From 33886e7204f53d935a333ef859992c872ca9fcae Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 11 Sep 2024 18:22:48 +0000 Subject: [PATCH] feat(client-ecr): Added KMS_DSSE to EncryptionType --- .../src/commands/CreateRepositoryCommand.ts | 4 +- ...CreateRepositoryCreationTemplateCommand.ts | 4 +- .../src/commands/DeleteRepositoryCommand.ts | 2 +- ...DeleteRepositoryCreationTemplateCommand.ts | 2 +- .../commands/DescribeRepositoriesCommand.ts | 2 +- ...cribeRepositoryCreationTemplatesCommand.ts | 2 +- ...UpdateRepositoryCreationTemplateCommand.ts | 4 +- clients/client-ecr/src/models/models_0.ts | 29 ++++++----- codegen/sdk-codegen/aws-models/ecr.json | 48 ++++++++++++++++--- 9 files changed, 67 insertions(+), 30 deletions(-) diff --git a/clients/client-ecr/src/commands/CreateRepositoryCommand.ts b/clients/client-ecr/src/commands/CreateRepositoryCommand.ts index 5dfe2709c138..35d9395c6253 100644 --- a/clients/client-ecr/src/commands/CreateRepositoryCommand.ts +++ b/clients/client-ecr/src/commands/CreateRepositoryCommand.ts @@ -50,7 +50,7 @@ export interface CreateRepositoryCommandOutput extends CreateRepositoryResponse, * scanOnPush: true || false, * }, * encryptionConfiguration: { // EncryptionConfiguration - * encryptionType: "AES256" || "KMS", // required + * encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * kmsKey: "STRING_VALUE", * }, * }; @@ -68,7 +68,7 @@ export interface CreateRepositoryCommandOutput extends CreateRepositoryResponse, * // scanOnPush: true || false, * // }, * // encryptionConfiguration: { // EncryptionConfiguration - * // encryptionType: "AES256" || "KMS", // required + * // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * // kmsKey: "STRING_VALUE", * // }, * // }, diff --git a/clients/client-ecr/src/commands/CreateRepositoryCreationTemplateCommand.ts b/clients/client-ecr/src/commands/CreateRepositoryCreationTemplateCommand.ts index 21972c9ad263..dcc6d42d3b15 100644 --- a/clients/client-ecr/src/commands/CreateRepositoryCreationTemplateCommand.ts +++ b/clients/client-ecr/src/commands/CreateRepositoryCreationTemplateCommand.ts @@ -48,7 +48,7 @@ export interface CreateRepositoryCreationTemplateCommandOutput * prefix: "STRING_VALUE", // required * description: "STRING_VALUE", * encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate - * encryptionType: "AES256" || "KMS", // required + * encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * kmsKey: "STRING_VALUE", * }, * resourceTags: [ // TagList @@ -73,7 +73,7 @@ export interface CreateRepositoryCreationTemplateCommandOutput * // prefix: "STRING_VALUE", * // description: "STRING_VALUE", * // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate - * // encryptionType: "AES256" || "KMS", // required + * // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * // kmsKey: "STRING_VALUE", * // }, * // resourceTags: [ // TagList diff --git a/clients/client-ecr/src/commands/DeleteRepositoryCommand.ts b/clients/client-ecr/src/commands/DeleteRepositoryCommand.ts index d8a4d2ff462d..75fa75ac9a75 100644 --- a/clients/client-ecr/src/commands/DeleteRepositoryCommand.ts +++ b/clients/client-ecr/src/commands/DeleteRepositoryCommand.ts @@ -56,7 +56,7 @@ export interface DeleteRepositoryCommandOutput extends DeleteRepositoryResponse, * // scanOnPush: true || false, * // }, * // encryptionConfiguration: { // EncryptionConfiguration - * // encryptionType: "AES256" || "KMS", // required + * // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * // kmsKey: "STRING_VALUE", * // }, * // }, diff --git a/clients/client-ecr/src/commands/DeleteRepositoryCreationTemplateCommand.ts b/clients/client-ecr/src/commands/DeleteRepositoryCreationTemplateCommand.ts