From c8b9b67cbb686398606aa1fb9966cc707787035b Mon Sep 17 00:00:00 2001
From: awstools <awstools@amazon.com>
Date: Fri, 30 Jun 2023 18:16:32 +0000
Subject: [PATCH] feat(client-ecs): Added new field  "credentialspecs" to the
 ecs task definition to support gMSA of windows/linux in both domainless and
 domain-joined mode

---
 .../commands/DeleteTaskDefinitionsCommand.ts  |  1 +
 .../DeregisterTaskDefinitionCommand.ts        |  1 +
 .../commands/DescribeTaskDefinitionCommand.ts |  1 +
 .../commands/RegisterTaskDefinitionCommand.ts |  2 ++
 clients/client-ecs/src/models/models_0.ts     | 28 +++++++++++++++++++
 codegen/sdk-codegen/aws-models/ecs.json       |  8 +++++-
 6 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts b/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts
index 3668181ba6e53..8b513e6358579 100644
--- a/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts
+++ b/clients/client-ecs/src/commands/DeleteTaskDefinitionsCommand.ts
@@ -231,6 +231,7 @@ export interface DeleteTaskDefinitionsCommandOutput extends DeleteTaskDefinition
  * //               "<keys>": "STRING_VALUE",
  * //             },
  * //           },
+ * //           credentialSpecs: "<StringList>",
  * //         },
  * //       ],
  * //       family: "STRING_VALUE",
diff --git a/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts b/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts
index 5e90622249f02..2098f33d172eb 100644
--- a/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts
+++ b/clients/client-ecs/src/commands/DeregisterTaskDefinitionCommand.ts
@@ -231,6 +231,7 @@ export interface DeregisterTaskDefinitionCommandOutput extends DeregisterTaskDef
  * //             "<keys>": "STRING_VALUE",
  * //           },
  * //         },
+ * //         credentialSpecs: "<StringList>",
  * //       },
  * //     ],
  * //     family: "STRING_VALUE",
diff --git a/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts b/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts
index 5b3b1591909a4..23f2a03f34989 100644
--- a/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts
+++ b/clients/client-ecs/src/commands/DescribeTaskDefinitionCommand.ts
@@ -224,6 +224,7 @@ export interface DescribeTaskDefinitionCommandOutput extends DescribeTaskDefinit
  * //             "<keys>": "STRING_VALUE",
  * //           },
  * //         },
+ * //         credentialSpecs: "<StringList>",
  * //       },
  * //     ],
  * //     family: "STRING_VALUE",
diff --git a/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts b/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts
index cc07d47e476e3..14bee7717ebff 100644
--- a/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts
+++ b/clients/client-ecs/src/commands/RegisterTaskDefinitionCommand.ts
@@ -228,6 +228,7 @@ export interface RegisterTaskDefinitionCommandOutput extends RegisterTaskDefinit
  *           "<keys>": "STRING_VALUE",
  *         },
  *       },
+ *       credentialSpecs: "<StringList>",
  *     },
  *   ],
  *   volumes: [ // VolumeList
@@ -478,6 +479,7 @@ export interface RegisterTaskDefinitionCommandOutput extends RegisterTaskDefinit
  * //             "<keys>": "STRING_VALUE",
  * //           },
  * //         },
+ * //         credentialSpecs: "<StringList>",
  * //       },
  * //     ],
  * //     family: "STRING_VALUE",
diff --git a/clients/client-ecs/src/models/models_0.ts b/clients/client-ecs/src/models/models_0.ts
index 4beb058917361..f1e9d3bca7bf1 100644
--- a/clients/client-ecs/src/models/models_0.ts
+++ b/clients/client-ecs/src/models/models_0.ts
@@ -3893,6 +3893,8 @@ export interface FirelensConfiguration {
  *          </note>
  *          <p>You can view the health status of both individual containers and a task with the
  * 			DescribeTasks API operation or when viewing the task details in the console.</p>
+ *          <p>The health check is designed to make sure that your containers survive
+ * 			agent restarts, upgrades, or temporary unavailability.</p>
  *          <p>The following describes the possible <code>healthStatus</code> values for a
  * 			container:</p>
  *          <ul>
@@ -3940,6 +3942,14 @@ export interface FirelensConfiguration {
  *          <p>The following are notes about container health check support:</p>
  *          <ul>
  *             <li>
+ *                <p>When the Amazon ECS agent cannot connect to the Amazon ECS service,  the
+ * 					service reports the container as <code>UNHEALTHY</code>. </p>
+ *             </li>
+ *             <li>
+ *                <p>The health check statuses are the "last heard from" response from the Amazon ECS agent. There
+ * 					are no assumptions made about the status of the container health checks.</p>
+ *             </li>
+ *             <li>
  *                <p>Container health checks require version 1.17.0 or greater of the Amazon ECS
  * 					container agent. For more information, see <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html">Updating the
  * 						Amazon ECS container agent</a>.</p>
@@ -5305,6 +5315,24 @@ export interface ContainerDefinition {
    * 			in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>
    */
   firelensConfiguration?: FirelensConfiguration;
+
+  /**
+   * <p>A list of ARNs in SSM or Amazon S3 to a credential spec
+   * 			(<code>credspec</code>code>) file that configures a container for Active Directory
+   * 			authentication. This parameter is only used with domainless authentication.</p>
+   *          <p>The format for each ARN is
