From 35401aa18cc06cf6a4d7940faee81ffb1d4193eb Mon Sep 17 00:00:00 2001 From: awstools Date: Mon, 27 Nov 2023 03:55:03 +0000 Subject: [PATCH] feat(client-eks-auth): This release adds support for EKS Pod Identity feature. EKS Pod Identity makes it easy for customers to obtain IAM permissions for their applications running in the EKS clusters. --- clients/client-eks-auth/.gitignore | 9 + clients/client-eks-auth/LICENSE | 201 +++++ clients/client-eks-auth/README.md | 214 +++++ clients/client-eks-auth/api-extractor.json | 4 + clients/client-eks-auth/package.json | 102 +++ clients/client-eks-auth/src/EKSAuth.ts | 41 + clients/client-eks-auth/src/EKSAuthClient.ts | 293 +++++++ .../AssumeRoleForPodIdentityCommand.ts | 198 +++++ clients/client-eks-auth/src/commands/index.ts | 2 + .../src/endpoint/EndpointParameters.ts | 31 + .../src/endpoint/endpointResolver.ts | 16 + .../client-eks-auth/src/endpoint/ruleset.ts | 29 + .../src/extensionConfiguration.ts | 12 + clients/client-eks-auth/src/index.ts | 19 + .../src/models/EKSAuthServiceException.ts | 22 + clients/client-eks-auth/src/models/index.ts | 2 + .../client-eks-auth/src/models/models_0.ts | 375 +++++++++ .../src/protocols/Aws_restJson1.ts | 412 ++++++++++ .../src/runtimeConfig.browser.ts | 44 ++ .../src/runtimeConfig.native.ts | 18 + .../src/runtimeConfig.shared.ts | 27 + clients/client-eks-auth/src/runtimeConfig.ts | 61 ++ .../client-eks-auth/src/runtimeExtensions.ts | 45 ++ clients/client-eks-auth/tsconfig.cjs.json | 6 + clients/client-eks-auth/tsconfig.es.json | 8 + clients/client-eks-auth/tsconfig.json | 13 + clients/client-eks-auth/tsconfig.types.json | 10 + clients/client-eks-auth/typedoc.json | 6 + codegen/sdk-codegen/aws-models/eks-auth.json | 746 ++++++++++++++++++ 29 files changed, 2966 insertions(+) create mode 100644 clients/client-eks-auth/.gitignore create mode 100644 clients/client-eks-auth/LICENSE create mode 100644 clients/client-eks-auth/README.md create mode 100644 clients/client-eks-auth/api-extractor.json create mode 100644 clients/client-eks-auth/package.json create mode 100644 clients/client-eks-auth/src/EKSAuth.ts create mode 100644 clients/client-eks-auth/src/EKSAuthClient.ts create mode 100644 clients/client-eks-auth/src/commands/AssumeRoleForPodIdentityCommand.ts create mode 100644 clients/client-eks-auth/src/commands/index.ts create mode 100644 clients/client-eks-auth/src/endpoint/EndpointParameters.ts create mode 100644 clients/client-eks-auth/src/endpoint/endpointResolver.ts create mode 100644 clients/client-eks-auth/src/endpoint/ruleset.ts create mode 100644 clients/client-eks-auth/src/extensionConfiguration.ts create mode 100644 clients/client-eks-auth/src/index.ts create mode 100644 clients/client-eks-auth/src/models/EKSAuthServiceException.ts create mode 100644 clients/client-eks-auth/src/models/index.ts create mode 100644 clients/client-eks-auth/src/models/models_0.ts create mode 100644 clients/client-eks-auth/src/protocols/Aws_restJson1.ts create mode 100644 clients/client-eks-auth/src/runtimeConfig.browser.ts create mode 100644 clients/client-eks-auth/src/runtimeConfig.native.ts create mode 100644 clients/client-eks-auth/src/runtimeConfig.shared.ts create mode 100644 clients/client-eks-auth/src/runtimeConfig.ts create mode 100644 clients/client-eks-auth/src/runtimeExtensions.ts create mode 100644 clients/client-eks-auth/tsconfig.cjs.json create mode 100644 clients/client-eks-auth/tsconfig.es.json create mode 100644 clients/client-eks-auth/tsconfig.json create mode 100644 clients/client-eks-auth/tsconfig.types.json create mode 100644 clients/client-eks-auth/typedoc.json create mode 100644 codegen/sdk-codegen/aws-models/eks-auth.json diff --git a/clients/client-eks-auth/.gitignore b/clients/client-eks-auth/.gitignore new file mode 100644 index 000000000000..54f14c9aef25 --- /dev/null +++ b/clients/client-eks-auth/.gitignore @@ -0,0 +1,9 @@ +/node_modules/ +/build/ +/coverage/ +/docs/ +/dist-* +*.tsbuildinfo +*.tgz +*.log +package-lock.json diff --git a/clients/client-eks-auth/LICENSE b/clients/client-eks-auth/LICENSE new file mode 100644 index 000000000000..5001cd317c44 --- /dev/null +++ b/clients/client-eks-auth/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/clients/client-eks-auth/README.md b/clients/client-eks-auth/README.md new file mode 100644 index 000000000000..41cc48708954 --- /dev/null +++ b/clients/client-eks-auth/README.md @@ -0,0 +1,214 @@ + + +# @aws-sdk/client-eks-auth + +## Description + +AWS SDK for JavaScript EKSAuth Client for Node.js, Browser and React Native. + +

The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only +used by the EKS Pod Identity Agent.

