feat(client-identitystore): Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support.

Author: awstools

clients/client-identitystore/src/commands/CreateUserCommand.ts

@@ -91,6 +91,9 @@ export interface CreateUserCommandOutput extends CreateUserResponse, __MetadataB
  *   ],
  *   Website: "STRING_VALUE",
  *   Birthdate: "STRING_VALUE",
+ *   Extensions: { // Extensions
+ *     "<keys>": "DOCUMENT_VALUE",
+ *   },
  * };
  * const command = new CreateUserCommand(input);
  * const response = await client.send(command);

clients/client-identitystore/src/commands/DescribeUserCommand.ts

@@ -39,6 +39,9 @@ export interface DescribeUserCommandOutput extends DescribeUserResponse, __Metad
  * const input = { // DescribeUserRequest
  *   IdentityStoreId: "STRING_VALUE", // required
  *   UserId: "STRING_VALUE", // required
+ *   Extensions: [ // ExtensionNames
+ *     "STRING_VALUE",
+ *   ],
  * };
  * const command = new DescribeUserCommand(input);
  * const response = await client.send(command);
@@ -109,6 +112,9 @@ export interface DescribeUserCommandOutput extends DescribeUserResponse, __Metad
  * //   CreatedBy: "STRING_VALUE",
  * //   UpdatedAt: new Date("TIMESTAMP"),
  * //   UpdatedBy: "STRING_VALUE",
+ * //   Extensions: { // Extensions
+ * //     "<keys>": "DOCUMENT_VALUE",
+ * //   },
  * // };
  *
  * ```

clients/client-identitystore/src/commands/ListUsersCommand.ts

@@ -38,6 +38,9 @@ export interface ListUsersCommandOutput extends ListUsersResponse, __MetadataBea
  * const client = new IdentitystoreClient(config);
  * const input = { // ListUsersRequest
  *   IdentityStoreId: "STRING_VALUE", // required
+ *   Extensions: [ // ExtensionNames
+ *     "STRING_VALUE",
+ *   ],
  *   MaxResults: Number("int"),
  *   NextToken: "STRING_VALUE",
  *   Filters: [ // Filters
@@ -118,6 +121,9 @@ export interface ListUsersCommandOutput extends ListUsersResponse, __MetadataBea
  * //       CreatedBy: "STRING_VALUE",
  * //       UpdatedAt: new Date("TIMESTAMP"),
  * //       UpdatedBy: "STRING_VALUE",
+ * //       Extensions: { // Extensions
+ * //         "<keys>": "DOCUMENT_VALUE",
+ * //       },
  * //     },
  * //   ],
  * //   NextToken: "STRING_VALUE",

clients/client-identitystore/src/models/enums.ts

@@ -33,6 +33,7 @@ export const ResourceType = {
   GROUP: "GROUP",
   GROUP_MEMBERSHIP: "GROUP_MEMBERSHIP",
   IDENTITY_STORE: "IDENTITY_STORE",
+  RESOURCE_POLICY: "RESOURCE_POLICY",
   USER: "USER",
 } as const;
 /**

clients/client-identitystore/src/models/errors.ts

@@ -226,7 +226,7 @@ export class ConflictException extends __BaseException {
   RequestId?: string | undefined;
 
   /**
-   * <p>This request cannot be completed for one of the following reasons:</p> <ul> <li> <p>Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.</p> </li> <li> <p>The requested resource was being concurrently modified by another request.</p> </li> </ul>
+   * <p>Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.</p>
    * @public
    */
   Reason?: ConflictExceptionReason | undefined;

clients/client-identitystore/src/models/models_0.ts

@@ -1162,6 +1162,12 @@ export interface CreateUserRequest {
    * @public
    */
   Birthdate?: string | undefined;
+
+  /**
+   * <p>A map with additional attribute extensions for the user. Each map key corresponds to an extension name, while map values represent extension data in <code>Document</code> type (not supported by Java V1, Go V1 and older versions of the CLI). <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>
+   * @public
+   */
+  Extensions?: Record<string, __DocumentType> | undefined;
 }
 
 /**
@@ -1218,6 +1224,12 @@ export interface DescribeUserRequest {
    * @public
    */
   UserId: string | undefined;
+
+  /**
+   * <p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>
+   * @public
+   */
+  Extensions?: string[] | undefined;
 }
 
 /**
@@ -1367,6 +1379,12 @@ export interface DescribeUserResponse {
    * @public
    */
   UpdatedBy?: string | undefined;
+
+  /**
+   * <p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>
+   * @public
+   */
+  Extensions?: Record<string, __DocumentType> | undefined;
 }
 
 /**
@@ -1379,6 +1397,12 @@ export interface ListUsersRequest {
    */
   IdentityStoreId: string | undefined;
 
+  /**
+   * <p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>
+   * @public