+   * 					<code>credentialspecdomainless:MyARN</code>. Replace
+   * 				<code>MyARN</code> with the ARN in SSM or Amazon S3.</p>
+   *          <p>The <code>credspec</code> must provide a ARN in Secrets Manager for a secret
+   * 			containing the username, password, and the domain to connect to. For better security,
+   * 			the instance isn't joined to the domain for domainless authentication. Other
+   * 			applications on the instance can't use the domainless credentials. You can use this
+   * 			parameter to run tasks on the same instance, even it the tasks need to join different
+   * 			domains. For more information, see <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html">Using gMSAs for Windows
+   * 				Containers</a> and <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html">Using gMSAs for Linux
+   * 				Containers</a>.</p>
+   */
+  credentialSpecs?: string[];
 }
 
 /**
diff --git a/codegen/sdk-codegen/aws-models/ecs.json b/codegen/sdk-codegen/aws-models/ecs.json
index 3b2fd3b72def4..51475731790e8 100644
--- a/codegen/sdk-codegen/aws-models/ecs.json
+++ b/codegen/sdk-codegen/aws-models/ecs.json
@@ -2483,6 +2483,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The FireLens configuration for the container. This is used to specify and configure a\n\t\t\tlog router for container logs. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html\">Custom Log Routing</a>\n\t\t\tin the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
           }
+        },
+        "credentialSpecs": {
+          "target": "com.amazonaws.ecs#StringList",
+          "traits": {
+            "smithy.api#documentation": "<p>A list of ARNs in SSM or Amazon S3 to a credential spec\n\t\t\t(<code>credspec</code>code>) file that configures a container for Active Directory\n\t\t\tauthentication. This parameter is only used with domainless authentication.</p>\n         <p>The format for each ARN is\n\t\t\t\t\t<code>credentialspecdomainless:MyARN</code>. Replace\n\t\t\t\t<code>MyARN</code> with the ARN in SSM or Amazon S3.</p>\n         <p>The <code>credspec</code> must provide a ARN in Secrets Manager for a secret\n\t\t\tcontaining the username, password, and the domain to connect to. For better security,\n\t\t\tthe instance isn't joined to the domain for domainless authentication. Other\n\t\t\tapplications on the instance can't use the domainless credentials. You can use this\n\t\t\tparameter to run tasks on the same instance, even it the tasks need to join different\n\t\t\tdomains. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html\">Using gMSAs for Windows\n\t\t\t\tContainers</a> and <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html\">Using gMSAs for Linux\n\t\t\t\tContainers</a>.</p>"
+          }
         }
       },
       "traits": {
@@ -5672,7 +5678,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>An object representing a container health check. Health check parameters that are\n\t\t\tspecified in a container definition override any Docker health checks that exist in the\n\t\t\tcontainer image (such as those specified in a parent image or from the image's\n\t\t\tDockerfile). This configuration maps to the <code>HEALTHCHECK</code> parameter of <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>.</p>\n         <note>\n            <p>The Amazon ECS container agent only monitors and reports on the health checks specified\n\t\t\t\tin the task definition. Amazon ECS does not monitor Docker health checks that are\n\t\t\t\tembedded in a container image and not specified in the container definition. Health\n\t\t\t\tcheck parameters that are specified in a container definition override any Docker\n\t\t\t\thealth checks that exist in the container image.</p>\n         </note>\n         <p>You can view the health status of both individual containers and a task with the\n\t\t\tDescribeTasks API operation or when viewing the task details in the console.</p>\n         <p>The following describes the possible <code>healthStatus</code> values for a\n\t\t\tcontainer:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>HEALTHY</code>-The container health check has passed\n\t\t\t\t\tsuccessfully.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNHEALTHY</code>-The container health check has failed.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNKNOWN</code>-The container health check is being evaluated or\n\t\t\t\t\tthere's no container health check defined.</p>\n            </li>\n         </ul>\n         <p>The following describes the possible <code>healthStatus</code> values for a task. The\n\t\t\tcontainer health check status of\n\t\t\tnon-essential containers don't have an effect on the health status of a task.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>HEALTHY</code>-All essential containers within the task have\n\t\t\t\t\tpassed their health checks.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNHEALTHY</code>-One or more essential containers have failed\n\t\t\t\t\ttheir health check.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNKNOWN</code>-The essential containers within the task are still\n\t\t\t\t\thaving their health checks evaluated, there are only nonessential containers\n\t\t\t\t\twith health checks defined, or there are no container health checks\n\t\t\t\t\tdefined.