+ +## Installing + +To install the this package, simply type add or install @aws-sdk/client-eks-auth +using your favorite package manager: + +- `npm install @aws-sdk/client-eks-auth` +- `yarn add @aws-sdk/client-eks-auth` +- `pnpm add @aws-sdk/client-eks-auth` + +## Getting Started + +### Import + +The AWS SDK is modulized by clients and commands. +To send a request, you only need to import the `EKSAuthClient` and +the commands you need, for example `AssumeRoleForPodIdentityCommand`: + +```js +// ES5 example +const { EKSAuthClient, AssumeRoleForPodIdentityCommand } = require("@aws-sdk/client-eks-auth"); +``` + +```ts +// ES6+ example +import { EKSAuthClient, AssumeRoleForPodIdentityCommand } from "@aws-sdk/client-eks-auth"; +``` + +### Usage + +To send a request, you: + +- Initiate client with configuration (e.g. credentials, region). +- Initiate command with input parameters. +- Call `send` operation on client with command object as input. +- If you are using a custom http handler, you may call `destroy()` to close open connections. + +```js +// a client can be shared by different commands. +const client = new EKSAuthClient({ region: "REGION" }); + +const params = { + /** input parameters */ +}; +const command = new AssumeRoleForPodIdentityCommand(params); +``` + +#### Async/await + +We recommend using [await](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/await) +operator to wait for the promise returned by send operation as follows: + +```js +// async/await. +try { + const data = await client.send(command); + // process data. +} catch (error) { + // error handling. +} finally { + // finally. +} +``` + +Async-await is clean, concise, intuitive, easy to debug and has better error handling +as compared to using Promise chains or callbacks. + +#### Promises + +You can also use [Promise chaining](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Using_promises#chaining) +to execute send operation. + +```js +client.send(command).then( + (data) => { + // process data. + }, + (error) => { + // error handling. + } +); +``` + +Promises can also be called using `.catch()` and `.finally()` as follows: + +```js +client + .send(command) + .then((data) => { + // process data. + }) + .catch((error) => { + // error handling. + }) + .finally(() => { + // finally. + }); +``` + +#### Callbacks + +We do not recommend using callbacks because of [callback hell](http://callbackhell.com/), +but they are supported by the send operation. + +```js +// callbacks. +client.send(command, (err, data) => { + // process err and data. +}); +``` + +#### v2 compatible style + +The client can also send requests using v2 compatible style. +However, it results in a bigger bundle size and may be dropped in next major version. More details in the blog post +on [modular packages in AWS SDK for JavaScript](https://aws.amazon.com/blogs/developer/modular-packages-in-aws-sdk-for-javascript/) + +```ts +import * as AWS from "@aws-sdk/client-eks-auth"; +const client = new AWS.EKSAuth({ region: "REGION" }); + +// async/await. +try { + const data = await client.assumeRoleForPodIdentity(params); + // process data. +} catch (error) { + // error handling. +} + +// Promises. +client + .assumeRoleForPodIdentity(params) + .then((data) => { + // process data. + }) + .catch((error) => { + // error handling. + }); + +// callbacks. +client.assumeRoleForPodIdentity(params, (err, data) => { + // process err and data. +}); +``` + +### Troubleshooting + +When the service returns an exception, the error will include the exception information, +as well as response metadata (e.g. request id). + +```js +try { + const data = await client.send(command); + // process data. +} catch (error) { + const { requestId, cfId, extendedRequestId } = error.$metadata; + console.log({ requestId, cfId, extendedRequestId }); + /** + * The keys within exceptions are also parsed. + * You can access them by specifying exception names: + * if (error.name === 'SomeServiceException') { + * const value = error.specialKeyInException; + * } + */ +} +``` + +## Getting Help + +Please use these community resources for getting help. +We use the GitHub issues for tracking bugs and feature requests, but have limited bandwidth to address them. + +- Visit [Developer Guide](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/welcome.html) + or [API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html). +- Check out the blog posts tagged with [`aws-sdk-js`](https://aws.amazon.com/blogs/developer/tag/aws-sdk-js/) + on AWS Developer Blog. +- Ask a question on [StackOverflow](https://stackoverflow.com/questions/tagged/aws-sdk-js) and tag it with `aws-sdk-js`. +- Join the AWS JavaScript community on [gitter](https://gitter.im/aws/aws-sdk-js-v3). +- If it turns out that you may have found a bug, please [open an issue](https://github.com/aws/aws-sdk-js-v3/issues/new/choose). + +To test your universal JavaScript code in Node.js, browser and react-native environments, +visit our [code samples repo](https://github.com/aws-samples/aws-sdk-js-tests). + +## Contributing + +This client code is generated automatically. Any modifications will be overwritten the next time the `@aws-sdk/client-eks-auth` package is updated. +To contribute to client you can check our [generate clients scripts](https://github.com/aws/aws-sdk-js-v3/tree/main/scripts/generate-clients). + +## License + +This SDK is distributed under the +[Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0), +see LICENSE for more information. + +## Client Commands (Operations List) + +
+ +AssumeRoleForPodIdentity + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/eks-auth/command/AssumeRoleForPodIdentityCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-eks-auth/Interface/AssumeRoleForPodIdentityCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-eks-auth/Interface/AssumeRoleForPodIdentityCommandOutput/) + +
diff --git a/clients/client-eks-auth/api-extractor.json b/clients/client-eks-auth/api-extractor.json new file mode 100644 index 000000000000..d5bf5ffeee85 --- /dev/null +++ b/clients/client-eks-auth/api-extractor.json @@ -0,0 +1,4 @@ +{ + "extends": "../../api-extractor.json", + "mainEntryPointFilePath": "/dist-types/index.d.ts" +} diff --git a/clients/client-eks-auth/package.json b/clients/client-eks-auth/package.json new file mode 100644 index 000000000000..ed6979a08329 --- /dev/null +++ b/clients/client-eks-auth/package.json @@ -0,0 +1,102 @@ +{ + "name": "@aws-sdk/client-eks-auth", + "description": "AWS SDK for JavaScript Eks Auth Client for Node.js, Browser and React Native", + "version": "3.0.0", + "scripts": { + "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'", + "build:cjs": "tsc -p tsconfig.cjs.json", + "build:docs": "typedoc", + "build:es": "tsc -p tsconfig.es.json", + "build:include:deps": "lerna run --scope $npm_package_name --include-dependencies build", + "build:types": "tsc -p tsconfig.types.json", + "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4", + "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo", + "extract:docs": "api-extractor run --local", + "generate:client": "node ../../scripts/generate-clients/single-service --solo eks-auth" + }, + "main": "./dist-cjs/index.js", + "types": "./dist-types/index.d.ts", + "module": "./dist-es/index.js", + "sideEffects": false, + "dependencies": { + "@aws-crypto/sha256-browser": "3.0.0", + "@aws-crypto/sha256-js": "3.0.0", + "@aws-sdk/client-sts": "*", + "@aws-sdk/core": "*", + "@aws-sdk/credential-provider-node": "*", + "@aws-sdk/middleware-host-header": "*", + "@aws-sdk/middleware-logger": "*", + "@aws-sdk/middleware-recursion-detection": "*", + "@aws-sdk/middleware-signing": "*", + "@aws-sdk/middleware-user-agent": "*", + "@aws-sdk/region-config-resolver": "*", + "@aws-sdk/types": "*", + "@aws-sdk/util-endpoints": "*", + "@aws-sdk/util-user-agent-browser": "*", + "@aws-sdk/util-user-agent-node": "*", + "@smithy/config-resolver": "^2.0.18", + "@smithy/fetch-http-handler": "^2.2.6", + "@smithy/hash-node": "^2.0.15", + "@smithy/invalid-dependency": "^2.0.13", + "@smithy/middleware-content-length": "^2.0.15", + "@smithy/middleware-endpoint": "^2.2.0", + "@smithy/middleware-retry": "^2.0.20", + "@smithy/middleware-serde": "^2.0.13", + "@smithy/middleware-stack": "^2.0.7", + "@smithy/node-config-provider": "^2.1.5", + "@smithy/node-http-handler": "^2.1.9", + "@smithy/protocol-http": "^3.0.9", + "@smithy/smithy-client": "^2.1.15", + "@smithy/types": "^2.5.0", + "@smithy/url-parser": "^2.0.13", + "@smithy/util-base64": "^2.0.1", + "@smithy/util-body-length-browser": "^2.0.0", + "@smithy/util-body-length-node": "^2.1.0", + "@smithy/util-defaults-mode-browser": "^2.0.19", + "@smithy/util-defaults-mode-node": "^2.0.25", + "@smithy/util-endpoints": "^1.0.4", + "@smithy/util-retry": "^2.0.6", + "@smithy/util-utf8": "^2.0.2", + "tslib": "^2.5.0" + }, + "devDependencies": { + "@smithy/service-client-documentation-generator": "^2.0.0", + "@tsconfig/node14": "1.0.3", + "@types/node": "^14.14.31", + "concurrently": "7.0.0", + "downlevel-dts": "0.10.1", + "rimraf": "3.0.2", + "typedoc": "0.23.23", + "typescript": "~4.9.5" + }, + "engines": { + "node": ">=14.0.0" + }, + "typesVersions": { + "<4.0": { + "dist-types/*": [ + "dist-types/ts3.4/*" + ] + } + }, + "files": [ + "dist-*/**" + ], + "author": { + "name": "AWS SDK for JavaScript Team", + "url": "https://aws.amazon.com/javascript/" + }, + "license": "Apache-2.0", + "browser": { + "./dist-es/runtimeConfig": "./dist-es/runtimeConfig.browser" + }, + "react-native": { + "./dist-es/runtimeConfig": "./dist-es/runtimeConfig.native" + }, + "homepage": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-eks-auth", + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-sdk-js-v3.git", + "directory": "clients/client-eks-auth" + } +} diff --git a/clients/client-eks-auth/src/EKSAuth.ts b/clients/client-eks-auth/src/EKSAuth.ts new file mode 100644 index 000000000000..564ed1d3cd87 --- /dev/null +++ b/clients/client-eks-auth/src/EKSAuth.ts @@ -0,0 +1,41 @@ +// smithy-typescript generated code +import { createAggregatedClient } from "@smithy/smithy-client"; +import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types"; + +import { + AssumeRoleForPodIdentityCommand, + AssumeRoleForPodIdentityCommandInput, + AssumeRoleForPodIdentityCommandOutput, +} from "./commands/AssumeRoleForPodIdentityCommand"; +import { EKSAuthClient, EKSAuthClientConfig } from "./EKSAuthClient"; + +const commands = { + AssumeRoleForPodIdentityCommand, +}; + +export interface EKSAuth { + /** + * @see {@link AssumeRoleForPodIdentityCommand} + */ + assumeRoleForPodIdentity( + args: AssumeRoleForPodIdentityCommandInput, + options?: __HttpHandlerOptions + ): Promise; + assumeRoleForPodIdentity( + args: AssumeRoleForPodIdentityCommandInput, + cb: (err: any, data?: AssumeRoleForPodIdentityCommandOutput) => void + ): void; + assumeRoleForPodIdentity( + args: AssumeRoleForPodIdentityCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: AssumeRoleForPodIdentityCommandOutput) => void + ): void; +} + +/** + * @public + *

The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only + * used by the EKS Pod Identity Agent.

