AWS Directory Service Update: Adding client authentication feature for AWS AD Connector

Author: AWS

.changes/next-release/feature-AWSDirectoryService-4c4ec43.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS Directory Service",
+    "contributor": "",
+    "description": "Adding client authentication feature for AWS AD Connector"
+}

services/directory/src/main/resources/codegen-resources/service-2.json

@@ -556,6 +556,24 @@
       ],
       "documentation":"<p>Obtains information about the trust relationships for this account.</p> <p>If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account.</p>"
     },
+    "DisableClientAuthentication":{
+      "name":"DisableClientAuthentication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisableClientAuthenticationRequest"},
+      "output":{"shape":"DisableClientAuthenticationResult"},
+      "errors":[
+        {"shape":"DirectoryDoesNotExistException"},
+        {"shape":"UnsupportedOperationException"},
+        {"shape":"InvalidClientAuthStatusException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ClientException"},
+        {"shape":"ServiceException"}
+      ],
+      "documentation":"<p>Disable client authentication for smart cards.</p>"
+    },
     "DisableLDAPS":{
       "name":"DisableLDAPS",
       "http":{
@@ -607,6 +625,25 @@
       ],
       "documentation":"<p>Disables single-sign on for a directory.</p>"
     },
+    "EnableClientAuthentication":{
+      "name":"EnableClientAuthentication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"EnableClientAuthenticationRequest"},
+      "output":{"shape":"EnableClientAuthenticationResult"},
+      "errors":[
+        {"shape":"DirectoryDoesNotExistException"},
+        {"shape":"UnsupportedOperationException"},
+        {"shape":"InvalidClientAuthStatusException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"NoAvailableCertificateException"},
+        {"shape":"ClientException"},
+        {"shape":"ServiceException"}
+      ],
+      "documentation":"<p>Enable client authentication for smardtcards.</p>"
+    },
     "EnableLDAPS":{
       "name":"EnableLDAPS",
       "http":{
@@ -1267,6 +1304,14 @@
         "ExpiryDateTime":{
           "shape":"CertificateExpiryDateTime",
           "documentation":"<p>The date and time when the certificate will expire.</p>"
+        },
+        "Type":{
+          "shape":"CertificateType",
+          "documentation":"<p>Select <code>ClientCertAuth</code> for smart card integration.</p>"
+        },
+        "ClientCertAuthSettings":{
+          "shape":"ClientCertAuthSettings",
+          "documentation":"<p>Provides information about the client certificate authentication settings. The default value is <code>ClientLDAPS</code>.</p>"
         }
       },
       "documentation":"<p>Information about the certificate.</p>"
@@ -1327,6 +1372,10 @@
         "ExpiryDateTime":{
           "shape":"CertificateExpiryDateTime",
           "documentation":"<p>The date and time when the certificate will expire.</p>"
+        },
+        "Type":{
+          "shape":"CertificateType",
+          "documentation":"<p>Displays the type of certificate.</p>"
         }
       },
       "documentation":"<p>Contains general information about a certificate.</p>"
@@ -1353,6 +1402,13 @@
       ]
     },
     "CertificateStateReason":{"type":"string"},
+    "CertificateType":{
+      "type":"string",
+      "enum":[
+        "ClientCertAuth",
+        "ClientLDAPS"
+      ]
+    },
     "CertificatesInfo":{
       "type":"list",
       "member":{"shape":"CertificateInfo"}
@@ -1365,6 +1421,20 @@
       "type":"list",
       "member":{"shape":"CidrIp"}
     },
+    "ClientAuthenticationType":{
+      "type":"string",
+      "enum":["SmartCard"]
+    },
+    "ClientCertAuthSettings":{
+      "type":"structure",
+      "members":{
+        "OCSPUrl":{
+          "shape":"OCSPUrl",
+          "documentation":"<p>Specifies the URL of the default OCSP server used to check for revocation status.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the client certificate authentication settings, such as <code>ClientLDAPS</code> or <code>ClientCertAuth</code>.</p>"
+    },
     "ClientException":{
       "type":"structure",
       "members":{
@@ -2137,7 +2207,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>The <i>DescribeRegionsResult.NextToken</i> value from a previous call to <a>DescribeRegions</a>. Pass null if this is the first call.</p>"
+          "documentation":"<p>The <code>DescribeRegionsResult.NextToken</code> value from a previous call to <a>DescribeRegions</a>. Pass null if this is the first call.</p>"
         }
       }
     },
@@ -2146,11 +2216,11 @@
       "members":{
         "RegionsDescription":{
           "shape":"RegionsDescription",
-          "documentation":"<p>List of regional information related to the directory per replicated Region.</p>"