</p>\n            </li>\n         </ul>\n         <p>If a task is run manually, and not as part of a service, the task will continue its\n\t\t\tlifecycle regardless of its health status. For tasks that are part of a service, if the\n\t\t\ttask reports as unhealthy then the task will be stopped and the service scheduler will\n\t\t\treplace it.</p>\n         <p>The following are notes about container health check support:</p>\n         <ul>\n            <li>\n               <p>Container health checks require version 1.17.0 or greater of the Amazon ECS\n\t\t\t\t\tcontainer agent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the\n\t\t\t\t\t\tAmazon ECS container agent</a>.</p>\n            </li>\n            <li>\n               <p>Container health checks are supported for Fargate tasks if\n\t\t\t\t\tyou're using platform version <code>1.1.0</code> or greater. For more\n\t\t\t\t\tinformation, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate\n\t\t\t\t\t\tplatform versions</a>.</p>\n            </li>\n            <li>\n               <p>Container health checks aren't supported for tasks that are part of a service\n\t\t\t\t\tthat's configured to use a Classic Load Balancer.</p>\n            </li>\n         </ul>"
+        "smithy.api#documentation": "<p>An object representing a container health check. Health check parameters that are\n\t\t\tspecified in a container definition override any Docker health checks that exist in the\n\t\t\tcontainer image (such as those specified in a parent image or from the image's\n\t\t\tDockerfile). This configuration maps to the <code>HEALTHCHECK</code> parameter of <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>.</p>\n         <note>\n            <p>The Amazon ECS container agent only monitors and reports on the health checks specified\n\t\t\t\tin the task definition. Amazon ECS does not monitor Docker health checks that are\n\t\t\t\tembedded in a container image and not specified in the container definition. Health\n\t\t\t\tcheck parameters that are specified in a container definition override any Docker\n\t\t\t\thealth checks that exist in the container image.</p>\n         </note>\n         <p>You can view the health status of both individual containers and a task with the\n\t\t\tDescribeTasks API operation or when viewing the task details in the console.</p>\n         <p>The health check is designed to make sure that your containers survive\n\t\t\tagent restarts, upgrades, or temporary unavailability.</p>\n         <p>The following describes the possible <code>healthStatus</code> values for a\n\t\t\tcontainer:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>HEALTHY</code>-The container health check has passed\n\t\t\t\t\tsuccessfully.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNHEALTHY</code>-The container health check has failed.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNKNOWN</code>-The container health check is being evaluated or\n\t\t\t\t\tthere's no container health check defined.</p>\n            </li>\n         </ul>\n         <p>The following describes the possible <code>healthStatus</code> values for a task. The\n\t\t\tcontainer health check status of\n\t\t\tnon-essential containers don't have an effect on the health status of a task.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>HEALTHY</code>-All essential containers within the task have\n\t\t\t\t\tpassed their health checks.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNHEALTHY</code>-One or more essential containers have failed\n\t\t\t\t\ttheir health check.</p>\n            </li>\n            <li>\n               <p>\n                  <code>UNKNOWN</code>-The essential containers within the task are still\n\t\t\t\t\thaving their health checks evaluated, there are only nonessential containers\n\t\t\t\t\twith health checks defined, or there are no container health checks\n\t\t\t\t\tdefined.</p>\n            </li>\n         </ul>\n         <p>If a task is run manually, and not as part of a service, the task will continue its\n\t\t\tlifecycle regardless of its health status. For tasks that are part of a service, if the\n\t\t\ttask reports as unhealthy then the task will be stopped and the service scheduler will\n\t\t\treplace it.</p>\n         <p>The following are notes about container health check support:</p>\n         <ul>\n            <li>\n               <p>When the Amazon ECS agent cannot connect to the Amazon ECS service,  the\n\t\t\t\t\tservice reports the container as <code>UNHEALTHY</code>. </p>\n            </li>\n            <li>\n               <p>The health check statuses are the \"last heard from\" response from the Amazon ECS agent. There\n\t\t\t\t\tare no assumptions made about the status of the container health checks.</p>\n            </li>\n            <li>\n               <p>Container health checks require version 1.17.0 or greater of the Amazon ECS\n\t\t\t\t\tcontainer agent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the\n\t\t\t\t\t\tAmazon ECS container agent</a>.</p>\n            </li>\n            <li>\n               <p>Container health checks are supported for Fargate tasks if\n\t\t\t\t\tyou're using platform version <code>1.1.0</code> or greater. For more\n\t\t\t\t\tinformation, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate\n\t\t\t\t\t\tplatform versions</a>.</p>\n            </li>\n            <li>\n               <p>Container health checks aren't supported for tasks that are part of a service\n\t\t\t\t\tthat's configured to use a Classic Load Balancer.</p>\n            </li>\n         </ul>"
       }
     },
     "com.amazonaws.ecs#HealthStatus": {