Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/identitystore/identitystore-2020-06-15.api.json

@@ -494,7 +494,8 @@
         "Timezone":{"shape":"SensitiveStringType"},
         "Photos":{"shape":"Photos"},
         "Website":{"shape":"SensitiveStringType"},
-        "Birthdate":{"shape":"SensitiveStringType"}
+        "Birthdate":{"shape":"SensitiveStringType"},
+        "Extensions":{"shape":"Extensions"}
       }
     },
     "CreateUserResponse":{
@@ -621,7 +622,8 @@
       ],
       "members":{
         "IdentityStoreId":{"shape":"IdentityStoreId"},
-        "UserId":{"shape":"ResourceId"}
+        "UserId":{"shape":"ResourceId"},
+        "Extensions":{"shape":"ExtensionNames"}
       }
     },
     "DescribeUserResponse":{
@@ -654,7 +656,8 @@
         "CreatedAt":{"shape":"DateType"},
         "CreatedBy":{"shape":"StringType"},
         "UpdatedAt":{"shape":"DateType"},
-        "UpdatedBy":{"shape":"StringType"}
+        "UpdatedBy":{"shape":"StringType"},
+        "Extensions":{"shape":"Extensions"}
       }
     },
     "Email":{
@@ -672,6 +675,25 @@
       "min":1
     },
     "ExceptionMessage":{"type":"string"},
+    "ExtensionName":{
+      "type":"string",
+      "max":50,
+      "min":1,
+      "pattern":"aws:identitystore:[a-z]{1,20}"
+    },
+    "ExtensionNames":{
+      "type":"list",
+      "member":{"shape":"ExtensionName"},
+      "max":10,
+      "min":1
+    },
+    "Extensions":{
+      "type":"map",
+      "key":{"shape":"ExtensionName"},
+      "value":{"shape":"AttributeValue"},
+      "max":10,
+      "min":1
+    },
     "ExternalId":{
       "type":"structure",
       "required":[
@@ -968,6 +990,7 @@
       "required":["IdentityStoreId"],
       "members":{
         "IdentityStoreId":{"shape":"IdentityStoreId"},
+        "Extensions":{"shape":"ExtensionNames"},
         "MaxResults":{
           "shape":"MaxResults",
           "box":true
@@ -1081,7 +1104,8 @@
         "GROUP",
         "USER",
         "IDENTITY_STORE",
-        "GROUP_MEMBERSHIP"
+        "GROUP_MEMBERSHIP",
+        "RESOURCE_POLICY"
       ]
     },
     "RetryAfterSeconds":{"type":"integer"},
@@ -1195,7 +1219,8 @@
         "CreatedAt":{"shape":"DateType"},
         "CreatedBy":{"shape":"StringType"},
         "UpdatedAt":{"shape":"DateType"},
-        "UpdatedBy":{"shape":"StringType"}
+        "UpdatedBy":{"shape":"StringType"},
+        "Extensions":{"shape":"Extensions"}
       }
     },
     "UserName":{

generator/ServiceModels/identitystore/identitystore-2020-06-15.docs.json

@@ -79,6 +79,7 @@
       "base": "<p>The value of the attribute. This is a <code>Document</code> type. This type is not supported by Java V1, Go V1, and older versions of the CLI.</p>",
       "refs": {
         "AttributeOperation$AttributeValue": "<p>The value of the attribute. This is a <code>Document</code> type. This type is not supported by Java V1, Go V1, and older versions of the CLI.</p>",
+        "Extensions$value": null,
         "UniqueAttribute$AttributeValue": "<p>The value of the attribute. This is a <code>Document</code> type. This type is not supported by Java V1, Go V1, and older versions of the CLI.</p>"
       }
     },
@@ -89,7 +90,7 @@
     "ConflictExceptionReason": {
       "base": null,
       "refs": {
-        "ConflictException$Reason": "<p>This request cannot be completed for one of the following reasons:</p> <ul> <li> <p>Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.</p> </li> <li> <p>The requested resource was being concurrently modified by another request.</p> </li> </ul>"
+        "ConflictException$Reason": "<p>Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.</p>"
       }
     },
     "CreateGroupMembershipRequest": {
@@ -207,6 +208,28 @@
         "ValidationException$Message": null
       }
     },
+    "ExtensionName": {
+      "base": null,
+      "refs": {
+        "ExtensionNames$member": null,
+        "Extensions$key": null
+      }
+    },
+    "ExtensionNames": {
+      "base": null,
+      "refs": {
+        "DescribeUserRequest$Extensions": "<p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>",
+        "ListUsersRequest$Extensions": "<p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>"
+      }
+    },
+    "Extensions": {
+      "base": null,
+      "refs": {
+        "CreateUserRequest$Extensions": "<p>A map with additional attribute extensions for the user. Each map key corresponds to an extension name, while map values represent extension data in <code>Document</code> type (not supported by Java V1, Go V1 and older versions of the CLI). <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>",
+        "DescribeUserResponse$Extensions": "<p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>",
+        "User$Extensions": "<p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>"
+      }
+    },
     "ExternalId": {
       "base": "<p>The identifier issued to this resource by an external identity provider.</p>",
       "refs": {