+          "documentation":"<p>List of Region information related to the directory for each replicated Region.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If not null, more results are available. Pass this value for the <i>NextToken</i> parameter in a subsequent call to <a>DescribeRegions</a> to retrieve the next set of items.</p>"
+          "documentation":"<p>If not null, more results are available. Pass this value for the <code>NextToken</code> parameter in a subsequent call to <a>DescribeRegions</a> to retrieve the next set of items.</p>"
         }
       }
     },
@@ -2632,6 +2702,28 @@
       },
       "documentation":"<p>Contains information about the directory.</p>"
     },
+    "DisableClientAuthenticationRequest":{
+      "type":"structure",
+      "required":[
+        "DirectoryId",
+        "Type"
+      ],
+      "members":{
+        "DirectoryId":{
+          "shape":"DirectoryId",
+          "documentation":"<p>Disable client authentication in a specified directory for smart cards. </p>"
+        },
+        "Type":{
+          "shape":"ClientAuthenticationType",
+          "documentation":"<p>Disable the type of client authentication request. </p>"
+        }
+      }
+    },
+    "DisableClientAuthenticationResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DisableLDAPSRequest":{
       "type":"structure",
       "required":[
@@ -2780,6 +2872,28 @@
       "type":"list",
       "member":{"shape":"DomainController"}
     },
+    "EnableClientAuthenticationRequest":{
+      "type":"structure",
+      "required":[
+        "DirectoryId",
+        "Type"
+      ],
+      "members":{
+        "DirectoryId":{
+          "shape":"DirectoryId",
+          "documentation":"<p>Enable client authentication in a specified directory for smart cards. </p>"
+        },
+        "Type":{
+          "shape":"ClientAuthenticationType",
+          "documentation":"<p>Enable the type of client authentication request. </p>"
+        }
+      }
+    },
+    "EnableClientAuthenticationResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "EnableLDAPSRequest":{
       "type":"structure",
       "required":[
@@ -2959,6 +3073,15 @@
       "documentation":"<p>The certificate PEM that was provided has incorrect encoding.</p>",
       "exception":true
     },
+    "InvalidClientAuthStatusException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ExceptionMessage"},
+        "RequestId":{"shape":"RequestId"}
+      },
+      "documentation":"<p>The client authorization was invalid.</p>",
+      "exception":true
+    },
     "InvalidLDAPSStatusException":{
       "type":"structure",
       "members":{
@@ -3330,6 +3453,12 @@
       "max":1024,
       "sensitive":true
     },
+    "OCSPUrl":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":"^(https?|ftp|file|ldaps?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;()]*[-a-zA-Z0-9+&@#/%=~_|()]"
+    },
     "OrganizationalUnitDN":{
       "type":"string",
       "max":2000,
@@ -3478,7 +3607,7 @@
         },
         "RegionType":{
           "shape":"RegionType",
-          "documentation":"<p>Specifies if the Region is the primary Region or an additional Region.</p>"
+          "documentation":"<p>Specifies whether the Region is the primary Region or an additional Region.</p>"
         },
         "Status":{
           "shape":"DirectoryStage",
@@ -3502,15 +3631,15 @@
           "documentation":"<p>The date and time that the Region description was last updated.</p>"
         }
       },
-      "documentation":"<p>The replicated regional information for a directory.</p>"
+      "documentation":"<p>The replicated Region information for a directory.</p>"
     },
     "RegionLimitExceededException":{
       "type":"structure",
       "members":{
         "Message":{"shape":"ExceptionMessage"},
         "RequestId":{"shape":"RequestId"}
       },
-      "documentation":"<p>You have reached the limit for maximum number of simultaneous region replications per directory.</p>",
+      "documentation":"<p>You have reached the limit for maximum number of simultaneous Region replications per directory.</p>",
       "exception":true
     },
     "RegionName":{
@@ -3534,7 +3663,7 @@
       "members":{
         "PrimaryRegion":{
           "shape":"RegionName",
-          "documentation":"<p>The Region from where the AWS Managed Microsoft AD directory was originally created.</p>"
+          "documentation":"<p>The Region where the AWS Managed Microsoft AD directory was originally created.</p>"
         },
         "AdditionalRegions":{
           "shape":"AdditionalRegions",
@@ -3557,7 +3686,12 @@
         "CertificateData":{
           "shape":"CertificateData",
           "documentation":"<p>The certificate PEM string that needs to be registered.</p>"
-        }
+        },
+        "Type":{
+          "shape":"CertificateType",
+          "documentation":"<p>The certificate type to register for the request.</p>"
+        },
+        "ClientCertAuthSettings":{"shape":"ClientCertAuthSettings"}
       }
     },
     "RegisterCertificateResult":{