From a12cf065d7f9ec2d474b52cc299009690d7ccfed Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 3 Apr 2024 18:16:20 +0000 Subject: [PATCH] feat(client-transfer): Add ability to specify Security Policies for SFTP Connectors --- .../src/commands/CreateConnectorCommand.ts | 1 + .../src/commands/DescribeConnectorCommand.ts | 1 + .../commands/DescribeSecurityPolicyCommand.ts | 13 +- .../commands/ListSecurityPoliciesCommand.ts | 6 +- .../src/commands/UpdateConnectorCommand.ts | 1 + .../client-transfer/src/models/models_0.ts | 106 +++++++++++++--- .../src/protocols/Aws_json1_1.ts | 2 + codegen/sdk-codegen/aws-models/transfer.json | 120 ++++++++++++++++-- 8 files changed, 215 insertions(+), 35 deletions(-) diff --git a/clients/client-transfer/src/commands/CreateConnectorCommand.ts b/clients/client-transfer/src/commands/CreateConnectorCommand.ts index 8a303bad42ca..900bfd754cc1 100644 --- a/clients/client-transfer/src/commands/CreateConnectorCommand.ts +++ b/clients/client-transfer/src/commands/CreateConnectorCommand.ts @@ -66,6 +66,7 @@ export interface CreateConnectorCommandOutput extends CreateConnectorResponse, _ * "STRING_VALUE", * ], * }, + * SecurityPolicyName: "STRING_VALUE", * }; * const command = new CreateConnectorCommand(input); * const response = await client.send(command); diff --git a/clients/client-transfer/src/commands/DescribeConnectorCommand.ts b/clients/client-transfer/src/commands/DescribeConnectorCommand.ts index 2661eaccd015..7f02e48c4978 100644 --- a/clients/client-transfer/src/commands/DescribeConnectorCommand.ts +++ b/clients/client-transfer/src/commands/DescribeConnectorCommand.ts @@ -73,6 +73,7 @@ export interface DescribeConnectorCommandOutput extends DescribeConnectorRespons * // ServiceManagedEgressIpAddresses: [ // ServiceManagedEgressIpAddresses * // "STRING_VALUE", * // ], + * // SecurityPolicyName: "STRING_VALUE", * // }, * // }; * diff --git a/clients/client-transfer/src/commands/DescribeSecurityPolicyCommand.ts b/clients/client-transfer/src/commands/DescribeSecurityPolicyCommand.ts index 8da0a0947be3..979a5112510c 100644 --- a/clients/client-transfer/src/commands/DescribeSecurityPolicyCommand.ts +++ b/clients/client-transfer/src/commands/DescribeSecurityPolicyCommand.ts @@ -27,10 +27,10 @@ export interface DescribeSecurityPolicyCommandInput extends DescribeSecurityPoli export interface DescribeSecurityPolicyCommandOutput extends DescribeSecurityPolicyResponse, __MetadataBearer {} /** - *

Describes the security policy that is attached to your file transfer protocol-enabled - * server. The response contains a description of the security policy's properties. For more + *

Describes the security policy that is attached to your server or SFTP connector. The response contains a description of the security policy's properties. For more * information about security policies, see Working with security - * policies.

+ * policies for servers or Working with security + * policies for SFTP connectors.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -58,6 +58,13 @@ export interface DescribeSecurityPolicyCommandOutput extends DescribeSecurityPol * // TlsCiphers: [ * // "STRING_VALUE", * // ], + * // SshHostKeyAlgorithms: [ + * // "STRING_VALUE", + * // ], + * // Type: "SERVER" || "CONNECTOR", + * // Protocols: [ // SecurityPolicyProtocols + * // "SFTP" || "FTPS", + * // ], * // }, * // }; * diff --git a/clients/client-transfer/src/commands/ListSecurityPoliciesCommand.ts b/clients/client-transfer/src/commands/ListSecurityPoliciesCommand.ts index d201680797c9..32c5b87989ea 100644 --- a/clients/client-transfer/src/commands/ListSecurityPoliciesCommand.ts +++ b/clients/client-transfer/src/commands/ListSecurityPoliciesCommand.ts @@ -27,8 +27,10 @@ export interface ListSecurityPoliciesCommandInput extends ListSecurityPoliciesRe export interface ListSecurityPoliciesCommandOutput extends ListSecurityPoliciesResponse, __MetadataBearer {} /** - *

Lists the security policies that are attached to your file transfer protocol-enabled - * servers.

