From c8d90ed796278f13b200b4c77627382a8808db11 Mon Sep 17 00:00:00 2001 From: awstools Date: Fri, 30 Jun 2023 18:16:32 +0000 Subject: [PATCH] feat(client-transfer): Add outbound Basic authentication support to AS2 connectors --- .../src/commands/CreateConnectorCommand.ts | 1 + .../src/commands/DescribeConnectorCommand.ts | 1 + .../src/commands/UpdateConnectorCommand.ts | 1 + .../client-transfer/src/models/models_0.ts | 53 +++++++++++++++++++ codegen/sdk-codegen/aws-models/transfer.json | 27 +++++++--- 5 files changed, 77 insertions(+), 6 deletions(-) diff --git a/clients/client-transfer/src/commands/CreateConnectorCommand.ts b/clients/client-transfer/src/commands/CreateConnectorCommand.ts index 73b381848f51..1f1e1caf617c 100644 --- a/clients/client-transfer/src/commands/CreateConnectorCommand.ts +++ b/clients/client-transfer/src/commands/CreateConnectorCommand.ts @@ -56,6 +56,7 @@ export interface CreateConnectorCommandOutput extends CreateConnectorResponse, _ * SigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE", * MdnSigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE" || "DEFAULT", * MdnResponse: "SYNC" || "NONE", + * BasicAuthSecretId: "STRING_VALUE", * }, * AccessRole: "STRING_VALUE", // required * LoggingRole: "STRING_VALUE", diff --git a/clients/client-transfer/src/commands/DescribeConnectorCommand.ts b/clients/client-transfer/src/commands/DescribeConnectorCommand.ts index 76da4eb0f18e..2ee1197852a4 100644 --- a/clients/client-transfer/src/commands/DescribeConnectorCommand.ts +++ b/clients/client-transfer/src/commands/DescribeConnectorCommand.ts @@ -63,6 +63,7 @@ export interface DescribeConnectorCommandOutput extends DescribeConnectorRespons * // SigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE", * // MdnSigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE" || "DEFAULT", * // MdnResponse: "SYNC" || "NONE", + * // BasicAuthSecretId: "STRING_VALUE", * // }, * // AccessRole: "STRING_VALUE", * // LoggingRole: "STRING_VALUE", diff --git a/clients/client-transfer/src/commands/UpdateConnectorCommand.ts b/clients/client-transfer/src/commands/UpdateConnectorCommand.ts index 1a2b97601da0..05d1d51b5d35 100644 --- a/clients/client-transfer/src/commands/UpdateConnectorCommand.ts +++ b/clients/client-transfer/src/commands/UpdateConnectorCommand.ts @@ -57,6 +57,7 @@ export interface UpdateConnectorCommandOutput extends UpdateConnectorResponse, _ * SigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE", * MdnSigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE" || "DEFAULT", * MdnResponse: "SYNC" || "NONE", + * BasicAuthSecretId: "STRING_VALUE", * }, * AccessRole: "STRING_VALUE", * LoggingRole: "STRING_VALUE", diff --git a/clients/client-transfer/src/models/models_0.ts b/clients/client-transfer/src/models/models_0.ts index 58df274fbf97..c72c6e704893 100644 --- a/clients/client-transfer/src/models/models_0.ts +++ b/clients/client-transfer/src/models/models_0.ts @@ -181,6 +181,35 @@ export interface As2ConnectorConfig { * */ MdnResponse?: MdnResponse | string; + + /** + *

Provides Basic authentication support to the AS2 Connectors API. To use Basic authentication, + * you must provide the name or Amazon Resource Name (ARN) of a secret in Secrets Manager.

+ *

The default value for this parameter is null, which indicates that Basic authentication is not enabled for the connector.

+ *

If the connector should use Basic authentication, the secret needs to be in the following format:

+ *

+ * \{ + * "Username": "user-name", + * "Password": "user-password" + * \} + *

+ *

Replace user-name and user-password with the credentials for the actual user that is being authenticated.

+ *

Note the following:

+ * + *

If you have previously enabled Basic authentication for a connector, you can disable it by using the UpdateConnector API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication:

+ *

+ * update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=""' + *

+ */ + BasicAuthSecretId?: string; } /** @@ -758,6 +787,10 @@ export interface CreateAgreementRequest { * StartFileTransfer request. Additionally, you need to provide read and write * access to the parent directory of the files that you intend to send with * StartFileTransfer.

+ *

If you are using Basic authentication for your AS2 connector, the access role requires the + * secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using + * a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also + * needs the kms:Decrypt permission for that key.

*/ AccessRole: string | undefined; @@ -832,6 +865,10 @@ export interface CreateConnectorRequest { * StartFileTransfer request. Additionally, you need to provide read and write * access to the parent directory of the files that you intend to send with * StartFileTransfer.

+ *

If you are using Basic authentication for your AS2 connector, the access role requires the + * secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using + * a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also + * needs the kms:Decrypt permission for that key.

*/ AccessRole: string | undefined; @@ -2446,6 +2483,10 @@ export interface DescribedAgreement { * StartFileTransfer request. Additionally, you need to provide read and write * access to the parent directory of the files that you intend to send with * StartFileTransfer.

