feat(client-opensearch): This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains.

Author: awstools

clients/client-opensearch/src/commands/CreateDomainCommand.ts

@@ -125,6 +125,12 @@ export interface CreateDomainCommandOutput extends CreateDomainResponse, __Metad
  *       RolesKey: "STRING_VALUE",
  *       SessionTimeoutMinutes: Number("int"),
  *     },
+ *     JWTOptions: { // JWTOptionsInput
+ *       Enabled: true || false,
+ *       SubjectKey: "STRING_VALUE",
+ *       RolesKey: "STRING_VALUE",
+ *       PublicKey: "STRING_VALUE",
+ *     },
  *     AnonymousAuthEnabled: true || false,
  *   },
  *   TagList: [ // TagList
@@ -272,6 +278,12 @@ export interface CreateDomainCommandOutput extends CreateDomainResponse, __Metad
  * //         RolesKey: "STRING_VALUE",
  * //         SessionTimeoutMinutes: Number("int"),
  * //       },
+ * //       JWTOptions: { // JWTOptionsOutput
+ * //         Enabled: true || false,
+ * //         SubjectKey: "STRING_VALUE",
+ * //         RolesKey: "STRING_VALUE",
+ * //         PublicKey: "STRING_VALUE",
+ * //       },
  * //       AnonymousAuthDisableDate: new Date("TIMESTAMP"),
  * //       AnonymousAuthEnabled: true || false,
  * //     },

clients/client-opensearch/src/commands/DeleteDomainCommand.ts

@@ -151,6 +151,12 @@ export interface DeleteDomainCommandOutput extends DeleteDomainResponse, __Metad
  * //         RolesKey: "STRING_VALUE",
  * //         SessionTimeoutMinutes: Number("int"),
  * //       },
+ * //       JWTOptions: { // JWTOptionsOutput
+ * //         Enabled: true || false,
+ * //         SubjectKey: "STRING_VALUE",
+ * //         RolesKey: "STRING_VALUE",
+ * //         PublicKey: "STRING_VALUE",
+ * //       },
  * //       AnonymousAuthDisableDate: new Date("TIMESTAMP"),
  * //       AnonymousAuthEnabled: true || false,
  * //     },

clients/client-opensearch/src/commands/DescribeDomainCommand.ts

@@ -151,6 +151,12 @@ export interface DescribeDomainCommandOutput extends DescribeDomainResponse, __M
  * //         RolesKey: "STRING_VALUE",
  * //         SessionTimeoutMinutes: Number("int"),
  * //       },
+ * //       JWTOptions: { // JWTOptionsOutput
+ * //         Enabled: true || false,
+ * //         SubjectKey: "STRING_VALUE",
+ * //         RolesKey: "STRING_VALUE",
+ * //         PublicKey: "STRING_VALUE",
+ * //       },
  * //       AnonymousAuthDisableDate: new Date("TIMESTAMP"),
  * //       AnonymousAuthEnabled: true || false,
  * //     },

clients/client-opensearch/src/commands/DescribeDomainConfigCommand.ts

@@ -197,6 +197,12 @@ export interface DescribeDomainConfigCommandOutput extends DescribeDomainConfigR
  * //           RolesKey: "STRING_VALUE",
  * //           SessionTimeoutMinutes: Number("int"),
  * //         },
+ * //         JWTOptions: { // JWTOptionsOutput
+ * //           Enabled: true || false,
+ * //           SubjectKey: "STRING_VALUE",
+ * //           RolesKey: "STRING_VALUE",
+ * //           PublicKey: "STRING_VALUE",
+ * //         },
  * //         AnonymousAuthDisableDate: new Date("TIMESTAMP"),
  * //         AnonymousAuthEnabled: true || false,
  * //       },

clients/client-opensearch/src/commands/DescribeDomainsCommand.ts

@@ -154,6 +154,12 @@ export interface DescribeDomainsCommandOutput extends DescribeDomainsResponse, _
  * //           RolesKey: "STRING_VALUE",
  * //           SessionTimeoutMinutes: Number("int"),
  * //         },
+ * //         JWTOptions: { // JWTOptionsOutput
+ * //           Enabled: true || false,
+ * //           SubjectKey: "STRING_VALUE",
+ * //           RolesKey: "STRING_VALUE",
+ * //           PublicKey: "STRING_VALUE",
+ * //         },
  * //         AnonymousAuthDisableDate: new Date("TIMESTAMP"),
  * //         AnonymousAuthEnabled: true || false,
  * //       },

clients/client-opensearch/src/commands/DescribeDryRunProgressCommand.ts

@@ -165,6 +165,12 @@ export interface DescribeDryRunProgressCommandOutput extends DescribeDryRunProgr
  * //         RolesKey: "STRING_VALUE",
  * //         SessionTimeoutMinutes: Number("int"),
  * //       },
+ * //       JWTOptions: { // JWTOptionsOutput
+ * //         Enabled: true || false,
+ * //         SubjectKey: "STRING_VALUE",
+ * //         RolesKey: "STRING_VALUE",
+ * //         PublicKey: "STRING_VALUE",
+ * //       },
  * //       AnonymousAuthDisableDate: new Date("TIMESTAMP"),
  * //       AnonymousAuthEnabled: true || false,
  * //     },

