From 6647d54268d3ab2b3ba3d3152c2232f023473c8c Mon Sep 17 00:00:00 2001 From: awstools Date: Tue, 6 Jun 2023 18:14:55 +0000 Subject: [PATCH] feat(client-signer): AWS Signer is launching Container Image Signing, a new feature that enables you to sign and verify container images. This feature enables you to validate that only container images you approve are used in your enterprise. --- clients/client-signer/README.md | 42 +- clients/client-signer/src/Signer.ts | 62 +- clients/client-signer/src/SignerClient.ts | 35 +- .../src/commands/DescribeSigningJobCommand.ts | 12 +- .../commands/GetRevocationStatusCommand.ts | 165 ++ .../src/commands/GetSigningPlatformCommand.ts | 14 +- .../src/commands/GetSigningProfileCommand.ts | 10 +- .../src/commands/ListSigningJobsCommand.ts | 4 +- .../commands/ListSigningPlatformsCommand.ts | 14 +- .../commands/ListSigningProfilesCommand.ts | 6 +- .../src/commands/PutSigningProfileCommand.ts | 12 +- .../src/commands/SignPayloadCommand.ts | 165 ++ .../src/commands/StartSigningJobCommand.ts | 7 +- clients/client-signer/src/commands/index.ts | 2 + clients/client-signer/src/endpoint/ruleset.ts | 35 +- clients/client-signer/src/index.ts | 26 +- clients/client-signer/src/models/models_0.ts | 183 +- .../src/protocols/Aws_restJson1.ts | 209 +- codegen/sdk-codegen/aws-models/signer.json | 2137 ++++++----------- 19 files changed, 1653 insertions(+), 1487 deletions(-) create mode 100644 clients/client-signer/src/commands/GetRevocationStatusCommand.ts create mode 100644 clients/client-signer/src/commands/SignPayloadCommand.ts diff --git a/clients/client-signer/README.md b/clients/client-signer/README.md index 6f7c5739c40c..993c9d4174f3 100644 --- a/clients/client-signer/README.md +++ b/clients/client-signer/README.md @@ -9,20 +9,18 @@ AWS SDK for JavaScript Signer Client for Node.js, Browser and React Native.

AWS Signer is a fully managed code signing service to help you ensure the trust and integrity of your code.

AWS Signer supports the following applications:

- -

With code signing for AWS Lambda, you can sign AWS Lambda -deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch, -and AWS CloudTrail. In order to sign code, you create a signing profile and then use -Signer to sign Lambda zip files in S3.

- -

With code signing for IoT, you can sign code for any IoT device that is -supported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is -integrated with AWS Certificate Manager (ACM). In order to sign -code, you import a third-party code signing certificate using ACM, and use that to -sign updates in Amazon FreeRTOS and AWS IoT Device Management.

-

For more information about AWS Signer, see the AWS Signer Developer Guide.

- -

+

With code signing for AWS Lambda, you can sign AWS +Lambda deployment packages. Integrated support is provided for Amazon S3, Amazon +CloudWatch, and AWS CloudTrail. In order +to sign code, you create a signing profile and then use Signer to sign Lambda zip files +in S3.

+

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. +IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code signing +certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

+

With code signing for +containers …(TBD)

+

For more information about AWS Signer, see the AWS Signer Developer +Guide.

## Installing @@ -242,6 +240,14 @@ DescribeSigningJob [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/describesigningjobcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/describesigningjobcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/describesigningjobcommandoutput.html) + +
+ +GetRevocationStatus + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/getrevocationstatuscommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/getrevocationstatuscommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/getrevocationstatuscommandoutput.html) +
@@ -330,6 +336,14 @@ RevokeSigningProfile [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/revokesigningprofilecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/revokesigningprofilecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/revokesigningprofilecommandoutput.html) +
+
+ +SignPayload + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/classes/signpayloadcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/signpayloadcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-signer/interfaces/signpayloadcommandoutput.html) +
diff --git a/clients/client-signer/src/Signer.ts b/clients/client-signer/src/Signer.ts index df01a2116116..36643d17fab3 100644 --- a/clients/client-signer/src/Signer.ts +++ b/clients/client-signer/src/Signer.ts @@ -17,6 +17,11 @@ import { DescribeSigningJobCommandInput, DescribeSigningJobCommandOutput, } from "./commands/DescribeSigningJobCommand"; +import { + GetRevocationStatusCommand, + GetRevocationStatusCommandInput, + GetRevocationStatusCommandOutput, +} from "./commands/GetRevocationStatusCommand"; import { GetSigningPlatformCommand, GetSigningPlatformCommandInput, @@ -72,6 +77,7 @@ import { RevokeSigningProfileCommandInput, RevokeSigningProfileCommandOutput, } from "./commands/RevokeSigningProfileCommand"; +import { SignPayloadCommand, SignPayloadCommandInput, SignPayloadCommandOutput } from "./commands/SignPayloadCommand"; import { StartSigningJobCommand, StartSigningJobCommandInput, @@ -89,6 +95,7 @@ const commands = { AddProfilePermissionCommand, CancelSigningProfileCommand, DescribeSigningJobCommand, + GetRevocationStatusCommand, GetSigningPlatformCommand, GetSigningProfileCommand, ListProfilePermissionsCommand, @@ -100,6 +107,7 @@ const commands = { RemoveProfilePermissionCommand, RevokeSignatureCommand, RevokeSigningProfileCommand, + SignPayloadCommand, StartSigningJobCommand, TagResourceCommand, UntagResourceCommand, @@ -157,6 +165,23 @@ export interface Signer { cb: (err: any, data?: DescribeSigningJobCommandOutput) => void ): void; + /** + * @see {@link GetRevocationStatusCommand} + */ + getRevocationStatus( + args: GetRevocationStatusCommandInput, + options?: __HttpHandlerOptions + ): Promise; + getRevocationStatus( + args: GetRevocationStatusCommandInput, + cb: (err: any, data?: GetRevocationStatusCommandOutput) => void + ): void; + getRevocationStatus( + args: GetRevocationStatusCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: GetRevocationStatusCommandOutput) => void + ): void; + /** * @see {@link GetSigningPlatformCommand} */ @@ -338,6 +363,17 @@ export interface Signer { cb: (err: any, data?: RevokeSigningProfileCommandOutput) => void ): void; + /** + * @see {@link SignPayloadCommand} + */ + signPayload(args: SignPayloadCommandInput, options?: __HttpHandlerOptions): Promise; + signPayload(args: SignPayloadCommandInput, cb: (err: any, data?: SignPayloadCommandOutput) => void): void; + signPayload( + args: SignPayloadCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: SignPayloadCommandOutput) => void + ): void; + /** * @see {@link StartSigningJobCommand} */ @@ -380,20 +416,18 @@ export interface Signer { *

AWS Signer is a fully managed code signing service to help you ensure the trust and * integrity of your code.

*

AWS Signer supports the following applications:

- * - *

With code signing for AWS Lambda, you can sign AWS Lambda - * deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch, - * and AWS CloudTrail. In order to sign code, you create a signing profile and then use - * Signer to sign Lambda zip files in S3.

- * - *

With code signing for IoT, you can sign code for any IoT device that is - * supported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is - * integrated with AWS Certificate Manager (ACM). In order to sign - * code, you import a third-party code signing certificate using ACM, and use that to - * sign updates in Amazon FreeRTOS and AWS IoT Device Management.

- *

For more information about AWS Signer, see the AWS Signer Developer Guide.

- * - *

+ *

With code signing for AWS Lambda, you can sign AWS + * Lambda deployment packages. Integrated support is provided for Amazon S3, Amazon + * CloudWatch, and AWS CloudTrail. In order + * to sign code, you create a signing profile and then use Signer to sign Lambda zip files + * in S3.

+ *

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. + * IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code signing + * certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

+ *

With code signing for + * containers …(TBD)

+ *

For more information about AWS Signer, see the AWS Signer Developer + * Guide.

*/ export class Signer extends SignerClient implements Signer {} createAggregatedClient(commands, Signer); diff --git a/clients/client-signer/src/SignerClient.ts b/clients/client-signer/src/SignerClient.ts index 43fc6df004c5..693d12c2dc10 100644 --- a/clients/client-signer/src/SignerClient.ts +++ b/clients/client-signer/src/SignerClient.ts @@ -60,6 +60,10 @@ import { CancelSigningProfileCommandOutput, } from "./commands/CancelSigningProfileCommand"; import { DescribeSigningJobCommandInput, DescribeSigningJobCommandOutput } from "./commands/DescribeSigningJobCommand"; +import { + GetRevocationStatusCommandInput, + GetRevocationStatusCommandOutput, +} from "./commands/GetRevocationStatusCommand"; import { GetSigningPlatformCommandInput, GetSigningPlatformCommandOutput } from "./commands/GetSigningPlatformCommand"; import { GetSigningProfileCommandInput, GetSigningProfileCommandOutput } from "./commands/GetSigningProfileCommand"; import { @@ -89,6 +93,7 @@ import { RevokeSigningProfileCommandInput, RevokeSigningProfileCommandOutput, } from "./commands/RevokeSigningProfileCommand"; +import { SignPayloadCommandInput, SignPayloadCommandOutput } from "./commands/SignPayloadCommand"; import { StartSigningJobCommandInput, StartSigningJobCommandOutput } from "./commands/StartSigningJobCommand"; import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand"; import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand"; @@ -109,6 +114,7 @@ export type ServiceInputTypes = | AddProfilePermissionCommandInput | CancelSigningProfileCommandInput | DescribeSigningJobCommandInput + | GetRevocationStatusCommandInput | GetSigningPlatformCommandInput | GetSigningProfileCommandInput | ListProfilePermissionsCommandInput @@ -120,6 +126,7 @@ export type ServiceInputTypes = | RemoveProfilePermissionCommandInput | RevokeSignatureCommandInput | RevokeSigningProfileCommandInput + | SignPayloadCommandInput | StartSigningJobCommandInput | TagResourceCommandInput | UntagResourceCommandInput; @@ -131,6 +138,7 @@ export type ServiceOutputTypes = | AddProfilePermissionCommandOutput | CancelSigningProfileCommandOutput | DescribeSigningJobCommandOutput + | GetRevocationStatusCommandOutput | GetSigningPlatformCommandOutput | GetSigningProfileCommandOutput | ListProfilePermissionsCommandOutput @@ -142,6 +150,7 @@ export type ServiceOutputTypes = | RemoveProfilePermissionCommandOutput | RevokeSignatureCommandOutput | RevokeSigningProfileCommandOutput + | SignPayloadCommandOutput | StartSigningJobCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput; @@ -313,20 +322,18 @@ export interface SignerClientResolvedConfig extends SignerClientResolvedConfigTy *

AWS Signer is a fully managed code signing service to help you ensure the trust and * integrity of your code.