generator/ServiceModels/identitystore/identitystore-2020-06-15.normal.json

@@ -490,7 +490,7 @@
         },
         "Reason":{
           "shape":"ConflictExceptionReason",
-          "documentation":"<p>This request cannot be completed for one of the following reasons:</p> <ul> <li> <p>Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.</p> </li> <li> <p>The requested resource was being concurrently modified by another request.</p> </li> </ul>"
+          "documentation":"<p>Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.</p>"
         }
       },
       "documentation":"<p>This request cannot be completed for one of the following reasons:</p> <ul> <li> <p>Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.</p> </li> <li> <p>The requested resource was being concurrently modified by another request.</p> </li> </ul>",
@@ -648,6 +648,10 @@
         "Birthdate":{
           "shape":"SensitiveStringType",
           "documentation":"<p>The user's birthdate in YYYY-MM-DD format. This field supports standard date format for storing personal information.</p>"
+        },
+        "Extensions":{
+          "shape":"Extensions",
+          "documentation":"<p>A map with additional attribute extensions for the user. Each map key corresponds to an extension name, while map values represent extension data in <code>Document</code> type (not supported by Java V1, Go V1 and older versions of the CLI). <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>"
         }
       }
     },
@@ -865,6 +869,10 @@
         "UserId":{
           "shape":"ResourceId",
           "documentation":"<p>The identifier for a user in the identity store.</p>"
+        },
+        "Extensions":{
+          "shape":"ExtensionNames",
+          "documentation":"<p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>"
         }
       }
     },
@@ -970,6 +978,10 @@
         "UpdatedBy":{
           "shape":"StringType",
           "documentation":"<p>The identifier of the user or system that last updated the user.</p>"
+        },
+        "Extensions":{
+          "shape":"Extensions",
+          "documentation":"<p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>"
         }
       }
     },
@@ -998,6 +1010,25 @@
       "min":1
     },
     "ExceptionMessage":{"type":"string"},
+    "ExtensionName":{
+      "type":"string",
+      "max":50,
+      "min":1,
+      "pattern":"aws:identitystore:[a-z]{1,20}"
+    },
+    "ExtensionNames":{
+      "type":"list",
+      "member":{"shape":"ExtensionName"},
+      "max":10,
+      "min":1
+    },
+    "Extensions":{
+      "type":"map",
+      "key":{"shape":"ExtensionName"},
+      "value":{"shape":"AttributeValue"},
+      "max":10,
+      "min":1
+    },
     "ExternalId":{
       "type":"structure",
       "required":[
@@ -1478,6 +1509,10 @@
           "shape":"IdentityStoreId",
           "documentation":"<p>The globally unique identifier for the identity store, such as <code>d-1234567890</code>. In this example, <code>d-</code> is a fixed prefix, and <code>1234567890</code> is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.</p>"
         },
+        "Extensions":{
+          "shape":"ExtensionNames",
+          "documentation":"<p>A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. <code>aws:identitystore:enterprise</code> is the only supported extension name.</p>"
+        },
         "MaxResults":{
           "shape":"MaxResults",
           "documentation":"<p>The maximum number of results to be returned per request. This parameter is used in the <code> ListUsers</code> and <code>ListGroups</code> requests to specify how many results to return in one page. The length limit is 50 characters.</p>",
@@ -1661,7 +1696,8 @@
         "GROUP",
         "USER",
         "IDENTITY_STORE",
-        "GROUP_MEMBERSHIP"
+        "GROUP_MEMBERSHIP",
+        "RESOURCE_POLICY"
       ]
     },
     "RetryAfterSeconds":{"type":"integer"},
@@ -1886,6 +1922,10 @@
         "UpdatedBy":{
           "shape":"StringType",
           "documentation":"<p>The identifier of the user or system that last updated the user.</p>"
+        },
+        "Extensions":{
+          "shape":"Extensions",
+          "documentation":"<p>A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.</p>"
         }
       },
       "documentation":"<p>A user object that contains the metadata and attributes for a specified user.</p>"

