feat(client-signer): AWS Signer is launching Container Image Signing,…

… a new feature that enables you to sign and verify container images. This feature enables you to validate that only container images you approve are used in your enterprise.
aws · Jun 6, 2023 · 6647d54 · 6647d54
1 parent b61d062
commit 6647d54
Show file tree

Hide file tree

Showing 19 changed files with 1,653 additions and 1,487 deletions.
diff --git a/clients/client-signer/README.md b/clients/client-signer/README.md
@@ -9,20 +9,18 @@ AWS SDK for JavaScript Signer Client for Node.js, Browser and React Native.
 <p>AWS Signer is a fully managed code signing service to help you ensure the trust and
 integrity of your code. </p>
 <p>AWS Signer supports the following applications:</p>
-
-<p>With <i>code signing for AWS Lambda</i>, you can sign AWS Lambda
-deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch,
-and AWS CloudTrail. In order to sign code, you create a signing profile and then use
-Signer to sign Lambda zip files in S3. </p>
-
-<p>With <i>code signing for IoT</i>, you can sign code for any IoT device that is
-supported by AWS. IoT code signing is available for <a href="http://docs.aws.amazon.com/freertos/latest/userguide/">Amazon FreeRTOS</a> and <a href="http://docs.aws.amazon.com/iot/latest/developerguide/">AWS IoT Device Management</a>, and is
-integrated with <a href="http://docs.aws.amazon.com/acm/latest/userguide/">AWS Certificate Manager (ACM)</a>. In order to sign
-code, you import a third-party code signing certificate using ACM, and use that to
-sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p>
-<p>For more information about AWS Signer, see the <a href="http://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html">AWS Signer Developer Guide</a>.</p>
-
-<p></p>
+<p>With code signing for AWS Lambda, you can sign <a href="http://docs.aws.amazon.com/lambda/latest/dg/">AWS
+Lambda</a> deployment packages. Integrated support is provided for <a href="http://docs.aws.amazon.com/AmazonS3/latest/gsg/">Amazon S3</a>, <a href="http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/">Amazon
+CloudWatch</a>, and <a href="http://docs.aws.amazon.com/awscloudtrail/latest/userguide/">AWS CloudTrail</a>. In order
+to sign code, you create a signing profile and then use Signer to sign Lambda zip files
+in S3. </p>
+<p>With code signing for IoT, you can sign code for any IoT device that is supported by AWS.
+IoT code signing is available for <a href="http://docs.aws.amazon.com/freertos/latest/userguide/">Amazon FreeRTOS</a> and <a href="http://docs.aws.amazon.com/iot/latest/developerguide/">AWS IoT Device Management</a>, and is integrated with <a href="http://docs.aws.amazon.com/acm/latest/userguide/">AWS Certificate Manager (ACM)</a>. In order to sign code, you import a third-party code signing
+certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p>
+<p>With code signing for
+containers …(TBD)</p>
+<p>For more information about AWS Signer, see the <a href="https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html">AWS Signer Developer
+Guide</a>.</p>
 
 ## Installing
 
@@ -242,6 +240,14 @@ DescribeSigningJob
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/describesigningjobcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/describesigningjobcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/describesigningjobcommandoutput.html)
 
+</details>
+<details>
+<summary>
+GetRevocationStatus
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/getrevocationstatuscommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/getrevocationstatuscommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/getrevocationstatuscommandoutput.html)
+
 </details>
 <details>
 <summary>
@@ -330,6 +336,14 @@ RevokeSigningProfile
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/revokesigningprofilecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/revokesigningprofilecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/revokesigningprofilecommandoutput.html)
 
+</details>
+<details>
+<summary>
+SignPayload
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/signpayloadcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/signpayloadcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/signpayloadcommandoutput.html)
+
 </details>
 <details>
 <summary>