*

AWS Signer supports the following applications:

- * - *

With code signing for AWS Lambda, you can sign AWS Lambda - * deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch, - * and AWS CloudTrail. In order to sign code, you create a signing profile and then use - * Signer to sign Lambda zip files in S3.

- * - *

With code signing for IoT, you can sign code for any IoT device that is - * supported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is - * integrated with AWS Certificate Manager (ACM). In order to sign - * code, you import a third-party code signing certificate using ACM, and use that to - * sign updates in Amazon FreeRTOS and AWS IoT Device Management.

- *

For more information about AWS Signer, see the AWS Signer Developer Guide.

- * - *

+ *

With code signing for AWS Lambda, you can sign AWS + * Lambda deployment packages. Integrated support is provided for Amazon S3, Amazon + * CloudWatch, and AWS CloudTrail. In order + * to sign code, you create a signing profile and then use Signer to sign Lambda zip files + * in S3.

+ *

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. + * IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code signing + * certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

+ *

With code signing for + * containers …(TBD)

+ *

For more information about AWS Signer, see the AWS Signer Developer + * Guide.

*/ export class SignerClient extends __Client< __HttpHandlerOptions, diff --git a/clients/client-signer/src/commands/DescribeSigningJobCommand.ts b/clients/client-signer/src/commands/DescribeSigningJobCommand.ts index 08b4f5302071..638e1d7604ae 100644 --- a/clients/client-signer/src/commands/DescribeSigningJobCommand.ts +++ b/clients/client-signer/src/commands/DescribeSigningJobCommand.ts @@ -36,8 +36,8 @@ export interface DescribeSigningJobCommandOutput extends DescribeSigningJobRespo /** * @public - *

Returns information about a specific code signing job. You specify the job by using - * the jobId value that is returned by the StartSigningJob + *

Returns information about a specific code signing job. You specify the job by using the + * jobId value that is returned by the StartSigningJob * operation.

* @example * Use a bare-bones client and the command you need to make an API call. @@ -68,10 +68,10 @@ export interface DescribeSigningJobCommandOutput extends DescribeSigningJobRespo * // profileVersion: "STRING_VALUE", * // overrides: { // SigningPlatformOverrides * // signingConfiguration: { // SigningConfigurationOverrides - * // encryptionAlgorithm: "STRING_VALUE", - * // hashAlgorithm: "STRING_VALUE", + * // encryptionAlgorithm: "RSA" || "ECDSA", + * // hashAlgorithm: "SHA1" || "SHA256", * // }, - * // signingImageFormat: "STRING_VALUE", + * // signingImageFormat: "JSON" || "JSONEmbedded" || "JSONDetached", * // }, * // signingParameters: { // SigningParameters * // "": "STRING_VALUE", @@ -80,7 +80,7 @@ export interface DescribeSigningJobCommandOutput extends DescribeSigningJobRespo * // completedAt: new Date("TIMESTAMP"), * // signatureExpiresAt: new Date("TIMESTAMP"), * // requestedBy: "STRING_VALUE", - * // status: "STRING_VALUE", + * // status: "InProgress" || "Failed" || "Succeeded", * // statusReason: "STRING_VALUE", * // revocationRecord: { // SigningJobRevocationRecord * // reason: "STRING_VALUE", diff --git a/clients/client-signer/src/commands/GetRevocationStatusCommand.ts b/clients/client-signer/src/commands/GetRevocationStatusCommand.ts new file mode 100644 index 000000000000..851d6c4042c8 --- /dev/null +++ b/clients/client-signer/src/commands/GetRevocationStatusCommand.ts @@ -0,0 +1,165 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint"; +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, +} from "@aws-sdk/types"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { SerdeContext as __SerdeContext } from "@smithy/types"; + +import { GetRevocationStatusRequest, GetRevocationStatusResponse } from "../models/models_0"; +import { de_GetRevocationStatusCommand, se_GetRevocationStatusCommand } from "../protocols/Aws_restJson1"; +import { ServiceInputTypes, ServiceOutputTypes, SignerClientResolvedConfig } from "../SignerClient"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link GetRevocationStatusCommand}. + */ +export interface GetRevocationStatusCommandInput extends GetRevocationStatusRequest {} +/** + * @public + * + * The output of {@link GetRevocationStatusCommand}. + */ +export interface GetRevocationStatusCommandOutput extends GetRevocationStatusResponse, __MetadataBearer {} + +/** + * @public + *

Retrieves the + * revocation status of one or more of the signing profile, signing job, and signing + * certificate.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { SignerClient, GetRevocationStatusCommand } from "@aws-sdk/client-signer"; // ES Modules import + * // const { SignerClient, GetRevocationStatusCommand } = require("@aws-sdk/client-signer"); // CommonJS import + * const client = new SignerClient(config); + * const input = { // GetRevocationStatusRequest + * signatureTimestamp: new Date("TIMESTAMP"), // required + * platformId: "STRING_VALUE", // required + * profileVersionArn: "STRING_VALUE", // required + * jobArn: "STRING_VALUE", // required + * certificateHashes: [ // CertificateHashes // required + * "STRING_VALUE", + * ], + * }; + * const command = new GetRevocationStatusCommand(input); + * const response = await client.send(command); + * // { // GetRevocationStatusResponse + * // revokedEntities: [ // RevokedEntities + * // "STRING_VALUE", + * // ], + * // }; + * + * ``` + * + * @param GetRevocationStatusCommandInput - {@link GetRevocationStatusCommandInput} + * @returns {@link GetRevocationStatusCommandOutput} + * @see {@link GetRevocationStatusCommandInput} for command's `input` shape. + * @see {@link GetRevocationStatusCommandOutput} for command's `response` shape. + * @see {@link SignerClientResolvedConfig | config} for SignerClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *

You do not have sufficient access to perform this action.

+ * + * @throws {@link InternalServiceErrorException} (server fault) + *

An internal error occurred.

+ * + * @throws {@link TooManyRequestsException} (client fault) + *

The allowed number of job-signing requests has been exceeded.

+ *

This error supersedes the error ThrottlingException.

+ * + * @throws {@link ValidationException} (client fault) + *

You signing certificate could not be validated.

+ * + * @throws {@link SignerServiceException} + *

Base exception class for all service exceptions from Signer service.