+   */
+  Extensions?: string[] | undefined;
+
   /**
    * <p>The maximum number of results to be returned per request. This parameter is used in the <code> ListUsers</code> and <code>ListGroups</code> requests to specify how many results to return in one page. The length limit is 50 characters.</p>
    * @public
@@ -1548,6 +1572,12 @@ export interface User {
    * @public
    */
   UpdatedBy?: string | undefined;
+
+  /**
+   * <p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>
+   * @public
+   */
+  Extensions?: Record<string, __DocumentType> | undefined;
 }
 
 /**

clients/client-identitystore/src/schemas/schemas_0.ts

@@ -47,6 +47,7 @@ const _EII = "ExternalIdIdentifier";
 const _EIIx = "ExternalIdIssuer";
 const _EIx = "ExternalId";
 const _Em = "Email";
+const _Ex = "Extensions";
 const _F = "Formatted";
 const _FN = "FamilyName";
 const _Fi = "Filter";
@@ -159,6 +160,7 @@ import { TypeRegistry } from "@smithy/core/schema";
 import type {
   StaticErrorSchema,
   StaticListSchema,
+  StaticMapSchema,
   StaticOperationSchema,
   StaticSimpleSchema,
   StaticStructureSchema,
@@ -234,7 +236,7 @@ export var CreateUserRequest: StaticStructureSchema = [
   n0,
   _CUR,
   0,
-  [_ISI, _UN, _N, _DN, _NN, _PU, _E, _Ad, _PN, _UT, _Ti, _PL, _Lo, _Tim, _Ph, _W, _B],
+  [_ISI, _UN, _N, _DN, _NN, _PU, _E, _Ad, _PN, _UT, _Ti, _PL, _Lo, _Tim, _Ph, _W, _B, _Ex],
   [
     0,
     [() => UserName, 0],
@@ -253,6 +255,7 @@ export var CreateUserRequest: StaticStructureSchema = [
     [() => Photos, 0],
     [() => SensitiveStringType, 0],
     [() => SensitiveStringType, 0],
+    128 | 15,
   ],
 ];
 export var CreateUserResponse: StaticStructureSchema = [3, n0, _CURr, 0, [_ISI, _UI], [0, 0]];
@@ -280,7 +283,7 @@ export var DescribeGroupResponse: StaticStructureSchema = [
   [_GI, _DN, _EI, _D, _CA, _UA, _CB, _UB, _ISI],
   [0, [() => GroupDisplayName, 0], [() => ExternalIds, 0], [() => SensitiveStringType, 0], 4, 4, 0, 0, 0],
 ];
-export var DescribeUserRequest: StaticStructureSchema = [3, n0, _DURes, 0, [_ISI, _UI], [0, 0]];
+export var DescribeUserRequest: StaticStructureSchema = [3, n0, _DURes, 0, [_ISI, _UI, _Ex], [0, 0, 64 | 0]];
 export var DescribeUserResponse: StaticStructureSchema = [
   3,
   n0,
@@ -311,6 +314,7 @@ export var DescribeUserResponse: StaticStructureSchema = [
     _CB,
     _UA,
     _UB,
+    _Ex,
   ],
   [
     0,
@@ -337,6 +341,7 @@ export var DescribeUserResponse: StaticStructureSchema = [
     0,
     4,
     0,
+    128 | 15,
   ],
 ];
 export var Email: StaticStructureSchema = [
@@ -478,8 +483,8 @@ export var ListUsersRequest: StaticStructureSchema = [
   n0,
   _LUR,
   0,
-  [_ISI, _MR, _NT, _Fil],
-  [0, 1, 0, [() => Filters, 0]],
+  [_ISI, _Ex, _MR, _NT, _Fil],
+  [0, 64 | 0, 1, 0, [() => Filters, 0]],
 ];
 export var ListUsersResponse: StaticStructureSchema = [3, n0, _LURi, 0, [_U, _NT], [[() => Users, 0], 0]];
 export var Name: StaticStructureSchema = [
@@ -598,6 +603,7 @@ export var User: StaticStructureSchema = [
     _CB,
     _UA,
     _UB,
+    _Ex,
   ],
   [
     0,
@@ -624,6 +630,7 @@ export var User: StaticStructureSchema = [
     0,
     4,
     0,
+    128 | 15,
   ],
 ];
 export var ValidationException: StaticErrorSchema = [-3, n0, _VE, { [_e]: _c, [_hE]: 400 }, [_M, _RI, _R], [0, 0, 0]];
@@ -633,6 +640,7 @@ TypeRegistry.for(_sm).registerError(IdentitystoreServiceException, __Identitysto
 export var Addresses: StaticListSchema = [1, n0, _Ad, 0, [() => Address, 0]];
 export var AttributeOperations: StaticListSchema = [1, n0, _AOt, 0, () => AttributeOperation];
 export var Emails: StaticListSchema = [1, n0, _E, 0, [() => Email, 0]];
+export var ExtensionNames = 64 | 0;
 export var ExternalIds: StaticListSchema = [1, n0, _EI, 0, [() => ExternalId, 0]];
 export var Filters: StaticListSchema = [1, n0, _Fil, 0, [() => Filter, 0]];
 export var GroupIds = 64 | 0;
@@ -648,6 +656,7 @@ export var Groups: StaticListSchema = [1, n0, _Gr, 0, [() => Group, 0]];
 export var PhoneNumbers: StaticListSchema = [1, n0, _PN, 0, [() => PhoneNumber, 0]];
 export var Photos: StaticListSchema = [1, n0, _Ph, 0, [() => Photo, 0]];
 export var Users: StaticListSchema = [1, n0, _U, 0, [() => User, 0]];
+export var Extensions = 128 | 15;
 export var AlternateIdentifier: StaticStructureSchema = [
   3,
   n0,

codegen/sdk-codegen/aws-models/identitystore.json

