software.amazon.awssdk.services.secretsmanager.model.UpdateSecretRequest Maven / Gradle / Ivy
Show all versions of secretsmanager Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.secretsmanager.model;
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.DefaultValueTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class UpdateSecretRequest extends SecretsManagerRequest implements
ToCopyableBuilder {
private static final SdkField SECRET_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("SecretId").getter(getter(UpdateSecretRequest::secretId)).setter(setter(Builder::secretId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SecretId").build()).build();
private static final SdkField CLIENT_REQUEST_TOKEN_FIELD = SdkField
. builder(MarshallingType.STRING)
.memberName("ClientRequestToken")
.getter(getter(UpdateSecretRequest::clientRequestToken))
.setter(setter(Builder::clientRequestToken))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ClientRequestToken").build(),
DefaultValueTrait.idempotencyToken()).build();
private static final SdkField DESCRIPTION_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("Description").getter(getter(UpdateSecretRequest::description)).setter(setter(Builder::description))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Description").build()).build();
private static final SdkField KMS_KEY_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("KmsKeyId").getter(getter(UpdateSecretRequest::kmsKeyId)).setter(setter(Builder::kmsKeyId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("KmsKeyId").build()).build();
private static final SdkField SECRET_BINARY_FIELD = SdkField. builder(MarshallingType.SDK_BYTES)
.memberName("SecretBinary").getter(getter(UpdateSecretRequest::secretBinary)).setter(setter(Builder::secretBinary))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SecretBinary").build()).build();
private static final SdkField SECRET_STRING_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("SecretString").getter(getter(UpdateSecretRequest::secretString)).setter(setter(Builder::secretString))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SecretString").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(SECRET_ID_FIELD,
CLIENT_REQUEST_TOKEN_FIELD, DESCRIPTION_FIELD, KMS_KEY_ID_FIELD, SECRET_BINARY_FIELD, SECRET_STRING_FIELD));
private static final Map> SDK_NAME_TO_FIELD = Collections
.unmodifiableMap(new HashMap>() {
{
put("SecretId", SECRET_ID_FIELD);
put("ClientRequestToken", CLIENT_REQUEST_TOKEN_FIELD);
put("Description", DESCRIPTION_FIELD);
put("KmsKeyId", KMS_KEY_ID_FIELD);
put("SecretBinary", SECRET_BINARY_FIELD);
put("SecretString", SECRET_STRING_FIELD);
}
});
private final String secretId;
private final String clientRequestToken;
private final String description;
private final String kmsKeyId;
private final SdkBytes secretBinary;
private final String secretString;
private UpdateSecretRequest(BuilderImpl builder) {
super(builder);
this.secretId = builder.secretId;
this.clientRequestToken = builder.clientRequestToken;
this.description = builder.description;
this.kmsKeyId = builder.kmsKeyId;
this.secretBinary = builder.secretBinary;
this.secretString = builder.secretString;
}
/**
*
* The ARN or name of the secret.
*
*
* For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding
* a secret from a partial ARN.
*
*
* @return The ARN or name of the secret.
*
* For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
*/
public final String secretId() {
return secretId;
}
/**
*
* If you include SecretString or SecretBinary, then Secrets Manager creates a new version
* for the secret, and this parameter specifies the unique identifier for the new version.
*
*
*
* If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you
* can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for
* this parameter in the request.
*
*
*
* If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
* ClientRequestToken and include it in the request.
*
*
* This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of
* duplicate versions if there are failures and retries during a rotation. We recommend that you generate a UUID-type value to ensure uniqueness of your
* versions within the specified secret.
*
*
* @return If you include SecretString or SecretBinary, then Secrets Manager creates a new
* version for the secret, and this parameter specifies the unique identifier for the new version.
*
*
* If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation,
* then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it
* as the value for this parameter in the request.
*
*
*
* If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
* ClientRequestToken and include it in the request.
*
*
* This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation
* of duplicate versions if there are failures and retries during a rotation. We recommend that you generate
* a UUID-type value to ensure
* uniqueness of your versions within the specified secret.
*/
public final String clientRequestToken() {
return clientRequestToken;
}
/**
*
* The description of the secret.
