Skip to content

Commit

Permalink
feat(client-secrets-manager): Update endpoint rules and examples.
Browse files Browse the repository at this point in the history
  • Loading branch information
awstools committed Dec 22, 2023
1 parent 53ee504 commit b9a4897
Show file tree
Hide file tree
Showing 2 changed files with 218 additions and 21 deletions.
40 changes: 24 additions & 16 deletions clients/client-secrets-manager/src/endpoint/ruleset.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,35 @@ import { RuleSetObject } from "@smithy/types";
or see "smithy.rules#endpointRuleSet"
in codegen/sdk-codegen/aws-models/secrets-manager.json */

const s="required",
t="fn",
u="argv",
v="ref";
const y="required",
z="fn",
A="argv",
B="ref",
C="properties",
D="headers";
const a=true,
b="isSet",
c="booleanEquals",
d="error",
e="endpoint",
f="tree",
g="PartitionResult",
h={[s]:false,"type":"String"},
i={[s]:true,"default":false,"type":"Boolean"},
j={[v]:"Endpoint"},
k={[t]:c,[u]:[{[v]:"UseFIPS"},true]},
l={[t]:c,[u]:[{[v]:"UseDualStack"},true]},
m={},
n={[t]:"getAttr",[u]:[{[v]:g},"supportsFIPS"]},
o={[t]:c,[u]:[true,{[t]:"getAttr",[u]:[{[v]:g},"supportsDualStack"]}]},
p=[k],
q=[l],
r=[{[v]:"Region"}];
const _data={version:"1.0",parameters:{Region:h,UseDualStack:i,UseFIPS:i,Endpoint:h},rules:[{conditions:[{[t]:b,[u]:[j]}],rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:j,properties:m,headers:m},type:e}],type:f},{conditions:[{[t]:b,[u]:r}],rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:g}],rules:[{conditions:[k,l],rules:[{conditions:[{[t]:c,[u]:[a,n]},o],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:p,rules:[{conditions:[{[t]:c,[u]:[n,a]}],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:q,rules:[{conditions:[o],rules:[{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}]};
h="stringEquals",
i={[y]:false,"type":"String"},
j={[y]:true,"default":false,"type":"Boolean"},
k={[B]:"Endpoint"},
l={[z]:c,[A]:[{[B]:"UseFIPS"},true]},
m={[z]:c,[A]:[{[B]:"UseDualStack"},true]},
n={},
o={[z]:"getAttr",[A]:[{[B]:g},"supportsFIPS"]},
p={[z]:c,[A]:[true,{[z]:"getAttr",[A]:[{[B]:g},"supportsDualStack"]}]},
q={[z]:"getAttr",[A]:[{[B]:g},"name"]},
r={"url":"https://secretsmanager-fips.{Region}.amazonaws.com",[C]:{},[D]:{}},
s={"url":"https://secretsmanager.{Region}.amazonaws.com",[C]:{},[D]:{}},
t=[l],
u=[m],
v=[{[B]:"Region"}],
w=[{[z]:h,[A]:["aws",q]}],
x=[{[z]:h,[A]:["aws-us-gov",q]}];
const _data={version:"1.0",parameters:{Region:i,UseDualStack:j,UseFIPS:j,Endpoint:i},rules:[{conditions:[{[z]:b,[A]:[k]}],rules:[{conditions:t,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{conditions:u,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:k,[C]:n,[D]:n},type:e}],type:f},{conditions:[{[z]:b,[A]:v}],rules:[{conditions:[{[z]:"aws.partition",[A]:v,assign:g}],rules:[{conditions:[l,m],rules:[{conditions:[{[z]:c,[A]:[a,o]},p],rules:[{conditions:w,endpoint:r,type:e},{conditions:x,endpoint:r,type:e},{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",[C]:n,[D]:n},type:e}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:t,rules:[{conditions:[{[z]:c,[A]:[o,a]}],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}",[C]:n,[D]:n},type:e}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:u,rules:[{conditions:[p],rules:[{conditions:w,endpoint:s,type:e},{conditions:[{[z]:h,[A]:["aws-cn",q]}],endpoint:{url:"https://secretsmanager.{Region}.amazonaws.com.cn",[C]:n,[D]:n},type:e},{conditions:x,endpoint:s,type:e},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}",[C]:n,[D]:n},type:e}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}",[C]:n,[D]:n},type:e}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}]};
export const ruleSet: RuleSetObject = _data;
199 changes: 194 additions & 5 deletions codegen/sdk-codegen/aws-models/secrets-manager.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2321,6 +2321,18 @@
"Name": "MyTestDatabaseSecret",
"VersionId": "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2"
}
},
{
"title": "To request an immediate rotation for a secret",
"documentation": "The following example requests an immediate invocation of the secret's Lambda rotation function. It assumes that the specified secret already has rotation configured. The rotation function runs asynchronously in the background.",
"input": {
"SecretId": "MyTestDatabaseSecret"
},
"output": {
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret",
"VersionId": "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2"
}
}
]
}
Expand Down Expand Up @@ -3095,6 +3107,31 @@
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret"
}
},
{
"title": "To update the KMS key associated with a secret",
"documentation": "This example shows how to update the KMS customer managed key (CMK) used to encrypt the secret value. The KMS CMK must be in the same region as the secret.",