+ * + */ +export class GetRevocationStatusCommand extends $Command< + GetRevocationStatusCommandInput, + GetRevocationStatusCommandOutput, + SignerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: GetRevocationStatusCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: SignerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use( + getEndpointPlugin(configuration, GetRevocationStatusCommand.getEndpointParameterInstructions()) + ); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "SignerClient"; + const commandName = "GetRevocationStatusCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: (_: any) => _, + outputFilterSensitiveLog: (_: any) => _, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: GetRevocationStatusCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_GetRevocationStatusCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_GetRevocationStatusCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-signer/src/commands/GetSigningPlatformCommand.ts b/clients/client-signer/src/commands/GetSigningPlatformCommand.ts index de0e6a4d717e..05e083e850f6 100644 --- a/clients/client-signer/src/commands/GetSigningPlatformCommand.ts +++ b/clients/client-signer/src/commands/GetSigningPlatformCommand.ts @@ -53,26 +53,26 @@ export interface GetSigningPlatformCommandOutput extends GetSigningPlatformRespo * // displayName: "STRING_VALUE", * // partner: "STRING_VALUE", * // target: "STRING_VALUE", - * // category: "STRING_VALUE", + * // category: "AWSIoT", * // signingConfiguration: { // SigningConfiguration * // encryptionAlgorithmOptions: { // EncryptionAlgorithmOptions * // allowedValues: [ // EncryptionAlgorithms // required - * // "STRING_VALUE", + * // "RSA" || "ECDSA", * // ], - * // defaultValue: "STRING_VALUE", // required + * // defaultValue: "RSA" || "ECDSA", // required * // }, * // hashAlgorithmOptions: { // HashAlgorithmOptions * // allowedValues: [ // HashAlgorithms // required - * // "STRING_VALUE", + * // "SHA1" || "SHA256", * // ], - * // defaultValue: "STRING_VALUE", // required + * // defaultValue: "SHA1" || "SHA256", // required * // }, * // }, * // signingImageFormat: { // SigningImageFormat * // supportedFormats: [ // ImageFormats // required - * // "STRING_VALUE", + * // "JSON" || "JSONEmbedded" || "JSONDetached", * // ], - * // defaultFormat: "STRING_VALUE", // required + * // defaultFormat: "JSON" || "JSONEmbedded" || "JSONDetached", // required * // }, * // maxSizeInMB: Number("int"), * // revocationSupported: true || false, diff --git a/clients/client-signer/src/commands/GetSigningProfileCommand.ts b/clients/client-signer/src/commands/GetSigningProfileCommand.ts index c016dad65ac4..a833a715fc9b 100644 --- a/clients/client-signer/src/commands/GetSigningProfileCommand.ts +++ b/clients/client-signer/src/commands/GetSigningProfileCommand.ts @@ -65,19 +65,19 @@ export interface GetSigningProfileCommandOutput extends GetSigningProfileRespons * // platformDisplayName: "STRING_VALUE", * // signatureValidityPeriod: { // SignatureValidityPeriod * // value: Number("int"), - * // type: "STRING_VALUE", + * // type: "DAYS" || "MONTHS" || "YEARS", * // }, * // overrides: { // SigningPlatformOverrides * // signingConfiguration: { // SigningConfigurationOverrides - * // encryptionAlgorithm: "STRING_VALUE", - * // hashAlgorithm: "STRING_VALUE", + * // encryptionAlgorithm: "RSA" || "ECDSA", + * // hashAlgorithm: "SHA1" || "SHA256", * // }, - * // signingImageFormat: "STRING_VALUE", + * // signingImageFormat: "JSON" || "JSONEmbedded" || "JSONDetached", * // }, * // signingParameters: { // SigningParameters * // "": "STRING_VALUE", * // }, - * // status: "STRING_VALUE", + * // status: "Active" || "Canceled" || "Revoked", * // statusReason: "STRING_VALUE", * // arn: "STRING_VALUE", * // tags: { // TagMap diff --git a/clients/client-signer/src/commands/ListSigningJobsCommand.ts b/clients/client-signer/src/commands/ListSigningJobsCommand.ts index 49de8714e21f..ce76d354acc5 100644 --- a/clients/client-signer/src/commands/ListSigningJobsCommand.ts +++ b/clients/client-signer/src/commands/ListSigningJobsCommand.ts @@ -50,7 +50,7 @@ export interface ListSigningJobsCommandOutput extends ListSigningJobsResponse, _ * // const { SignerClient, ListSigningJobsCommand } = require("@aws-sdk/client-signer"); // CommonJS import * const client = new SignerClient(config); * const input = { // ListSigningJobsRequest - * status: "STRING_VALUE", + * status: "InProgress" || "Failed" || "Succeeded", * platformId: "STRING_VALUE", * requestedBy: "STRING_VALUE", * maxResults: Number("int"), @@ -83,7 +83,7 @@ export interface ListSigningJobsCommandOutput extends ListSigningJobsResponse, _ * // certificateArn: "STRING_VALUE", // required * // }, * // createdAt: new Date("TIMESTAMP"), - * // status: "STRING_VALUE", + * // status: "InProgress" || "Failed" || "Succeeded", * // isRevoked: true || false, * // profileName: "STRING_VALUE", * // profileVersion: "STRING_VALUE", diff --git a/clients/client-signer/src/commands/ListSigningPlatformsCommand.ts b/clients/client-signer/src/commands/ListSigningPlatformsCommand.ts index 04d1ef23dd75..1625cc16f898 100644 --- a/clients/client-signer/src/commands/ListSigningPlatformsCommand.ts +++ b/clients/client-signer/src/commands/ListSigningPlatformsCommand.ts @@ -65,26 +65,26 @@ export interface ListSigningPlatformsCommandOutput extends ListSigningPlatformsR * // displayName: "STRING_VALUE", * // partner: "STRING_VALUE", * // target: "STRING_VALUE", - * // category: "STRING_VALUE", + * // category: "AWSIoT", * // signingConfiguration: { // SigningConfiguration * // encryptionAlgorithmOptions: { // EncryptionAlgorithmOptions * // allowedValues: [ // EncryptionAlgorithms // required - * // "STRING_VALUE", + * // "RSA" || "ECDSA", * // ], - * // defaultValue: "STRING_VALUE", // required + * // defaultValue: "RSA" || "ECDSA", // required * // }, * // hashAlgorithmOptions: { // HashAlgorithmOptions * // allowedValues: [ // HashAlgorithms // required - * // "STRING_VALUE", + * // "SHA1" || "SHA256", * // ], - * // defaultValue: "STRING_VALUE", // required + * // defaultValue: "SHA1" || "SHA256", // required * // }, * // }, * // signingImageFormat: { // SigningImageFormat * // supportedFormats: [ // ImageFormats // required - * // "STRING_VALUE", + * // "JSON" || "JSONEmbedded" || "JSONDetached", * // ], - * // defaultFormat: "STRING_VALUE", // required + * // defaultFormat: "JSON" || "JSONEmbedded" || "JSONDetached", // required * // }, * // maxSizeInMB: Number("int"), * // revocationSupported: true || false, diff --git a/clients/client-signer/src/commands/ListSigningProfilesCommand.ts b/clients/client-signer/src/commands/ListSigningProfilesCommand.ts index 6f390d4a53b0..13a974d3af19 100644 --- a/clients/client-signer/src/commands/ListSigningProfilesCommand.ts +++ b/clients/client-signer/src/commands/ListSigningProfilesCommand.ts @@ -56,7 +56,7 @@ export interface ListSigningProfilesCommandOutput extends ListSigningProfilesRes * nextToken: "STRING_VALUE", * platformId: "STRING_VALUE", * statuses: [ // Statuses - * "STRING_VALUE", + * "Active" || "Canceled" || "Revoked", * ], * }; * const command = new ListSigningProfilesCommand(input); @@ -72,14 +72,14 @@ export interface ListSigningProfilesCommandOutput extends ListSigningProfilesRes * // }, * // signatureValidityPeriod: { // SignatureValidityPeriod * // value: Number("int"), - * // type: "STRING_VALUE", + * // type: "DAYS" || "MONTHS" || "YEARS", * // }, * // platformId: "STRING_VALUE", * // platformDisplayName: "STRING_VALUE", * // signingParameters: { // SigningParameters * // "": "STRING_VALUE", * // }, - * // status: "STRING_VALUE", + * // status: "Active" || "Canceled" || "Revoked", * // arn: "STRING_VALUE", * // tags: { // TagMap * // "": "STRING_VALUE", diff --git a/clients/client-signer/src/commands/PutSigningProfileCommand.ts b/clients/client-signer/src/commands/PutSigningProfileCommand.ts index 1b1de8fe09cc..70422eadfaa9 100644 --- a/clients/client-signer/src/commands/PutSigningProfileCommand.ts +++ b/clients/client-signer/src/commands/PutSigningProfileCommand.ts @@ -37,8 +37,8 @@ export interface PutSigningProfileCommandOutput extends PutSigningProfileRespons /** * @public *

Creates a signing profile. A signing profile is a code signing template that can be used to - * carry out a pre-defined signing job. For more information, see http://docs.aws.amazon.com/signer/latest/developerguide/gs-profile.html - *

+ * carry out a pre-defined signing job. + *

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -52,15 +52,15 @@ export interface PutSigningProfileCommandOutput extends PutSigningProfileRespons * }, * signatureValidityPeriod: { // SignatureValidityPeriod * value: Number("int"), - * type: "STRING_VALUE", + * type: "DAYS" || "MONTHS" || "YEARS", * }, * platformId: "STRING_VALUE", // required * overrides: { // SigningPlatformOverrides * signingConfiguration: { // SigningConfigurationOverrides - * encryptionAlgorithm: "STRING_VALUE", - * hashAlgorithm: "STRING_VALUE", + * encryptionAlgorithm: "RSA" || "ECDSA", + * hashAlgorithm: "SHA1" || "SHA256", * }, - * signingImageFormat: "STRING_VALUE", + * signingImageFormat: "JSON" || "JSONEmbedded" || "JSONDetached", * }, * signingParameters: { // SigningParameters * "": "STRING_VALUE", diff --git a/clients/client-signer/src/commands/SignPayloadCommand.ts b/clients/client-signer/src/commands/SignPayloadCommand.ts new file mode 100644 index 000000000000..4b17c1c2a8ee --- /dev/null +++ b/clients/client-signer/src/commands/SignPayloadCommand.ts @@ -0,0 +1,165 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint"; +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, +} from "@aws-sdk/types"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { SerdeContext as __SerdeContext } from "@smithy/types"; + +import { SignPayloadRequest, SignPayloadResponse } from "../models/models_0"; +import { de_SignPayloadCommand, se_SignPayloadCommand } from "../protocols/Aws_restJson1"; +import { ServiceInputTypes, ServiceOutputTypes, SignerClientResolvedConfig } from "../SignerClient"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link SignPayloadCommand}. + */ +export interface SignPayloadCommandInput extends SignPayloadRequest {} +/** + * @public + * + * The output of {@link SignPayloadCommand}. + */ +export interface SignPayloadCommandOutput extends SignPayloadResponse, __MetadataBearer {} + +/** + * @public + *

Signs a binary + * payload and returns a signature envelope.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { SignerClient, SignPayloadCommand } from "@aws-sdk/client-signer"; // ES Modules import + * // const { SignerClient, SignPayloadCommand } = require("@aws-sdk/client-signer"); // CommonJS import + * const client = new SignerClient(config); + * const input = { // SignPayloadRequest + * profileName: "STRING_VALUE", // required + * profileOwner: "STRING_VALUE", + * payload: "BLOB_VALUE", // required + * payloadFormat: "STRING_VALUE", // required + * }; + * const command = new SignPayloadCommand(input); + * const response = await client.send(command); + * // { // SignPayloadResponse + * // jobId: "STRING_VALUE", + * // jobOwner: "STRING_VALUE", + * // metadata: { // Metadata + * // "": "STRING_VALUE", + * // }, + * // signature: "BLOB_VALUE", + * // }; + * + * ``` + * + * @param SignPayloadCommandInput - {@link SignPayloadCommandInput} + * @returns {@link SignPayloadCommandOutput} + * @see {@link SignPayloadCommandInput} for command's `input` shape. + * @see {@link SignPayloadCommandOutput} for command's `response` shape. + * @see {@link SignerClientResolvedConfig | config} for SignerClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *

You do not have sufficient access to perform this action.

+ * + * @throws {@link InternalServiceErrorException} (server fault) + *

An internal error occurred.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

A specified resource could not be found.

+ * + * @throws {@link TooManyRequestsException} (client fault) + *

The allowed number of job-signing requests has been exceeded.

+ *

This error supersedes the error ThrottlingException.

+ * + * @throws {@link ValidationException} (client fault) + *

You signing certificate could not be validated.

+ * + * @throws {@link SignerServiceException} + *

Base exception class for all service exceptions from Signer service.

+ * + */ +export class SignPayloadCommand extends $Command< + SignPayloadCommandInput, + SignPayloadCommandOutput, + SignerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: SignPayloadCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: SignerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getEndpointPlugin(configuration, SignPayloadCommand.getEndpointParameterInstructions())); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "SignerClient"; + const commandName = "SignPayloadCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: (_: any) => _, + outputFilterSensitiveLog: (_: any) => _, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: SignPayloadCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_SignPayloadCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_SignPayloadCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-signer/src/commands/StartSigningJobCommand.ts b/clients/client-signer/src/commands/StartSigningJobCommand.ts index 476e21c94d3c..5b1fb01aa6c9 100644 --- a/clients/client-signer/src/commands/StartSigningJobCommand.ts +++ b/clients/client-signer/src/commands/StartSigningJobCommand.ts @@ -41,7 +41,7 @@ export interface StartSigningJobCommandOutput extends StartSigningJobResponse, _ * performed. Note the following requirements:

*
    *
  • - *

    You must create an Amazon S3 source bucket. For more information, see Create a Bucket in the + *

    You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the * Amazon S3 Getting Started Guide.