*
*
* @return The description of the secret.
*/
public final String description() {
return description;
}
/**
*
* The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt new secret versions as well as any
* existing versions with the staging labels AWSCURRENT, AWSPENDING, or
* AWSPREVIOUS. If you don't have kms:Encrypt permission to the new key, Secrets Manager
* does not re-encrypt existing secret versions with the new key. For more information about versions and staging
* labels, see Concepts:
* Version.
*
*
* A key alias is always prefixed by alias/, for example alias/aws/secretsmanager. For
* more information, see About
* aliases.
*
*
* If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key
* aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager creates
* it for you automatically. All users and roles in the Amazon Web Services account automatically have access to use
* aws/secretsmanager. Creating aws/secretsmanager can result in a one-time significant
* delay in returning the result.
*
*
*
* You can only use the Amazon Web Services managed key aws/secretsmanager if you call this operation
* using credentials from the same Amazon Web Services account that owns the secret. If the secret is in a different
* account, then you must use a customer managed key and provide the ARN of that KMS key in this field. The user
* making the call must have permissions to both the secret and the KMS key in their respective accounts.
*
*
*
* @return The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt new secret versions as well
* as any existing versions with the staging labels AWSCURRENT, AWSPENDING, or
* AWSPREVIOUS. If you don't have kms:Encrypt permission to the new key, Secrets
* Manager does not re-encrypt existing secret versions with the new key. For more information about
* versions and staging labels, see Concepts: Version.
*
* A key alias is always prefixed by alias/, for example alias/aws/secretsmanager.
* For more information, see About aliases.
*
*
* If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key
* aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager
* creates it for you automatically. All users and roles in the Amazon Web Services account automatically
* have access to use aws/secretsmanager. Creating aws/secretsmanager can result
* in a one-time significant delay in returning the result.
*
*
*
* You can only use the Amazon Web Services managed key aws/secretsmanager if you call this
* operation using credentials from the same Amazon Web Services account that owns the secret. If the secret
* is in a different account, then you must use a customer managed key and provide the ARN of that KMS key
* in this field. The user making the call must have permissions to both the secret and the KMS key in their
* respective accounts.
*
*/
public final String kmsKeyId() {
return kmsKeyId;
}
/**
*
* The binary data to encrypt and store in the new version of the secret. We recommend that you store your binary
* data in a file and then pass the contents of the file as a parameter.
*
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* You can't access this parameter in the Secrets Manager console.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log
* entries. If you create your own log entries, you must also avoid logging the information in this field.
*
*
* @return The binary data to encrypt and store in the new version of the secret. We recommend that you store your
* binary data in a file and then pass the contents of the file as a parameter.
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* You can't access this parameter in the Secrets Manager console.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail
* log entries. If you create your own log entries, you must also avoid logging the information in this
* field.
*/
public final SdkBytes secretBinary() {
return secretBinary;
}
/**
*
* The text data to encrypt and store in the new version of the secret. We recommend you use a JSON structure of
* key/value pairs for your secret value.
*
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log
* entries. If you create your own log entries, you must also avoid logging the information in this field.
*
*
* @return The text data to encrypt and store in the new version of the secret. We recommend you use a JSON
* structure of key/value pairs for your secret value.
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail
* log entries. If you create your own log entries, you must also avoid logging the information in this
* field.
