From b9a4897c3fd274794de9c27e91688d325fcbc40b Mon Sep 17 00:00:00 2001 From: awstools Date: Fri, 22 Dec 2023 19:16:31 +0000 Subject: [PATCH] feat(client-secrets-manager): Update endpoint rules and examples. --- .../src/endpoint/ruleset.ts | 40 ++-- .../aws-models/secrets-manager.json | 199 +++++++++++++++++- 2 files changed, 218 insertions(+), 21 deletions(-) diff --git a/clients/client-secrets-manager/src/endpoint/ruleset.ts b/clients/client-secrets-manager/src/endpoint/ruleset.ts index 45102bf050df..3e920912841b 100644 --- a/clients/client-secrets-manager/src/endpoint/ruleset.ts +++ b/clients/client-secrets-manager/src/endpoint/ruleset.ts @@ -6,10 +6,12 @@ import { RuleSetObject } from "@smithy/types"; or see "smithy.rules#endpointRuleSet" in codegen/sdk-codegen/aws-models/secrets-manager.json */ -const s="required", -t="fn", -u="argv", -v="ref"; +const y="required", +z="fn", +A="argv", +B="ref", +C="properties", +D="headers"; const a=true, b="isSet", c="booleanEquals", @@ -17,16 +19,22 @@ d="error", e="endpoint", f="tree", g="PartitionResult", -h={[s]:false,"type":"String"}, -i={[s]:true,"default":false,"type":"Boolean"}, -j={[v]:"Endpoint"}, -k={[t]:c,[u]:[{[v]:"UseFIPS"},true]}, -l={[t]:c,[u]:[{[v]:"UseDualStack"},true]}, -m={}, -n={[t]:"getAttr",[u]:[{[v]:g},"supportsFIPS"]}, -o={[t]:c,[u]:[true,{[t]:"getAttr",[u]:[{[v]:g},"supportsDualStack"]}]}, -p=[k], -q=[l], -r=[{[v]:"Region"}]; -const _data={version:"1.0",parameters:{Region:h,UseDualStack:i,UseFIPS:i,Endpoint:h},rules:[{conditions:[{[t]:b,[u]:[j]}],rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:j,properties:m,headers:m},type:e}],type:f},{conditions:[{[t]:b,[u]:r}],rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:g}],rules:[{conditions:[k,l],rules:[{conditions:[{[t]:c,[u]:[a,n]},o],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:p,rules:[{conditions:[{[t]:c,[u]:[n,a]}],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:q,rules:[{conditions:[o],rules:[{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}]}; +h="stringEquals", +i={[y]:false,"type":"String"}, +j={[y]:true,"default":false,"type":"Boolean"}, +k={[B]:"Endpoint"}, +l={[z]:c,[A]:[{[B]:"UseFIPS"},true]}, +m={[z]:c,[A]:[{[B]:"UseDualStack"},true]}, +n={}, +o={[z]:"getAttr",[A]:[{[B]:g},"supportsFIPS"]}, +p={[z]:c,[A]:[true,{[z]:"getAttr",[A]:[{[B]:g},"supportsDualStack"]}]}, +q={[z]:"getAttr",[A]:[{[B]:g},"name"]}, +r={"url":"https://secretsmanager-fips.{Region}.amazonaws.com",[C]:{},[D]:{}}, +s={"url":"https://secretsmanager.{Region}.amazonaws.com",[C]:{},[D]:{}}, +t=[l], +u=[m], +v=[{[B]:"Region"}], +w=[{[z]:h,[A]:["aws",q]}], +x=[{[z]:h,[A]:["aws-us-gov",q]}]; +const _data={version:"1.0",parameters:{Region:i,UseDualStack:j,UseFIPS:j,Endpoint:i},rules:[{conditions:[{[z]:b,[A]:[k]}],rules:[{conditions:t,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{conditions:u,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:k,[C]:n,[D]:n},type:e}],type:f},{conditions:[{[z]:b,[A]:v}],rules:[{conditions:[{[z]:"aws.partition",[A]:v,assign:g}],rules:[{conditions:[l,m],rules:[{conditions:[{[z]:c,[A]:[a,o]},p],rules:[{conditions:w,endpoint:r,type:e},{conditions:x,endpoint:r,type:e},{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",[C]:n,[D]:n},type:e}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:t,rules:[{conditions:[{[z]:c,[A]:[o,a]}],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}",[C]:n,[D]:n},type:e}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:u,rules:[{conditions:[p],rules:[{conditions:w,endpoint:s,type:e},{conditions:[{[z]:h,[A]:["aws-cn",q]}],endpoint:{url:"https://secretsmanager.{Region}.amazonaws.com.cn",[C]:n,[D]:n},type:e},{conditions:x,endpoint:s,type:e},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}",[C]:n,[D]:n},type:e}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}",[C]:n,[D]:n},type:e}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}]}; export const ruleSet: RuleSetObject = _data; diff --git a/codegen/sdk-codegen/aws-models/secrets-manager.json b/codegen/sdk-codegen/aws-models/secrets-manager.json index 898bf442a5a8..c762aa51b2e9 100644 --- a/codegen/sdk-codegen/aws-models/secrets-manager.json +++ b/codegen/sdk-codegen/aws-models/secrets-manager.json @@ -2321,6 +2321,18 @@ "Name": "MyTestDatabaseSecret", "VersionId": "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2" } + }, + { + "title": "To request an immediate rotation for a secret", + "documentation": "The following example requests an immediate invocation of the