Skip to content

Commit

Permalink
feat(client-ecr): Added KMS_DSSE to EncryptionType
Browse files Browse the repository at this point in the history
  • Loading branch information
awstools committed Sep 11, 2024
1 parent 1a98084 commit 33886e7
Show file tree
Hide file tree
Showing 9 changed files with 67 additions and 30 deletions.
4 changes: 2 additions & 2 deletions clients/client-ecr/src/commands/CreateRepositoryCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ export interface CreateRepositoryCommandOutput extends CreateRepositoryResponse,
* scanOnPush: true || false,
* },
* encryptionConfiguration: { // EncryptionConfiguration
* encryptionType: "AES256" || "KMS", // required
* encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* kmsKey: "STRING_VALUE",
* },
* };
Expand All @@ -68,7 +68,7 @@ export interface CreateRepositoryCommandOutput extends CreateRepositoryResponse,
* // scanOnPush: true || false,
* // },
* // encryptionConfiguration: { // EncryptionConfiguration
* // encryptionType: "AES256" || "KMS", // required
* // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* // kmsKey: "STRING_VALUE",
* // },
* // },
Expand Down
4 changes: 2 additions & 2 deletions clients/client-ecr/src/commands/CreateRepositoryCreationTemplateCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ export interface CreateRepositoryCreationTemplateCommandOutput
* prefix: "STRING_VALUE", // required
* description: "STRING_VALUE",
* encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate
* encryptionType: "AES256" || "KMS", // required
* encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* kmsKey: "STRING_VALUE",
* },
* resourceTags: [ // TagList
Expand All @@ -73,7 +73,7 @@ export interface CreateRepositoryCreationTemplateCommandOutput
* // prefix: "STRING_VALUE",
* // description: "STRING_VALUE",
* // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate
* // encryptionType: "AES256" || "KMS", // required
* // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* // kmsKey: "STRING_VALUE",
* // },
* // resourceTags: [ // TagList
Expand Down
2 changes: 1 addition & 1 deletion clients/client-ecr/src/commands/DeleteRepositoryCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ export interface DeleteRepositoryCommandOutput extends DeleteRepositoryResponse,
* // scanOnPush: true || false,
* // },
* // encryptionConfiguration: { // EncryptionConfiguration
* // encryptionType: "AES256" || "KMS", // required
* // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* // kmsKey: "STRING_VALUE",
* // },
* // },
Expand Down
2 changes: 1 addition & 1 deletion clients/client-ecr/src/commands/DeleteRepositoryCreationTemplateCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ export interface DeleteRepositoryCreationTemplateCommandOutput
* // prefix: "STRING_VALUE",
* // description: "STRING_VALUE",
* // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate
* // encryptionType: "AES256" || "KMS", // required
* // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* // kmsKey: "STRING_VALUE",
* // },
* // resourceTags: [ // TagList
Expand Down
2 changes: 1 addition & 1 deletion clients/client-ecr/src/commands/DescribeRepositoriesCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ export interface DescribeRepositoriesCommandOutput extends DescribeRepositoriesR
* // scanOnPush: true || false,
* // },
* // encryptionConfiguration: { // EncryptionConfiguration
* // encryptionType: "AES256" || "KMS", // required
* // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* // kmsKey: "STRING_VALUE",
* // },
* // },
Expand Down
2 changes: 1 addition & 1 deletion clients/client-ecr/src/commands/DescribeRepositoryCreationTemplatesCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ export interface DescribeRepositoryCreationTemplatesCommandOutput
* // prefix: "STRING_VALUE",
* // description: "STRING_VALUE",
* // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate
* // encryptionType: "AES256" || "KMS", // required
* // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* // kmsKey: "STRING_VALUE",
* // },
* // resourceTags: [ // TagList
Expand Down
4 changes: 2 additions & 2 deletions clients/client-ecr/src/commands/UpdateRepositoryCreationTemplateCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ export interface UpdateRepositoryCreationTemplateCommandOutput
* prefix: "STRING_VALUE", // required
* description: "STRING_VALUE",
* encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate
* encryptionType: "AES256" || "KMS", // required
* encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* kmsKey: "STRING_VALUE",
* },
* resourceTags: [ // TagList
Expand All @@ -69,7 +69,7 @@ export interface UpdateRepositoryCreationTemplateCommandOutput
* // prefix: "STRING_VALUE",
* // description: "STRING_VALUE",
* // encryptionConfiguration: { // EncryptionConfigurationForRepositoryCreationTemplate
* // encryptionType: "AES256" || "KMS", // required
* // encryptionType: "AES256" || "KMS" || "KMS_DSSE", // required
* // kmsKey: "STRING_VALUE",
* // },
* // resourceTags: [ // TagList
Expand Down
29 changes: 16 additions & 13 deletions clients/client-ecr/src/models/models_0.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1035,6 +1035,7 @@ export class UnsupportedUpstreamRegistryException extends __BaseException {
export const EncryptionType = {
AES256: "AES256",
KMS: "KMS",
KMS_DSSE: "KMS_DSSE",
} as const;