    *
    • *
  • @@ -62,8 +62,7 @@ export interface StartSigningJobCommandOutput extends StartSigningJobResponse, _ *
*

You can call the DescribeSigningJob and the ListSigningJobs actions after you call * StartSigningJob.

- *

For a Java example that shows how to use this action, see http://docs.aws.amazon.com/acm/latest/userguide/ - *

+ *

For a Java example that shows how to use this action, see StartSigningJob.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -114,7 +113,7 @@ export interface StartSigningJobCommandOutput extends StartSigningJobResponse, _ * * @throws {@link ThrottlingException} (client fault) *

The request was denied due to request throttling.

- *

Instead of this error, TooManyRequestsException should be used.

+ *

Instead of this error, TooManyRequestsException should be used.

* * @throws {@link TooManyRequestsException} (client fault) *

The allowed number of job-signing requests has been exceeded.

diff --git a/clients/client-signer/src/commands/index.ts b/clients/client-signer/src/commands/index.ts index b6c122a9b348..7eee0970c5e2 100644 --- a/clients/client-signer/src/commands/index.ts +++ b/clients/client-signer/src/commands/index.ts @@ -2,6 +2,7 @@ export * from "./AddProfilePermissionCommand"; export * from "./CancelSigningProfileCommand"; export * from "./DescribeSigningJobCommand"; +export * from "./GetRevocationStatusCommand"; export * from "./GetSigningPlatformCommand"; export * from "./GetSigningProfileCommand"; export * from "./ListProfilePermissionsCommand"; @@ -13,6 +14,7 @@ export * from "./PutSigningProfileCommand"; export * from "./RemoveProfilePermissionCommand"; export * from "./RevokeSignatureCommand"; export * from "./RevokeSigningProfileCommand"; +export * from "./SignPayloadCommand"; export * from "./StartSigningJobCommand"; export * from "./TagResourceCommand"; export * from "./UntagResourceCommand"; diff --git a/clients/client-signer/src/endpoint/ruleset.ts b/clients/client-signer/src/endpoint/ruleset.ts index 9b6601954001..eb994653f0c1 100644 --- a/clients/client-signer/src/endpoint/ruleset.ts +++ b/clients/client-signer/src/endpoint/ruleset.ts @@ -6,24 +6,25 @@ import { RuleSetObject } from "@aws-sdk/util-endpoints"; or see "smithy.rules#endpointRuleSet" in codegen/sdk-codegen/aws-models/signer.json */ -const p="required", -q="fn", -r="argv", -s="ref"; -const a="PartitionResult", +const q="required", +r="fn", +s="argv", +t="ref"; +const a="isSet", b="tree", c="error", d="endpoint", -e={[p]:false,"type":"String"}, -f={[p]:true,"default":false,"type":"Boolean"}, -g={[s]:"Endpoint"}, -h={[q]:"booleanEquals",[r]:[{[s]:"UseFIPS"},true]}, -i={[q]:"booleanEquals",[r]:[{[s]:"UseDualStack"},true]}, -j={}, -k={[q]:"booleanEquals",[r]:[true,{[q]:"getAttr",[r]:[{[s]:a},"supportsFIPS"]}]}, -l={[q]:"booleanEquals",[r]:[true,{[q]:"getAttr",[r]:[{[s]:a},"supportsDualStack"]}]}, -m=[g], -n=[h], -o=[i]; -const _data={version:"1.0",parameters:{Region:e,UseDualStack:f,UseFIPS:f,Endpoint:e},rules:[{conditions:[{[q]:"aws.partition",[r]:[{[s]:"Region"}],assign:a}],type:b,rules:[{conditions:[{[q]:"isSet",[r]:m},{[q]:"parseURL",[r]:m,assign:"url"}],type:b,rules:[{conditions:n,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:o,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:g,properties:j,headers:j},type:d}]}]},{conditions:[h,i],type:b,rules:[{conditions:[k,l],type:b,rules:[{endpoint:{url:"https://signer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:j,headers:j},type:d}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:n,type:b,rules:[{conditions:[k],type:b,rules:[{endpoint:{url:"https://signer-fips.{Region}.{PartitionResult#dnsSuffix}",properties:j,headers:j},type:d}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:o,type:b,rules:[{conditions:[l],type:b,rules:[{endpoint:{url:"https://signer.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:j,headers:j},type:d}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{endpoint:{url:"https://signer.{Region}.{PartitionResult#dnsSuffix}",properties:j,headers:j},type:d}]}]}; +e="PartitionResult", +f={[q]:false,"type":"String"}, +g={[q]:true,"default":false,"type":"Boolean"}, +h={[t]:"Endpoint"}, +i={[r]:"booleanEquals",[s]:[{[t]:"UseFIPS"},true]}, +j={[r]:"booleanEquals",[s]:[{[t]:"UseDualStack"},true]}, +k={}, +l={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsFIPS"]}]}, +m={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsDualStack"]}]}, +n=[i], +o=[j], +p=[{[t]:"Region"}]; +const _data={version:"1.0",parameters:{Region:f,UseDualStack:g,UseFIPS:g,Endpoint:f},rules:[{conditions:[{[r]:a,[s]:[h]}],type:b,rules:[{conditions:n,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:o,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:h,properties:k,headers:k},type:d}]}]},{type:b,rules:[{conditions:[{[r]:a,[s]:p}],type:b,rules:[{conditions:[{[r]:"aws.partition",[s]:p,assign:e}],type:b,rules:[{conditions:[i,j],type:b,rules:[{conditions:[l,m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://signer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:n,type:b,rules:[{conditions:[l],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://signer-fips.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:o,type:b,rules:[{conditions:[m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://signer.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{endpoint:{url:"https://signer.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]}; export const ruleSet: RuleSetObject = _data; diff --git a/clients/client-signer/src/index.ts b/clients/client-signer/src/index.ts index 501cc0acbe02..317d3d2fba7d 100644 --- a/clients/client-signer/src/index.ts +++ b/clients/client-signer/src/index.ts @@ -4,20 +4,18 @@ *

AWS Signer is a fully managed code signing service to help you ensure the trust and * integrity of your code.

*

AWS Signer supports the following applications:

- * - *

With code signing for AWS Lambda, you can sign AWS Lambda - * deployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch, - * and AWS CloudTrail. In order to sign code, you create a signing profile and then use - * Signer to sign Lambda zip files in S3.

- * - *

With code signing for IoT, you can sign code for any IoT device that is - * supported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is - * integrated with AWS Certificate Manager (ACM). In order to sign - * code, you import a third-party code signing certificate using ACM, and use that to - * sign updates in Amazon FreeRTOS and AWS IoT Device Management.

- *

For more information about AWS Signer, see the AWS Signer Developer Guide.

- * - *

+ *

With code signing for AWS Lambda, you can sign AWS + * Lambda deployment packages. Integrated support is provided for Amazon S3, Amazon + * CloudWatch, and AWS CloudTrail. In order + * to sign code, you create a signing profile and then use Signer to sign Lambda zip files + * in S3.

+ *

With code signing for IoT, you can sign code for any IoT device that is supported by AWS. + * IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code signing + * certificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

+ *

With code signing for + * containers …(TBD)

+ *

For more information about AWS Signer, see the AWS Signer Developer + * Guide.

* * @packageDocumentation */ diff --git a/clients/client-signer/src/models/models_0.ts b/clients/client-signer/src/models/models_0.ts index e6ea27479822..db0e133a054b 100644 --- a/clients/client-signer/src/models/models_0.ts +++ b/clients/client-signer/src/models/models_0.ts @@ -239,8 +239,16 @@ export interface CancelSigningProfileRequest { /** * @public + * @enum */ -export type Category = "AWSIoT"; +export const Category = { + AWSIoT: "AWSIoT", +} as const; + +/** + * @public + */ +export type Category = (typeof Category)[keyof typeof Category]; /** * @public @@ -254,13 +262,31 @@ export interface DescribeSigningJobRequest { /** * @public + * @enum + */ +export const EncryptionAlgorithm = { + ECDSA: "ECDSA", + RSA: "RSA", +} as const; + +/** + * @public + */ +export type EncryptionAlgorithm = (typeof EncryptionAlgorithm)[keyof typeof EncryptionAlgorithm]; + +/** + * @public + * @enum */ -export type EncryptionAlgorithm = "ECDSA" | "RSA"; +export const HashAlgorithm = { + SHA1: "SHA1", + SHA256: "SHA256", +} as const; /** * @public */ -export type HashAlgorithm = "SHA1" | "SHA256"; +export type HashAlgorithm = (typeof HashAlgorithm)[keyof typeof HashAlgorithm]; /** * @public @@ -283,8 +309,18 @@ export interface SigningConfigurationOverrides { /** * @public + * @enum */ -export type ImageFormat = "JSON" | "JSONDetached" | "JSONEmbedded"; +export const ImageFormat = { + JSON: "JSON", + JSONDetached: "JSONDetached", + JSONEmbedded: "JSONEmbedded", +} as const; + +/** + * @public + */ +export type ImageFormat = (typeof ImageFormat)[keyof typeof ImageFormat]; /** * @public @@ -403,10 +439,20 @@ export interface Source { s3?: S3Source; } +/** + * @public + * @enum + */ +export const SigningStatus = { + Failed: "Failed", + InProgress: "InProgress", + Succeeded: "Succeeded", +} as const; + /** * @public */ -export type SigningStatus = "Failed" | "InProgress" | "Succeeded"; +export type SigningStatus = (typeof SigningStatus)[keyof typeof SigningStatus]; /** * @public @@ -556,6 +602,50 @@ export interface EncryptionAlgorithmOptions { defaultValue: EncryptionAlgorithm | string | undefined; } +/** + * @public + */ +export interface GetRevocationStatusRequest { + /** + *

The timestamp of the signature that validates the profile or job.

+ */ + signatureTimestamp: Date | undefined; + + /** + *

The ID of a signing platform.

+ */ + platformId: string | undefined; + + /** + *

The version of a signing profile.

+ */ + profileVersionArn: string | undefined; + + /** + *

The ARN of a signing job.

+ */ + jobArn: string | undefined; + + /** + *

A list of composite signed hashes that identify certificates.

+ *

A certificate identifier consists of a subject certificate TBS hash (signed by the + * parent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root + * certificates are defined as their own CA.

+ */ + certificateHashes: string[] | undefined; +} + +/** + * @public + */ +export interface GetRevocationStatusResponse { + /** + *

A list of revoked entities (including one or more of the signing profile ARN, signing + * job ID, and certificate hash) supplied as input to the API.