+ *

Lists the security policies that are attached to your servers and SFTP connectors. For more information + * about security policies, see Working with security + * policies for servers or Working with security + * policies for SFTP connectors.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-transfer/src/commands/UpdateConnectorCommand.ts b/clients/client-transfer/src/commands/UpdateConnectorCommand.ts index d2268e2bf292..67b4cd09270f 100644 --- a/clients/client-transfer/src/commands/UpdateConnectorCommand.ts +++ b/clients/client-transfer/src/commands/UpdateConnectorCommand.ts @@ -58,6 +58,7 @@ export interface UpdateConnectorCommandOutput extends UpdateConnectorResponse, _ * "STRING_VALUE", * ], * }, + * SecurityPolicyName: "STRING_VALUE", * }; * const command = new UpdateConnectorCommand(input); * const response = await client.send(command); diff --git a/clients/client-transfer/src/models/models_0.ts b/clients/client-transfer/src/models/models_0.ts index 66d01e9993bc..fc0172229dc2 100644 --- a/clients/client-transfer/src/models/models_0.ts +++ b/clients/client-transfer/src/models/models_0.ts @@ -1057,6 +1057,12 @@ export interface CreateConnectorRequest { * @public */ SftpConfig?: SftpConnectorConfig; + + /** + *

Specifies the name of the security policy for the connector.

+ * @public + */ + SecurityPolicyName?: string; } /** @@ -1827,7 +1833,7 @@ export interface CreateServerRequest { ProtocolDetails?: ProtocolDetails; /** - *

Specifies the name of the security policy that is attached to the server.

+ *

Specifies the name of the security policy for the server.

* @public */ SecurityPolicyName?: string; @@ -3116,6 +3122,12 @@ export interface DescribedConnector { * @public */ ServiceManagedEgressIpAddresses?: string[]; + + /** + *

The text name of the security policy for the specified connector.

+ * @public + */ + SecurityPolicyName?: string; } /** @@ -3590,52 +3602,108 @@ export interface DescribedProfile { } /** - *

Describes the properties of a security policy that was specified. For more information + * @public + * @enum + */ +export const SecurityPolicyProtocol = { + FTPS: "FTPS", + SFTP: "SFTP", +} as const; + +/** + * @public + */ +export type SecurityPolicyProtocol = (typeof SecurityPolicyProtocol)[keyof typeof SecurityPolicyProtocol]; + +/** + * @public + * @enum + */ +export const SecurityPolicyResourceType = { + CONNECTOR: "CONNECTOR", + SERVER: "SERVER", +} as const; + +/** + * @public + */ +export type SecurityPolicyResourceType = (typeof SecurityPolicyResourceType)[keyof typeof SecurityPolicyResourceType]; + +/** + *

Describes the properties of a security policy that you specify. For more information * about security policies, see Working with security - * policies.

+ * policies for servers or Working with security + * policies for SFTP connectors.

* @public */ export interface DescribedSecurityPolicy { /** - *

Specifies whether this policy enables Federal Information Processing Standards - * (FIPS).

+ *

Specifies whether this policy enables Federal Information Processing Standards (FIPS). + * This parameter applies to both server and connector security policies.

* @public */ Fips?: boolean; /** - *

Specifies the name of the security policy that is attached to the server.

+ *

The text name of the specified security policy.

* @public */ SecurityPolicyName: string | undefined; /** - *

Specifies the enabled Secure Shell (SSH) cipher encryption algorithms in the security - * policy that is attached to the server.

+ *

Lists the enabled Secure Shell (SSH) cipher encryption algorithms in the security policy + * that is attached to the server or connector. This parameter applies to both server and + * connector security policies.

* @public */ SshCiphers?: string[]; /** - *

Specifies the enabled SSH key exchange (KEX) encryption algorithms in the security policy - * that is attached to the server.