+ *

If you are using Basic authentication for your AS2 connector, the access role requires the + * secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using + * a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also + * needs the kms:Decrypt permission for that key.

*/ AccessRole?: string; @@ -2612,6 +2653,10 @@ export interface DescribedConnector { * StartFileTransfer request. Additionally, you need to provide read and write * access to the parent directory of the files that you intend to send with * StartFileTransfer.

+ *

If you are using Basic authentication for your AS2 connector, the access role requires the + * secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using + * a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also + * needs the kms:Decrypt permission for that key.

*/ AccessRole?: string; @@ -5130,6 +5175,10 @@ export interface UpdateAgreementRequest { * StartFileTransfer request. Additionally, you need to provide read and write * access to the parent directory of the files that you intend to send with * StartFileTransfer.

+ *

If you are using Basic authentication for your AS2 connector, the access role requires the + * secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using + * a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also + * needs the kms:Decrypt permission for that key.

*/ AccessRole?: string; } @@ -5209,6 +5258,10 @@ export interface UpdateConnectorRequest { * StartFileTransfer request. Additionally, you need to provide read and write * access to the parent directory of the files that you intend to send with * StartFileTransfer.

+ *

If you are using Basic authentication for your AS2 connector, the access role requires the + * secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using + * a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also + * needs the kms:Decrypt permission for that key.

*/ AccessRole?: string; diff --git a/codegen/sdk-codegen/aws-models/transfer.json b/codegen/sdk-codegen/aws-models/transfer.json index 19a7c6de5941..4d024a295a5e 100644 --- a/codegen/sdk-codegen/aws-models/transfer.json +++ b/codegen/sdk-codegen/aws-models/transfer.json @@ -142,12 +142,27 @@ "traits": { "smithy.api#documentation": "

Used for outbound requests (from an Transfer Family server to a partner AS2 server) to determine whether\n the partner response for transfers is synchronous or asynchronous. Specify either of the following values:

\n " } + }, + "BasicAuthSecretId": { + "target": "com.amazonaws.transfer#As2ConnectorSecretId", + "traits": { + "smithy.api#documentation": "

Provides Basic authentication support to the AS2 Connectors API. To use Basic authentication,\n you must provide the name or Amazon Resource Name (ARN) of a secret in Secrets Manager.

\n

The default value for this parameter is null, which indicates that Basic authentication is not enabled for the connector.

\n

If the connector should use Basic authentication, the secret needs to be in the following format:

\n

\n {\n \"Username\": \"user-name\",\n \"Password\": \"user-password\"\n }\n

\n

Replace user-name and user-password with the credentials for the actual user that is being authenticated.

\n

Note the following:

\n \n

If you have previously enabled Basic authentication for a connector, you can disable it by using the UpdateConnector API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication:

\n

\n update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=\"\"'\n

" + } } }, "traits": { "smithy.api#documentation": "

Contains the details for a connector object. The connector object is used for AS2 outbound\n processes, to connect the Transfer Family customer with the trading partner.

" } }, + "com.amazonaws.transfer#As2ConnectorSecretId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 2048 + } + } + }, "com.amazonaws.transfer#As2Id": { "type": "string", "traits": { @@ -562,7 +577,7 @@ "AccessRole": { "target": "com.amazonaws.transfer#Role", "traits": { - "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

", + "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

\n

If you are using Basic authentication for your AS2 connector, the access role requires the\n secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using\n a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also\n needs the kms:Decrypt permission for that key.

", "smithy.api#required": {} } }, @@ -650,7 +665,7 @@ "AccessRole": { "target": "com.amazonaws.transfer#Role", "traits": { - "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

", + "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

\n

If you are using Basic authentication for your AS2 connector, the access role requires the\n secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using\n a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also\n needs the kms:Decrypt permission for that key.

", "smithy.api#required": {} } }, @@ -2541,7 +2556,7 @@ "AccessRole": { "target": "com.amazonaws.transfer#Role", "traits": { - "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

" + "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

\n

If you are using Basic authentication for your AS2 connector, the access role requires the\n secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using\n a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also\n needs the kms:Decrypt permission for that key.

" } }, "Tags": { @@ -2679,7 +2694,7 @@ "AccessRole": { "target": "com.amazonaws.transfer#Role", "traits": { - "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

" + "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

\n

If you are using Basic authentication for your AS2 connector, the access role requires the\n secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using\n a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also\n needs the kms:Decrypt permission for that key.

" } }, "LoggingRole": { @@ -8427,7 +8442,7 @@ "AccessRole": { "target": "com.amazonaws.transfer#Role", "traits": { - "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

" + "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

\n

If you are using Basic authentication for your AS2 connector, the access role requires the\n secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using\n a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also\n needs the kms:Decrypt permission for that key.

" } } }, @@ -8584,7 +8599,7 @@ "AccessRole": { "target": "com.amazonaws.transfer#Role", "traits": { - "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

" + "smithy.api#documentation": "

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

\n

If you are using Basic authentication for your AS2 connector, the access role requires the\n secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using\n a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also\n needs the kms:Decrypt permission for that key.

" } }, "LoggingRole": {