+ */ + revokedEntities?: string[]; +} + /** * @public */ @@ -704,8 +794,18 @@ export interface SigningProfileRevocationRecord { /** * @public + * @enum */ -export type ValidityType = "DAYS" | "MONTHS" | "YEARS"; +export const ValidityType = { + DAYS: "DAYS", + MONTHS: "MONTHS", + YEARS: "YEARS", +} as const; + +/** + * @public + */ +export type ValidityType = (typeof ValidityType)[keyof typeof ValidityType]; /** * @public @@ -718,16 +818,25 @@ export interface SignatureValidityPeriod { value?: number; /** - *

The time unit for signature - * validity.

+ *

The time unit for signature validity.

*/ type?: ValidityType | string; } +/** + * @public + * @enum + */ +export const SigningProfileStatus = { + Active: "Active", + Canceled: "Canceled", + Revoked: "Revoked", +} as const; + /** * @public */ -export type SigningProfileStatus = "Active" | "Canceled" | "Revoked"; +export type SigningProfileStatus = (typeof SigningProfileStatus)[keyof typeof SigningProfileStatus]; /** * @public @@ -1066,7 +1175,7 @@ export interface ListSigningPlatformsRequest { */ export interface SigningPlatform { /** - *

The ID of a code signing; platform.

+ *

The ID of a code signing platform.

*/ platformId?: string; @@ -1425,6 +1534,58 @@ export interface RevokeSigningProfileRequest { effectiveTime: Date | undefined; } +/** + * @public + */ +export interface SignPayloadRequest { + /** + *

The name of the signing profile.

+ */ + profileName: string | undefined; + + /** + *

The AWS account ID of the profile owner.

+ */ + profileOwner?: string; + + /** + *

Specifies the object digest (hash) to sign.

+ */ + payload: Uint8Array | undefined; + + /** + *

Payload content type

+ */ + payloadFormat: string | undefined; +} + +/** + * @public + */ +export interface SignPayloadResponse { + /** + *

Unique identifier of the signing job.

+ */ + jobId?: string; + + /** + *

The AWS account ID of the job owner.

+ */ + jobOwner?: string; + + /** + *

Information including the signing profile ARN and the signing job ID. Clients use + * metadata to signature records, for example, as annotations added to the signature + * manifest inside an OCI registry.

+ */ + metadata?: Record; + + /** + *

A cryptographic signature.

+ */ + signature?: Uint8Array; +} + /** * @public */ @@ -1478,7 +1639,7 @@ export interface StartSigningJobResponse { * @deprecated * *

The request was denied due to request throttling.

- *

Instead of this error, TooManyRequestsException should be used.

+ *

Instead of this error, TooManyRequestsException should be used.

*/ export class ThrottlingException extends __BaseException { readonly name: "ThrottlingException" = "ThrottlingException"; diff --git a/clients/client-signer/src/protocols/Aws_restJson1.ts b/clients/client-signer/src/protocols/Aws_restJson1.ts index 242e503e6e67..c73e3da571c7 100644 --- a/clients/client-signer/src/protocols/Aws_restJson1.ts +++ b/clients/client-signer/src/protocols/Aws_restJson1.ts @@ -16,7 +16,11 @@ import { withBaseException, } from "@aws-sdk/smithy-client"; import { ResponseMetadata as __ResponseMetadata } from "@aws-sdk/types"; -import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { + HttpRequest as __HttpRequest, + HttpResponse as __HttpResponse, + isValidHostname as __isValidHostname, +} from "@smithy/protocol-http"; import { Endpoint as __Endpoint, SerdeContext as __SerdeContext } from "@smithy/types"; import { v4 as generateIdempotencyToken } from "uuid"; @@ -29,6 +33,10 @@ import { CancelSigningProfileCommandOutput, } from "../commands/CancelSigningProfileCommand"; import { DescribeSigningJobCommandInput, DescribeSigningJobCommandOutput } from "../commands/DescribeSigningJobCommand"; +import { + GetRevocationStatusCommandInput, + GetRevocationStatusCommandOutput, +} from "../commands/GetRevocationStatusCommand"; import { GetSigningPlatformCommandInput, GetSigningPlatformCommandOutput } from "../commands/GetSigningPlatformCommand"; import { GetSigningProfileCommandInput, GetSigningProfileCommandOutput } from "../commands/GetSigningProfileCommand"; import { @@ -58,6 +66,7 @@ import { RevokeSigningProfileCommandInput, RevokeSigningProfileCommandOutput, } from "../commands/RevokeSigningProfileCommand"; +import { SignPayloadCommandInput, SignPayloadCommandOutput } from "../commands/SignPayloadCommand"; import { StartSigningJobCommandInput, StartSigningJobCommandOutput } from "../commands/StartSigningJobCommand"; import { TagResourceCommandInput, TagResourceCommandOutput } from "../commands/TagResourceCommand"; import { UntagResourceCommandInput, UntagResourceCommandOutput } from "../commands/UntagResourceCommand"; @@ -169,6 +178,49 @@ export const se_DescribeSigningJobCommand = async ( }); }; +/** + * serializeAws_restJson1GetRevocationStatusCommand + */ +export const se_GetRevocationStatusCommand = async ( + input: GetRevocationStatusCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = {}; + const resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/revocations"; + const query: any = map({ + signatureTimestamp: [ + __expectNonNull(input.signatureTimestamp, `signatureTimestamp`) != null, + () => (input.signatureTimestamp!.toISOString().split(".")[0] + "Z").toString(), + ], + platformId: [, __expectNonNull(input.platformId!, `platformId`)], + profileVersionArn: [, __expectNonNull(input.profileVersionArn!, `profileVersionArn`)], + jobArn: [, __expectNonNull(input.jobArn!, `jobArn`)], + certificateHashes: [ + __expectNonNull(input.certificateHashes, `certificateHashes`) != null, + () => (input.certificateHashes! || []).map((_entry) => _entry as any), + ], + }); + let body: any; + let { hostname: resolvedHostname } = await context.endpoint(); + if (context.disableHostPrefix !== true) { + resolvedHostname = "verification." + resolvedHostname; + if (!__isValidHostname(resolvedHostname)) { + throw new Error("ValidationError: prefixed hostname must be hostname compatible."); + } + } + return new __HttpRequest({ + protocol, + hostname: resolvedHostname, + port, + method: "GET", + headers, + path: resolvedPath, + query, + body, + }); +}; + /** * serializeAws_restJson1GetSigningPlatformCommand */ @@ -504,6 +556,39 @@ export const se_RevokeSigningProfileCommand = async ( }); }; +/** + * serializeAws_restJson1SignPayloadCommand + */ +export const se_SignPayloadCommand = async ( + input: SignPayloadCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = + `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/signing-jobs/with-payload"; + let body: any; + body = JSON.stringify( + take(input, { + payload: (_) => context.base64Encoder(_), + payloadFormat: [], + profileName: [], + profileOwner: [], + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1StartSigningJobCommand */ @@ -788,6 +873,62 @@ const de_DescribeSigningJobCommandError = async ( } }; +/** + * deserializeAws_restJson1GetRevocationStatusCommand + */ +export const de_GetRevocationStatusCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_GetRevocationStatusCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + revokedEntities: _json, + }); + Object.assign(contents, doc); + return contents; +}; + +/** + * deserializeAws_restJson1GetRevocationStatusCommandError + */ +const de_GetRevocationStatusCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.signer#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "InternalServiceErrorException": + case "com.amazonaws.signer#InternalServiceErrorException": + throw await de_InternalServiceErrorExceptionRes(parsedOutput, context); + case "TooManyRequestsException": + case "com.amazonaws.signer#TooManyRequestsException": + throw await de_TooManyRequestsExceptionRes(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.signer#ValidationException": + throw await de_ValidationExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + /** * deserializeAws_restJson1GetSigningPlatformCommand */ @@ -1440,6 +1581,68 @@ const de_RevokeSigningProfileCommandError = async ( } }; +/** + * deserializeAws_restJson1SignPayloadCommand + */ +export const de_SignPayloadCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_SignPayloadCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + jobId: __expectString, + jobOwner: __expectString, + metadata: _json, + signature: context.base64Decoder, + }); + Object.assign(contents, doc); + return contents; +}; + +/** + * deserializeAws_restJson1SignPayloadCommandError + */ +const de_SignPayloadCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.signer#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "InternalServiceErrorException": + case "com.amazonaws.signer#InternalServiceErrorException": + throw await de_InternalServiceErrorExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.signer#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "TooManyRequestsException": + case "com.amazonaws.signer#TooManyRequestsException": + throw await de_TooManyRequestsExceptionRes(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.signer#ValidationException": + throw await de_ValidationExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + /** * deserializeAws_restJson1StartSigningJobCommand */ @@ -1833,10 +2036,14 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont // de_ImageFormats omitted. +// de_Metadata omitted. + // de_Permission omitted. // de_Permissions omitted. +// de_RevokedEntities omitted. + // de_S3SignedObject omitted. // de_S3Source omitted. diff --git a/codegen/sdk-codegen/aws-models/signer.json b/codegen/sdk-codegen/aws-models/signer.json index 1a05d64fac42..0d9ad1b52bf8 100644 --- a/codegen/sdk-codegen/aws-models/signer.json +++ b/codegen/sdk-codegen/aws-models/signer.json @@ -139,6 +139,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#AddProfilePermissionResponse": { @@ -150,6 +153,9 @@ "smithy.api#documentation": "

A unique identifier for the current profile revision.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#Arn": { @@ -177,6 +183,9 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.signer#Blob": { + "type": "blob" + }, "com.amazonaws.signer#BucketName": { "type": "string" }, @@ -222,22 +231,31 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#Category": { - "type": "string", - "traits": { - "smithy.api#enum": [ - { - "value": "AWSIoT", - "name": "AWSIoT" + "type": "enum", + "members": { + "AWSIoT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWSIoT" } - ] + } } }, "com.amazonaws.signer#CertificateArn": { "type": "string" }, + "com.amazonaws.signer#CertificateHashes": { + "type": "list", + "member": { + "target": "com.amazonaws.signer#String" + } + }, "com.amazonaws.signer#ClientRequestToken": { "type": "string" }, @@ -280,7 +298,7 @@ } ], "traits": { - "smithy.api#documentation": "

Returns information about a specific code signing job. You specify the job by using\n\t\t\tthe jobId value that is returned by the StartSigningJob\n\t\t\toperation.