+ *

Lists the enabled SSH key exchange (KEX) encryption algorithms in the security policy that + * is attached to the server or connector. This parameter applies to both server and connector + * security policies.

* @public */ SshKexs?: string[]; /** - *

Specifies the enabled SSH message authentication code (MAC) encryption algorithms in the - * security policy that is attached to the server.

+ *

Lists the enabled SSH message authentication code (MAC) encryption algorithms in the + * security policy that is attached to the server or connector. This parameter applies to both + * server and connector security policies.

* @public */ SshMacs?: string[]; /** - *

Specifies the enabled Transport Layer Security (TLS) cipher encryption algorithms in the + *

Lists the enabled Transport Layer Security (TLS) cipher encryption algorithms in the * security policy that is attached to the server.

+ * + *

This parameter only applies to security policies for servers.

+ * * @public */ TlsCiphers?: string[]; + + /** + *

Lists the host key algorithms for the security policy.

+ * + *

This parameter only applies to security policies for connectors.

+ * + * @public + */ + SshHostKeyAlgorithms?: string[]; + + /** + *

The resource type to which the security policy applies, either server or connector.

+ * @public + */ + Type?: SecurityPolicyResourceType; + + /** + *

Lists the file transfer protocols that the security policy applies to.

+ * @public + */ + Protocols?: SecurityPolicyProtocol[]; } /** @@ -3846,7 +3914,7 @@ export interface DescribedServer { Protocols?: Protocol[]; /** - *

Specifies the name of the security policy that is attached to the server.

+ *

Specifies the name of the security policy for the server.

* @public */ SecurityPolicyName?: string; @@ -4197,7 +4265,7 @@ export interface DescribeProfileResponse { */ export interface DescribeSecurityPolicyRequest { /** - *

Specifies the name of the security policy that is attached to the server.

+ *

Specify the text name of the security policy for which you want the details.

* @public */ SecurityPolicyName: string | undefined; @@ -6179,6 +6247,12 @@ export interface UpdateConnectorRequest { * @public */ SftpConfig?: SftpConnectorConfig; + + /** + *

Specifies the name of the security policy for the connector.

+ * @public + */ + SecurityPolicyName?: string; } /** @@ -6480,7 +6554,7 @@ export interface UpdateServerRequest { Protocols?: Protocol[]; /** - *

Specifies the name of the security policy that is attached to the server.

+ *

Specifies the name of the security policy for the server.

* @public */ SecurityPolicyName?: string; diff --git a/clients/client-transfer/src/protocols/Aws_json1_1.ts b/clients/client-transfer/src/protocols/Aws_json1_1.ts index 938ff3ed99f2..93988a9476f8 100644 --- a/clients/client-transfer/src/protocols/Aws_json1_1.ts +++ b/clients/client-transfer/src/protocols/Aws_json1_1.ts @@ -2854,6 +2854,8 @@ const de_ListHostKeysResponse = (output: any, context: __SerdeContext): ListHost // de_SecurityPolicyOptions omitted. +// de_SecurityPolicyProtocols omitted. + // de_SendWorkflowStepStateResponse omitted. // de_ServiceManagedEgressIpAddresses omitted. diff --git a/codegen/sdk-codegen/aws-models/transfer.json b/codegen/sdk-codegen/aws-models/transfer.json index 6c3c1275b90f..5d7fef298d5a 100644 --- a/codegen/sdk-codegen/aws-models/transfer.json +++ b/codegen/sdk-codegen/aws-models/transfer.json @@ -338,6 +338,16 @@ "smithy.api#pattern": "^c-([0-9a-f]{17})$" } }, + "com.amazonaws.transfer#ConnectorSecurityPolicyName": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 100 + }, + "smithy.api#pattern": "^TransferSFTPConnectorSecurityPolicy-[A-Za-z0-9-]+$" + } + }, "com.amazonaws.transfer#CopyStepDetails": { "type": "structure", "members": { @@ -657,6 +667,12 @@ "traits": { "smithy.api#documentation": "

A structure that contains the parameters for an SFTP connector object.