@@ -1039,7 +1039,7 @@
         "Reason": {
           "target": "com.amazonaws.identitystore#ConflictExceptionReason",
           "traits": {
-            "smithy.api#documentation": "<p>This request cannot be completed for one of the following reasons:</p> <ul> <li> <p>Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.</p> </li> <li> <p>The requested resource was being concurrently modified by another request.</p> </li> </ul>"
+            "smithy.api#documentation": "<p>Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.</p>"
           }
         }
       },
@@ -1337,6 +1337,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The user's birthdate in YYYY-MM-DD format. This field supports standard date format for storing personal information.</p>"
           }
+        },
+        "Extensions": {
+          "target": "com.amazonaws.identitystore#Extensions",
+          "traits": {
+            "smithy.api#documentation": "<p>A map with additional attribute extensions for the user. Each map key corresponds to an extension name, while map values represent extension data in <code>Document</code> type (not supported by Java V1, Go V1 and older versions of the CLI). <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>"
+          }
         }
       }
     },
@@ -1737,6 +1743,12 @@
             "smithy.api#documentation": "<p>The identifier for a user in the identity store.</p>",
             "smithy.api#required": {}
           }
+        },
+        "Extensions": {
+          "target": "com.amazonaws.identitystore#ExtensionNames",
+          "traits": {
+            "smithy.api#documentation": "<p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>"
+          }
         }
       }
     },
@@ -1888,6 +1900,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The identifier of the user or system that last updated the user.</p>"
           }
+        },
+        "Extensions": {
+          "target": "com.amazonaws.identitystore#Extensions",
+          "traits": {
+            "smithy.api#documentation": "<p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>"
+          }
         }
       }
     },
@@ -1933,6 +1951,44 @@
     "com.amazonaws.identitystore#ExceptionMessage": {
       "type": "string"
     },
+    "com.amazonaws.identitystore#ExtensionName": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 50
+        },
+        "smithy.api#pattern": "^aws:identitystore:[a-z]{1,20}$"
+      }
+    },
+    "com.amazonaws.identitystore#ExtensionNames": {
+      "type": "list",
+      "member": {
+        "target": "com.amazonaws.identitystore#ExtensionName"
+      },
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 10
+        },
+        "smithy.api#uniqueItems": {}
+      }
+    },
+    "com.amazonaws.identitystore#Extensions": {
+      "type": "map",
+      "key": {
+        "target": "com.amazonaws.identitystore#ExtensionName"
+      },
+      "value": {
+        "target": "com.amazonaws.identitystore#AttributeValue"
+      },
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 10
+        }
+      }
+    },
     "com.amazonaws.identitystore#ExternalId": {
       "type": "structure",
       "members": {
@@ -2824,6 +2880,12 @@
             "smithy.api#required": {}
           }
         },
+        "Extensions": {
+          "target": "com.amazonaws.identitystore#ExtensionNames",
+          "traits": {
+            "smithy.api#documentation": "<p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>"
+          }
+        },
         "MaxResults": {
           "target": "com.amazonaws.identitystore#MaxResults",
           "traits": {
@@ -3124,6 +3186,12 @@
           "traits": {
             "smithy.api#enumValue": "GROUP_MEMBERSHIP"
           }
+        },
+        "RESOURCE_POLICY": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "RESOURCE_POLICY"
+          }
         }
       }
     },
@@ -3502,6 +3570,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The identifier of the user or system that last updated the user.</p>"
           }
+        },
+        "Extensions": {
+          "target": "com.amazonaws.identitystore#Extensions",
+          "traits": {
+            "smithy.api#documentation": "<p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>"
+          }
         }
       },
       "traits": {