From 6a201fbde3460c7285d0b501c4b800ad658baea8 Mon Sep 17 00:00:00 2001 From: Peter Song Date: Thu, 6 Nov 2025 13:32:21 -0800 Subject: [PATCH] generate create session stack-info: PR: https://github.com/aws/aws-sdk-net/pull/4125, branch: peterrsongg/petesong/phase-3-pr-2-all/1 --- .../ServiceClientGeneratorLib/ServiceModel.cs | 2 +- .../ServiceModels/s3/s3.customizations.json | 36 ++ .../S3/Custom/Model/CreateSessionRequest.cs | 179 --------- .../Generated/Model/CreateSessionRequest.cs | 373 ++++++++++++++++++ .../Model/CreateSessionResponse.cs | 111 +++--- .../CreateSessionRequestMarshaller.cs | 65 +-- .../CreateSessionResponseUnmarshaller.cs | 67 ++-- .../SessionCredentialsUnmarshaller.cs | 40 +- .../Model/SessionCredentials.cs | 26 +- 9 files changed, 589 insertions(+), 310 deletions(-) delete mode 100644 sdk/src/Services/S3/Custom/Model/CreateSessionRequest.cs create mode 100644 sdk/src/Services/S3/Generated/Model/CreateSessionRequest.cs rename sdk/src/Services/S3/{Custom => Generated}/Model/CreateSessionResponse.cs (60%) rename sdk/src/Services/S3/{Custom => Generated}/Model/Internal/MarshallTransformations/CreateSessionRequestMarshaller.cs (68%) rename sdk/src/Services/S3/{Custom => Generated}/Model/Internal/MarshallTransformations/CreateSessionResponseUnmarshaller.cs (68%) rename sdk/src/Services/S3/{Custom => Generated}/Model/Internal/MarshallTransformations/SessionCredentialsUnmarshaller.cs (76%) rename sdk/src/Services/S3/{Custom => Generated}/Model/SessionCredentials.cs (86%) diff --git a/generator/ServiceClientGeneratorLib/ServiceModel.cs b/generator/ServiceClientGeneratorLib/ServiceModel.cs index fd9cd0196334..19bdddaa8a53 100644 --- a/generator/ServiceClientGeneratorLib/ServiceModel.cs +++ b/generator/ServiceClientGeneratorLib/ServiceModel.cs @@ -547,7 +547,7 @@ public List S3AllowListOperations new Operation(this, "UploadPartCopy", DocumentRoot[OperationsKey]["UploadPartCopy"]), new Operation(this, "ListObjectsV2", DocumentRoot[OperationsKey]["ListObjectsV2"]), // phase 3 (including those moved from phase 1) - //new Operation(this, "CreateSession", DocumentRoot[OperationsKey]["CreateSession"]), + new Operation(this, "CreateSession", DocumentRoot[OperationsKey]["CreateSession"]), //new Operation(this, "GetBucketAnalyticsConfiguration", DocumentRoot[OperationsKey]["GetBucketAnalyticsConfiguration"]), //new Operation(this, "GetBucketIntelligentTieringConfiguration", DocumentRoot[OperationsKey]["GetBucketIntelligentTieringConfiguration"]), //new Operation(this, "GetBucketInventoryConfiguration", DocumentRoot[OperationsKey]["GetBucketInventoryConfiguration"]), diff --git a/generator/ServiceModels/s3/s3.customizations.json b/generator/ServiceModels/s3/s3.customizations.json index 9ae10d457434..345ff770b057 100644 --- a/generator/ServiceModels/s3/s3.customizations.json +++ b/generator/ServiceModels/s3/s3.customizations.json @@ -871,6 +871,42 @@ "MetricsId":{"injectXmlIsSet":["return !string.IsNullOrEmpty(this._metricsId);"]} } ] + }, + "CreateSessionRequest":{ + "modify" :[ + { + "ServerSideEncryption": { + "injectXmlIsSet" :[ + "return this._serverSideEncryption != null && this._serverSideEncryption != ServerSideEncryptionMethod.None;" + ] + } + }, + { + "SSEKMSKeyId":{ + "injectXmlIsSet":[ + "return !string.IsNullOrEmpty(this._ssekmsKeyId);" + ] + } + }, + { + "SSEKMSEncryptionContext":{ + "injectXmlIsSet":[ + "return !string.IsNullOrEmpty(this._ssekmsEncryptionContext);" + ] + } + } + ] + }, + "CreateSessionOutput":{ + "modify" :[ + { + "ServerSideEncryption": { + "injectXmlIsSet" :[ + "return this._serverSideEncryption != null && this._serverSideEncryption != ServerSideEncryptionMethod.None;" + ] + } + } + ] } }, "operationModifiers": { diff --git a/sdk/src/Services/S3/Custom/Model/CreateSessionRequest.cs b/sdk/src/Services/S3/Custom/Model/CreateSessionRequest.cs deleted file mode 100644 index b3aecae9d104..000000000000 --- a/sdk/src/Services/S3/Custom/Model/CreateSessionRequest.cs +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ -using System; -using System.Collections.Generic; -using System.Xml.Serialization; -using System.Text; -using System.IO; - -using Amazon.Runtime; -using Amazon.Runtime.Internal; - -namespace Amazon.S3.Model -{ - /// - /// Container for the parameters to the