From c7611a42215c596298abd1c740c3789a2a8d7d77 Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 18 Dec 2024 19:12:49 +0000 Subject: [PATCH] feat(client-transfer): Added AS2 agreement configurations to control filename preservation and message signing enforcement. Added AS2 connector configuration to preserve content type from S3 objects. --- .../src/commands/CreateAgreementCommand.ts | 2 + .../src/commands/CreateConnectorCommand.ts | 1 + .../src/commands/DescribeAgreementCommand.ts | 2 + .../src/commands/DescribeConnectorCommand.ts | 1 + .../src/commands/UpdateAgreementCommand.ts | 2 + .../src/commands/UpdateConnectorCommand.ts | 1 + .../client-transfer/src/models/models_0.ts | 168 +++++++++++++++++- codegen/sdk-codegen/aws-models/transfer.json | 95 +++++++++- 8 files changed, 268 insertions(+), 4 deletions(-) diff --git a/clients/client-transfer/src/commands/CreateAgreementCommand.ts b/clients/client-transfer/src/commands/CreateAgreementCommand.ts index ff9e498ac3f38..2e9d9d101bf56 100644 --- a/clients/client-transfer/src/commands/CreateAgreementCommand.ts +++ b/clients/client-transfer/src/commands/CreateAgreementCommand.ts @@ -54,6 +54,8 @@ export interface CreateAgreementCommandOutput extends CreateAgreementResponse, _ * Value: "STRING_VALUE", // required * }, * ], + * PreserveFilename: "ENABLED" || "DISABLED", + * EnforceMessageSigning: "ENABLED" || "DISABLED", * }; * const command = new CreateAgreementCommand(input); * const response = await client.send(command); diff --git a/clients/client-transfer/src/commands/CreateConnectorCommand.ts b/clients/client-transfer/src/commands/CreateConnectorCommand.ts index 0f6def7163f0e..84ab22e0f04f6 100644 --- a/clients/client-transfer/src/commands/CreateConnectorCommand.ts +++ b/clients/client-transfer/src/commands/CreateConnectorCommand.ts @@ -52,6 +52,7 @@ export interface CreateConnectorCommandOutput extends CreateConnectorResponse, _ * MdnSigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE" || "DEFAULT", * MdnResponse: "SYNC" || "NONE", * BasicAuthSecretId: "STRING_VALUE", + * PreserveContentType: "ENABLED" || "DISABLED", * }, * AccessRole: "STRING_VALUE", // required * LoggingRole: "STRING_VALUE", diff --git a/clients/client-transfer/src/commands/DescribeAgreementCommand.ts b/clients/client-transfer/src/commands/DescribeAgreementCommand.ts index 5e2be46afd224..cd233f812b5ae 100644 --- a/clients/client-transfer/src/commands/DescribeAgreementCommand.ts +++ b/clients/client-transfer/src/commands/DescribeAgreementCommand.ts @@ -58,6 +58,8 @@ export interface DescribeAgreementCommandOutput extends DescribeAgreementRespons * // Value: "STRING_VALUE", // required * // }, * // ], + * // PreserveFilename: "ENABLED" || "DISABLED", + * // EnforceMessageSigning: "ENABLED" || "DISABLED", * // }, * // }; * diff --git a/clients/client-transfer/src/commands/DescribeConnectorCommand.ts b/clients/client-transfer/src/commands/DescribeConnectorCommand.ts index f9e278217ccae..5fe8c9de5b21e 100644 --- a/clients/client-transfer/src/commands/DescribeConnectorCommand.ts +++ b/clients/client-transfer/src/commands/DescribeConnectorCommand.ts @@ -56,6 +56,7 @@ export interface DescribeConnectorCommandOutput extends DescribeConnectorRespons * // MdnSigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE" || "DEFAULT", * // MdnResponse: "SYNC" || "NONE", * // BasicAuthSecretId: "STRING_VALUE", + * // PreserveContentType: "ENABLED" || "DISABLED", * // }, * // AccessRole: "STRING_VALUE", * // LoggingRole: "STRING_VALUE", diff --git a/clients/client-transfer/src/commands/UpdateAgreementCommand.ts b/clients/client-transfer/src/commands/UpdateAgreementCommand.ts index 03966a7ddba61..e045ed6bd32d8 100644 --- a/clients/client-transfer/src/commands/UpdateAgreementCommand.ts +++ b/clients/client-transfer/src/commands/UpdateAgreementCommand.ts @@ -46,6 +46,8 @@ export interface UpdateAgreementCommandOutput extends UpdateAgreementResponse, _ * PartnerProfileId: "STRING_VALUE", * BaseDirectory: "STRING_VALUE", * AccessRole: "STRING_VALUE", + * PreserveFilename: "ENABLED" || "DISABLED", + * EnforceMessageSigning: "ENABLED" || "DISABLED", * }; * const command = new UpdateAgreementCommand(input); * const response = await client.send(command); diff --git a/clients/client-transfer/src/commands/UpdateConnectorCommand.ts b/clients/client-transfer/src/commands/UpdateConnectorCommand.ts index 41fcad0b89501..da20f3c357ccc 100644 --- a/clients/client-transfer/src/commands/UpdateConnectorCommand.ts +++ b/clients/client-transfer/src/commands/UpdateConnectorCommand.ts @@ -50,6 +50,7 @@ export interface UpdateConnectorCommandOutput extends UpdateConnectorResponse, _ * MdnSigningAlgorithm: "SHA256" || "SHA384" || "SHA512" || "SHA1" || "NONE" || "DEFAULT", * MdnResponse: "SYNC" || "NONE", * BasicAuthSecretId: "STRING_VALUE", + * PreserveContentType: "ENABLED" || "DISABLED", * }, * AccessRole: "STRING_VALUE", * LoggingRole: "STRING_VALUE", diff --git a/clients/client-transfer/src/models/models_0.ts b/clients/client-transfer/src/models/models_0.ts index a6d1f4ac0370b..ac3b079f80e6f 100644 --- a/clients/client-transfer/src/models/models_0.ts +++ b/clients/client-transfer/src/models/models_0.ts @@ -25,6 +25,34 @@ export class AccessDeniedException extends __BaseException { } } +/** + * @public + * @enum + */ +export const EnforceMessageSigningType = { + DISABLED: "DISABLED", + ENABLED: "ENABLED", +} as const; + +/** + * @public + */ +export type EnforceMessageSigningType = (typeof EnforceMessageSigningType)[keyof typeof EnforceMessageSigningType]; + +/** + * @public + * @enum + */ +export const PreserveFilenameType = { + DISABLED: "DISABLED", + ENABLED: "ENABLED", +} as const; + +/** + * @public + */ +export type PreserveFilenameType = (typeof PreserveFilenameType)[keyof typeof PreserveFilenameType]; + /** * @public * @enum @@ -142,6 +170,44 @@ export interface CreateAgreementRequest { * @public */ Tags?: Tag[] | undefined; + + /** + *

+ * Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload + * filename when saving it. + *

+ * + * @public + */ + PreserveFilename?: PreserveFilenameType | undefined; + + /** + *

+ * Determines whether or not unsigned messages from your trading partners will be accepted. + *

+ * + * @public + */ + EnforceMessageSigning?: EnforceMessageSigningType | undefined; } /** @@ -425,6 +491,44 @@ export interface DescribedAgreement { * @public */ Tags?: Tag[] | undefined; + + /** + *

+ * Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload + * filename when saving it. + *

+ * + * @public + */ + PreserveFilename?: PreserveFilenameType | undefined; + + /** + *

+ * Determines whether or not unsigned messages from your trading partners will be accepted. + *

+ * + * @public + */ + EnforceMessageSigning?: EnforceMessageSigningType | undefined; } /** @@ -638,6 +742,44 @@ export interface UpdateAgreementRequest { * @public */ AccessRole?: string | undefined; + + /** + *

+ * Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload + * filename when saving it. + *

+ * + * @public + */ + PreserveFilename?: PreserveFilenameType | undefined; + + /** + *

+ * Determines whether or not unsigned messages from your trading partners will be accepted. + *

+ * + * @public + */ + EnforceMessageSigning?: EnforceMessageSigningType | undefined; } /** @@ -714,6 +856,20 @@ export const MdnSigningAlg = { */ export type MdnSigningAlg = (typeof MdnSigningAlg)[keyof typeof MdnSigningAlg]; +/** + * @public + * @enum + */ +export const PreserveContentType = { + DISABLED: "DISABLED", + ENABLED: "ENABLED", +} as const; + +/** + * @public + */ +export type PreserveContentType = (typeof PreserveContentType)[keyof typeof PreserveContentType]; + /** * @public * @enum @@ -838,6 +994,14 @@ export interface As2ConnectorConfig { * @public */ BasicAuthSecretId?: string | undefined; + + /** + *

Allows you to use the Amazon S3 Content-Type that is associated with objects in S3 instead of + * having the content type mapped based on the file extension. This parameter is enabled by default when you create an AS2 connector + * from the console, but disabled by default when you create an AS2 connector by calling the API directly.

+ * @public + */ + PreserveContentType?: PreserveContentType | undefined; } /** @@ -957,9 +1121,7 @@ export interface DescribedCertificate { Usage?: CertificateUsageType | undefined; /** - *

The certificate can be either ACTIVE, PENDING_ROTATION, or - * INACTIVE. PENDING_ROTATION means that this certificate will - * replace the current certificate when it expires.

+ *

Currently, the only available status is ACTIVE: all other values are reserved for future use.

* @public */ Status?: CertificateStatusType | undefined; diff --git a/codegen/sdk-codegen/aws-models/transfer.json b/codegen/sdk-codegen/aws-models/transfer.json index ea82a9254f823..50cbcc2805fc4 100644 --- a/codegen/sdk-codegen/aws-models/transfer.json +++ b/codegen/sdk-codegen/aws-models/transfer.json @@ -178,6 +178,12 @@ "traits": { "smithy.api#documentation": "

Provides Basic authentication support to the AS2 Connectors API. To use Basic authentication,\n you must provide the name or Amazon Resource Name (ARN) of a secret in Secrets Manager.