", + "smithy.api#documentation": "

Returns information about a specific code signing job. You specify the job by using the\n\t\t\t\tjobId value that is returned by the StartSigningJob\n\t\t\toperation.

", "smithy.api#http": { "method": "GET", "uri": "/signing-jobs/{jobId}", @@ -332,6 +350,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#DescribeSigningJobResponse": { @@ -451,6 +472,9 @@ "smithy.api#documentation": "

The IAM entity that initiated the signing job.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#Destination": { @@ -471,18 +495,20 @@ "type": "string" }, "com.amazonaws.signer#EncryptionAlgorithm": { - "type": "string", - "traits": { - "smithy.api#enum": [ - { - "value": "RSA", - "name": "RSA" - }, - { - "value": "ECDSA", - "name": "ECDSA" + "type": "enum", + "members": { + "RSA": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "RSA" + } + }, + "ECDSA": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ECDSA" } - ] + } } }, "com.amazonaws.signer#EncryptionAlgorithmOptions": { @@ -519,6 +545,102 @@ "com.amazonaws.signer#ErrorMessage": { "type": "string" }, + "com.amazonaws.signer#GetRevocationStatus": { + "type": "operation", + "input": { + "target": "com.amazonaws.signer#GetRevocationStatusRequest" + }, + "output": { + "target": "com.amazonaws.signer#GetRevocationStatusResponse" + }, + "errors": [ + { + "target": "com.amazonaws.signer#AccessDeniedException" + }, + { + "target": "com.amazonaws.signer#InternalServiceErrorException" + }, + { + "target": "com.amazonaws.signer#TooManyRequestsException" + }, + { + "target": "com.amazonaws.signer#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

Retrieves the\n\t\t\trevocation status of one or more of the signing profile, signing job, and signing\n\t\t\tcertificate.

", + "smithy.api#endpoint": { + "hostPrefix": "verification." + }, + "smithy.api#http": { + "method": "GET", + "uri": "/revocations", + "code": 200 + } + } + }, + "com.amazonaws.signer#GetRevocationStatusRequest": { + "type": "structure", + "members": { + "signatureTimestamp": { + "target": "com.amazonaws.signer#Timestamp", + "traits": { + "smithy.api#documentation": "

The timestamp of the signature that validates the profile or job.

", + "smithy.api#httpQuery": "signatureTimestamp", + "smithy.api#required": {} + } + }, + "platformId": { + "target": "com.amazonaws.signer#PlatformId", + "traits": { + "smithy.api#documentation": "

The ID of a signing platform.

", + "smithy.api#httpQuery": "platformId", + "smithy.api#required": {} + } + }, + "profileVersionArn": { + "target": "com.amazonaws.signer#Arn", + "traits": { + "smithy.api#documentation": "

The version of a signing profile.

", + "smithy.api#httpQuery": "profileVersionArn", + "smithy.api#required": {} + } + }, + "jobArn": { + "target": "com.amazonaws.signer#Arn", + "traits": { + "smithy.api#documentation": "

The ARN of a signing job.

", + "smithy.api#httpQuery": "jobArn", + "smithy.api#required": {} + } + }, + "certificateHashes": { + "target": "com.amazonaws.signer#CertificateHashes", + "traits": { + "smithy.api#documentation": "

A list of composite signed hashes that identify certificates.

\n\t\t

A certificate identifier consists of a subject certificate TBS hash (signed by the\n\t\t\tparent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root\n\t\t\tcertificates are defined as their own CA.

", + "smithy.api#httpQuery": "certificateHashes", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.signer#GetRevocationStatusResponse": { + "type": "structure", + "members": { + "revokedEntities": { + "target": "com.amazonaws.signer#RevokedEntities", + "traits": { + "smithy.api#documentation": "

A list of revoked entities (including one or more of the signing profile ARN, signing\n\t\t\tjob ID, and certificate hash) supplied as input to the API.

" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.signer#GetSigningPlatform": { "type": "operation", "input": { @@ -561,6 +683,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#GetSigningPlatformResponse": { @@ -622,6 +747,9 @@ "smithy.api#documentation": "

A flag indicating whether signatures generated for the signing platform can be\n\t\t\trevoked.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#GetSigningProfile": { @@ -673,6 +801,9 @@ "smithy.api#httpQuery": "profileOwner" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#GetSigningProfileResponse": { @@ -756,21 +887,26 @@ "smithy.api#documentation": "

A list of tags associated with the signing profile.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#HashAlgorithm": { - "type": "string", - "traits": { - "smithy.api#enum": [ - { - "value": "SHA1", - "name": "SHA1" - }, - { - "value": "SHA256", - "name": "SHA256" + "type": "enum", + "members": { + "SHA1": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SHA1" + } + }, + "SHA256": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SHA256" } - ] + } } }, "com.amazonaws.signer#HashAlgorithmOptions": { @@ -802,22 +938,26 @@ } }, "com.amazonaws.signer#ImageFormat": { - "type": "string", - "traits": { - "smithy.api#enum": [ - { - "value": "JSON", - "name": "JSON" - }, - { - "value": "JSONEmbedded", - "name": "JSONEmbedded" - }, - { - "value": "JSONDetached", - "name": "JSONDetached" + "type": "enum", + "members": { + "JSON": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "JSON" } - ] + }, + "JSONEmbedded": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "JSONEmbedded" + } + }, + "JSONDetached": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "JSONDetached" + } + } } }, "com.amazonaws.signer#ImageFormats": { @@ -906,6 +1046,9 @@ "smithy.api#httpQuery": "nextToken" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#ListProfilePermissionsResponse": { @@ -936,6 +1079,9 @@ "smithy.api#documentation": "

String for specifying the next set of paginated results.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#ListSigningJobs": { @@ -1041,6 +1187,9 @@ "smithy.api#httpQuery": "jobInvoker" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#ListSigningJobsResponse": { @@ -1058,6 +1207,9 @@ "smithy.api#documentation": "

String for specifying the next set of paginated results.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#ListSigningPlatforms": { @@ -1134,6 +1286,9 @@ "smithy.api#httpQuery": "nextToken" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#ListSigningPlatformsResponse": { @@ -1151,6 +1306,9 @@ "smithy.api#documentation": "

Value for specifying the next set of paginated results to return.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#ListSigningProfiles": { @@ -1225,6 +1383,9 @@ "smithy.api#httpQuery": "statuses" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#ListSigningProfilesResponse": { @@ -1242,6 +1403,9 @@ "smithy.api#documentation": "

Value for specifying the next set of paginated results to return.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#ListTagsForResource": { @@ -1286,6 +1450,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#ListTagsForResourceResponse": { @@ -1297,6 +1464,9 @@ "smithy.api#documentation": "

A list of tags associated with the signing profile.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#MaxResults": { @@ -1314,6 +1484,15 @@ "smithy.api#default": 0 } }, + "com.amazonaws.signer#Metadata": { + "type": "map", + "key": { + "target": "com.amazonaws.signer#String" + }, + "value": { + "target": "com.amazonaws.signer#String" + } + }, "com.amazonaws.signer#NextToken": { "type": "string" }, @@ -1333,6 +1512,15 @@ "smithy.api#httpError": 404 } }, + "com.amazonaws.signer#Payload": { + "type": "blob", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 4096 + } + } + }, "com.amazonaws.signer#Permission": { "type": "structure", "members": { @@ -1390,7 +1578,7 @@ "min": 2, "max": 64 }, - "smithy.api#pattern": "^[a-zA-Z0-9_]{2,}" + "smithy.api#pattern": "^[a-zA-Z0-9_]{2,}$" } }, "com.amazonaws.signer#ProfileVersion": { @@ -1429,7 +1617,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates a signing profile. A signing profile is a code signing template that can be used to\n\t\t\tcarry out a pre-defined signing job. For more information, see http://docs.aws.amazon.com/signer/latest/developerguide/gs-profile.html\n

", + "smithy.api#documentation": "

Creates a signing profile. A signing profile is a code signing template that can be used to\n\t\t\tcarry out a pre-defined signing job.\n\t\t\t

", "smithy.api#http": { "method": "PUT", "uri": "/signing-profiles/{profileName}", @@ -1485,6 +1673,9 @@ "smithy.api#documentation": "

Tags to be associated with the signing profile that is being created.

" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#PutSigningProfileResponse": { @@ -1508,6 +1699,9 @@ "smithy.api#documentation": "

The signing profile ARN, including the profile version.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#RemoveProfilePermission": { @@ -1574,6 +1768,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#RemoveProfilePermissionResponse": { @@ -1585,6 +1782,9 @@ "smithy.api#documentation": "

An identifier for the current revision of the profile permissions.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#RequestedBy": { @@ -1673,6 +1873,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#RevokeSigningProfile": { @@ -1741,6 +1944,15 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.signer#RevokedEntities": { + "type": "list", + "member": { + "target": "com.amazonaws.signer#String" } }, "com.amazonaws.signer#S3Destination": { @@ -1828,6 +2040,107 @@ "smithy.api#httpError": 402 } }, + "com.amazonaws.signer#SignPayload": { + "type": "operation", + "input": { + "target": "com.amazonaws.signer#SignPayloadRequest" + }, + "output": { + "target": "com.amazonaws.signer#SignPayloadResponse" + }, + "errors": [ + { + "target": "com.amazonaws.signer#AccessDeniedException" + }, + { + "target": "com.amazonaws.signer#InternalServiceErrorException" + }, + { + "target": "com.amazonaws.signer#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.signer#TooManyRequestsException" + }, + { + "target": "com.amazonaws.signer#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

Signs a binary\n\t\t\tpayload and returns a signature envelope.

", + "smithy.api#http": { + "method": "POST", + "uri": "/signing-jobs/with-payload", + "code": 200 + } + } + }, + "com.amazonaws.signer#SignPayloadRequest": { + "type": "structure", + "members": { + "profileName": { + "target": "com.amazonaws.signer#ProfileName", + "traits": { + "smithy.api#documentation": "

The name of the signing profile.

", + "smithy.api#required": {} + } + }, + "profileOwner": { + "target": "com.amazonaws.signer#AccountId", + "traits": { + "smithy.api#documentation": "

The AWS account ID of the profile owner.