CreateSession operation. - /// - public partial class CreateSessionRequest : AmazonWebServiceRequest - { - private string _bucketName; - private SessionMode _sessionMode; - private ServerSideEncryptionMethod _serverSideEncryption; - private string _serverSideEncryptionKeyManagementServiceKeyId; - private string _serverSideEncryptionKeyManagementServiceEncryptionContext; - private bool? _bucketKeyEnabled; - - /// - /// The name of the bucket that you create a session for. - /// - public string BucketName - { - get { return this._bucketName; } - set { this._bucketName = value; } - } - - // Check to see if BucketName property is set - internal bool IsSetBucketName() - { - return this._bucketName != null; - } - - /// - /// - /// Specifies the mode of the session that will be created, either ReadWrite or ReadOnly. By default, a ReadWrite session is created. - /// - /// A ReadWrite session is capable of executing all the Zonal endpoint API operations on a directory bucket. - /// A ReadOnly session is constrained to execute the following Zonal endpoint API operations: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, ListParts, and ListMultipartUploads. - /// - /// - public SessionMode SessionMode - { - get { return this._sessionMode; } - set { this._sessionMode = value; } - } - - // Check to see if SessionMode property is set - internal bool IsSetSessionMode() - { - return this._sessionMode != null; - } - - /// - /// The server-side encryption algorithm to use when you store objects in the directory bucket. - /// - /// For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). - /// By default, Amazon S3 encrypts data with SSE-S3. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. - /// - /// - /// S3 access points for Amazon FSx - When accessing data stored in Amazon FSx - /// file systems using S3 access points, the only valid server side encryption option - /// is aws:fsx. All Amazon FSx file systems have encryption configured by default - /// and are encrypted at rest. Data is automatically encrypted before being written to - /// the file system, and automatically decrypted as it is read. These processes are handled - /// transparently by Amazon FSx. - /// - /// - public ServerSideEncryptionMethod ServerSideEncryption - { - get { return this._serverSideEncryption; } - set { this._serverSideEncryption = value; } - } - - // Check to see if ServerSideEncryption property is set - internal bool IsSetServerSideEncryptionMethod() - { - return this._serverSideEncryption != null && this._serverSideEncryption != ServerSideEncryptionMethod.None; - } - - /// - /// - /// If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. - /// Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. - /// Also, if the KMS key doesn't exist in the same account that't issuing the command, you must use the full Key ARN not the Key ID. - /// - /// - /// Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. Amazon Web Services managed key (aws/s3) isn't supported. - /// - /// - [AWSProperty(Sensitive = true)] - public string SSEKMSKeyId - { - get { return this._serverSideEncryptionKeyManagementServiceKeyId; } - set { this._serverSideEncryptionKeyManagementServiceKeyId = value; } - } - - /// - /// Checks if SSEKMSKeyId property is set. - /// - internal bool IsSetSSEKMSKeyId() - { - return !string.IsNullOrEmpty(this._serverSideEncryptionKeyManagementServiceKeyId); - } - - /// - /// - /// Specifies the Amazon Web Services KMS Encryption Context as an additional encryption context to use for object encryption. - /// The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. - /// This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject operations on this object. - /// - /// - /// General purpose buckets - This value must be explicitly added during CopyObject operations if you want an additional encryption context for your object. - /// For more information, see Encryption context in the Amazon S3 User Guide. - /// - /// - /// Directory buckets - You can optionally provide an explicit encryption context value. The value must match the default encryption context - the bucket Amazon Resource Name (ARN). - /// An additional encryption context value is not supported. - /// - /// - [AWSProperty(Sensitive = true)] - public string