" } + }, + "SecurityPolicyName": { + "target": "com.amazonaws.transfer#ConnectorSecurityPolicyName", + "traits": { + "smithy.api#documentation": "

Specifies the name of the security policy for the connector.

" + } } }, "traits": { @@ -869,7 +885,7 @@ "SecurityPolicyName": { "target": "com.amazonaws.transfer#SecurityPolicyName", "traits": { - "smithy.api#documentation": "

Specifies the name of the security policy that is attached to the server.

" + "smithy.api#documentation": "

Specifies the name of the security policy for the server.

" } }, "Tags": { @@ -2177,7 +2193,7 @@ } ], "traits": { - "smithy.api#documentation": "

Describes the security policy that is attached to your file transfer protocol-enabled\n server. The response contains a description of the security policy's properties. For more\n information about security policies, see Working with security\n policies.

", + "smithy.api#documentation": "

Describes the security policy that is attached to your server or SFTP connector. The response contains a description of the security policy's properties. For more\n information about security policies, see Working with security\n policies for servers or Working with security\n policies for SFTP connectors.

", "smithy.api#readonly": {} } }, @@ -2187,7 +2203,7 @@ "SecurityPolicyName": { "target": "com.amazonaws.transfer#SecurityPolicyName", "traits": { - "smithy.api#documentation": "

Specifies the name of the security policy that is attached to the server.

", + "smithy.api#documentation": "

Specify the text name of the security policy for which you want the details.

", "smithy.api#required": {} } } @@ -2716,6 +2732,12 @@ "traits": { "smithy.api#documentation": "

The list of egress IP addresses of this connector. These IP addresses are assigned automatically when you create the connector.

" } + }, + "SecurityPolicyName": { + "target": "com.amazonaws.transfer#ConnectorSecurityPolicyName", + "traits": { + "smithy.api#documentation": "

The text name of the security policy for the specified connector.

" + } } }, "traits": { @@ -2877,43 +2899,61 @@ "Fips": { "target": "com.amazonaws.transfer#Fips", "traits": { - "smithy.api#documentation": "

Specifies whether this policy enables Federal Information Processing Standards\n (FIPS).

" + "smithy.api#documentation": "

Specifies whether this policy enables Federal Information Processing Standards (FIPS).\n This parameter applies to both server and connector security policies.

" } }, "SecurityPolicyName": { "target": "com.amazonaws.transfer#SecurityPolicyName", "traits": { - "smithy.api#documentation": "

Specifies the name of the security policy that is attached to the server.

", + "smithy.api#documentation": "

The text name of the specified security policy.

", "smithy.api#required": {} } }, "SshCiphers": { "target": "com.amazonaws.transfer#SecurityPolicyOptions", "traits": { - "smithy.api#documentation": "

Specifies the enabled Secure Shell (SSH) cipher encryption algorithms in the security\n policy that is attached to the server.

" + "smithy.api#documentation": "

Lists the enabled Secure Shell (SSH) cipher encryption algorithms in the security policy\n that is attached to the server or connector. This parameter applies to both server and\n connector security policies.

" } }, "SshKexs": { "target": "com.amazonaws.transfer#SecurityPolicyOptions", "traits": { - "smithy.api#documentation": "

Specifies the enabled SSH key exchange (KEX) encryption algorithms in the security policy\n that is attached to the server.

" + "smithy.api#documentation": "

Lists the enabled SSH key exchange (KEX) encryption algorithms in the security policy that\n is attached to the server or connector. This parameter applies to both server and connector\n security policies.

" } }, "SshMacs": { "target": "com.amazonaws.transfer#SecurityPolicyOptions", "traits": { - "smithy.api#documentation": "

Specifies the enabled SSH message authentication code (MAC) encryption algorithms in the\n security policy that is attached to the server.

" + "smithy.api#documentation": "

Lists the enabled SSH message authentication code (MAC) encryption algorithms in the\n security policy that is attached to the server or connector. This parameter applies to both\n server and connector security policies.