index 6fa011aa8cb1..f56f4b708238 100644 --- a/clients/client-ecr/src/commands/DeleteRepositoryCreationTemplateCommand.ts +++ b/clients/client-ecr/src/commands/DeleteRepositoryCreationTemplateCommand.ts @@ -51,7 +51,7 @@ export interface DeleteRepositoryCreationTemplateCommandOutput * // prefix: "STRING_VALUE", * // description: "STRING_VALUE", * // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate - * // encryptionType: "AES256" || "KMS", // required + * // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * // kmsKey: "STRING_VALUE", * // }, * // resourceTags: [ // TagList diff --git a/clients/client-ecr/src/commands/DescribeRepositoriesCommand.ts b/clients/client-ecr/src/commands/DescribeRepositoriesCommand.ts index 1a5450c0ce60..a018a454b68e 100644 --- a/clients/client-ecr/src/commands/DescribeRepositoriesCommand.ts +++ b/clients/client-ecr/src/commands/DescribeRepositoriesCommand.ts @@ -58,7 +58,7 @@ export interface DescribeRepositoriesCommandOutput extends DescribeRepositoriesR * // scanOnPush: true || false, * // }, * // encryptionConfiguration: { // EncryptionConfiguration - * // encryptionType: "AES256" || "KMS", // required + * // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * // kmsKey: "STRING_VALUE", * // }, * // }, diff --git a/clients/client-ecr/src/commands/DescribeRepositoryCreationTemplatesCommand.ts b/clients/client-ecr/src/commands/DescribeRepositoryCreationTemplatesCommand.ts index 2ae578809eaa..0babcdb839bd 100644 --- a/clients/client-ecr/src/commands/DescribeRepositoryCreationTemplatesCommand.ts +++ b/clients/client-ecr/src/commands/DescribeRepositoryCreationTemplatesCommand.ts @@ -61,7 +61,7 @@ export interface DescribeRepositoryCreationTemplatesCommandOutput * // prefix: "STRING_VALUE", * // description: "STRING_VALUE", * // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate - * // encryptionType: "AES256" || "KMS", // required + * // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * // kmsKey: "STRING_VALUE", * // }, * // resourceTags: [ // TagList diff --git a/clients/client-ecr/src/commands/UpdateRepositoryCreationTemplateCommand.ts b/clients/client-ecr/src/commands/UpdateRepositoryCreationTemplateCommand.ts index b796fc85ca71..fd07fb344deb 100644 --- a/clients/client-ecr/src/commands/UpdateRepositoryCreationTemplateCommand.ts +++ b/clients/client-ecr/src/commands/UpdateRepositoryCreationTemplateCommand.ts @@ -44,7 +44,7 @@ export interface UpdateRepositoryCreationTemplateCommandOutput * prefix: "STRING_VALUE", // required * description: "STRING_VALUE", * encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate - * encryptionType: "AES256" || "KMS", // required + * encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * kmsKey: "STRING_VALUE", * }, * resourceTags: [ // TagList @@ -69,7 +69,7 @@ export interface UpdateRepositoryCreationTemplateCommandOutput * // prefix: "STRING_VALUE", * // description: "STRING_VALUE", * // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate - * // encryptionType: "AES256" || "KMS", // required + * // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required * // kmsKey: "STRING_VALUE", * // }, * // resourceTags: [ // TagList diff --git a/clients/client-ecr/src/models/models_0.ts b/clients/client-ecr/src/models/models_0.ts index 8e5cf904c7d0..b764705ccb7e 100644 --- a/clients/client-ecr/src/models/models_0.ts +++ b/clients/client-ecr/src/models/models_0.ts @@ -1035,6 +1035,7 @@ export class UnsupportedUpstreamRegistryException extends __BaseException { export const EncryptionType = { AES256: "AES256", KMS: "KMS", + KMS_DSSE: "KMS_DSSE", } as const; /** @@ -1061,10 +1062,12 @@ export interface EncryptionConfiguration { *