+ */ +export class EKSAuth extends EKSAuthClient implements EKSAuth {} +createAggregatedClient(commands, EKSAuth); diff --git a/clients/client-eks-auth/src/EKSAuthClient.ts b/clients/client-eks-auth/src/EKSAuthClient.ts new file mode 100644 index 000000000000..42362293c6c2 --- /dev/null +++ b/clients/client-eks-auth/src/EKSAuthClient.ts @@ -0,0 +1,293 @@ +// smithy-typescript generated code +import { + getHostHeaderPlugin, + HostHeaderInputConfig, + HostHeaderResolvedConfig, + resolveHostHeaderConfig, +} from "@aws-sdk/middleware-host-header"; +import { getLoggerPlugin } from "@aws-sdk/middleware-logger"; +import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection"; +import { + AwsAuthInputConfig, + AwsAuthResolvedConfig, + getAwsAuthPlugin, + resolveAwsAuthConfig, +} from "@aws-sdk/middleware-signing"; +import { + getUserAgentPlugin, + resolveUserAgentConfig, + UserAgentInputConfig, + UserAgentResolvedConfig, +} from "@aws-sdk/middleware-user-agent"; +import { Credentials as __Credentials } from "@aws-sdk/types"; +import { RegionInputConfig, RegionResolvedConfig, resolveRegionConfig } from "@smithy/config-resolver"; +import { getContentLengthPlugin } from "@smithy/middleware-content-length"; +import { EndpointInputConfig, EndpointResolvedConfig, resolveEndpointConfig } from "@smithy/middleware-endpoint"; +import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry"; +import { HttpHandler as __HttpHandler } from "@smithy/protocol-http"; +import { + Client as __Client, + DefaultsMode as __DefaultsMode, + SmithyConfiguration as __SmithyConfiguration, + SmithyResolvedConfiguration as __SmithyResolvedConfiguration, +} from "@smithy/smithy-client"; +import { + BodyLengthCalculator as __BodyLengthCalculator, + CheckOptionalClientConfig as __CheckOptionalClientConfig, + Checksum as __Checksum, + ChecksumConstructor as __ChecksumConstructor, + Decoder as __Decoder, + Encoder as __Encoder, + EndpointV2 as __EndpointV2, + Hash as __Hash, + HashConstructor as __HashConstructor, + HttpHandlerOptions as __HttpHandlerOptions, + Logger as __Logger, + Provider as __Provider, + Provider, + StreamCollector as __StreamCollector, + UrlParser as __UrlParser, + UserAgent as __UserAgent, +} from "@smithy/types"; + +import { + AssumeRoleForPodIdentityCommandInput, + AssumeRoleForPodIdentityCommandOutput, +} from "./commands/AssumeRoleForPodIdentityCommand"; +import { + ClientInputEndpointParameters, + ClientResolvedEndpointParameters, + EndpointParameters, + resolveClientEndpointParameters, +} from "./endpoint/EndpointParameters"; +import { getRuntimeConfig as __getRuntimeConfig } from "./runtimeConfig"; +import { resolveRuntimeExtensions, RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions"; + +export { __Client }; + +/** + * @public + */ +export type ServiceInputTypes = AssumeRoleForPodIdentityCommandInput; + +/** + * @public + */ +export type ServiceOutputTypes = AssumeRoleForPodIdentityCommandOutput; + +/** + * @public + */ +export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__HttpHandlerOptions>> { + /** + * The HTTP handler to use. Fetch in browser and Https in Nodejs. + */ + requestHandler?: __HttpHandler; + + /** + * A constructor for a class implementing the {@link @smithy/types#ChecksumConstructor} interface + * that computes the SHA-256 HMAC or checksum of a string or binary buffer. + * @internal + */ + sha256?: __ChecksumConstructor | __HashConstructor; + + /** + * The function that will be used to convert strings into HTTP endpoints. + * @internal + */ + urlParser?: __UrlParser; + + /** + * A function that can calculate the length of a request body. + * @internal + */ + bodyLengthChecker?: __BodyLengthCalculator; + + /** + * A function that converts a stream into an array of bytes. + * @internal + */ + streamCollector?: __StreamCollector; + + /** + * The function that will be used to convert a base64-encoded string to a byte array. + * @internal + */ + base64Decoder?: __Decoder; + + /** + * The function that will be used to convert binary data to a base64-encoded string. + * @internal + */ + base64Encoder?: __Encoder; + + /** + * The function that will be used to convert a UTF8-encoded string to a byte array. + * @internal + */ + utf8Decoder?: __Decoder; + + /** + * The function that will be used to convert binary data to a UTF-8 encoded string. + * @internal + */ + utf8Encoder?: __Encoder; + + /** + * The runtime environment. + * @internal + */ + runtime?: string; + + /** + * Disable dynamically changing the endpoint of the client based on the hostPrefix + * trait of an operation. + */ + disableHostPrefix?: boolean; + + /** + * Unique service identifier. + * @internal + */ + serviceId?: string; + + /** + * Enables IPv6/IPv4 dualstack endpoint. + */ + useDualstackEndpoint?: boolean | __Provider; + + /** + * Enables FIPS compatible endpoints. + */ + useFipsEndpoint?: boolean | __Provider; + + /** + * The AWS region to which this client will send requests + */ + region?: string | __Provider; + + /** + * Default credentials provider; Not available in browser runtime. + * @internal + */ + credentialDefaultProvider?: (input: any) => __Provider<__Credentials>; + + /** + * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header + * @internal + */ + defaultUserAgentProvider?: Provider<__UserAgent>; + + /** + * Value for how many times a request will be made at most in case of retry. + */ + maxAttempts?: number | __Provider; + + /** + * Specifies which retry algorithm to use. + * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-smithy-util-retry/Enum/RETRY_MODES/ + * + */ + retryMode?: string | __Provider; + + /** + * Optional logger for logging debug/info/warn/error. + */ + logger?: __Logger; + + /** + * Optional extensions + */ + extensions?: RuntimeExtension[]; + + /** + * The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK. + */ + defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>; +} + +/** + * @public + */ +export type EKSAuthClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & + ClientDefaults & + RegionInputConfig & + EndpointInputConfig & + RetryInputConfig & + HostHeaderInputConfig & + AwsAuthInputConfig & + UserAgentInputConfig & + ClientInputEndpointParameters; +/** + * @public + * + * The configuration interface of EKSAuthClient class constructor that set the region, credentials and other options. + */ +export interface EKSAuthClientConfig extends EKSAuthClientConfigType {} + +/** + * @public + */ +export type EKSAuthClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & + Required & + RuntimeExtensionsConfig & + RegionResolvedConfig & + EndpointResolvedConfig & + RetryResolvedConfig & + HostHeaderResolvedConfig & + AwsAuthResolvedConfig & + UserAgentResolvedConfig & + ClientResolvedEndpointParameters; +/** + * @public + * + * The resolved configuration interface of EKSAuthClient class. This is resolved and normalized from the {@link EKSAuthClientConfig | constructor configuration interface}. + */ +export interface EKSAuthClientResolvedConfig extends EKSAuthClientResolvedConfigType {} + +/** + * @public + *

The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only + * used by the EKS Pod Identity Agent.

+ */ +export class EKSAuthClient extends __Client< + __HttpHandlerOptions, + ServiceInputTypes, + ServiceOutputTypes, + EKSAuthClientResolvedConfig +> { + /** + * The resolved configuration of EKSAuthClient class. This is resolved and normalized from the {@link EKSAuthClientConfig | constructor configuration interface}. + */ + readonly config: EKSAuthClientResolvedConfig; + + constructor(...[configuration]: __CheckOptionalClientConfig) { + const _config_0 = __getRuntimeConfig(configuration || {}); + const _config_1 = resolveClientEndpointParameters(_config_0); + const _config_2 = resolveRegionConfig(_config_1); + const _config_3 = resolveEndpointConfig(_config_2); + const _config_4 = resolveRetryConfig(_config_3); + const _config_5 = resolveHostHeaderConfig(_config_4); + const _config_6 = resolveAwsAuthConfig(_config_5); + const _config_7 = resolveUserAgentConfig(_config_6); + const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); + super(_config_8); + this.config = _config_8; + this.middlewareStack.use(getRetryPlugin(this.config)); + this.middlewareStack.use(getContentLengthPlugin(this.config)); + this.middlewareStack.use(getHostHeaderPlugin(this.config)); + this.middlewareStack.use(getLoggerPlugin(this.config)); + this.middlewareStack.use(getRecursionDetectionPlugin(this.config)); + this.middlewareStack.use(getAwsAuthPlugin(this.config)); + this.middlewareStack.use(getUserAgentPlugin(this.config)); + } + + /** + * Destroy underlying resources, like sockets. It's usually not necessary to do this. + * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed. + * Otherwise, sockets might stay open for quite a long time before the server terminates them. + */ + destroy(): void { + super.destroy(); + } +} diff --git a/clients/client-eks-auth/src/commands/AssumeRoleForPodIdentityCommand.ts b/clients/client-eks-auth/src/commands/AssumeRoleForPodIdentityCommand.ts new file mode 100644 index 000000000000..4c43bbb61578 --- /dev/null +++ b/clients/client-eks-auth/src/commands/AssumeRoleForPodIdentityCommand.ts @@ -0,0 +1,198 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { Command as $Command } from "@smithy/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, + SMITHY_CONTEXT_KEY, +} from "@smithy/types"; + +import { EKSAuthClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EKSAuthClient"; +import { + AssumeRoleForPodIdentityRequest, + AssumeRoleForPodIdentityRequestFilterSensitiveLog, + AssumeRoleForPodIdentityResponse, + AssumeRoleForPodIdentityResponseFilterSensitiveLog, +} from "../models/models_0"; +import { de_AssumeRoleForPodIdentityCommand, se_AssumeRoleForPodIdentityCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link AssumeRoleForPodIdentityCommand}. + */ +export interface AssumeRoleForPodIdentityCommandInput extends AssumeRoleForPodIdentityRequest {} +/** + * @public + * + * The output of {@link AssumeRoleForPodIdentityCommand}. + */ +export interface AssumeRoleForPodIdentityCommandOutput extends AssumeRoleForPodIdentityResponse, __MetadataBearer {} + +/** + * @public + *

The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only used + * by the EKS Pod Identity Agent.