diff --git a/clients/client-signer/src/Signer.ts b/clients/client-signer/src/Signer.ts
@@ -17,6 +17,11 @@ import {
   DescribeSigningJobCommandInput,
   DescribeSigningJobCommandOutput,
 } from "./commands/DescribeSigningJobCommand";
+import {
+  GetRevocationStatusCommand,
+  GetRevocationStatusCommandInput,
+  GetRevocationStatusCommandOutput,
+} from "./commands/GetRevocationStatusCommand";
 import {
   GetSigningPlatformCommand,
   GetSigningPlatformCommandInput,
@@ -72,6 +77,7 @@ import {
   RevokeSigningProfileCommandInput,
   RevokeSigningProfileCommandOutput,
 } from "./commands/RevokeSigningProfileCommand";
+import { SignPayloadCommand, SignPayloadCommandInput, SignPayloadCommandOutput } from "./commands/SignPayloadCommand";
 import {
   StartSigningJobCommand,
   StartSigningJobCommandInput,
@@ -89,6 +95,7 @@ const commands = {
   AddProfilePermissionCommand,
   CancelSigningProfileCommand,
   DescribeSigningJobCommand,
+  GetRevocationStatusCommand,
   GetSigningPlatformCommand,
   GetSigningProfileCommand,
   ListProfilePermissionsCommand,
@@ -100,6 +107,7 @@ const commands = {
   RemoveProfilePermissionCommand,
   RevokeSignatureCommand,
   RevokeSigningProfileCommand,
+  SignPayloadCommand,
   StartSigningJobCommand,
   TagResourceCommand,
   UntagResourceCommand,
@@ -157,6 +165,23 @@ export interface Signer {
     cb: (err: any, data?: DescribeSigningJobCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link GetRevocationStatusCommand}
+   */
+  getRevocationStatus(
+    args: GetRevocationStatusCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetRevocationStatusCommandOutput>;
+  getRevocationStatus(
+    args: GetRevocationStatusCommandInput,
+    cb: (err: any, data?: GetRevocationStatusCommandOutput) => void
+  ): void;
+  getRevocationStatus(
+    args: GetRevocationStatusCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetRevocationStatusCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link GetSigningPlatformCommand}
    */
@@ -338,6 +363,17 @@ export interface Signer {
     cb: (err: any, data?: RevokeSigningProfileCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link SignPayloadCommand}
+   */
+  signPayload(args: SignPayloadCommandInput, options?: __HttpHandlerOptions): Promise<SignPayloadCommandOutput>;
+  signPayload(args: SignPayloadCommandInput, cb: (err: any, data?: SignPayloadCommandOutput) => void): void;
+  signPayload(
+    args: SignPayloadCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: SignPayloadCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link StartSigningJobCommand}
    */
@@ -380,20 +416,18 @@ export interface Signer {
  * <p>AWS Signer is a fully managed code signing service to help you ensure the trust and
  * 			integrity of your code. </p>
  * 		       <p>AWS Signer supports the following applications:</p>
- *
- * 		       <p>With <i>code signing for AWS Lambda</i>, you can sign AWS Lambda
- * 			deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch,
- * 			and AWS CloudTrail. In order to sign code, you create a signing profile and then use
- * 			Signer to sign Lambda zip files in S3. </p>
- *
- * 		       <p>With <i>code signing for IoT</i>, you can sign code for any IoT device that is
- * 			supported by AWS. IoT code signing is available for <a href="http://docs.aws.amazon.com/freertos/latest/userguide/">Amazon FreeRTOS</a> and <a href="http://docs.aws.amazon.com/iot/latest/developerguide/">AWS IoT Device Management</a>, and is
- * 			integrated with <a href="http://docs.aws.amazon.com/acm/latest/userguide/">AWS Certificate Manager (ACM)</a>. In order to sign
- * 			code, you import a third-party code signing certificate using ACM, and use that to
- * 			sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p>
- * 		       <p>For more information about AWS Signer, see the <a href="http://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html">AWS Signer Developer Guide</a>.</p>
- *
- * 		       <p></p>
+ * 		       <p>With code signing for AWS Lambda, you can sign <a href="http://docs.aws.amazon.com/lambda/latest/dg/">AWS
+ * 				Lambda</a> deployment packages. Integrated support is provided for <a href="http://docs.aws.amazon.com/AmazonS3/latest/gsg/">Amazon S3</a>, <a href="http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/">Amazon
+ * 				CloudWatch</a>, and <a href="http://docs.aws.amazon.com/awscloudtrail/latest/userguide/">AWS CloudTrail</a>. In order
+ * 			to sign code, you create a signing profile and then use Signer to sign Lambda zip files
+ * 			in S3. </p>
+ * 		       <p>With code signing for IoT, you can sign code for any IoT device that is supported by AWS.
+ * 			IoT code signing is available for <a href="http://docs.aws.amazon.com/freertos/latest/userguide/">Amazon FreeRTOS</a> and <a href="http://docs.aws.amazon.com/iot/latest/developerguide/">AWS IoT Device Management</a>, and is integrated with <a href="http://docs.aws.amazon.com/acm/latest/userguide/">AWS Certificate Manager (ACM)</a>. In order to sign code, you import a third-party code signing
+ * 			certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p>
+ * 		       <p>With code signing for
+ * 			containers …(TBD)</p>
+ * 		       <p>For more information about AWS Signer, see the <a href="https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html">AWS Signer Developer
+ * 			Guide</a>.</p>