sdk/src/Services/IdentityStore/Generated/Model/ConflictException.cs

@@ -135,18 +135,9 @@ public override void GetObjectData(System.Runtime.Serialization.SerializationInf
         /// <summary>
         /// Gets and sets the property Reason. 
         /// <para>
-        /// This request cannot be completed for one of the following reasons:
+        /// Indicates the reason for a conflict error when the service is unable to access a Customer
+        /// Managed KMS key. For non-KMS permission errors, this field is not included.
         /// </para>
-        ///  <ul> <li> 
-        /// <para>
-        /// Performing the requested operation would violate an existing uniqueness claim in the
-        /// identity store. Resolve the conflict before retrying this request.
-        /// </para>
-        ///  </li> <li> 
-        /// <para>
-        /// The requested resource was being concurrently modified by another request.
-        /// </para>
-        ///  </li> </ul>
         /// </summary>
         public ConflictExceptionReason Reason
         {

sdk/src/Services/IdentityStore/Generated/Model/CreateUserRequest.cs

@@ -39,6 +39,7 @@ public partial class CreateUserRequest : AmazonIdentityStoreRequest
         private string _birthdate;
         private string _displayName;
         private List<Email> _emails = AWSConfigs.InitializeCollections ? new List<Email>() : null;
+        private Dictionary<string, Amazon.Runtime.Documents.Document> _extensions = AWSConfigs.InitializeCollections ? new Dictionary<string, Amazon.Runtime.Documents.Document>() : null;
         private string _identityStoreId;
         private string _locale;
         private Name _name;
@@ -142,6 +143,33 @@ internal bool IsSetEmails()
             return this._emails != null && (this._emails.Count > 0 || !AWSConfigs.InitializeCollections); 
         }
 
+        /// <summary>
+        /// Gets and sets the property Extensions. 
+        /// <para>
+        /// A map with additional attribute extensions for the user. Each map key corresponds
+        /// to an extension name, while map values represent extension data in <c>Document</c>
+        /// type (not supported by Java V1, Go V1 and older versions of the CLI). <c>aws:identitystore:enterprise</c>
+        /// is the only supported extension name.
+        /// </para>
+        /// <para />
+        /// Starting with version 4 of the SDK this property will default to null. If no data for this property is returned
+        /// from the service the property will also be null. This was changed to improve performance and allow the SDK and caller
+        /// to distinguish between a property not set or a property being empty to clear out a value. To retain the previous
+        /// SDK behavior set the AWSConfigs.InitializeCollections static property to true.
+        /// </summary>
+        [AWSProperty(Min=1, Max=10)]
+        public Dictionary<string, Amazon.Runtime.Documents.Document> Extensions
+        {
+            get { return this._extensions; }
+            set { this._extensions = value; }
+        }
+
+        // Check to see if Extensions property is set
+        internal bool IsSetExtensions()
+        {
+            return this._extensions != null && (this._extensions.Count > 0 || !AWSConfigs.InitializeCollections); 
+        }
+
         /// <summary>
         /// Gets and sets the property IdentityStoreId. 
         /// <para>

sdk/src/Services/IdentityStore/Generated/Model/DescribeUserRequest.cs

@@ -44,9 +44,36 @@ namespace Amazon.IdentityStore.Model
     /// </summary>
     public partial class DescribeUserRequest : AmazonIdentityStoreRequest
     {
+        private List<string> _extensions = AWSConfigs.InitializeCollections ? new List<string>() : null;
         private string _identityStoreId;
         private string _userId;
 