SSEKMSEncryptionContext - { - get { return this._serverSideEncryptionKeyManagementServiceEncryptionContext; } - set { this._serverSideEncryptionKeyManagementServiceEncryptionContext = value; } - } - - /// - /// Checks if SSEKMSEncryptionContext property is set. - /// - internal bool IsSetSSEKMSEncryptionContext() - { - return !string.IsNullOrEmpty(this._serverSideEncryptionKeyManagementServiceEncryptionContext); - } - - /// - /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using KMS keys (SSE-KMS). - /// - /// S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can't be disabled. - /// S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, - /// through CopyObject, UploadPartCopy, - /// the Copy operation in Batch Operations, or the import jobs. - /// In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object. - /// - /// - public bool? BucketKeyEnabled - { - get { return this._bucketKeyEnabled; } - set { this._bucketKeyEnabled = value; } - } - - /// - /// Checks if BucketKeyEnabled property is set. - /// - internal bool IsSetBucketKeyEnabled() - { - return this._bucketKeyEnabled.HasValue; - } - } -} \ No newline at end of file diff --git a/sdk/src/Services/S3/Generated/Model/CreateSessionRequest.cs b/sdk/src/Services/S3/Generated/Model/CreateSessionRequest.cs new file mode 100644 index 000000000000..f75baf98c94c --- /dev/null +++ b/sdk/src/Services/S3/Generated/Model/CreateSessionRequest.cs @@ -0,0 +1,373 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +/* + * Do not modify this file. This file is generated from the s3-2006-03-01.normal.json service model. + */ +using System; +using System.Collections.Generic; +using System.Xml.Serialization; +using System.Text; +using System.IO; +using System.Net; + +using Amazon.Runtime; +using Amazon.Runtime.Internal; + +#pragma warning disable CS0612,CS0618,CS1570 +namespace Amazon.S3.Model +{ + /// + /// Container for the parameters to the CreateSession operation. + /// Creates a session that establishes temporary security credentials to support fast + /// authentication and authorization for the Zonal endpoint API operations on directory + /// buckets. For more information about Zonal endpoint API operations that include the + /// Availability Zone in the request endpoint, see S3 + /// Express One Zone APIs in the Amazon S3 User Guide. + /// + /// + /// + /// To make Zonal endpoint API requests on a directory bucket, use the CreateSession + /// API operation. Specifically, you grant s3express:CreateSession permission to + /// a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials + /// to make the CreateSession API request on the bucket, which returns temporary + /// security credentials that include the access key ID, secret access key, session token, + /// and expiration. These credentials have associated permissions to access the Zonal + /// endpoint API operations. After the session is created, you don’t need to use other + /// policies to grant permissions to each Zonal endpoint API individually. Instead, in + /// your Zonal endpoint API requests, you sign your requests by applying the temporary + /// security credentials of the session to the request headers and following the SigV4 + /// protocol for authentication. You also apply the session token to the x-amz-s3session-token + /// request header for authorization. Temporary security credentials are scoped to the + /// bucket and expire after 5 minutes. After the expiration time, any calls that you make + /// with those credentials will fail. You must use IAM credentials again to make a CreateSession + /// API request that generates a new set of temporary credentials for use. Temporary credentials + /// cannot be extended or refreshed beyond the original specified interval. + /// + /// + /// + /// If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically + /// to avoid service interruptions when a session expires. We recommend that you use the + /// Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. + /// For more information, see Performance + /// guidelines and design patterns in the Amazon S3 User Guide. + /// + ///