" + } + }, + "payload": { + "target": "com.amazonaws.signer#Payload", + "traits": { + "smithy.api#documentation": "

Specifies the object digest (hash) to sign.

", + "smithy.api#required": {} + } + }, + "payloadFormat": { + "target": "com.amazonaws.signer#String", + "traits": { + "smithy.api#documentation": "

Payload content type

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.signer#SignPayloadResponse": { + "type": "structure", + "members": { + "jobId": { + "target": "com.amazonaws.signer#JobId", + "traits": { + "smithy.api#documentation": "

Unique identifier of the signing job.

" + } + }, + "jobOwner": { + "target": "com.amazonaws.signer#AccountId", + "traits": { + "smithy.api#documentation": "

The AWS account ID of the job owner.

" + } + }, + "metadata": { + "target": "com.amazonaws.signer#Metadata", + "traits": { + "smithy.api#documentation": "

Information including the signing profile ARN and the signing job ID. Clients use\n\t\t\tmetadata to signature records, for example, as annotations added to the signature\n\t\t\tmanifest inside an OCI registry.

" + } + }, + "signature": { + "target": "com.amazonaws.signer#Blob", + "traits": { + "smithy.api#documentation": "

A cryptographic signature.

" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.signer#SignatureValidityPeriod": { "type": "structure", "members": { @@ -1841,7 +2154,7 @@ "type": { "target": "com.amazonaws.signer#ValidityType", "traits": { - "smithy.api#documentation": "

The time unit for signature\n\t\t\tvalidity.

" + "smithy.api#documentation": "

The time unit for signature validity.

" } } }, @@ -2088,7 +2401,7 @@ "platformId": { "target": "com.amazonaws.signer#String", "traits": { - "smithy.api#documentation": "

The ID of a code signing; platform.

" + "smithy.api#documentation": "

The ID of a code signing platform.

" } }, "displayName": { @@ -2270,22 +2583,26 @@ } }, "com.amazonaws.signer#SigningProfileStatus": { - "type": "string", - "traits": { - "smithy.api#enum": [ - { - "value": "Active", - "name": "Active" - }, - { - "value": "Canceled", - "name": "Canceled" - }, - { - "value": "Revoked", - "name": "Revoked" + "type": "enum", + "members": { + "Active": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Active" + } + }, + "Canceled": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Canceled" + } + }, + "Revoked": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Revoked" } - ] + } } }, "com.amazonaws.signer#SigningProfiles": { @@ -2295,22 +2612,26 @@ } }, "com.amazonaws.signer#SigningStatus": { - "type": "string", - "traits": { - "smithy.api#enum": [ - { - "value": "InProgress", - "name": "InProgress" - }, - { - "value": "Failed", - "name": "Failed" - }, - { - "value": "Succeeded", - "name": "Succeeded" + "type": "enum", + "members": { + "InProgress": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "InProgress" + } + }, + "Failed": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Failed" } - ] + }, + "Succeeded": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Succeeded" + } + } } }, "com.amazonaws.signer#Source": { @@ -2356,7 +2677,7 @@ } ], "traits": { - "smithy.api#documentation": "

Initiates a signing job to be performed on the code provided. Signing jobs are\n\t\t\tviewable by the ListSigningJobs operation for two years after they are\n\t\t\tperformed. Note the following requirements:

\n\t\t
    \n
  • \n\t\t\t\t

    You must create an Amazon S3 source bucket. For more information, see Create a Bucket in the\n\t\t\t\t\t\tAmazon S3 Getting Started Guide.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    Your S3 source bucket must be version enabled.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    You must create an S3 destination bucket. Code signing uses your S3 destination\n\t\t\t\t\tbucket to write your signed code.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    You specify the name of the source and destination buckets when calling the\n\t\t\t\t\t\tStartSigningJob operation.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    You must also specify a request token that identifies your request to\n\t\t\t\t\tcode signing.

    \n\t\t\t
    • \n
\n\t\t

You can call the DescribeSigningJob and the ListSigningJobs actions after you call\n\t\t\tStartSigningJob.

\n\t\t

For a Java example that shows how to use this action, see http://docs.aws.amazon.com/acm/latest/userguide/\n

", + "smithy.api#documentation": "

Initiates a signing job to be performed on the code provided. Signing jobs are\n\t\t\tviewable by the ListSigningJobs operation for two years after they are\n\t\t\tperformed. Note the following requirements:

\n\t\t
    \n
  • \n\t\t\t\t

    You must create an Amazon S3 source bucket. For more information, see Creating a Bucket in the\n\t\t\t\t\t\tAmazon S3 Getting Started Guide.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    Your S3 source bucket must be version enabled.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    You must create an S3 destination bucket. Code signing uses your S3 destination\n\t\t\t\t\tbucket to write your signed code.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    You specify the name of the source and destination buckets when calling the\n\t\t\t\t\t\tStartSigningJob operation.

    \n\t\t\t
    • \n
  • \n\t\t\t\t

    You must also specify a request token that identifies your request to\n\t\t\t\t\tcode signing.

    \n\t\t\t
    • \n
\n\t\t

You can call the DescribeSigningJob and the ListSigningJobs actions after you call\n\t\t\tStartSigningJob.

\n\t\t

For a Java example that shows how to use this action, see StartSigningJob.

", "smithy.api#http": { "method": "POST", "uri": "/signing-jobs", @@ -2402,6 +2723,9 @@ "smithy.api#documentation": "

The AWS account ID of the signing profile owner.

" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#StartSigningJobResponse": { @@ -2419,6 +2743,9 @@ "smithy.api#documentation": "

The AWS account ID of the signing job owner.

" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.signer#StatusReason": { @@ -2519,11 +2846,17 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#TagResourceResponse": { "type": "structure", - "members": {} + "members": {}, + "traits": { + "smithy.api#output": {} + } }, "com.amazonaws.signer#TagValue": { "type": "string", @@ -2548,7 +2881,7 @@ "smithy.api#deprecated": { "message": "Instead of this error, TooManyRequestsException should be used." }, - "smithy.api#documentation": "

The request was denied due to request throttling.

\n

Instead of this error, TooManyRequestsException should be used.

", + "smithy.api#documentation": "

The request was denied due to request throttling.

\n\t\t

Instead of this error, TooManyRequestsException should be used.

", "smithy.api#error": "client", "smithy.api#httpError": 429 } @@ -2567,7 +2900,7 @@ } }, "traits": { - "smithy.api#documentation": "

The allowed number of job-signing requests has been exceeded.

\n\t\t

This error supersedes the error ThrottlingException.

", + "smithy.api#documentation": "

The allowed number of job-signing requests has been exceeded.

\n\t\t

This error supersedes the error ThrottlingException.

", "smithy.api#error": "client", "smithy.api#httpError": 429 } @@ -2622,11 +2955,17 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.signer#UntagResourceResponse": { "type": "structure", - "members": {} + "members": {}, + "traits": { + "smithy.api#output": {} + } }, "com.amazonaws.signer#ValidationException": { "type": "structure", @@ -2645,22 +2984,26 @@ } }, "com.amazonaws.signer#ValidityType": { - "type": "string", - "traits": { - "smithy.api#enum": [ - { - "value": "DAYS", - "name": "DAYS" - }, - { - "value": "MONTHS", - "name": "MONTHS" - }, - { - "value": "YEARS", - "name": "YEARS" + "type": "enum", + "members": { + "DAYS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DAYS" + } + }, + "MONTHS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "MONTHS" + } + }, + "YEARS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "YEARS" } - ] + } } }, "com.amazonaws.signer#Version": { @@ -2679,6 +3022,9 @@ { "target": "com.amazonaws.signer#DescribeSigningJob" }, + { + "target": "com.amazonaws.signer#GetRevocationStatus" + }, { "target": "com.amazonaws.signer#GetSigningPlatform" }, @@ -2712,6 +3058,9 @@ { "target": "com.amazonaws.signer#RevokeSigningProfile" }, + { + "target": "com.amazonaws.signer#SignPayload" + }, { "target": "com.amazonaws.signer#StartSigningJob" }, @@ -2734,7 +3083,7 @@ "name": "signer" }, "aws.protocols#restJson1": {}, - "smithy.api#documentation": "

AWS Signer is a fully managed code signing service to help you ensure the trust and\n\t\t\tintegrity of your code.

\n\t\t

AWS Signer supports the following applications:

\n\n\t\t

With code signing for AWS Lambda, you can sign AWS Lambda\n\t\t\tdeployment packages. Integrated support is provided for Amazon S3, Amazon CloudWatch,\n\t\t\tand AWS CloudTrail. In order to sign code, you create a signing profile and then use\n\t\t\tSigner to sign Lambda zip files in S3.

\n\t\t\n\t\t

With code signing for IoT, you can sign code for any IoT device that is\n\t\t\tsupported by AWS. IoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is\n\t\t\tintegrated with AWS Certificate Manager (ACM). In order to sign\n\t\t\tcode, you import a third-party code signing certificate using ACM, and use that to\n\t\t\tsign updates in Amazon FreeRTOS and AWS IoT Device Management.

\n\t\t

For more information about AWS Signer, see the AWS Signer Developer Guide.

\n\t\t\n\t\t

", + "smithy.api#documentation": "

AWS Signer is a fully managed code signing service to help you ensure the trust and\n\t\t\tintegrity of your code.

\n\t\t

AWS Signer supports the following applications:

\n\t\t

With code signing for AWS Lambda, you can sign AWS\n\t\t\t\tLambda deployment packages. Integrated support is provided for Amazon S3, Amazon\n\t\t\t\tCloudWatch, and AWS CloudTrail. In order\n\t\t\tto sign code, you create a signing profile and then use Signer to sign Lambda zip files\n\t\t\tin S3.

\n\t\t

With code signing for IoT, you can sign code for any IoT device that is supported by AWS.\n\t\t\tIoT code signing is available for Amazon FreeRTOS and AWS IoT Device Management, and is integrated with AWS Certificate Manager (ACM). In order to sign code, you import a third-party code signing\n\t\t\tcertificate using ACM, and use that to sign updates in Amazon FreeRTOS and AWS IoT Device Management.

\n\t\t

With code signing for\n\t\t\tcontainers …(TBD)

\n\t\t

For more information about AWS Signer, see the AWS Signer Developer\n\t\t\tGuide.