*/
public final String secretString() {
return secretString;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(secretId());
hashCode = 31 * hashCode + Objects.hashCode(clientRequestToken());
hashCode = 31 * hashCode + Objects.hashCode(description());
hashCode = 31 * hashCode + Objects.hashCode(kmsKeyId());
hashCode = 31 * hashCode + Objects.hashCode(secretBinary());
hashCode = 31 * hashCode + Objects.hashCode(secretString());
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof UpdateSecretRequest)) {
return false;
}
UpdateSecretRequest other = (UpdateSecretRequest) obj;
return Objects.equals(secretId(), other.secretId()) && Objects.equals(clientRequestToken(), other.clientRequestToken())
&& Objects.equals(description(), other.description()) && Objects.equals(kmsKeyId(), other.kmsKeyId())
&& Objects.equals(secretBinary(), other.secretBinary()) && Objects.equals(secretString(), other.secretString());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("UpdateSecretRequest").add("SecretId", secretId())
.add("ClientRequestToken", clientRequestToken()).add("Description", description()).add("KmsKeyId", kmsKeyId())
.add("SecretBinary", secretBinary() == null ? null : "*** Sensitive Data Redacted ***")
.add("SecretString", secretString() == null ? null : "*** Sensitive Data Redacted ***").build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "SecretId":
return Optional.ofNullable(clazz.cast(secretId()));
case "ClientRequestToken":
return Optional.ofNullable(clazz.cast(clientRequestToken()));
case "Description":
return Optional.ofNullable(clazz.cast(description()));
case "KmsKeyId":
return Optional.ofNullable(clazz.cast(kmsKeyId()));
case "SecretBinary":
return Optional.ofNullable(clazz.cast(secretBinary()));
case "SecretString":
return Optional.ofNullable(clazz.cast(secretString()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
@Override
public final Map> sdkFieldNameToField() {
return SDK_NAME_TO_FIELD;
}
private static Function getter(Function g) {
return obj -> g.apply((UpdateSecretRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends SecretsManagerRequest.Builder, SdkPojo, CopyableBuilder {
/**
*
* The ARN or name of the secret.
*
*
* For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
*
*
* @param secretId
* The ARN or name of the secret.
*
* For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See Finding a secret from a partial ARN.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder secretId(String secretId);
/**
*
* If you include SecretString or SecretBinary, then Secrets Manager creates a new
* version for the secret, and this parameter specifies the unique identifier for the new version.
*
*
*
* If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then
* you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the
* value for this parameter in the request.
*
*
*
* If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
* ClientRequestToken and include it in the request.
*
*
* This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of
* duplicate versions if there are failures and retries during a rotation. We recommend that you generate a UUID-type value to ensure uniqueness of
* your versions within the specified secret.
*
*
* @param clientRequestToken
* If you include SecretString or SecretBinary, then Secrets Manager creates a
* new version for the secret, and this parameter specifies the unique identifier for the new
* version.
*
* If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation,
* then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes
* it as the value for this parameter in the request.
*
*
*
* If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
* ClientRequestToken and include it in the request.
*
*
* This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental
* creation of duplicate versions if there are failures and retries during a rotation. We recommend that
* you generate a UUID-type value
* to ensure uniqueness of your versions within the specified secret.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder clientRequestToken(String clientRequestToken);
/**
*
* The description of the secret.
*
*
* @param description
* The description of the secret.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder description(String description);
/**
*
* The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt new secret versions as well as
* any existing versions with the staging labels AWSCURRENT, AWSPENDING, or
* AWSPREVIOUS. If you don't have kms:Encrypt permission to the new key, Secrets
* Manager does not re-encrypt existing secret versions with the new key. For more information about versions
* and staging labels, see Concepts: Version.
*
*
* A key alias is always prefixed by alias/, for example alias/aws/secretsmanager. For
* more information, see About
* aliases.
*
*
* If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key
* aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager
* creates it for you automatically. All users and roles in the Amazon Web Services account automatically have
* access to use aws/secretsmanager. Creating aws/secretsmanager can result in a
* one-time significant delay in returning the result.
*
*
*
* You can only use the Amazon Web Services managed key aws/secretsmanager if you call this
* operation using credentials from the same Amazon Web Services account that owns the secret. If the secret is
* in a different account, then you must use a customer managed key and provide the ARN of that KMS key in this
* field. The user making the call must have permissions to both the secret and the KMS key in their respective
* accounts.
*
*
*
* @param kmsKeyId
* The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt new secret versions as
* well as any existing versions with the staging labels AWSCURRENT, AWSPENDING
* , or AWSPREVIOUS. If you don't have kms:Encrypt permission to the new key,
* Secrets Manager does not re-encrypt existing secret versions with the new key. For more information
* about versions and staging labels, see Concepts: Version.
*
* A key alias is always prefixed by alias/, for example
* alias/aws/secretsmanager. For more information, see About aliases.