  • + /// + /// You must make requests for this API operation to the Zonal endpoint. These endpoints + /// support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com. + /// Path-style requests are not supported. For more information about endpoints in Availability + /// Zones, see Regional + /// and Zonal endpoints for directory buckets in Availability Zones in the Amazon + /// S3 User Guide. For more information about endpoints in Local Zones, see Concepts + /// for directory buckets in Local Zones in the Amazon S3 User Guide. + /// + ///
  • + /// + /// CopyObject API operation - Unlike other Zonal endpoint API operations, + /// the CopyObject API operation doesn't use the temporary security credentials + /// returned from the CreateSession API operation for authentication and authorization. + /// For information about authentication and authorization of the CopyObject API + /// operation on directory buckets, see CopyObject. + /// + ///
  • + /// + /// HeadBucket API operation - Unlike other Zonal endpoint API operations, + /// the HeadBucket API operation doesn't use the temporary security credentials + /// returned from the CreateSession API operation for authentication and authorization. + /// For information about authentication and authorization of the HeadBucket API + /// operation on directory buckets, see HeadBucket. + /// + ///
Permissions
+ /// + /// To obtain temporary security credentials, you must create a bucket policy or an IAM + /// identity-based policy that grants s3express:CreateSession permission to the + /// bucket. In a policy, you can have the s3express:SessionMode condition key to + /// control who can create a ReadWrite or ReadOnly session. For more information + /// about ReadWrite or ReadOnly sessions, see + /// x-amz-create-session-mode . For example policies, see Example + /// bucket policies for S3 Express One Zone and Amazon + /// Web Services Identity and Access Management (IAM) identity-based policies for S3 Express + /// One Zone in the Amazon S3 User Guide. + /// + /// + /// + /// To grant cross-account access to Zonal endpoint API operations, the bucket policy + /// should also grant both accounts the s3express:CreateSession permission. + /// + /// + /// + /// If you want to encrypt objects with SSE-KMS, you must also have the kms:GenerateDataKey + /// and the kms:Decrypt permissions in IAM identity-based policies and KMS key + /// policies for the target KMS key. + /// + ///
Encryption
+ /// + /// For directory buckets, there are only two supported options for server-side encryption: + /// server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side + /// encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's + /// default encryption uses the desired encryption configuration and you don't override + /// the bucket default encryption in your CreateSession requests or PUT + /// object requests. Then, new objects are automatically encrypted with the desired encryption + /// settings. For more information, see Protecting + /// data with server-side encryption in the Amazon S3 User Guide. For more + /// information about the encryption overriding behaviors in directory buckets, see Specifying + /// server-side encryption with KMS for new object uploads. + /// + /// + /// + /// For Zonal + /// endpoint (object-level) API operations except CopyObject + /// and UploadPartCopy, + /// you authenticate and authorize requests through CreateSession + /// for low latency. To encrypt new objects in a directory bucket with SSE-KMS, you must + /// specify SSE-KMS as the directory bucket's default encryption configuration with a + /// KMS key (specifically, a customer + /// managed key). Then, when a session is created for Zonal endpoint API operations, + /// new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys + /// during the session. + /// + /// + /// + /// Only 1 customer + /// managed key is supported per directory bucket for the lifetime of the bucket. + /// The Amazon + /// Web Services managed key (aws/s3) isn't supported. After you specify SSE-KMS + /// as your bucket's default encryption configuration with a customer managed key, you + /// can't change the customer managed key for the bucket's SSE-KMS configuration. + /// + /// + /// + /// In the Zonal endpoint API calls (except CopyObject + /// and UploadPartCopy) + /// using the REST API, you can't override the values of the encryption settings (x-amz-server-side-encryption, + /// x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, + /// and x-amz-server-side-encryption-bucket-key-enabled) from the CreateSession + /// request. You don't need to explicitly specify these encryption settings values in + /// Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from + /// the CreateSession request to protect new objects in the directory bucket. + /// + /// + /// + /// When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the + /// session token refreshes automatically to avoid service interruptions when a session + /// expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption + /// configuration for the CreateSession request. It's not supported to override + /// the encryption settings values in the CreateSession request. Also, in the Zonal + /// endpoint API calls (except CopyObject + /// and UploadPartCopy), + /// it's not supported to override the values of the encryption settings from the CreateSession + /// request. + /// + ///
HTTP Host header syntax
+ /// + /// Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com. + /// + ///
+ /// + /// You must URL encode any signed header values that contain spaces. For example, if + /// your header value is my file.txt, containing two spaces after my, you + /// must URL encode this value to my%20%20file.txt. + /// + /// + /// + public partial class CreateSessionRequest : AmazonWebServiceRequest + { + private bool? _bucketKeyEnabled; + private string _bucketName; + private ServerSideEncryptionMethod _serverSideEncryption; + private SessionMode _sessionMode; + private string _ssekmsEncryptionContext; + private string _ssekmsKeyId; + + /// + /// Gets and sets the property BucketKeyEnabled. + /// + /// Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with + /// server-side encryption using KMS keys (SSE-KMS). + /// + /// + /// + /// S3 Bucket Keys are always enabled for GET and PUT operations in a directory + /// bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS + /// encrypted objects from general purpose buckets to directory buckets, from directory + /// buckets to general purpose buckets, or between directory buckets, through CopyObject, + /// UploadPartCopy, + /// the + /// Copy operation in Batch Operations, or the + /// import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request + /// is made for a KMS-encrypted object. + /// + /// + public bool? BucketKeyEnabled + { + get { return this._bucketKeyEnabled; } + set { this._bucketKeyEnabled = value; } + } + + // Check to see if BucketKeyEnabled property is set + internal bool IsSetBucketKeyEnabled() + { + return this._bucketKeyEnabled.HasValue; + } + + /// + /// Gets and sets the property BucketName. + /// + /// The name of the bucket that you create a session for. + /// + /// + [AWSProperty(Required=true)] + public string BucketName + { + get { return this._bucketName; } + set { this._bucketName = value; } + } + + // Check to see if BucketName property is set + internal bool IsSetBucketName() + { + return this._bucketName != null; + } + + /// + /// Gets and sets the property ServerSideEncryption. + /// + /// The server-side encryption algorithm to use when you store objects in the directory + /// bucket. + /// + /// + /// + /// For directory buckets, there are only two supported options for server-side encryption: + /// server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side + /// encryption with KMS keys (SSE-KMS) (aws:kms). By default, Amazon S3 encrypts + /// data with SSE-S3. For more information, see Protecting + /// data with server-side encryption in the Amazon S3 User Guide. + /// + /// + /// + /// S3 access points for Amazon FSx - When accessing data stored in Amazon FSx + /// file systems using S3 access points, the only valid server side encryption option + /// is aws:fsx. All Amazon FSx file systems have encryption configured by default + /// and are encrypted at rest. Data is automatically encrypted before being written to + /// the file system, and automatically decrypted as it is read. These processes are handled + /// transparently by Amazon FSx. + /// + /// + public ServerSideEncryptionMethod ServerSideEncryption + { + get { return this._serverSideEncryption; } + set { this._serverSideEncryption = value; } + } + + // Check