If you use the KMS encryption type, the contents of the repository will * be encrypted using server-side encryption with Key Management Service key stored in KMS. When you * use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key - * for Amazon ECR, or specify your own KMS key, which you already created. For more - * information, see Protecting data using server-side - * encryption with an KMS key stored in Key Management Service (SSE-KMS) in the - * Amazon Simple Storage Service Console Developer Guide.

+ * for Amazon ECR, or specify your own KMS key, which you already created.

+ *

If you use the KMS_DSSE encryption type, the contents of the repository + * will be encrypted with two layers of encryption using server-side encryption with the + * KMS Management Service key stored in KMS. Similar to the KMS encryption type, you + * can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS + * key, which you've already created.

*

If you use the AES256 encryption type, Amazon ECR uses server-side encryption * with Amazon S3-managed encryption keys which encrypts the images in the repository using an * AES256 encryption algorithm. For more information, see Protecting data using @@ -1445,9 +1448,9 @@ export interface CreateRepositoryCreationTemplateRequest { /** *

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as - * the registry that you are configuring. Amazon ECR will assume your supplied role when - * the customRoleArn is specified. When this field isn't specified, Amazon ECR will - * use the service-linked role for the repository creation template.

+ * the registry that you are configuring. Amazon ECR will assume your supplied role when the + * customRoleArn is specified. When this field isn't specified, Amazon ECR will use the + * service-linked role for the repository creation template.

* @public */ customRoleArn?: string; @@ -1517,9 +1520,9 @@ export interface RepositoryCreationTemplate { appliedFor?: RCTAppliedFor[]; /** - *

The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when - * the customRoleArn is specified. When this field isn't specified, Amazon ECR will - * use the service-linked role for the repository creation template.

+ *

The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role + * when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the + * service-linked role for the repository creation template.

* @public */ customRoleArn?: string; @@ -4892,9 +4895,9 @@ export interface UpdateRepositoryCreationTemplateRequest { /** *

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as - * the registry that you are configuring. Amazon ECR will assume your supplied role when - * the customRoleArn is specified. When this field isn't specified, Amazon ECR will - * use the service-linked role for the repository creation template.

+ * the registry that you are configuring. Amazon ECR will assume your supplied role when the + * customRoleArn is specified. When this field isn't specified, Amazon ECR will use the + * service-linked role for the repository creation template.

* @public */ customRoleArn?: string; diff --git a/codegen/sdk-codegen/aws-models/ecr.json b/codegen/sdk-codegen/aws-models/ecr.json index 16f2aac51a67..db0295c8094a 100644 --- a/codegen/sdk-codegen/aws-models/ecr.json +++ b/codegen/sdk-codegen/aws-models/ecr.json @@ -206,7 +206,7 @@ }, "aws.protocols#awsJson1_1": {}, "smithy.api#documentation": "Amazon Elastic Container Registry\n

Amazon Elastic Container Registry (Amazon ECR) is a managed container image registry service. Customers can use the\n familiar Docker CLI, or their preferred client, to push, pull, and manage images. Amazon ECR\n provides a secure, scalable, and reliable registry for your Docker or Open Container\n Initiative (OCI) images. Amazon ECR supports private repositories with resource-based\n permissions using IAM so that specific users or Amazon EC2 instances can access\n repositories and images.

\n

Amazon ECR has service endpoints in each supported Region. For more information, see Amazon ECR endpoints in the\n Amazon Web Services General Reference.

", - "smithy.api#title": "Amazon EC2 Container Registry", + "smithy.api#title": "Amazon Elastic Container Registry", "smithy.api#xmlNamespace": { "uri": "http://ecr.amazonaws.com/doc/2015-09-21/" }, @@ -2142,7 +2142,7 @@ "customRoleArn": { "target": "com.amazonaws.ecr#CustomRoleArn", "traits": { - "smithy.api#documentation": "

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when\n the customRoleArn is specified. When this field isn't specified, Amazon ECR will\n use the service-linked role for the repository creation template.