clients/client-opensearch/src/commands/UpdateDomainConfigCommand.ts

@@ -129,6 +129,12 @@ export interface UpdateDomainConfigCommandOutput extends UpdateDomainConfigRespo
  *       RolesKey: "STRING_VALUE",
  *       SessionTimeoutMinutes: Number("int"),
  *     },
+ *     JWTOptions: { // JWTOptionsInput
+ *       Enabled: true || false,
+ *       SubjectKey: "STRING_VALUE",
+ *       RolesKey: "STRING_VALUE",
+ *       PublicKey: "STRING_VALUE",
+ *     },
  *     AnonymousAuthEnabled: true || false,
  *   },
  *   AutoTuneOptions: { // AutoTuneOptions
@@ -320,6 +326,12 @@ export interface UpdateDomainConfigCommandOutput extends UpdateDomainConfigRespo
  * //           RolesKey: "STRING_VALUE",
  * //           SessionTimeoutMinutes: Number("int"),
  * //         },
+ * //         JWTOptions: { // JWTOptionsOutput
+ * //           Enabled: true || false,
+ * //           SubjectKey: "STRING_VALUE",
+ * //           RolesKey: "STRING_VALUE",
+ * //           PublicKey: "STRING_VALUE",
+ * //         },
  * //         AnonymousAuthDisableDate: new Date("TIMESTAMP"),
  * //         AnonymousAuthEnabled: true || false,
  * //       },

clients/client-opensearch/src/models/models_0.ts

@@ -689,6 +689,36 @@ export interface AdvancedOptionsStatus {
   Status: OptionStatus | undefined;
 }
 
+/**
+ * <p>Describes the JWT options configured for the domain.</p>
+ * @public
+ */
+export interface JWTOptionsOutput {
+  /**
+   * <p>True if JWT use is enabled.</p>
+   * @public
+   */
+  Enabled?: boolean;
+
+  /**
+   * <p>The key used for matching the JWT subject attribute.</p>
+   * @public
+   */
+  SubjectKey?: string;
+
+  /**
+   * <p>The key used for matching the JWT roles attribute.</p>
+   * @public
+   */
+  RolesKey?: string;
+
+  /**
+   * <p>The key used to verify the signature of incoming JWT requests.</p>
+   * @public
+   */
+  PublicKey?: string;
+}
+
 /**
  * <p>The SAML identity povider information.</p>
  * @public
@@ -766,6 +796,12 @@ export interface AdvancedSecurityOptions {
    */
   SAMLOptions?: SAMLOptionsOutput;
 
+  /**
+   * <p>Container for information about the JWT configuration of the Amazon OpenSearch Service.</p>
+   * @public
+   */
+  JWTOptions?: JWTOptionsOutput;
+
   /**
    * <p>Date and time when the migration period will be disabled. Only necessary when <a href="https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing">enabling
    *     fine-grained access control on an existing domain</a>.</p>
@@ -782,6 +818,36 @@ export interface AdvancedSecurityOptions {
   AnonymousAuthEnabled?: boolean;
 }
 
+/**
+ * <p>The JWT authentication and authorization configuration for an Amazon OpenSearch Service domain.</p>
+ * @public
+ */
+export interface JWTOptionsInput {
+  /**
+   * <p>True to enable JWT authentication and authorization for a domain.</p>
+   * @public
+   */
+  Enabled?: boolean;
+
+  /**
+   * <p>Element of the JWT assertion to use for the user name.</p>
+   * @public
+   */
+  SubjectKey?: string;
+
+  /**
+   * <p>Element of the JWT assertion to use for roles.</p>
+   * @public
+   */
+  RolesKey?: string;
+
+  /**
+   * <p>Element of the JWT assertion used by the cluster to verify JWT signatures.</p>
+   * @public
+   */
+  PublicKey?: string;
+}
+
 /**
  * <p>Credentials for the master user for a domain.</p>
  * @public
@@ -890,6 +956,12 @@ export interface AdvancedSecurityOptionsInput {
    */
   SAMLOptions?: SAMLOptionsInput;
 
+  /**
+   * <p>Container for information about the JWT configuration of the Amazon OpenSearch Service. </p>
+   * @public
+   */
+  JWTOptions?: JWTOptionsInput;
+
   /**
    * <p>True to enable a 30-day migration period during which administrators can create role
    *    mappings. Only necessary when <a href="https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing">enabling
@@ -5670,7 +5742,7 @@ export interface GetDataSourceResponse {
   Description?: string;
 
   /**
-   * <p>The status of the data source response.</p>
+   * <p>The status of the data source.</p>
    * @public
    */
   Status?: DataSourceStatus;
@@ -7061,7 +7133,7 @@ export interface UpdateDataSourceRequest {
   Description?: string;
 
   /**
-   * <p>The status of the data source update request.</p>
+   * <p>The status of the data source update.</p>
    * @public
    */
   Status?: DataSourceStatus;

clients/client-opensearch/src/protocols/Aws_restJson1.ts

@@ -248,6 +248,7 @@ import {
   InvalidPaginationTokenException,
   InvalidTypeException,
   IPAddressTypeStatus,
+  JWTOptionsInput,
   LimitExceededException,
   LogPublishingOption,
   LogPublishingOptionsStatus,
@@ -3375,6 +3376,8 @@ const se_AutoTuneOptionsInput = (input: AutoTuneOptionsInput, context: __SerdeCo
 
 // se_FilterList omitted.
 
+// se_JWTOptionsInput omitted.
+
 // se_LogPublishingOption omitted.
 
 // se_LogPublishingOptions omitted.
@@ -3450,6 +3453,7 @@ const de_AdvancedSecurityOptions = (output: any, context: __SerdeContext): Advan
     AnonymousAuthEnabled: __expectBoolean,
     Enabled: __expectBoolean,
     InternalUserDatabaseEnabled: __expectBoolean,
+    JWTOptions: _json,
     SAMLOptions: _json,
   }) as any;
 };
@@ -3894,6 +3898,8 @@ const de_IPAddressTypeStatus = (output: any, context: __SerdeContext): IPAddress
 
 // de_Issues omitted.
 
+// de_JWTOptionsOutput omitted.
+
 // de_Limits omitted.
 
 // de_LimitsByRole omitted.