  */
 export class Signer extends SignerClient implements Signer {}
 createAggregatedClient(commands, Signer);
diff --git a/clients/client-signer/src/SignerClient.ts b/clients/client-signer/src/SignerClient.ts
@@ -60,6 +60,10 @@ import {
   CancelSigningProfileCommandOutput,
 } from "./commands/CancelSigningProfileCommand";
 import { DescribeSigningJobCommandInput, DescribeSigningJobCommandOutput } from "./commands/DescribeSigningJobCommand";
+import {
+  GetRevocationStatusCommandInput,
+  GetRevocationStatusCommandOutput,
+} from "./commands/GetRevocationStatusCommand";
 import { GetSigningPlatformCommandInput, GetSigningPlatformCommandOutput } from "./commands/GetSigningPlatformCommand";
 import { GetSigningProfileCommandInput, GetSigningProfileCommandOutput } from "./commands/GetSigningProfileCommand";
 import {
@@ -89,6 +93,7 @@ import {
   RevokeSigningProfileCommandInput,
   RevokeSigningProfileCommandOutput,
 } from "./commands/RevokeSigningProfileCommand";
+import { SignPayloadCommandInput, SignPayloadCommandOutput } from "./commands/SignPayloadCommand";
 import { StartSigningJobCommandInput, StartSigningJobCommandOutput } from "./commands/StartSigningJobCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
@@ -109,6 +114,7 @@ export type ServiceInputTypes =
   | AddProfilePermissionCommandInput
   | CancelSigningProfileCommandInput
   | DescribeSigningJobCommandInput
+  | GetRevocationStatusCommandInput
   | GetSigningPlatformCommandInput
   | GetSigningProfileCommandInput
   | ListProfilePermissionsCommandInput
@@ -120,6 +126,7 @@ export type ServiceInputTypes =
   | RemoveProfilePermissionCommandInput
   | RevokeSignatureCommandInput
   | RevokeSigningProfileCommandInput
+  | SignPayloadCommandInput
   | StartSigningJobCommandInput
   | TagResourceCommandInput
   | UntagResourceCommandInput;
@@ -131,6 +138,7 @@ export type ServiceOutputTypes =
   | AddProfilePermissionCommandOutput
   | CancelSigningProfileCommandOutput
   | DescribeSigningJobCommandOutput
+  | GetRevocationStatusCommandOutput
   | GetSigningPlatformCommandOutput
   | GetSigningProfileCommandOutput
   | ListProfilePermissionsCommandOutput
@@ -142,6 +150,7 @@ export type ServiceOutputTypes =
   | RemoveProfilePermissionCommandOutput
   | RevokeSignatureCommandOutput
   | RevokeSigningProfileCommandOutput
+  | SignPayloadCommandOutput
   | StartSigningJobCommandOutput
   | TagResourceCommandOutput
   | UntagResourceCommandOutput;
@@ -313,20 +322,18 @@ export interface SignerClientResolvedConfig extends SignerClientResolvedConfigTy
  * <p>AWS Signer is a fully managed code signing service to help you ensure the trust and
  * 			integrity of your code. </p>
  * 		       <p>AWS Signer supports the following applications:</p>
- *
- * 		       <p>With <i>code signing for AWS Lambda</i>, you can sign AWS Lambda
- * 			deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch,
- * 			and AWS CloudTrail. In order to sign code, you create a signing profile and then use
- * 			Signer to sign Lambda zip files in S3. </p>
- *
- * 		       <p>With <i>code signing for IoT</i>, you can sign code for any IoT device that is
- * 			supported by AWS. IoT code signing is available for <a href="http://docs.aws.amazon.com/freertos/latest/userguide/">Amazon FreeRTOS</a> and <a href="http://docs.aws.amazon.com/iot/latest/developerguide/">AWS IoT Device Management</a>, and is
- * 			integrated with <a href="http://docs.aws.amazon.com/acm/latest/userguide/">AWS Certificate Manager (ACM)</a>. In order to sign
- * 			code, you import a third-party code signing certificate using ACM, and use that to
- * 			sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p>
- * 		       <p>For more information about AWS Signer, see the <a href="http://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html">AWS Signer Developer Guide</a>.</p>
- *
- * 		       <p></p>
+ * 		       <p>With code signing for AWS Lambda, you can sign <a href="http://docs.aws.amazon.com/lambda/latest/dg/">AWS
+ * 				Lambda</a> deployment packages. Integrated support is provided for <a href="http://docs.aws.amazon.com/AmazonS3/latest/gsg/">Amazon S3</a>, <a href="http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/">Amazon
+ * 				CloudWatch</a>, and <a href="http://docs.aws.amazon.com/awscloudtrail/latest/userguide/">AWS CloudTrail</a>. In order
+ * 			to sign code, you create a signing profile and then use Signer to sign Lambda zip files
+ * 			in S3. </p>
+ * 		       <p>With code signing for IoT, you can sign code for any IoT device that is supported by AWS.
+ * 			IoT code signing is available for <a href="http://docs.aws.amazon.com/freertos/latest/userguide/">Amazon FreeRTOS</a> and <a href="http://docs.aws.amazon.com/iot/latest/developerguide/">AWS IoT Device Management</a>, and is integrated with <a href="http://docs.aws.amazon.com/acm/latest/userguide/">AWS Certificate Manager (ACM)</a>. In order to sign code, you import a third-party code signing
+ * 			certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management. </p>
+ * 		       <p>With code signing for
+ * 			containers …(TBD)</p>
+ * 		       <p>For more information about AWS Signer, see the <a href="https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html">AWS Signer Developer
+ * 			Guide</a>.</p>
  */
 export class SignerClient extends __Client<
   __HttpHandlerOptions,