\n

The default value for this parameter is null, which indicates that Basic authentication is not enabled for the connector.

\n

If the connector should use Basic authentication, the secret needs to be in the following format:

\n

\n {\n \"Username\": \"user-name\",\n \"Password\": \"user-password\"\n }\n

\n

Replace user-name and user-password with the credentials for the actual user that is being authenticated.

\n

Note the following:

\n \n

If you have previously enabled Basic authentication for a connector, you can disable it by using the UpdateConnector API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication:

\n

\n update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=\"\"'\n

" } + }, + "PreserveContentType": { + "target": "com.amazonaws.transfer#PreserveContentType", + "traits": { + "smithy.api#documentation": "

Allows you to use the Amazon S3 Content-Type that is associated with objects in S3 instead of\n having the content type mapped based on the file extension. This parameter is enabled by default when you create an AS2 connector\n from the console, but disabled by default when you create an AS2 connector by calling the API directly.

" + } } }, "traits": { @@ -757,6 +763,18 @@ "traits": { "smithy.api#documentation": "

Key-value pairs that can be used to group and search for agreements.

" } + }, + "PreserveFilename": { + "target": "com.amazonaws.transfer#PreserveFilenameType", + "traits": { + "smithy.api#documentation": "

\n Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload\n filename when saving it.\n

\n " + } + }, + "EnforceMessageSigning": { + "target": "com.amazonaws.transfer#EnforceMessageSigningType", + "traits": { + "smithy.api#documentation": "

\n Determines whether or not unsigned messages from your trading partners will be accepted.\n

\n " + } } }, "traits": { @@ -3183,6 +3201,18 @@ "traits": { "smithy.api#documentation": "

Key-value pairs that can be used to group and search for agreements.

" } + }, + "PreserveFilename": { + "target": "com.amazonaws.transfer#PreserveFilenameType", + "traits": { + "smithy.api#documentation": "

\n Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload\n filename when saving it.\n

\n " + } + }, + "EnforceMessageSigning": { + "target": "com.amazonaws.transfer#EnforceMessageSigningType", + "traits": { + "smithy.api#documentation": "

\n Determines whether or not unsigned messages from your trading partners will be accepted.\n

\n " + } } }, "traits": { @@ -3215,7 +3245,7 @@ "Status": { "target": "com.amazonaws.transfer#CertificateStatusType", "traits": { - "smithy.api#documentation": "

The certificate can be either ACTIVE, PENDING_ROTATION, or\n INACTIVE. PENDING_ROTATION means that this certificate will\n replace the current certificate when it expires.

" + "smithy.api#documentation": "

Currently, the only available status is ACTIVE: all other values are reserved for future use.

" } }, "Certificate": { @@ -4192,6 +4222,23 @@ } } }, + "com.amazonaws.transfer#EnforceMessageSigningType": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, "com.amazonaws.transfer#ExecutionError": { "type": "structure", "members": { @@ -6974,6 +7021,40 @@ "smithy.api#pattern": "^[\\x09-\\x0D\\x20-\\x7E]*$" } }, + "com.amazonaws.transfer#PreserveContentType": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, + "com.amazonaws.transfer#PreserveFilenameType": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, "com.amazonaws.transfer#PrivateKeyType": { "type": "string", "traits": { @@ -9937,6 +10018,18 @@ "traits": { "smithy.api#documentation": "

Connectors are used to send files using either the AS2 or SFTP protocol. For the access role,\n provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.

\n

\n For AS2 connectors\n

\n

With AS2, you can send files by calling StartFileTransfer and specifying the\n file paths in the request parameter, SendFilePaths. We use the file’s parent\n directory (for example, for --send-file-paths /bucket/dir/file.txt, parent\n directory is /bucket/dir/) to temporarily store a processed AS2 message file,\n store the MDN when we receive them from the partner, and write a final JSON file containing\n relevant metadata of the transmission. So, the AccessRole needs to provide read\n and write access to the parent directory of the file location used in the\n StartFileTransfer request. Additionally, you need to provide read and write\n access to the parent directory of the files that you intend to send with\n StartFileTransfer.

\n

If you are using Basic authentication for your AS2 connector, the access role requires the\n secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using\n a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also\n needs the kms:Decrypt permission for that key.

\n

\n For SFTP connectors\n

\n

Make sure that the access role provides\n read and write access to the parent directory of the file location\n that's used in the StartFileTransfer request.\n Additionally, make sure that the role provides\n secretsmanager:GetSecretValue permission to Secrets Manager.

" } + }, + "PreserveFilename": { + "target": "com.amazonaws.transfer#PreserveFilenameType", + "traits": { + "smithy.api#documentation": "

\n Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload\n filename when saving it.\n

\n " + } + }, + "EnforceMessageSigning": { + "target": "com.amazonaws.transfer#EnforceMessageSigningType", + "traits": { + "smithy.api#documentation": "

\n Determines whether or not unsigned messages from your trading partners will be accepted.\n

\n " + } } }, "traits": {