", "smithy.api#title": "AWS Signer", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -2770,13 +3119,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -2784,23 +3132,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] - }, - { - "fn": "parseURL", - "argv": [ - { - "ref": "Endpoint" - } - ], - "assign": "url" } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -2809,67 +3154,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -2878,168 +3198,238 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] }, - "supportsDualStack" + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://signer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://signer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://signer-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://signer-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://signer.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], - "endpoint": { - "url": "https://signer.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://signer.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://signer.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } @@ -3048,887 +3438,55 @@ "smithy.rules#endpointTests": { "testCases": [ { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://signer-fips.ap-south-1.api.aws" + "url": "https://signer-fips.us-east-1.api.aws" } }, "params": { - "Region": "ap-south-1", - "UseDualStack": true, - "UseFIPS": true + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer-fips.ap-south-1.amazonaws.com" + "url": "https://signer-fips.us-east-1.amazonaws.com" } }, "params": { - "Region": "ap-south-1", - "UseDualStack": false, - "UseFIPS": true + "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://signer.ap-south-1.api.aws" + "url": "https://signer.us-east-1.api.aws" } }, "params": { - "Region": "ap-south-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.ap-south-1.amazonaws.com" - } - }, - "params": { - "Region": "ap-south-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-south-1.api.aws" - } - }, - "params": { - "Region": "eu-south-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-south-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-south-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-south-1.api.aws" - } - }, - "params": { - "Region": "eu-south-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-south-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-south-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-gov-east-1.api.aws" - } - }, - "params": { - "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.us-gov-east-1.api.aws" - } - }, - "params": { - "Region": "us-gov-east-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "Region": "us-gov-east-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ca-central-1.api.aws" - } - }, - "params": { - "Region": "ca-central-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ca-central-1.amazonaws.com" - } - }, - "params": { - "Region": "ca-central-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.ca-central-1.api.aws" - } - }, - "params": { - "Region": "ca-central-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.ca-central-1.amazonaws.com" - } - }, - "params": { - "Region": "ca-central-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-central-1.api.aws" - } - }, - "params": { - "Region": "eu-central-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-central-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-central-1.api.aws" - } - }, - "params": { - "Region": "eu-central-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-central-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-central-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-west-1.api.aws" - } - }, - "params": { - "Region": "us-west-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-west-1.amazonaws.com" - } - }, - "params": { - "Region": "us-west-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.us-west-1.api.aws" - } - }, - "params": { - "Region": "us-west-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.us-west-1.amazonaws.com" - } - }, - "params": { - "Region": "us-west-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-west-2.api.aws" - } - }, - "params": { - "Region": "us-west-2", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-west-2.amazonaws.com" - } - }, - "params": { - "Region": "us-west-2", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.us-west-2.api.aws" - } - }, - "params": { - "Region": "us-west-2", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.us-west-2.amazonaws.com" - } - }, - "params": { - "Region": "us-west-2", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.af-south-1.api.aws" - } - }, - "params": { - "Region": "af-south-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.af-south-1.amazonaws.com" - } - }, - "params": { - "Region": "af-south-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.af-south-1.api.aws" - } - }, - "params": { - "Region": "af-south-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.af-south-1.amazonaws.com" - } - }, - "params": { - "Region": "af-south-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-north-1.api.aws" - } - }, - "params": { - "Region": "eu-north-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-north-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-north-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-north-1.api.aws" - } - }, - "params": { - "Region": "eu-north-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-north-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-north-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-west-3.api.aws" - } - }, - "params": { - "Region": "eu-west-3", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-west-3.amazonaws.com" - } - }, - "params": { - "Region": "eu-west-3", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-west-3.api.aws" - } - }, - "params": { - "Region": "eu-west-3", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-west-3.amazonaws.com" - } - }, - "params": { - "Region": "eu-west-3", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-west-2.api.aws" - } - }, - "params": { - "Region": "eu-west-2", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-west-2.amazonaws.com" - } - }, - "params": { - "Region": "eu-west-2", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-west-2.api.aws" - } - }, - "params": { - "Region": "eu-west-2", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-west-2.amazonaws.com" - } - }, - "params": { - "Region": "eu-west-2", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-west-1.api.aws" - } - }, - "params": { - "Region": "eu-west-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.eu-west-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-west-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-west-1.api.aws" - } - }, - "params": { - "Region": "eu-west-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.eu-west-1.amazonaws.com" - } - }, - "params": { - "Region": "eu-west-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ap-northeast-2.api.aws" - } - }, - "params": { - "Region": "ap-northeast-2", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ap-northeast-2.amazonaws.com" - } - }, - "params": { - "Region": "ap-northeast-2", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.ap-northeast-2.api.aws" - } - }, - "params": { - "Region": "ap-northeast-2", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.ap-northeast-2.amazonaws.com" - } - }, - "params": { - "Region": "ap-northeast-2", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ap-northeast-1.api.aws" - } - }, - "params": { - "Region": "ap-northeast-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ap-northeast-1.amazonaws.com" - } - }, - "params": { - "Region": "ap-northeast-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.ap-northeast-1.api.aws" - } - }, - "params": { - "Region": "ap-northeast-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.ap-northeast-1.amazonaws.com" - } - }, - "params": { - "Region": "ap-northeast-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.me-south-1.api.aws" - } - }, - "params": { - "Region": "me-south-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.me-south-1.amazonaws.com" - } - }, - "params": { - "Region": "me-south-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.me-south-1.api.aws" - } - }, - "params": { - "Region": "me-south-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.me-south-1.amazonaws.com" - } - }, - "params": { - "Region": "me-south-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.sa-east-1.api.aws" - } - }, - "params": { - "Region": "sa-east-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.sa-east-1.amazonaws.com" - } - }, - "params": { - "Region": "sa-east-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.sa-east-1.api.aws" - } - }, - "params": { - "Region": "sa-east-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.sa-east-1.amazonaws.com" - } - }, - "params": { - "Region": "sa-east-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ap-east-1.api.aws" - } - }, - "params": { - "Region": "ap-east-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.ap-east-1.amazonaws.com" - } - }, - "params": { - "Region": "ap-east-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.ap-east-1.api.aws" - } - }, - "params": { - "Region": "ap-east-1", - "UseDualStack": true, - "UseFIPS": false + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer.ap-east-1.amazonaws.com" + "url": "https://signer.us-east-1.amazonaws.com" } }, "params": { - "Region": "ap-east-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { @@ -3940,8 +3498,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": true } }, { @@ -3953,8 +3511,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "UseDualStack": false } }, { @@ -3966,8 +3524,8 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": true } }, { @@ -3979,333 +3537,182 @@ }, "params": { "Region": "cn-north-1", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-gov-west-1.api.aws" - } - }, - "params": { - "Region": "us-gov-west-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-gov-west-1.amazonaws.com" - } - }, - "params": { - "Region": "us-gov-west-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.us-gov-west-1.api.aws" - } - }, - "params": { - "Region": "us-gov-west-1", - "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://signer.us-gov-west-1.amazonaws.com" + "url": "https://signer-fips.us-gov-east-1.api.aws" } }, "params": { - "Region": "us-gov-west-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer-fips.ap-southeast-1.api.aws" + "url": "https://signer-fips.us-gov-east-1.amazonaws.com" } }, "params": { - "Region": "ap-southeast-1", - "UseDualStack": true, - "UseFIPS": true + "Region": "us-gov-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://signer-fips.ap-southeast-1.amazonaws.com" + "url": "https://signer.us-gov-east-1.api.aws" } }, "params": { - "Region": "ap-southeast-1", - "UseDualStack": false, - "UseFIPS": true + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer.ap-southeast-1.api.aws" + "url": "https://signer.us-gov-east-1.amazonaws.com" } }, "params": { - "Region": "ap-southeast-1", - "UseDualStack": true, - "UseFIPS": false + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://signer.ap-southeast-1.amazonaws.com" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "Region": "ap-southeast-1", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer-fips.ap-southeast-2.api.aws" + "url": "https://signer-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { - "Region": "ap-southeast-2", - "UseDualStack": true, - "UseFIPS": true + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://signer-fips.ap-southeast-2.amazonaws.com" - } + "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "Region": "ap-southeast-2", - "UseDualStack": false, - "UseFIPS": true + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer.ap-southeast-2.api.aws" + "url": "https://signer.us-iso-east-1.c2s.ic.gov" } }, "params": { - "Region": "ap-southeast-2", - "UseDualStack": true, - "UseFIPS": false + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://signer.ap-southeast-2.amazonaws.com" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "Region": "ap-southeast-2", - "UseDualStack": false, - "UseFIPS": false + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer-fips.us-east-1.api.aws" + "url": "https://signer-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": true + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://signer-fips.us-east-1.amazonaws.com" - } + "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "Region": "us-east-1", - "UseDualStack": false, - "UseFIPS": true + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://signer.us-east-1.api.aws" + "url": "https://signer.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "Region": "us-east-1", - "UseDualStack": true, - "UseFIPS": false + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://signer.us-east-1.amazonaws.com" + "url": "https://example.com" } }, "params": { "Region": "us-east-1", + "UseFIPS": false, "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-east-2.api.aws" - } - }, - "params": { - "Region": "us-east-2", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.us-east-2.amazonaws.com" - } - }, - "params": { - "Region": "us-east-2", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.us-east-2.api.aws" - } - }, - "params": { - "Region": "us-east-2", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.us-east-2.amazonaws.com" - } - }, - "params": { - "Region": "us-east-2", - "UseDualStack": false, - "UseFIPS": false - } - }, - { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.cn-northwest-1.api.amazonwebservices.com.cn" - } - }, - "params": { - "Region": "cn-northwest-1", - "UseDualStack": true, - "UseFIPS": true - } - }, - { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer-fips.cn-northwest-1.amazonaws.com.cn" - } - }, - "params": { - "Region": "cn-northwest-1", - "UseDualStack": false, - "UseFIPS": true - } - }, - { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://signer.cn-northwest-1.api.amazonwebservices.com.cn" - } - }, - "params": { - "Region": "cn-northwest-1", - "UseDualStack": true, - "UseFIPS": false - } - }, - { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://signer.cn-northwest-1.amazonaws.com.cn" - } - }, - "params": { - "Region": "cn-northwest-1", - "UseDualStack": false, - "UseFIPS": false + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { - "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -4316,8 +3723,8 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": false, "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -4328,10 +3735,16 @@ }, "params": { "Region": "us-east-1", - "UseDualStack": true, "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" @@ -4345,4 +3758,4 @@ } } } -} \ No newline at end of file +}