/**
Expand All @@ -1061,10 +1062,12 @@ export interface EncryptionConfiguration {
* <p>If you use the <code>KMS</code> encryption type, the contents of the repository will
* be encrypted using server-side encryption with Key Management Service key stored in KMS. When you
* use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key
* for Amazon ECR, or specify your own KMS key, which you already created. For more
* information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html">Protecting data using server-side
* encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the
* <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>
* for Amazon ECR, or specify your own KMS key, which you already created.</p>
* <p>If you use the <code>KMS_DSSE</code> encryption type, the contents of the repository
* will be encrypted with two layers of encryption using server-side encryption with the
* KMS Management Service key stored in KMS. Similar to the KMS encryption type, you
* can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS
* key, which you've already created. </p>
* <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption
* with Amazon S3-managed encryption keys which encrypts the images in the repository using an
* AES256 encryption algorithm. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html">Protecting data using
Expand Down Expand Up @@ -1445,9 +1448,9 @@ export interface CreateRepositoryCreationTemplateRequest {

/**
* <p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as
* the registry that you are configuring. Amazon ECR will assume your supplied role when
* the customRoleArn is specified. When this field isn't specified, Amazon ECR will
* use the service-linked role for the repository creation template.</p>
* the registry that you are configuring. Amazon ECR will assume your supplied role when the
* customRoleArn is specified. When this field isn't specified, Amazon ECR will use the
* service-linked role for the repository creation template.</p>
* @public
*/
customRoleArn?: string;
Expand Down Expand Up @@ -1517,9 +1520,9 @@ export interface RepositoryCreationTemplate {
appliedFor?: RCTAppliedFor[];

/**
* <p>The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when
* the customRoleArn is specified. When this field isn't specified, Amazon ECR will
* use the service-linked role for the repository creation template.</p>
* <p>The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role
* when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the
* service-linked role for the repository creation template.</p>
* @public
*/
customRoleArn?: string;
Expand Down Expand Up @@ -4892,9 +4895,9 @@ export interface UpdateRepositoryCreationTemplateRequest {