to see if ServerSideEncryption property is set + internal bool IsSetServerSideEncryption() + { + return this._serverSideEncryption != null && this._serverSideEncryption != ServerSideEncryptionMethod.None; + } + + /// + /// Gets and sets the property SessionMode. + /// + /// Specifies the mode of the session that will be created, either ReadWrite or + /// ReadOnly. By default, a ReadWrite session is created. A ReadWrite + /// session is capable of executing all the Zonal endpoint API operations on a directory + /// bucket. A ReadOnly session is constrained to execute the following Zonal endpoint + /// API operations: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, + /// ListParts, and ListMultipartUploads. + /// + /// + public SessionMode SessionMode + { + get { return this._sessionMode; } + set { this._sessionMode = value; } + } + + // Check to see if SessionMode property is set + internal bool IsSetSessionMode() + { + return this._sessionMode != null; + } + + /// + /// Gets and sets the property SSEKMSEncryptionContext. + /// + /// Specifies the Amazon Web Services KMS Encryption Context as an additional encryption + /// context to use for object encryption. The value of this header is a Base64 encoded + /// string of a UTF-8 encoded JSON, which contains the encryption context as key-value + /// pairs. This value is stored as object metadata and automatically gets passed on to + /// Amazon Web Services KMS for future GetObject operations on this object. + /// + /// + /// + /// General purpose buckets - This value must be explicitly added during CopyObject + /// operations if you want an additional encryption context for your object. For more + /// information, see Encryption + /// context in the Amazon S3 User Guide. + /// + /// + /// + /// Directory buckets - You can optionally provide an explicit encryption context + /// value. The value must match the default encryption context - the bucket Amazon Resource + /// Name (ARN). An additional encryption context value is not supported. + /// + /// + [AWSProperty(Sensitive=true)] + public string SSEKMSEncryptionContext + { + get { return this._ssekmsEncryptionContext; } + set { this._ssekmsEncryptionContext = value; } + } + + // Check to see if SSEKMSEncryptionContext property is set + internal bool IsSetSSEKMSEncryptionContext() + { + return !string.IsNullOrEmpty(this._ssekmsEncryptionContext); + } + + /// + /// Gets and sets the property SSEKMSKeyId. + /// + /// If you specify x-amz-server-side-encryption with aws:kms, you must specify + /// the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID + /// or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, + /// you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The + /// key alias format of the KMS key isn't supported. Also, if the KMS key doesn't exist + /// in the same account that't issuing the command, you must use the full Key ARN not + /// the Key ID. + /// + /// + /// + /// Your SSE-KMS configuration can only support 1 customer + /// managed key per directory bucket's lifetime. The Amazon + /// Web Services managed key (aws/s3) isn't supported. + /// + /// + [AWSProperty(Sensitive=true)] + public string SSEKMSKeyId + { + get { return this._ssekmsKeyId; } + set { this._ssekmsKeyId = value; } + } + + // Check to see if SSEKMSKeyId property is set + internal bool IsSetSSEKMSKeyId() + { + return !string.IsNullOrEmpty(this._ssekmsKeyId); + } + + } +} \ No newline at end of file diff --git a/sdk/src/Services/S3/Custom/Model/CreateSessionResponse.cs b/sdk/src/Services/S3/Generated/Model/CreateSessionResponse.cs similarity index 60% rename from sdk/src/Services/S3/Custom/Model/CreateSessionResponse.cs rename to sdk/src/Services/S3/Generated/Model/CreateSessionResponse.cs index 9c696d3b1485..f1d4562ca6ce 100644 --- a/sdk/src/Services/S3/Custom/Model/CreateSessionResponse.cs +++ b/sdk/src/Services/S3/Generated/Model/CreateSessionResponse.cs @@ -1,4 +1,4 @@ -/* +/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). @@ -12,14 +12,21 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ + +/* + * Do not modify this file. This file is generated from the s3-2006-03-01.normal.json service model. + */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; +using