" } }, "TlsCiphers": { "target": "com.amazonaws.transfer#SecurityPolicyOptions", "traits": { - "smithy.api#documentation": "

Specifies the enabled Transport Layer Security (TLS) cipher encryption algorithms in the\n security policy that is attached to the server.

" + "smithy.api#documentation": "

Lists the enabled Transport Layer Security (TLS) cipher encryption algorithms in the\n security policy that is attached to the server.

\n \n

This parameter only applies to security policies for servers.

\n " + } + }, + "SshHostKeyAlgorithms": { + "target": "com.amazonaws.transfer#SecurityPolicyOptions", + "traits": { + "smithy.api#documentation": "

Lists the host key algorithms for the security policy.

\n \n

This parameter only applies to security policies for connectors.

\n " + } + }, + "Type": { + "target": "com.amazonaws.transfer#SecurityPolicyResourceType", + "traits": { + "smithy.api#documentation": "

The resource type to which the security policy applies, either server or connector.

" + } + }, + "Protocols": { + "target": "com.amazonaws.transfer#SecurityPolicyProtocols", + "traits": { + "smithy.api#documentation": "

Lists the file transfer protocols that the security policy applies to.

" } } }, "traits": { - "smithy.api#documentation": "

Describes the properties of a security policy that was specified. For more information\n about security policies, see Working with security\n policies.

" + "smithy.api#documentation": "

Describes the properties of a security policy that you specify. For more information\n about security policies, see Working with security\n policies for servers or Working with security\n policies for SFTP connectors.

" } }, "com.amazonaws.transfer#DescribedServer": { @@ -3001,7 +3041,7 @@ "SecurityPolicyName": { "target": "com.amazonaws.transfer#SecurityPolicyName", "traits": { - "smithy.api#documentation": "

Specifies the name of the security policy that is attached to the server.

" + "smithy.api#documentation": "

Specifies the name of the security policy for the server.

" } }, "ServerId": { @@ -4745,7 +4785,7 @@ } ], "traits": { - "smithy.api#documentation": "

Lists the security policies that are attached to your file transfer protocol-enabled\n servers.

", + "smithy.api#documentation": "

Lists the security policies that are attached to your servers and SFTP connectors. For more information\n about security policies, see Working with security\n policies for servers or Working with security\n policies for SFTP connectors.

", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -6257,7 +6297,7 @@ "min": 0, "max": 100 }, - "smithy.api#pattern": "^TransferSecurityPolicy-.+$" + "smithy.api#pattern": "^Transfer[A-Za-z0-9]*SecurityPolicy-[A-Za-z0-9-]+$" } }, "com.amazonaws.transfer#SecurityPolicyNames": { @@ -6281,6 +6321,52 @@ "target": "com.amazonaws.transfer#SecurityPolicyOption" } }, + "com.amazonaws.transfer#SecurityPolicyProtocol": { + "type": "enum", + "members": { + "SFTP": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SFTP" + } + }, + "FTPS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "FTPS" + } + } + } + }, + "com.amazonaws.transfer#SecurityPolicyProtocols": { + "type": "list", + "member": { + "target": "com.amazonaws.transfer#SecurityPolicyProtocol" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 5 + } + } + }, + "com.amazonaws.transfer#SecurityPolicyResourceType": { + "type": "enum", + "members": { + "SERVER": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SERVER" + } + }, + "CONNECTOR": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CONNECTOR" + } + } + } + }, "com.amazonaws.transfer#SendWorkflowStepState": { "type": "operation", "input": { @@ -8824,6 +8910,12 @@ "traits": { "smithy.api#documentation": "

A structure that contains the parameters for an SFTP connector object.

" } + }, + "SecurityPolicyName": { + "target": "com.amazonaws.transfer#ConnectorSecurityPolicyName", + "traits": { + "smithy.api#documentation": "

Specifies the name of the security policy for the connector.

" + } } }, "traits": { @@ -9094,7 +9186,7 @@ "SecurityPolicyName": { "target": "com.amazonaws.transfer#SecurityPolicyName", "traits": { - "smithy.api#documentation": "

Specifies the name of the security policy that is attached to the server.

" + "smithy.api#documentation": "

Specifies the name of the security policy for the server.

" } }, "ServerId": {