"input": {
"SecretId": "MyTestDatabaseSecret",
"KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE"
},
"output": {
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret"
}
},
{
"title": "To create a new version of the encrypted secret value",
"documentation": "The following example shows how to create a new version of the secret by updating the SecretString field. Alternatively, you can use the put-secret-value operation.",
"input": {
"SecretId": "MyTestDatabaseSecret",
"SecretString": "{JSON STRING WITH CREDENTIALS}"
},
"output": {
"ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret",
"VersionId": "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE"
}
}
]
}
Expand Down Expand Up @@ -3211,6 +3248,33 @@
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret"
}
},
{
"title": "To delete a staging label attached to a version of a secret",
"documentation": "The following example shows you how to delete a staging label that is attached to a version of a secret. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.",
"input": {
"SecretId": "MyTestDatabaseSecret",
"VersionStage": "STAGINGLABEL1",
"RemoveFromVersionId": "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1"
},
"output": {
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret"
}
},
{
"title": "To move a staging label from one version of a secret to another",
"documentation": "The following example shows you how to move a staging label that is attached to one version of a secret to a different version. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.",
"input": {
"SecretId": "MyTestDatabaseSecret",
"VersionStage": "AWSCURRENT",
"RemoveFromVersionId": "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1",
"MoveToVersionId": "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2"
},
"output": {
"ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
"Name": "MyTestDatabaseSecret"
}
}
]
}
Expand Down Expand Up @@ -3637,6 +3701,56 @@
}
],
"rules": [
{
"conditions": [
{
"fn": "stringEquals",
"argv": [
"aws",
{
"fn": "getAttr",
"argv": [
{
"ref": "PartitionResult"
},
"name"
]
}
]
}
],
"endpoint": {
"url": "https://secretsmanager-fips.{Region}.amazonaws.com",
"properties": {},
"headers": {}
},
"type": "endpoint"
},
{
"conditions": [
{
"fn": "stringEquals",
"argv": [
"aws-us-gov",
{
"fn": "getAttr",
"argv": [
{
"ref": "PartitionResult"
},
"name"
]
}
]
}
],
"endpoint": {
"url": "https://secretsmanager-fips.{Region}.amazonaws.com",
"properties": {},
"headers": {}
},
"type": "endpoint"
},
{
"conditions": [],
"endpoint": {
Expand Down Expand Up @@ -3741,6 +3855,81 @@
}
],
"rules": [
{
"conditions": [
{
"fn": "stringEquals",
"argv": [
"aws",
{
"fn": "getAttr",
"argv": [
{
"ref": "PartitionResult"
},
"name"
]
}
]
}
],
"endpoint": {
"url": "https://secretsmanager.{Region}.amazonaws.com",
"properties": {},
"headers": {}
},
"type": "endpoint"
},
{
"conditions": [
{
"fn": "stringEquals",
"argv": [
"aws-cn",
{
"fn": "getAttr",
"argv": [
{
"ref": "PartitionResult"
},
"name"
]
}
]
}
],
"endpoint": {
"url": "https://secretsmanager.{Region}.amazonaws.com.cn",
"properties": {},
"headers": {}
},
"type": "endpoint"
},
{
"conditions": [
{
"fn": "stringEquals",
"argv": [
"aws-us-gov",
{
"fn": "getAttr",
"argv": [
{
"ref": "PartitionResult"
},
"name"
]
}
]
}
],
"endpoint": {
"url": "https://secretsmanager.{Region}.amazonaws.com",
"properties": {},
"headers": {}
},
"type": "endpoint"
},
{
"conditions": [],
"endpoint": {
Expand Down Expand Up @@ -4140,7 +4329,7 @@
"documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
"expect": {
"endpoint": {
"url": "https://secretsmanager-fips.us-east-1.api.aws"
"url": "https://secretsmanager-fips.us-east-1.amazonaws.com"
}
},
"params": {
Expand All @@ -4153,7 +4342,7 @@
"documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
"expect": {
"endpoint": {
"url": "https://secretsmanager.us-east-1.api.aws"
"url": "https://secretsmanager.us-east-1.amazonaws.com"
}
},
"params": {
Expand Down Expand Up @@ -4218,7 +4407,7 @@
"documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
"expect": {
"endpoint": {
"url": "https://secretsmanager.cn-north-1.api.amazonwebservices.com.cn"
"url": "https://secretsmanager.cn-north-1.amazonaws.com.cn"
}
},
"params": {
Expand Down Expand Up @@ -4283,7 +4472,7 @@
"documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
"expect": {
"endpoint": {
"url": "https://secretsmanager-fips.us-gov-east-1.api.aws"
"url": "https://secretsmanager-fips.us-gov-east-1.amazonaws.com"
}
},
"params": {
Expand All @@ -4296,7 +4485,7 @@
"documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
"expect": {
"endpoint": {
"url": "https://secretsmanager.us-gov-east-1.api.aws"
"url": "https://secretsmanager.us-gov-east-1.amazonaws.com"
}
},
"params": {
Expand Down

0 comments on commit b9a4897

Please sign in to comment.