+ *

We recommend that applications use the Amazon Web Services SDKs to connect to Amazon Web Services services; if + * credentials from an EKS Pod Identity association are available in the pod, the latest versions of the + * SDKs use them automatically.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { EKSAuthClient, AssumeRoleForPodIdentityCommand } from "@aws-sdk/client-eks-auth"; // ES Modules import + * // const { EKSAuthClient, AssumeRoleForPodIdentityCommand } = require("@aws-sdk/client-eks-auth"); // CommonJS import + * const client = new EKSAuthClient(config); + * const input = { // AssumeRoleForPodIdentityRequest + * clusterName: "STRING_VALUE", // required + * token: "STRING_VALUE", // required + * }; + * const command = new AssumeRoleForPodIdentityCommand(input); + * const response = await client.send(command); + * // { // AssumeRoleForPodIdentityResponse + * // subject: { // Subject + * // namespace: "STRING_VALUE", // required + * // serviceAccount: "STRING_VALUE", // required + * // }, + * // audience: "STRING_VALUE", // required + * // podIdentityAssociation: { // PodIdentityAssociation + * // associationArn: "STRING_VALUE", // required + * // associationId: "STRING_VALUE", // required + * // }, + * // assumedRoleUser: { // AssumedRoleUser + * // arn: "STRING_VALUE", // required + * // assumeRoleId: "STRING_VALUE", // required + * // }, + * // credentials: { // Credentials + * // sessionToken: "STRING_VALUE", // required + * // secretAccessKey: "STRING_VALUE", // required + * // accessKeyId: "STRING_VALUE", // required + * // expiration: new Date("TIMESTAMP"), // required + * // }, + * // }; + * + * ``` + * + * @param AssumeRoleForPodIdentityCommandInput - {@link AssumeRoleForPodIdentityCommandInput} + * @returns {@link AssumeRoleForPodIdentityCommandOutput} + * @see {@link AssumeRoleForPodIdentityCommandInput} for command's `input` shape. + * @see {@link AssumeRoleForPodIdentityCommandOutput} for command's `response` shape. + * @see {@link EKSAuthClientResolvedConfig | config} for EKSAuthClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *

You don't have permissions to perform the requested operation. The IAM principal + * making the request must have at least one IAM permissions policy attached + * that grants the required permissions. For more information, see Access + * management in the IAM User Guide.

+ * + * @throws {@link ExpiredTokenException} (client fault) + *

The specified Kubernetes service account token is expired.

+ * + * @throws {@link InternalServerException} (server fault) + *

These errors are usually caused by a server-side issue.

+ * + * @throws {@link InvalidParameterException} (client fault) + *

The specified parameter is invalid. Review the available parameters for the API + * request.

+ * + * @throws {@link InvalidRequestException} (client fault) + *

This exception is thrown if the request contains a semantic error. The precise meaning + * will depend on the API, and will be documented in the error message.

+ * + * @throws {@link InvalidTokenException} (client fault) + *

The specified Kubernetes service account token is invalid.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

The specified resource could not be found.

+ * + * @throws {@link ServiceUnavailableException} (server fault) + *

The service is unavailable. Back off and retry the operation.

+ * + * @throws {@link ThrottlingException} (client fault) + *

The request was denied because your request rate is too high. Reduce the frequency of requests.

+ * + * @throws {@link EKSAuthServiceException} + *

Base exception class for all service exceptions from EKSAuth service.

+ * + */ +export class AssumeRoleForPodIdentityCommand extends $Command< + AssumeRoleForPodIdentityCommandInput, + AssumeRoleForPodIdentityCommandOutput, + EKSAuthClientResolvedConfig +> { + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + }; + } + + /** + * @public + */ + constructor(readonly input: AssumeRoleForPodIdentityCommandInput) { + super(); + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: EKSAuthClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use( + getEndpointPlugin(configuration, AssumeRoleForPodIdentityCommand.getEndpointParameterInstructions()) + ); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "EKSAuthClient"; + const commandName = "AssumeRoleForPodIdentityCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: AssumeRoleForPodIdentityRequestFilterSensitiveLog, + outputFilterSensitiveLog: AssumeRoleForPodIdentityResponseFilterSensitiveLog, + [SMITHY_CONTEXT_KEY]: { + service: "EKSAuthFrontend", + operation: "AssumeRoleForPodIdentity", + }, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: AssumeRoleForPodIdentityCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_AssumeRoleForPodIdentityCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_AssumeRoleForPodIdentityCommand(output, context); + } +} diff --git a/clients/client-eks-auth/src/commands/index.ts b/clients/client-eks-auth/src/commands/index.ts new file mode 100644 index 000000000000..bd0d652490ad --- /dev/null +++ b/clients/client-eks-auth/src/commands/index.ts @@ -0,0 +1,2 @@ +// smithy-typescript generated code +export * from "./AssumeRoleForPodIdentityCommand"; diff --git a/clients/client-eks-auth/src/endpoint/EndpointParameters.ts b/clients/client-eks-auth/src/endpoint/EndpointParameters.ts new file mode 100644 index 000000000000..9a2cf94e8858 --- /dev/null +++ b/clients/client-eks-auth/src/endpoint/EndpointParameters.ts @@ -0,0 +1,31 @@ +// smithy-typescript generated code +import { Endpoint, EndpointParameters as __EndpointParameters, EndpointV2, Provider } from "@smithy/types"; + +/** + * @public + */ +export interface ClientInputEndpointParameters { + region?: string | Provider; + useFipsEndpoint?: boolean | Provider; + endpoint?: string | Provider | Endpoint | Provider | EndpointV2 | Provider; +} + +export type ClientResolvedEndpointParameters = ClientInputEndpointParameters & { + defaultSigningName: string; +}; + +export const resolveClientEndpointParameters = ( + options: T & ClientInputEndpointParameters +): T & ClientResolvedEndpointParameters => { + return { + ...options, + useFipsEndpoint: options.useFipsEndpoint ?? false, + defaultSigningName: "eks-auth", + }; +}; + +export interface EndpointParameters extends __EndpointParameters { + Region?: string; + UseFIPS?: boolean; + Endpoint?: string; +} diff --git a/clients/client-eks-auth/src/endpoint/endpointResolver.ts b/clients/client-eks-auth/src/endpoint/endpointResolver.ts new file mode 100644 index 000000000000..5a2f95973187 --- /dev/null +++ b/clients/client-eks-auth/src/endpoint/endpointResolver.ts @@ -0,0 +1,16 @@ +// smithy-typescript generated code +import { EndpointV2, Logger } from "@smithy/types"; +import { EndpointParams, resolveEndpoint } from "@smithy/util-endpoints"; + +import { EndpointParameters } from "./EndpointParameters"; +import { ruleSet } from "./ruleset"; + +export const defaultEndpointResolver = ( + endpointParams: EndpointParameters, + context: { logger?: Logger } = {} +): EndpointV2 => { + return resolveEndpoint(ruleSet, { + endpointParams: endpointParams as EndpointParams, + logger: context.logger, + }); +}; diff --git a/clients/client-eks-auth/src/endpoint/ruleset.ts b/clients/client-eks-auth/src/endpoint/ruleset.ts new file mode 100644 index 000000000000..187c8e4c146c --- /dev/null +++ b/clients/client-eks-auth/src/endpoint/ruleset.ts @@ -0,0 +1,29 @@ +// @ts-nocheck +// generated code, do not edit +import { RuleSetObject } from "@smithy/types"; + +/* This file is compressed. Log this object + or see "smithy.rules#endpointRuleSet" + in codegen/sdk-codegen/aws-models/eks-auth.json */ + +const r="argv", +s="ref"; +const a=false, +b=true, +c="isSet", +d="booleanEquals", +e="error", +f="endpoint", +g="tree", +h="PartitionResult", +i="getAttr", +j={"required":false,"type":"String"}, +k={[s]:"Endpoint"}, +l={}, +m={[s]:h}, +n={[e]:"FIPS is enabled but this partition does not support FIPS","type":e}, +o=[{"fn":d,[r]:[{[s]:"UseFIPS"},true]}], +p=[{[s]:"Region"}], +q=[{"fn":d,[r]:[{"fn":i,[r]:[m,"supportsFIPS"]},true]}]; +const _data={version:"1.0",parameters:{Region:j,UseFIPS:{required:b,default:a,type:"Boolean"},Endpoint:j},rules:[{conditions:[{fn:c,[r]:[k]}],rules:[{conditions:o,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:e},{endpoint:{url:k,properties:l,headers:l},type:f}],type:g},{conditions:[{fn:c,[r]:p}],rules:[{conditions:[{fn:"aws.partition",[r]:p,assign:h}],rules:[{conditions:[{fn:d,[r]:[b,{fn:i,[r]:[m,"supportsDualStack"]}]}],rules:[{conditions:o,rules:[{conditions:q,rules:[{endpoint:{url:"https://eks-auth-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:f}],type:g},n],type:g},{endpoint:{url:"https://eks-auth.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:f}],type:g},{conditions:o,rules:[{conditions:q,rules:[{endpoint:{url:"https://eks-auth-fips.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:f}],type:g},n],type:g},{endpoint:{url:"https://eks-auth.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:f}],type:g}],type:g},{error:"Invalid Configuration: Missing Region",type:e}]}; +export const ruleSet: RuleSetObject = _data; diff --git a/clients/client-eks-auth/src/extensionConfiguration.ts b/clients/client-eks-auth/src/extensionConfiguration.ts new file mode 100644 index 000000000000..d81b61172926 --- /dev/null +++ b/clients/client-eks-auth/src/extensionConfiguration.ts @@ -0,0 +1,12 @@ +// smithy-typescript generated code +import { AwsRegionExtensionConfiguration } from "@aws-sdk/types"; +import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http"; +import { DefaultExtensionConfiguration } from "@smithy/types"; + +/** + * @internal + */ +export interface EKSAuthExtensionConfiguration + extends HttpHandlerExtensionConfiguration, + DefaultExtensionConfiguration, + AwsRegionExtensionConfiguration {} diff --git a/clients/client-eks-auth/src/index.ts b/clients/client-eks-auth/src/index.ts new file mode 100644 index 000000000000..81652472f5e2 --- /dev/null +++ b/clients/client-eks-auth/src/index.ts @@ -0,0 +1,19 @@ +// smithy-typescript generated code +/* eslint-disable */ +/** + *

The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only + * used by the EKS Pod Identity Agent.