+        /// <summary>
+        /// Gets and sets the property Extensions. 
+        /// <para>
+        /// A collection of extension names indicating what extensions the service should retrieve
+        /// alongside other user attributes. <c>aws:identitystore:enterprise</c> is the only supported
+        /// extension name.
+        /// </para>
+        /// <para />
+        /// Starting with version 4 of the SDK this property will default to null. If no data for this property is returned
+        /// from the service the property will also be null. This was changed to improve performance and allow the SDK and caller
+        /// to distinguish between a property not set or a property being empty to clear out a value. To retain the previous
+        /// SDK behavior set the AWSConfigs.InitializeCollections static property to true.
+        /// </summary>
+        [AWSProperty(Min=1, Max=10)]
+        public List<string> Extensions
+        {
+            get { return this._extensions; }
+            set { this._extensions = value; }
+        }
+
+        // Check to see if Extensions property is set
+        internal bool IsSetExtensions()
+        {
+            return this._extensions != null && (this._extensions.Count > 0 || !AWSConfigs.InitializeCollections); 
+        }
+
         /// <summary>
         /// Gets and sets the property IdentityStoreId. 
         /// <para>

sdk/src/Services/IdentityStore/Generated/Model/DescribeUserResponse.cs

@@ -40,6 +40,7 @@ public partial class DescribeUserResponse : AmazonWebServiceResponse
         private string _createdBy;
         private string _displayName;
         private List<Email> _emails = AWSConfigs.InitializeCollections ? new List<Email>() : null;
+        private Dictionary<string, Amazon.Runtime.Documents.Document> _extensions = AWSConfigs.InitializeCollections ? new Dictionary<string, Amazon.Runtime.Documents.Document>() : null;
         private List<ExternalId> _externalIds = AWSConfigs.InitializeCollections ? new List<ExternalId>() : null;
         private string _identityStoreId;
         private string _locale;
@@ -182,6 +183,31 @@ internal bool IsSetEmails()
             return this._emails != null && (this._emails.Count > 0 || !AWSConfigs.InitializeCollections); 
         }
 
+        /// <summary>
+        /// Gets and sets the property Extensions. 
+        /// <para>
+        /// A map of explicitly requested attribute extensions associated with the user. Not populated
+        /// if the user has no requested extensions.
+        /// </para>
+        /// <para />
+        /// Starting with version 4 of the SDK this property will default to null. If no data for this property is returned
+        /// from the service the property will also be null. This was changed to improve performance and allow the SDK and caller
+        /// to distinguish between a property not set or a property being empty to clear out a value. To retain the previous
+        /// SDK behavior set the AWSConfigs.InitializeCollections static property to true.
+        /// </summary>
+        [AWSProperty(Min=1, Max=10)]
+        public Dictionary<string, Amazon.Runtime.Documents.Document> Extensions
+        {
+            get { return this._extensions; }
+            set { this._extensions = value; }
+        }
+
+        // Check to see if Extensions property is set
+        internal bool IsSetExtensions()
+        {
+            return this._extensions != null && (this._extensions.Count > 0 || !AWSConfigs.InitializeCollections); 
+        }
+
         /// <summary>
         /// Gets and sets the property ExternalIds. 
         /// <para>

sdk/src/Services/IdentityStore/Generated/Model/Internal/MarshallTransformations/CreateUserRequestMarshaller.cs

@@ -119,6 +119,20 @@ public IRequest Marshall(CreateUserRequest publicRequest)
                 context.Writer.WriteEndArray();
             }
 
+            if(publicRequest.IsSetExtensions())
+            {
+                context.Writer.WritePropertyName("Extensions");
+                context.Writer.WriteStartObject();
+                foreach (var publicRequestExtensionsKvp in publicRequest.Extensions)
+                {
+                    context.Writer.WritePropertyName(publicRequestExtensionsKvp.Key);
+                    var publicRequestExtensionsValue = publicRequestExtensionsKvp.Value;
+
+                    Amazon.Runtime.Documents.Internal.Transform.DocumentMarshaller.Instance.Write(context.Writer, publicRequestExtensionsValue);
+                }
+                context.Writer.WriteEndObject();
+            }
+
             if(publicRequest.IsSetIdentityStoreId())
             {
                 context.Writer.WritePropertyName("IdentityStoreId");