secret's Lambda rotation function. It assumes that the specified secret already has rotation configured. The rotation function runs asynchronously in the background.", + "input": { + "SecretId": "MyTestDatabaseSecret" + }, + "output": { + "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", + "Name": "MyTestDatabaseSecret", + "VersionId": "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2" + } } ] } @@ -3095,6 +3107,31 @@ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Name": "MyTestDatabaseSecret" } + }, + { + "title": "To update the KMS key associated with a secret", + "documentation": "This example shows how to update the KMS customer managed key (CMK) used to encrypt the secret value. The KMS CMK must be in the same region as the secret.", + "input": { + "SecretId": "MyTestDatabaseSecret", + "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE" + }, + "output": { + "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", + "Name": "MyTestDatabaseSecret" + } + }, + { + "title": "To create a new version of the encrypted secret value", + "documentation": "The following example shows how to create a new version of the secret by updating the SecretString field. Alternatively, you can use the put-secret-value operation.", + "input": { + "SecretId": "MyTestDatabaseSecret", + "SecretString": "{JSON STRING WITH CREDENTIALS}" + }, + "output": { + "ARN": "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", + "Name": "MyTestDatabaseSecret", + "VersionId": "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE" + } } ] } @@ -3211,6 +3248,33 @@ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Name": "MyTestDatabaseSecret" } + }, + { + "title": "To delete a staging label attached to a version of a secret", + "documentation": "The following example shows you how to delete a staging label that is attached to a version of a secret. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.", + "input": { + "SecretId": "MyTestDatabaseSecret", + "VersionStage": "STAGINGLABEL1", + "RemoveFromVersionId": "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1" + }, + "output": { + "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", + "Name": "MyTestDatabaseSecret" + } + }, + { + "title": "To move a staging label from one version of a secret to another", + "documentation": "The following example shows you how to move a staging label that is attached to one version of a secret to a different version. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.", + "input": { + "SecretId": "MyTestDatabaseSecret", + "VersionStage": "AWSCURRENT", + "RemoveFromVersionId": "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1", + "MoveToVersionId": "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2" + }, + "output": { + "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", + "Name": "MyTestDatabaseSecret" + } } ] } @@ -3637,6 +3701,56 @@ } ], "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://secretsmanager-fips.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://secretsmanager-fips.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [], "endpoint": { @@ -3741,6 +3855,81 @@ } ], "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://secretsmanager.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-cn", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://secretsmanager.{Region}.amazonaws.com.cn", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://secretsmanager.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [], "endpoint": { @@ -4140,7 +4329,7 @@ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://secretsmanager-fips.us-east-1.api.aws" + "url": "https://secretsmanager-fips.us-east-1.amazonaws.com" } }, "params": { @@ -4153,7 +4342,7 @@ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://secretsmanager.us-east-1.api.aws" + "url": "https://secretsmanager.us-east-1.amazonaws.com" } }, "params": { @@ -4218,7 +4407,7 @@ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://secretsmanager.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://secretsmanager.cn-north-1.amazonaws.com.cn" } }, "params": { @@ -4283,7 +4472,7 @@ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://secretsmanager-fips.us-gov-east-1.api.aws" + "url": "https://secretsmanager-fips.us-gov-east-1.amazonaws.com" } }, "params": { @@ -4296,7 +4485,7 @@ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://secretsmanager.us-gov-east-1.api.aws" + "url": "https://secretsmanager.us-gov-east-1.amazonaws.com" } }, "params": {