+ * + * @packageDocumentation + */ +export * from "./EKSAuthClient"; +export * from "./EKSAuth"; +export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters"; +export { RuntimeExtension } from "./runtimeExtensions"; +export { EKSAuthExtensionConfiguration } from "./extensionConfiguration"; +export * from "./commands"; +export * from "./models"; + +import "@aws-sdk/util-endpoints"; + +export { EKSAuthServiceException } from "./models/EKSAuthServiceException"; diff --git a/clients/client-eks-auth/src/models/EKSAuthServiceException.ts b/clients/client-eks-auth/src/models/EKSAuthServiceException.ts new file mode 100644 index 000000000000..31000996fbb2 --- /dev/null +++ b/clients/client-eks-auth/src/models/EKSAuthServiceException.ts @@ -0,0 +1,22 @@ +// smithy-typescript generated code +import { + ServiceException as __ServiceException, + ServiceExceptionOptions as __ServiceExceptionOptions, +} from "@smithy/smithy-client"; + +export { __ServiceException, __ServiceExceptionOptions }; + +/** + * @public + * + * Base exception class for all service exceptions from EKSAuth service. + */ +export class EKSAuthServiceException extends __ServiceException { + /** + * @internal + */ + constructor(options: __ServiceExceptionOptions) { + super(options); + Object.setPrototypeOf(this, EKSAuthServiceException.prototype); + } +} diff --git a/clients/client-eks-auth/src/models/index.ts b/clients/client-eks-auth/src/models/index.ts new file mode 100644 index 000000000000..9eaceb12865f --- /dev/null +++ b/clients/client-eks-auth/src/models/index.ts @@ -0,0 +1,2 @@ +// smithy-typescript generated code +export * from "./models_0"; diff --git a/clients/client-eks-auth/src/models/models_0.ts b/clients/client-eks-auth/src/models/models_0.ts new file mode 100644 index 000000000000..cef4ffb1ade6 --- /dev/null +++ b/clients/client-eks-auth/src/models/models_0.ts @@ -0,0 +1,375 @@ +// smithy-typescript generated code +import { ExceptionOptionType as __ExceptionOptionType, SENSITIVE_STRING } from "@smithy/smithy-client"; + +import { EKSAuthServiceException as __BaseException } from "./EKSAuthServiceException"; + +/** + * @public + *

You don't have permissions to perform the requested operation. The IAM principal + * making the request must have at least one IAM permissions policy attached + * that grants the required permissions. For more information, see Access + * management in the IAM User Guide.

+ */ +export class AccessDeniedException extends __BaseException { + readonly name: "AccessDeniedException" = "AccessDeniedException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "AccessDeniedException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, AccessDeniedException.prototype); + } +} + +/** + * @public + *

An object with the permanent IAM role identity and the temporary session + * name.

+ */ +export interface AssumedRoleUser { + /** + * @public + *

The ARN of the IAM role that the temporary credentials authenticate to.

+ */ + arn: string | undefined; + + /** + * @public + *

The session name of the temporary session requested to STS. The value + * is a unique identifier that contains the role ID, a colon (:), and the role + * session name of the role that is being assumed. The role ID is generated by IAM when + * the role is created. The role session name part of the value follows this format: + * eks-clustername-podname-random + * UUID + * + *

+ */ + assumeRoleId: string | undefined; +} + +/** + * @public + */ +export interface AssumeRoleForPodIdentityRequest { + /** + * @public + *

The name of the cluster for the request.

+ */ + clusterName: string | undefined; + + /** + * @public + *

The token of the Kubernetes service account for the pod.

+ */ + token: string | undefined; +} + +/** + * @public + *

The Amazon Web Services Signature Version 4 type of temporary + * credentials.

+ */ +export interface Credentials { + /** + * @public + *

The token that applications inside the pods must pass to any service API to use the + * temporary credentials.

+ */ + sessionToken: string | undefined; + + /** + * @public + *

The secret access key that applications inside the pods use to sign requests.

+ */ + secretAccessKey: string | undefined; + + /** + * @public + *

The access key ID that identifies the temporary security credentials.

+ */ + accessKeyId: string | undefined; + + /** + * @public + *

The Unix epoch timestamp in seconds when the current credentials expire.

+ */ + expiration: Date | undefined; +} + +/** + * @public + *

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

+ */ +export interface PodIdentityAssociation { + /** + * @public + *

The Amazon Resource Name (ARN) of the EKS Pod Identity association.

+ */ + associationArn: string | undefined; + + /** + * @public + *

The ID of the association.

+ */ + associationId: string | undefined; +} + +/** + * @public + *

An object containing the name of the Kubernetes service account inside the cluster to + * associate the IAM credentials with.

+ */ +export interface Subject { + /** + * @public + *

The name of the Kubernetes namespace inside the cluster to create the association in. The + * service account and the pods that use the service account must be in this + * namespace.

+ */ + namespace: string | undefined; + + /** + * @public + *

The name of the Kubernetes service account inside the cluster to associate the IAM + * credentials with.

+ */ + serviceAccount: string | undefined; +} + +/** + * @public + */ +export interface AssumeRoleForPodIdentityResponse { + /** + * @public + *

The name of the Kubernetes service account inside the cluster to associate the IAM + * credentials with.

+ */ + subject: Subject | undefined; + + /** + * @public + *

The identity that is allowed to use the credentials. This value is always + * pods.eks.amazonaws.com.

+ */ + audience: string | undefined; + + /** + * @public + *

The Amazon Resource Name (ARN) and ID of the EKS Pod Identity association.

+ */ + podIdentityAssociation: PodIdentityAssociation | undefined; + + /** + * @public + *

An object with the permanent IAM role identity and the temporary session + * name.

+ *

The ARN of the IAM role that the temporary credentials authenticate to.

+ *

The session name of the temporary session requested to STS. The value + * is a unique identifier that contains the role ID, a colon (:), and the role + * session name of the role that is being assumed. The role ID is generated by IAM when + * the role is created. The role session name part of the value follows this format: + * eks-clustername-podname-random + * UUID + * + *

+ */ + assumedRoleUser: AssumedRoleUser | undefined; + + /** + * @public + *

The Amazon Web Services Signature Version 4 type of temporary + * credentials.

+ */ + credentials: Credentials | undefined; +} + +/** + * @public + *

The specified Kubernetes service account token is expired.

+ */ +export class ExpiredTokenException extends __BaseException { + readonly name: "ExpiredTokenException" = "ExpiredTokenException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ExpiredTokenException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ExpiredTokenException.prototype); + } +} + +/** + * @public + *

These errors are usually caused by a server-side issue.

+ */ +export class InternalServerException extends __BaseException { + readonly name: "InternalServerException" = "InternalServerException"; + readonly $fault: "server" = "server"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "InternalServerException", + $fault: "server", + ...opts, + }); + Object.setPrototypeOf(this, InternalServerException.prototype); + } +} + +/** + * @public + *

The specified parameter is invalid. Review the available parameters for the API + * request.

+ */ +export class InvalidParameterException extends __BaseException { + readonly name: "InvalidParameterException" = "InvalidParameterException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "InvalidParameterException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, InvalidParameterException.prototype); + } +} + +/** + * @public + *

This exception is thrown if the request contains a semantic error. The precise meaning + * will depend on the API, and will be documented in the error message.

+ */ +export class InvalidRequestException extends __BaseException { + readonly name: "InvalidRequestException" = "InvalidRequestException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "InvalidRequestException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, InvalidRequestException.prototype); + } +} + +/** + * @public + *

The specified Kubernetes service account token is invalid.

+ */ +export class InvalidTokenException extends __BaseException { + readonly name: "InvalidTokenException" = "InvalidTokenException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "InvalidTokenException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, InvalidTokenException.prototype); + } +} + +/** + * @public + *

The specified resource could not be found.

+ */ +export class ResourceNotFoundException extends __BaseException { + readonly name: "ResourceNotFoundException" = "ResourceNotFoundException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ResourceNotFoundException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ResourceNotFoundException.prototype); + } +} + +/** + * @public + *

The service is unavailable. Back off and retry the operation.

+ */ +export class ServiceUnavailableException extends __BaseException { + readonly name: "ServiceUnavailableException" = "ServiceUnavailableException"; + readonly $fault: "server" = "server"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ServiceUnavailableException", + $fault: "server", + ...opts, + }); + Object.setPrototypeOf(this, ServiceUnavailableException.prototype); + } +} + +/** + * @public + *

The request was denied because your request rate is too high. Reduce the frequency of requests.

