ?string
+    {
+        return $this->rotationToken;
+    }
+
     public function getSecretBinary(): ?string
     {
         return $this->secretBinary;
@@ -190,6 +219,13 @@ public function setClientRequestToken(?string $value): self
         return $this;
     }
 
+    public function setRotationToken(?string $value): self
+    {
+        $this->rotationToken = $value;
+
+        return $this;
+    }
+
     public function setSecretBinary(?string $value): self
     {
         $this->secretBinary = $value;
@@ -246,6 +282,9 @@ private function requestBody(): array
                 $payload['VersionStages'][$index] = $listValue;
             }
         }
+        if (null !== $v = $this->rotationToken) {
+            $payload['RotationToken'] = $v;
+        }
 
         return $payload;
     }

diff --git a/src/Input/UpdateSecretRequest.php b/src/Input/UpdateSecretRequest.php
@@ -85,6 +85,9 @@ final class UpdateSecretRequest extends Input
      *
      * You can't access this parameter in the Secrets Manager console.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretBinary;
@@ -95,6 +98,9 @@ final class UpdateSecretRequest extends Input
      *
      * Either `SecretBinary` or `SecretString` must have a value, but not both.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretString;

diff --git a/src/Result/GetSecretValueResponse.php b/src/Result/GetSecretValueResponse.php
@@ -36,6 +36,9 @@ class GetSecretValueResponse extends Result
      * If the secret was created by using the Secrets Manager console, or if the secret value was originally provided as a
      * string, then this field is omitted. The secret value appears in `SecretString` instead.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretBinary;
@@ -47,6 +50,9 @@ class GetSecretValueResponse extends Result
      * If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of
      * key/value pairs.
      *
+     * Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries.
+     * If you create your own log entries, you must also avoid logging the information in this field.
+     *
      * @var string|null
      */
     private $secretString;

diff --git a/src/SecretsManagerClient.php b/src/SecretsManagerClient.php
@@ -331,8 +331,8 @@ public function listSecrets($input = []): ListSecretsResponse
      * new ones.
      *
      * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in
-     * request parameters except `SecretBinary` or `SecretString` because it might be logged. For more information, see
-     * Logging Secrets Manager events with CloudTrail [^1].
+     * request parameters except `SecretBinary`, `SecretString`, or `RotationToken` because it might be logged. For more
+     * information, see Logging Secrets Manager events with CloudTrail [^1].
      *
      * **Required permissions: **`secretsmanager:PutSecretValue`. For more information, see IAM policy actions for Secrets
      * Manager [^2] and Authentication and access control in Secrets Manager [^3].
@@ -350,6 +350,7 @@ public function listSecrets($input = []): ListSecretsResponse
      *   SecretBinary?: null|string,
      *   SecretString?: null|string,
      *   VersionStages?: null|string[],
+     *   RotationToken?: null|string,
      *   '@region'?: string|null,
      * }|PutSecretValueRequest $input
      *