" + "smithy.api#documentation": "

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when the\n customRoleArn is specified. When this field isn't specified, Amazon ECR will use the\n service-linked role for the repository creation template.

" } } }, @@ -3329,7 +3329,20 @@ "outputToken": "nextToken", "items": "repositories", "pageSize": "maxResults" - } + }, + "smithy.test#smokeTests": [ + { + "id": "DescribeRepositoriesSuccess", + "params": {}, + "vendorParams": { + "region": "us-west-2" + }, + "vendorParamsShape": "aws.test#AwsVendorParams", + "expect": { + "success": {} + } + } + ] } }, "com.amazonaws.ecr#DescribeRepositoriesRequest": { @@ -3486,7 +3499,7 @@ "encryptionType": { "target": "com.amazonaws.ecr#EncryptionType", "traits": { - "smithy.api#documentation": "

The encryption type to use.

\n

If you use the KMS encryption type, the contents of the repository will\n be encrypted using server-side encryption with Key Management Service key stored in KMS. When you\n use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key\n for Amazon ECR, or specify your own KMS key, which you already created. For more\n information, see Protecting data using server-side\n encryption with an KMS key stored in Key Management Service (SSE-KMS) in the\n Amazon Simple Storage Service Console Developer Guide.

\n

If you use the AES256 encryption type, Amazon ECR uses server-side encryption\n with Amazon S3-managed encryption keys which encrypts the images in the repository using an\n AES256 encryption algorithm. For more information, see Protecting data using\n server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the\n Amazon Simple Storage Service Console Developer Guide.

", + "smithy.api#documentation": "

The encryption type to use.

\n

If you use the KMS encryption type, the contents of the repository will\n be encrypted using server-side encryption with Key Management Service key stored in KMS. When you\n use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key\n for Amazon ECR, or specify your own KMS key, which you already created.

\n

If you use the KMS_DSSE encryption type, the contents of the repository\n will be encrypted with two layers of encryption using server-side encryption with the\n KMS Management Service key stored in KMS. Similar to the KMS encryption type, you\n can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS\n key, which you've already created.

\n

If you use the AES256 encryption type, Amazon ECR uses server-side encryption\n with Amazon S3-managed encryption keys which encrypts the images in the repository using an\n AES256 encryption algorithm. For more information, see Protecting data using\n server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the\n Amazon Simple Storage Service Console Developer Guide.

", "smithy.api#required": {} } }, @@ -3536,6 +3549,12 @@ "traits": { "smithy.api#enumValue": "KMS" } + }, + "KMS_DSSE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "KMS_DSSE" + } } } }, @@ -5550,7 +5569,22 @@ "outputToken": "nextToken", "items": "imageIds", "pageSize": "maxResults" - } + }, + "smithy.test#smokeTests": [ + { + "id": "ListImagesFailure", + "params": { + "repositoryName": "not-a-real-repository" + }, + "vendorParams": { + "region": "us-west-2" + }, + "vendorParamsShape": "aws.test#AwsVendorParams", + "expect": { + "failure": {} + } + } + ] } }, "com.amazonaws.ecr#ListImagesFilter": { @@ -6910,7 +6944,7 @@ "customRoleArn": { "target": "com.amazonaws.ecr#CustomRoleArn", "traits": { - "smithy.api#documentation": "

The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when\n the customRoleArn is specified. When this field isn't specified, Amazon ECR will\n use the service-linked role for the repository creation template.

" + "smithy.api#documentation": "

The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role\n when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the\n service-linked role for the repository creation template.

" } }, "createdAt": { @@ -8223,7 +8257,7 @@ "customRoleArn": { "target": "com.amazonaws.ecr#CustomRoleArn", "traits": { - "smithy.api#documentation": "

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when\n the customRoleArn is specified. When this field isn't specified, Amazon ECR will\n use the service-linked role for the repository creation template.

" + "smithy.api#documentation": "

The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when the\n customRoleArn is specified. When this field isn't specified, Amazon ECR will use the\n service-linked role for the repository creation template.

" } } },