+ */ +export class ThrottlingException extends __BaseException { + readonly name: "ThrottlingException" = "ThrottlingException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ThrottlingException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ThrottlingException.prototype); + } +} + +/** + * @internal + */ +export const AssumeRoleForPodIdentityRequestFilterSensitiveLog = (obj: AssumeRoleForPodIdentityRequest): any => ({ + ...obj, + ...(obj.token && { token: SENSITIVE_STRING }), +}); + +/** + * @internal + */ +export const CredentialsFilterSensitiveLog = (obj: Credentials): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const AssumeRoleForPodIdentityResponseFilterSensitiveLog = (obj: AssumeRoleForPodIdentityResponse): any => ({ + ...obj, + ...(obj.credentials && { credentials: SENSITIVE_STRING }), +}); diff --git a/clients/client-eks-auth/src/protocols/Aws_restJson1.ts b/clients/client-eks-auth/src/protocols/Aws_restJson1.ts new file mode 100644 index 000000000000..f80242006642 --- /dev/null +++ b/clients/client-eks-auth/src/protocols/Aws_restJson1.ts @@ -0,0 +1,412 @@ +// smithy-typescript generated code +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { + _json, + collectBody, + decorateServiceException as __decorateServiceException, + expectNonNull as __expectNonNull, + expectNumber as __expectNumber, + expectObject as __expectObject, + expectString as __expectString, + map, + parseEpochTimestamp as __parseEpochTimestamp, + resolvedPath as __resolvedPath, + take, + withBaseException, +} from "@smithy/smithy-client"; +import { + Endpoint as __Endpoint, + ResponseMetadata as __ResponseMetadata, + SerdeContext as __SerdeContext, +} from "@smithy/types"; + +import { + AssumeRoleForPodIdentityCommandInput, + AssumeRoleForPodIdentityCommandOutput, +} from "../commands/AssumeRoleForPodIdentityCommand"; +import { EKSAuthServiceException as __BaseException } from "../models/EKSAuthServiceException"; +import { + AccessDeniedException, + Credentials, + ExpiredTokenException, + InternalServerException, + InvalidParameterException, + InvalidRequestException, + InvalidTokenException, + ResourceNotFoundException, + ServiceUnavailableException, + ThrottlingException, +} from "../models/models_0"; + +/** + * serializeAws_restJson1AssumeRoleForPodIdentityCommand + */ +export const se_AssumeRoleForPodIdentityCommand = async ( + input: AssumeRoleForPodIdentityCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + let resolvedPath = + `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + + "/clusters/{clusterName}/assume-role-for-pod-identity"; + resolvedPath = __resolvedPath(resolvedPath, input, "clusterName", () => input.clusterName!, "{clusterName}", false); + let body: any; + body = JSON.stringify( + take(input, { + token: [], + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + +/** + * deserializeAws_restJson1AssumeRoleForPodIdentityCommand + */ +export const de_AssumeRoleForPodIdentityCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_AssumeRoleForPodIdentityCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + assumedRoleUser: _json, + audience: __expectString, + credentials: (_) => de_Credentials(_, context), + podIdentityAssociation: _json, + subject: _json, + }); + Object.assign(contents, doc); + return contents; +}; + +/** + * deserializeAws_restJson1AssumeRoleForPodIdentityCommandError + */ +const de_AssumeRoleForPodIdentityCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.eksauth#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "ExpiredTokenException": + case "com.amazonaws.eksauth#ExpiredTokenException": + throw await de_ExpiredTokenExceptionRes(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.eksauth#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "InvalidParameterException": + case "com.amazonaws.eksauth#InvalidParameterException": + throw await de_InvalidParameterExceptionRes(parsedOutput, context); + case "InvalidRequestException": + case "com.amazonaws.eksauth#InvalidRequestException": + throw await de_InvalidRequestExceptionRes(parsedOutput, context); + case "InvalidTokenException": + case "com.amazonaws.eksauth#InvalidTokenException": + throw await de_InvalidTokenExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.eksauth#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "ServiceUnavailableException": + case "com.amazonaws.eksauth#ServiceUnavailableException": + throw await de_ServiceUnavailableExceptionRes(parsedOutput, context); + case "ThrottlingException": + case "com.amazonaws.eksauth#ThrottlingException": + throw await de_ThrottlingExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + +const throwDefaultError = withBaseException(__BaseException); +/** + * deserializeAws_restJson1AccessDeniedExceptionRes + */ +const de_AccessDeniedExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new AccessDeniedException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1ExpiredTokenExceptionRes + */ +const de_ExpiredTokenExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new ExpiredTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1InternalServerExceptionRes + */ +const de_InternalServerExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new InternalServerException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1InvalidParameterExceptionRes + */ +const de_InvalidParameterExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new InvalidParameterException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1InvalidRequestExceptionRes + */ +const de_InvalidRequestExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new InvalidRequestException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1InvalidTokenExceptionRes + */ +const de_InvalidTokenExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new InvalidTokenException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1ResourceNotFoundExceptionRes + */ +const de_ResourceNotFoundExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new ResourceNotFoundException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1ServiceUnavailableExceptionRes + */ +const de_ServiceUnavailableExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new ServiceUnavailableException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +/** + * deserializeAws_restJson1ThrottlingExceptionRes + */ +const de_ThrottlingExceptionRes = async (parsedOutput: any, context: __SerdeContext): Promise => { + const contents: any = map({}); + const data: any = parsedOutput.body; + const doc = take(data, { + message: __expectString, + }); + Object.assign(contents, doc); + const exception = new ThrottlingException({ + $metadata: deserializeMetadata(parsedOutput), + ...contents, + }); + return __decorateServiceException(exception, parsedOutput.body); +}; + +// de_AssumedRoleUser omitted. + +/** + * deserializeAws_restJson1Credentials + */ +const de_Credentials = (output: any, context: __SerdeContext): Credentials => { + return take(output, { + accessKeyId: __expectString, + expiration: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), + secretAccessKey: __expectString, + sessionToken: __expectString, + }) as any; +}; + +// de_PodIdentityAssociation omitted. + +// de_Subject omitted. + +const deserializeMetadata = (output: __HttpResponse): __ResponseMetadata => ({ + httpStatusCode: output.statusCode, + requestId: + output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"], + extendedRequestId: output.headers["x-amz-id-2"], + cfId: output.headers["x-amz-cf-id"], +}); + +// Encode Uint8Array data into string with utf-8. +const collectBodyString = (streamBody: any, context: __SerdeContext): Promise => + collectBody(streamBody, context).then((body) => context.utf8Encoder(body)); + +const isSerializableHeaderValue = (value: any): boolean => + value !== undefined && + value !== null && + value !== "" && + (!Object.getOwnPropertyNames(value).includes("length") || value.length != 0) && + (!Object.getOwnPropertyNames(value).includes("size") || value.size != 0); + +const parseBody = (streamBody: any, context: __SerdeContext): any => + collectBodyString(streamBody, context).then((encoded) => { + if (encoded.length) { + return JSON.parse(encoded); + } + return {}; + }); + +const parseErrorBody = async (errorBody: any, context: __SerdeContext) => { + const value = await parseBody(errorBody, context); + value.message = value.message ?? value.Message; + return value; +}; + +/** + * Load an error code for the aws.rest-json-1.1 protocol. + */ +const loadRestJsonErrorCode = (output: __HttpResponse, data: any): string | undefined => { + const findKey = (object: any, key: string) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase()); + + const sanitizeErrorCode = (rawValue: string | number): string => { + let cleanValue = rawValue; + if (typeof cleanValue === "number") { + cleanValue = cleanValue.toString(); + } + if (cleanValue.indexOf(",") >= 0) { + cleanValue = cleanValue.split(",")[0]; + } + if (cleanValue.indexOf(":") >= 0) { + cleanValue = cleanValue.split(":")[0]; + } + if (cleanValue.indexOf("#") >= 0) { + cleanValue = cleanValue.split("#")[1]; + } + return cleanValue; + }; + + const headerKey = findKey(output.headers, "x-amzn-errortype"); + if (headerKey !== undefined) { + return sanitizeErrorCode(output.headers[headerKey]); + } + + if (data.code !== undefined) { + return sanitizeErrorCode(data.code); + } + + if (data["__type"] !