diff --git a/clients/client-signer/src/commands/DescribeSigningJobCommand.ts b/clients/client-signer/src/commands/DescribeSigningJobCommand.ts
@@ -36,8 +36,8 @@ export interface DescribeSigningJobCommandOutput extends DescribeSigningJobRespo
 
 /**
  * @public
- * <p>Returns information about a specific code signing job. You specify the job by using
- * 			the <code>jobId</code> value that is returned by the <a>StartSigningJob</a>
+ * <p>Returns information about a specific code signing job. You specify the job by using the
+ * 				<code>jobId</code> value that is returned by the <a>StartSigningJob</a>
  * 			operation. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
@@ -68,10 +68,10 @@ export interface DescribeSigningJobCommandOutput extends DescribeSigningJobRespo
  * //   profileVersion: "STRING_VALUE",
  * //   overrides: { // SigningPlatformOverrides
  * //     signingConfiguration: { // SigningConfigurationOverrides
- * //       encryptionAlgorithm: "STRING_VALUE",
- * //       hashAlgorithm: "STRING_VALUE",
+ * //       encryptionAlgorithm: "RSA" || "ECDSA",
+ * //       hashAlgorithm: "SHA1" || "SHA256",
  * //     },
- * //     signingImageFormat: "STRING_VALUE",
+ * //     signingImageFormat: "JSON" || "JSONEmbedded" || "JSONDetached",
  * //   },
  * //   signingParameters: { // SigningParameters
  * //     "<keys>": "STRING_VALUE",
@@ -80,7 +80,7 @@ export interface DescribeSigningJobCommandOutput extends DescribeSigningJobRespo
  * //   completedAt: new Date("TIMESTAMP"),
  * //   signatureExpiresAt: new Date("TIMESTAMP"),
  * //   requestedBy: "STRING_VALUE",
- * //   status: "STRING_VALUE",
+ * //   status: "InProgress" || "Failed" || "Succeeded",
  * //   statusReason: "STRING_VALUE",
  * //   revocationRecord: { // SigningJobRevocationRecord
  * //     reason: "STRING_VALUE",