*
*
* If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key
* aws/secretsmanager. If this key doesn't already exist in your account, then Secrets
* Manager creates it for you automatically. All users and roles in the Amazon Web Services account
* automatically have access to use aws/secretsmanager. Creating
* aws/secretsmanager can result in a one-time significant delay in returning the result.
*
*
*
* You can only use the Amazon Web Services managed key aws/secretsmanager if you call this
* operation using credentials from the same Amazon Web Services account that owns the secret. If the
* secret is in a different account, then you must use a customer managed key and provide the ARN of that
* KMS key in this field. The user making the call must have permissions to both the secret and the KMS
* key in their respective accounts.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder kmsKeyId(String kmsKeyId);
/**
*
* The binary data to encrypt and store in the new version of the secret. We recommend that you store your
* binary data in a file and then pass the contents of the file as a parameter.
*
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* You can't access this parameter in the Secrets Manager console.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log
* entries. If you create your own log entries, you must also avoid logging the information in this field.
*
*
* @param secretBinary
* The binary data to encrypt and store in the new version of the secret. We recommend that you store
* your binary data in a file and then pass the contents of the file as a parameter.
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* You can't access this parameter in the Secrets Manager console.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail
* log entries. If you create your own log entries, you must also avoid logging the information in this
* field.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder secretBinary(SdkBytes secretBinary);
/**
*
* The text data to encrypt and store in the new version of the secret. We recommend you use a JSON structure of
* key/value pairs for your secret value.
*
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log
* entries. If you create your own log entries, you must also avoid logging the information in this field.
*
*
* @param secretString
* The text data to encrypt and store in the new version of the secret. We recommend you use a JSON
* structure of key/value pairs for your secret value.
*
* Either SecretBinary or SecretString must have a value, but not both.
*
*
* Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail
* log entries. If you create your own log entries, you must also avoid logging the information in this
* field.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder secretString(String secretString);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends SecretsManagerRequest.BuilderImpl implements Builder {
private String secretId;
private String clientRequestToken;
private String description;
private String kmsKeyId;
private SdkBytes secretBinary;
private String secretString;
private BuilderImpl() {
}
private BuilderImpl(UpdateSecretRequest model) {
super(model);
secretId(model.secretId);
clientRequestToken(model.clientRequestToken);
description(model.description);
kmsKeyId(model.kmsKeyId);
secretBinary(model.secretBinary);
secretString(model.secretString);
}
public final String getSecretId() {
return secretId;
}
public final void setSecretId(String secretId) {
this.secretId = secretId;
}
@Override
public final Builder secretId(String secretId) {
this.secretId = secretId;
return this;
}
public final String getClientRequestToken() {
return clientRequestToken;
}
public final void setClientRequestToken(String clientRequestToken) {
this.clientRequestToken = clientRequestToken;
}
@Override
public final Builder clientRequestToken(String clientRequestToken) {
this.clientRequestToken = clientRequestToken;
return this;
}
public final String getDescription() {
return description;
}
public final void setDescription(String description) {
this.description = description;
}
@Override
public final Builder description(String description) {
this.description = description;
return this;
}
public final String getKmsKeyId() {
return kmsKeyId;
}
public final void setKmsKeyId(String kmsKeyId) {
this.kmsKeyId = kmsKeyId;
}
@Override
public final Builder kmsKeyId(String kmsKeyId) {
this.kmsKeyId = kmsKeyId;
return this;
}
public final ByteBuffer getSecretBinary() {
return secretBinary == null ? null : secretBinary.asByteBuffer();
}
public final void setSecretBinary(ByteBuffer secretBinary) {
secretBinary(secretBinary == null ? null : SdkBytes.fromByteBuffer(secretBinary));
}
@Override
public final Builder secretBinary(SdkBytes secretBinary) {
this.secretBinary = secretBinary;
return this;
}
public final String getSecretString() {
return secretString;
}
public final void setSecretString(String secretString) {
this.secretString = secretString;
}
@Override
public final Builder secretString(String secretString) {
this.secretString = secretString;
return this;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public UpdateSecretRequest build() {
return new UpdateSecretRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
@Override
public Map> sdkFieldNameToField() {
return SDK_NAME_TO_FIELD;
}
}
}