== undefined) { + return sanitizeErrorCode(data["__type"]); + } +}; diff --git a/clients/client-eks-auth/src/runtimeConfig.browser.ts b/clients/client-eks-auth/src/runtimeConfig.browser.ts new file mode 100644 index 000000000000..6b1add3208bd --- /dev/null +++ b/clients/client-eks-auth/src/runtimeConfig.browser.ts @@ -0,0 +1,44 @@ +// smithy-typescript generated code +// @ts-ignore: package.json will be imported from dist folders +import packageInfo from "../package.json"; // eslint-disable-line + +import { Sha256 } from "@aws-crypto/sha256-browser"; +import { defaultUserAgent } from "@aws-sdk/util-user-agent-browser"; +import { DEFAULT_USE_DUALSTACK_ENDPOINT, DEFAULT_USE_FIPS_ENDPOINT } from "@smithy/config-resolver"; +import { FetchHttpHandler as RequestHandler, streamCollector } from "@smithy/fetch-http-handler"; +import { invalidProvider } from "@smithy/invalid-dependency"; +import { calculateBodyLength } from "@smithy/util-body-length-browser"; +import { DEFAULT_MAX_ATTEMPTS, DEFAULT_RETRY_MODE } from "@smithy/util-retry"; +import { EKSAuthClientConfig } from "./EKSAuthClient"; +import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared"; +import { loadConfigsForDefaultMode } from "@smithy/smithy-client"; +import { resolveDefaultsModeConfig } from "@smithy/util-defaults-mode-browser"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: EKSAuthClientConfig) => { + const defaultsMode = resolveDefaultsModeConfig(config); + const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode); + const clientSharedValues = getSharedRuntimeConfig(config); + return { + ...clientSharedValues, + ...config, + runtime: "browser", + defaultsMode, + bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength, + credentialDefaultProvider: + config?.credentialDefaultProvider ?? ((_: unknown) => () => Promise.reject(new Error("Credential is missing"))), + defaultUserAgentProvider: + config?.defaultUserAgentProvider ?? + defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), + maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS, + region: config?.region ?? invalidProvider("Region is missing"), + requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider), + retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE), + sha256: config?.sha256 ?? Sha256, + streamCollector: config?.streamCollector ?? streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? (() => Promise.resolve(DEFAULT_USE_DUALSTACK_ENDPOINT)), + useFipsEndpoint: config?.useFipsEndpoint ?? (() => Promise.resolve(DEFAULT_USE_FIPS_ENDPOINT)), + }; +}; diff --git a/clients/client-eks-auth/src/runtimeConfig.native.ts b/clients/client-eks-auth/src/runtimeConfig.native.ts new file mode 100644 index 000000000000..53cc584aceba --- /dev/null +++ b/clients/client-eks-auth/src/runtimeConfig.native.ts @@ -0,0 +1,18 @@ +// smithy-typescript generated code +import { Sha256 } from "@aws-crypto/sha256-js"; + +import { EKSAuthClientConfig } from "./EKSAuthClient"; +import { getRuntimeConfig as getBrowserRuntimeConfig } from "./runtimeConfig.browser"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: EKSAuthClientConfig) => { + const browserDefaults = getBrowserRuntimeConfig(config); + return { + ...browserDefaults, + ...config, + runtime: "react-native", + sha256: config?.sha256 ?? Sha256, + }; +}; diff --git a/clients/client-eks-auth/src/runtimeConfig.shared.ts b/clients/client-eks-auth/src/runtimeConfig.shared.ts new file mode 100644 index 000000000000..9a5af94663fc --- /dev/null +++ b/clients/client-eks-auth/src/runtimeConfig.shared.ts @@ -0,0 +1,27 @@ +// smithy-typescript generated code +import { NoOpLogger } from "@smithy/smithy-client"; +import { parseUrl } from "@smithy/url-parser"; +import { fromBase64, toBase64 } from "@smithy/util-base64"; +import { fromUtf8, toUtf8 } from "@smithy/util-utf8"; + +import { EKSAuthClientConfig } from "./EKSAuthClient"; +import { defaultEndpointResolver } from "./endpoint/endpointResolver"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: EKSAuthClientConfig) => { + return { + apiVersion: "2023-11-26", + base64Decoder: config?.base64Decoder ?? fromBase64, + base64Encoder: config?.base64Encoder ?? toBase64, + disableHostPrefix: config?.disableHostPrefix ?? false, + endpointProvider: config?.endpointProvider ?? defaultEndpointResolver, + extensions: config?.extensions ?? [], + logger: config?.logger ?? new NoOpLogger(), + serviceId: config?.serviceId ?? "EKS Auth", + urlParser: config?.urlParser ?? parseUrl, + utf8Decoder: config?.utf8Decoder ?? fromUtf8, + utf8Encoder: config?.utf8Encoder ?? toUtf8, + }; +}; diff --git a/clients/client-eks-auth/src/runtimeConfig.ts b/clients/client-eks-auth/src/runtimeConfig.ts new file mode 100644 index 000000000000..ac588ccc8a9d --- /dev/null +++ b/clients/client-eks-auth/src/runtimeConfig.ts @@ -0,0 +1,61 @@ +// smithy-typescript generated code +// @ts-ignore: package.json will be imported from dist folders +import packageInfo from "../package.json"; // eslint-disable-line + +import { decorateDefaultCredentialProvider } from "@aws-sdk/client-sts"; +import { emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core"; +import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node"; +import { defaultUserAgent } from "@aws-sdk/util-user-agent-node"; +import { + NODE_REGION_CONFIG_FILE_OPTIONS, + NODE_REGION_CONFIG_OPTIONS, + NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, + NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, +} from "@smithy/config-resolver"; +import { Hash } from "@smithy/hash-node"; +import { NODE_MAX_ATTEMPT_CONFIG_OPTIONS, NODE_RETRY_MODE_CONFIG_OPTIONS } from "@smithy/middleware-retry"; +import { loadConfig as loadNodeConfig } from "@smithy/node-config-provider"; +import { NodeHttpHandler as RequestHandler, streamCollector } from "@smithy/node-http-handler"; +import { calculateBodyLength } from "@smithy/util-body-length-node"; +import { DEFAULT_RETRY_MODE } from "@smithy/util-retry"; +import { EKSAuthClientConfig } from "./EKSAuthClient"; +import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared"; +import { loadConfigsForDefaultMode } from "@smithy/smithy-client"; +import { resolveDefaultsModeConfig } from "@smithy/util-defaults-mode-node"; +import { emitWarningIfUnsupportedVersion } from "@smithy/smithy-client"; + +/** + * @internal + */ +export const getRuntimeConfig = (config: EKSAuthClientConfig) => { + emitWarningIfUnsupportedVersion(process.version); + const defaultsMode = resolveDefaultsModeConfig(config); + const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode); + const clientSharedValues = getSharedRuntimeConfig(config); + awsCheckVersion(process.version); + return { + ...clientSharedValues, + ...config, + runtime: "node", + defaultsMode, + bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength, + credentialDefaultProvider: + config?.credentialDefaultProvider ?? decorateDefaultCredentialProvider(credentialDefaultProvider), + defaultUserAgentProvider: + config?.defaultUserAgentProvider ?? + defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), + maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS), + region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS), + requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider), + retryMode: + config?.retryMode ?? + loadNodeConfig({ + ...NODE_RETRY_MODE_CONFIG_OPTIONS, + default: async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE, + }), + sha256: config?.sha256 ?? Hash.bind(null, "sha256"), + streamCollector: config?.streamCollector ?? streamCollector, + useDualstackEndpoint: config?.useDualstackEndpoint ?? loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS), + useFipsEndpoint: config?.useFipsEndpoint ?? loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS), + }; +}; diff --git a/clients/client-eks-auth/src/runtimeExtensions.ts b/clients/client-eks-auth/src/runtimeExtensions.ts new file mode 100644 index 000000000000..5441e244aede --- /dev/null +++ b/clients/client-eks-auth/src/runtimeExtensions.ts @@ -0,0 +1,45 @@ +// smithy-typescript generated code +import { + getAwsRegionExtensionConfiguration, + resolveAwsRegionExtensionConfiguration, +} from "@aws-sdk/region-config-resolver"; +import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http"; +import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client"; + +import { EKSAuthExtensionConfiguration } from "./extensionConfiguration"; + +/** + * @public + */ +export interface RuntimeExtension { + configure(extensionConfiguration: EKSAuthExtensionConfiguration): void; +} + +/** + * @public + */ +export interface RuntimeExtensionsConfig { + extensions: RuntimeExtension[]; +} + +const asPartial = >(t: T) => t; + +/** + * @internal + */ +export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: RuntimeExtension[]) => { + const extensionConfiguration: EKSAuthExtensionConfiguration = { + ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)), + ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)), + ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)), + }; + + extensions.forEach((extension) => extension.configure(extensionConfiguration)); + + return { + ...runtimeConfig, + ...resolveAwsRegionExtensionConfiguration(extensionConfiguration), + ...resolveDefaultRuntimeConfig(extensionConfiguration), + ...resolveHttpHandlerRuntimeConfig(extensionConfiguration), + }; +}; diff --git a/clients/client-eks-auth/tsconfig.cjs.json b/clients/client-eks-auth/tsconfig.cjs.json new file mode 100644 index 000000000000..3567d85ba846 --- /dev/null +++ b/clients/client-eks-auth/tsconfig.cjs.json @@ -0,0 +1,6 @@ +{ + "extends": "./tsconfig", + "compilerOptions": { + "outDir": "dist-cjs" + } +} diff --git a/clients/client-eks-auth/tsconfig.es.json b/clients/client-eks-auth/tsconfig.es.json new file mode 100644 index 000000000000..809f57bde65e --- /dev/null +++ b/clients/client-eks-auth/tsconfig.es.json @@ -0,0 +1,8 @@ +{ + "extends": "./tsconfig", + "compilerOptions": { + "lib": ["dom"], + "module": "esnext", + "outDir": "dist-es" + } +} diff --git a/clients/client-eks-auth/tsconfig.json b/clients/client-eks-auth/tsconfig.json new file mode 100644 index 000000000000..344909de2128 --- /dev/null +++ b/clients/client-eks-auth/tsconfig.json @@ -0,0 +1,13 @@ +{ + "extends": "@tsconfig/node14/tsconfig.json", + "compilerOptions": { + "downlevelIteration": true, + "importHelpers": true, + "incremental": true, + "removeComments": true, + "resolveJsonModule": true, + "rootDir": "src", + "useUnknownInCatchVariables": false + }, + "exclude": ["test/"] +} diff --git a/clients/client-eks-auth/tsconfig.types.json b/clients/client-eks-auth/tsconfig.types.json new file mode 100644 index 000000000000..4c3dfa7b3d25 --- /dev/null +++ b/clients/client-eks-auth/tsconfig.types.json @@ -0,0 +1,10 @@ +{ + "extends": "./tsconfig", + "compilerOptions": { + "removeComments": false, + "declaration": true, + "declarationDir": "dist-types", + "emitDeclarationOnly": true + }, + "exclude": ["test/**/*", "dist-types/**/*"] +} diff --git a/clients/client-eks-auth/typedoc.json b/clients/client-eks-auth/typedoc.json new file mode 100644 index 000000000000..8a364aa93b69 --- /dev/null +++ b/clients/client-eks-auth/typedoc.json @@ -0,0 +1,6 @@ +{ + "extends": ["../../typedoc.client.json"], + "entryPoints": ["src/index.ts"], + "out": "docs", + "readme": "README.md" +} diff --git a/codegen/sdk-codegen/aws-models/eks-auth.json b/codegen/sdk-codegen/aws-models/eks-auth.json new file mode 100644 index 000000000000..24a918258ac6 --- /dev/null +++ b/codegen/sdk-codegen/aws-models/eks-auth.json @@ -0,0 +1,746 @@ +{ + "smithy": "2.0", + "shapes": { + "com.amazonaws.eksauth#AccessDeniedException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