/**
* <p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as
* the registry that you are configuring. Amazon ECR will assume your supplied role when
* the customRoleArn is specified. When this field isn't specified, Amazon ECR will
* use the service-linked role for the repository creation template.</p>
* the registry that you are configuring. Amazon ECR will assume your supplied role when the
* customRoleArn is specified. When this field isn't specified, Amazon ECR will use the
* service-linked role for the repository creation template.</p>
* @public
*/
customRoleArn?: string;
Expand Down
48 changes: 41 additions & 7 deletions codegen/sdk-codegen/aws-models/ecr.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@
},
"aws.protocols#awsJson1_1": {},
"smithy.api#documentation": "<fullname>Amazon Elastic Container Registry</fullname>\n <p>Amazon Elastic Container Registry (Amazon ECR) is a managed container image registry service. Customers can use the\n familiar Docker CLI, or their preferred client, to push, pull, and manage images. Amazon ECR\n provides a secure, scalable, and reliable registry for your Docker or Open Container\n Initiative (OCI) images. Amazon ECR supports private repositories with resource-based\n permissions using IAM so that specific users or Amazon EC2 instances can access\n repositories and images.</p>\n <p>Amazon ECR has service endpoints in each supported Region. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/ecr.html\">Amazon ECR endpoints</a> in the\n <i>Amazon Web Services General Reference</i>.</p>",
"smithy.api#title": "Amazon EC2 Container Registry",
"smithy.api#title": "Amazon Elastic Container Registry",
"smithy.api#xmlNamespace": {
"uri": "http://ecr.amazonaws.com/doc/2015-09-21/"
},
Expand Down Expand Up @@ -2142,7 +2142,7 @@
"customRoleArn": {
"target": "com.amazonaws.ecr#CustomRoleArn",
"traits": {
"smithy.api#documentation": "<p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when\n the customRoleArn is specified. When this field isn't specified, Amazon ECR will\n use the service-linked role for the repository creation template.</p>"
"smithy.api#documentation": "<p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when the\n customRoleArn is specified. When this field isn't specified, Amazon ECR will use the\n service-linked role for the repository creation template.</p>"
}
}
},
Expand Down Expand Up @@ -3329,7 +3329,20 @@
"outputToken": "nextToken",
"items": "repositories",
"pageSize": "maxResults"
}
},
"smithy.test#smokeTests": [
{
"id": "DescribeRepositoriesSuccess",
"params": {},
"vendorParams": {
"region": "us-west-2"
},
"vendorParamsShape": "aws.test#AwsVendorParams",
"expect": {
"success": {}
}
}
]
}
},
"com.amazonaws.ecr#DescribeRepositoriesRequest": {
Expand Down Expand Up @@ -3486,7 +3499,7 @@
"encryptionType": {
"target": "com.amazonaws.ecr#EncryptionType",
"traits": {
"smithy.api#documentation": "<p>The encryption type to use.</p>\n <p>If you use the <code>KMS</code> encryption type, the contents of the repository will\n be encrypted using server-side encryption with Key Management Service key stored in KMS. When you\n use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key\n for Amazon ECR, or specify your own KMS key, which you already created. For more\n information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html\">Protecting data using server-side\n encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the\n <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>\n <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption\n with Amazon S3-managed encryption keys which encrypts the images in the repository using an\n AES256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using\n server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the\n <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>",
"smithy.api#documentation": "<p>The encryption type to use.</p>\n <p>If you use the <code>KMS</code> encryption type, the contents of the repository will\n be encrypted using server-side encryption with Key Management Service key stored in KMS. When you\n use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key\n for Amazon ECR, or specify your own KMS key, which you already created.</p>\n <p>If you use the <code>KMS_DSSE</code> encryption type, the contents of the repository\n will be encrypted with two layers of encryption using server-side encryption with the\n KMS Management Service key stored in KMS. Similar to the KMS encryption type, you\n can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS\n key, which you've already created. </p>\n <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption\n with Amazon S3-managed encryption keys which encrypts the images in the repository using an\n AES256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using\n server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the\n <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>",
"smithy.api#required": {}
}
},
Expand Down Expand Up @@ -3536,6 +3549,12 @@
"traits": {
"smithy.api#enumValue": "KMS"
}
},
"KMS_DSSE": {
"target": "smithy.api#Unit",
"traits": {
"smithy.api#enumValue": "KMS_DSSE"
}
}
}
},
Expand Down Expand Up @@ -5550,7 +5569,22 @@
"outputToken": "nextToken",
"items": "imageIds",
"pageSize": "maxResults"
}
},
"smithy.test#smokeTests": [
{
"id": "ListImagesFailure",
"params": {
"repositoryName": "not-a-real-repository"
},
"vendorParams": {
"region": "us-west-2"
},
"vendorParamsShape": "aws.test#AwsVendorParams",
"expect": {
"failure": {}
}
}
]
}
},
"com.amazonaws.ecr#ListImagesFilter": {
Expand Down Expand Up @@ -6910,7 +6944,7 @@
"customRoleArn": {
"target": "com.amazonaws.ecr#CustomRoleArn",
"traits": {
"smithy.api#documentation": "<p>The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role when\n the customRoleArn is specified. When this field isn't specified, Amazon ECR will\n use the service-linked role for the repository creation template.</p>"
"smithy.api#documentation": "<p>The ARN of the role to be assumed by Amazon ECR. Amazon ECR will assume your supplied role\n when the customRoleArn is specified. When this field isn't specified, Amazon ECR will use the\n service-linked role for the repository creation template.</p>"
}
},
"createdAt": {
Expand Down Expand Up @@ -8223,7 +8257,7 @@
"customRoleArn": {
"target": "com.amazonaws.ecr#CustomRoleArn",
"traits": {
"smithy.api#documentation": "<p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when\n the customRoleArn is specified. When this field isn't specified, Amazon ECR will\n use the service-linked role for the repository creation template.</p>"
"smithy.api#documentation": "<p>The ARN of the role to be assumed by Amazon ECR. This role must be in the same account as\n the registry that you are configuring. Amazon ECR will assume your supplied role when the\n customRoleArn is specified. When this field isn't specified, Amazon ECR will use the\n service-linked role for the repository creation template.</p>"
}
}
},
Expand Down

0 comments on commit 33886e7

Please sign in to comment.