You don't have permissions to perform the requested operation. The IAM principal\n making the request must have at least one IAM permissions policy attached\n that grants the required permissions. For more information, see Access\n management in the IAM User Guide.

", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, + "com.amazonaws.eksauth#AssumeRoleForPodIdentity": { + "type": "operation", + "input": { + "target": "com.amazonaws.eksauth#AssumeRoleForPodIdentityRequest" + }, + "output": { + "target": "com.amazonaws.eksauth#AssumeRoleForPodIdentityResponse" + }, + "errors": [ + { + "target": "com.amazonaws.eksauth#AccessDeniedException" + }, + { + "target": "com.amazonaws.eksauth#ExpiredTokenException" + }, + { + "target": "com.amazonaws.eksauth#InternalServerException" + }, + { + "target": "com.amazonaws.eksauth#InvalidParameterException" + }, + { + "target": "com.amazonaws.eksauth#InvalidRequestException" + }, + { + "target": "com.amazonaws.eksauth#InvalidTokenException" + }, + { + "target": "com.amazonaws.eksauth#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.eksauth#ServiceUnavailableException" + }, + { + "target": "com.amazonaws.eksauth#ThrottlingException" + } + ], + "traits": { + "smithy.api#documentation": "

The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only used\n by the EKS Pod Identity Agent.

\n

We recommend that applications use the Amazon Web Services SDKs to connect to Amazon Web Services services; if\n credentials from an EKS Pod Identity association are available in the pod, the latest versions of the\n SDKs use them automatically.

", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/clusters/{clusterName}/assume-role-for-pod-identity" + } + } + }, + "com.amazonaws.eksauth#AssumeRoleForPodIdentityRequest": { + "type": "structure", + "members": { + "clusterName": { + "target": "com.amazonaws.eksauth#ClusterName", + "traits": { + "smithy.api#documentation": "

The name of the cluster for the request.

", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "token": { + "target": "com.amazonaws.eksauth#JwtToken", + "traits": { + "smithy.api#documentation": "

The token of the Kubernetes service account for the pod.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.eksauth#AssumeRoleForPodIdentityResponse": { + "type": "structure", + "members": { + "subject": { + "target": "com.amazonaws.eksauth#Subject", + "traits": { + "smithy.api#documentation": "

The name of the Kubernetes service account inside the cluster to associate the IAM\n credentials with.

", + "smithy.api#required": {} + } + }, + "audience": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The identity that is allowed to use the credentials. This value is always\n pods.eks.amazonaws.com.

", + "smithy.api#required": {} + } + }, + "podIdentityAssociation": { + "target": "com.amazonaws.eksauth#PodIdentityAssociation", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) and ID of the EKS Pod Identity association.

", + "smithy.api#required": {} + } + }, + "assumedRoleUser": { + "target": "com.amazonaws.eksauth#AssumedRoleUser", + "traits": { + "smithy.api#documentation": "

An object with the permanent IAM role identity and the temporary session\n name.

\n

The ARN of the IAM role that the temporary credentials authenticate to.

\n

The session name of the temporary session requested to STS. The value\n is a unique identifier that contains the role ID, a colon (:), and the role\n session name of the role that is being assumed. The role ID is generated by IAM when\n the role is created. The role session name part of the value follows this format:\n eks-clustername-podname-random\n UUID\n \n

", + "smithy.api#required": {} + } + }, + "credentials": { + "target": "com.amazonaws.eksauth#Credentials", + "traits": { + "smithy.api#documentation": "

The Amazon Web Services Signature Version 4 type of temporary\n credentials.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.eksauth#AssumedRoleUser": { + "type": "structure", + "members": { + "arn": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The ARN of the IAM role that the temporary credentials authenticate to.

", + "smithy.api#required": {} + } + }, + "assumeRoleId": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The session name of the temporary session requested to STS. The value\n is a unique identifier that contains the role ID, a colon (:), and the role\n session name of the role that is being assumed. The role ID is generated by IAM when\n the role is created. The role session name part of the value follows this format:\n eks-clustername-podname-random\n UUID\n \n

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

An object with the permanent IAM role identity and the temporary session\n name.

" + } + }, + "com.amazonaws.eksauth#ClusterName": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 100 + }, + "smithy.api#pattern": "^[0-9A-Za-z][A-Za-z0-9\\-_]*$" + } + }, + "com.amazonaws.eksauth#Credentials": { + "type": "structure", + "members": { + "sessionToken": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The token that applications inside the pods must pass to any service API to use the\n temporary credentials.

", + "smithy.api#required": {} + } + }, + "secretAccessKey": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The secret access key that applications inside the pods use to sign requests.

", + "smithy.api#required": {} + } + }, + "accessKeyId": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The access key ID that identifies the temporary security credentials.

", + "smithy.api#required": {} + } + }, + "expiration": { + "target": "smithy.api#Timestamp", + "traits": { + "smithy.api#documentation": "

The Unix epoch timestamp in seconds when the current credentials expire.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

The Amazon Web Services Signature Version 4 type of temporary\n credentials.

", + "smithy.api#sensitive": {} + } + }, + "com.amazonaws.eksauth#EKSAuthFrontend": { + "type": "service", + "version": "2023-11-26", + "operations": [ + { + "target": "com.amazonaws.eksauth#AssumeRoleForPodIdentity" + } + ], + "traits": { + "aws.api#service": { + "sdkId": "EKS Auth", + "arnNamespace": "eks-auth", + "endpointPrefix": "eks-auth" + }, + "aws.auth#sigv4": { + "name": "eks-auth" + }, + "aws.protocols#restJson1": {}, + "smithy.api#cors": {}, + "smithy.api#documentation": "

The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only\n used by the EKS Pod Identity Agent.

", + "smithy.api#title": "Amazon EKS Auth", + "smithy.rules#endpointRuleSet": { + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://eks-auth-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://eks-auth.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://eks-auth-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://eks-auth.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ] + }, + "smithy.rules#endpointTests": { + "testCases": [ + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://eks-auth-fips.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://eks-auth.us-east-1.api.aws" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://eks-auth-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://eks-auth.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "Region": "cn-north-1", + "UseFIPS": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://eks-auth-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://eks-auth.us-gov-east-1.api.aws" + } + }, + "params": { + "Region": "us-gov-east-1", + "UseFIPS": false + } + }, + { + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "Region": "us-east-1", + "UseFIPS": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "Region": "us-east-1", + "UseFIPS": true, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } + } + ], + "version": "1.0" + } + } + }, + "com.amazonaws.eksauth#ExpiredTokenException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

The specified Kubernetes service account token is expired.

", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, + "com.amazonaws.eksauth#InternalServerException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

These errors are usually caused by a server-side issue.

", + "smithy.api#error": "server", + "smithy.api#httpError": 500 + } + }, + "com.amazonaws.eksauth#InvalidParameterException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

The specified parameter is invalid. Review the available parameters for the API\n request.

", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, + "com.amazonaws.eksauth#InvalidRequestException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

This exception is thrown if the request contains a semantic error. The precise meaning\n will depend on the API, and will be documented in the error message.

", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, + "com.amazonaws.eksauth#InvalidTokenException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

The specified Kubernetes service account token is invalid.

", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, + "com.amazonaws.eksauth#JwtToken": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1 + }, + "smithy.api#pattern": "^[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+$", + "smithy.api#sensitive": {} + } + }, + "com.amazonaws.eksauth#PodIdentityAssociation": { + "type": "structure", + "members": { + "associationArn": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the EKS Pod Identity association.

", + "smithy.api#required": {} + } + }, + "associationId": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The ID of the association.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

" + } + }, + "com.amazonaws.eksauth#ResourceNotFoundException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

The specified resource could not be found.

", + "smithy.api#error": "client", + "smithy.api#httpError": 404 + } + }, + "com.amazonaws.eksauth#ServiceUnavailableException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

The service is unavailable. Back off and retry the operation.

", + "smithy.api#error": "server", + "smithy.api#httpError": 503 + } + }, + "com.amazonaws.eksauth#Subject": { + "type": "structure", + "members": { + "namespace": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The name of the Kubernetes namespace inside the cluster to create the association in. The\n service account and the pods that use the service account must be in this\n namespace.

", + "smithy.api#required": {} + } + }, + "serviceAccount": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The name of the Kubernetes service account inside the cluster to associate the IAM\n credentials with.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

An object containing the name of the Kubernetes service account inside the cluster to\n associate the IAM credentials with.

" + } + }, + "com.amazonaws.eksauth#ThrottlingException": { + "type": "structure", + "members": { + "message": { + "target": "smithy.api#String" + } + }, + "traits": { + "smithy.api#documentation": "

The request was denied because your request rate is too high. Reduce the frequency of requests.

", + "smithy.api#error": "client", + "smithy.api#httpError": 429 + } + } + } +}