System.IO; +using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; +#pragma warning disable CS0612,CS0618,CS1570 namespace Amazon.S3.Model { /// @@ -27,39 +34,62 @@ namespace Amazon.S3.Model /// public partial class CreateSessionResponse : AmazonWebServiceResponse { + private bool? _bucketKeyEnabled; private SessionCredentials _credentials; private ServerSideEncryptionMethod _serverSideEncryption; - private string _serverSideEncryptionKeyManagementServiceKeyId; - private string _serverSideEncryptionKeyManagementServiceEncryptionContext; - private bool? _bucketKeyEnabled; + private string _ssekmsEncryptionContext; + private string _ssekmsKeyId; /// + /// Gets and sets the property BucketKeyEnabled. + /// + /// Indicates whether to use an S3 Bucket Key for server-side encryption with KMS keys + /// (SSE-KMS). + /// + /// + public bool? BucketKeyEnabled + { + get { return this._bucketKeyEnabled; } + set { this._bucketKeyEnabled = value; } + } + + // Check to see if BucketKeyEnabled property is set + internal bool IsSetBucketKeyEnabled() + { + return this._bucketKeyEnabled.HasValue; + } + + /// + /// Gets and sets the property Credentials. + /// /// The established temporary security credentials for the created session. + /// /// - [AWSProperty(Required = true)] + [AWSProperty(Required=true)] public SessionCredentials Credentials { get { return this._credentials; } set { this._credentials = value; } } - // Check to see if Credential property is set + // Check to see if Credentials property is set internal bool IsSetCredentials() { return this._credentials != null; } /// + /// Gets and sets the property ServerSideEncryption. /// /// The server-side encryption algorithm used when you store objects in the directory /// bucket. /// - /// + /// /// /// When accessing data stored in Amazon FSx file systems using S3 access points, the /// only valid server side encryption option is aws:fsx. /// - /// + /// /// public ServerSideEncryptionMethod ServerSideEncryption { @@ -68,67 +98,54 @@ public ServerSideEncryptionMethod ServerSideEncryption } // Check to see if ServerSideEncryption property is set - internal bool IsSetServerSideEncryptionMethod() + internal bool IsSetServerSideEncryption() { return this._serverSideEncryption != null && this._serverSideEncryption != ServerSideEncryptionMethod.None; } /// - /// If you specify x-amz-server-side-encryption with aws:kms, this header indicates the ID of the - /// KMS symmetric encryption customer managed key that was used for object encryption. - /// - [AWSProperty(Sensitive = true)] - public string SSEKMSKeyId - { - get { return this._serverSideEncryptionKeyManagementServiceKeyId; } - set { this._serverSideEncryptionKeyManagementServiceKeyId = value; } - } - - /// - /// Checks if SSEKMSKeyId property is set. - /// - internal bool IsSetSSEKMSKeyId() - { - return !string.IsNullOrEmpty(this._serverSideEncryptionKeyManagementServiceKeyId); - } - - /// + /// Gets and sets the property SSEKMSEncryptionContext. /// - /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object encryption. - /// The value of this header is a Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption context as key-value pairs. - /// This value is stored as object metadata and automatically gets passed on to Amazon Web Services KMS for future GetObject operations on this object. + /// If present, indicates the Amazon Web Services KMS Encryption Context to use for object + /// encryption. The value of this header is a Base64 encoded string of a UTF-8 encoded + /// JSON, which contains the encryption context as key-value pairs. This value is stored + /// as object metadata and automatically gets passed on to Amazon Web Services KMS for + /// future GetObject operations on this object. /// /// - [AWSProperty(Sensitive = true)] + [AWSProperty(Sensitive=true)] public string SSEKMSEncryptionContext { - get { return this._serverSideEncryptionKeyManagementServiceEncryptionContext; } - set { this._serverSideEncryptionKeyManagementServiceEncryptionContext = value; } + get { return this._ssekmsEncryptionContext; } + set { this._ssekmsEncryptionContext = value; } } - /// - /// Checks if SSEKMSEncryptionContext property is set. - /// + // Check to see if SSEKMSEncryptionContext property is set internal bool IsSetSSEKMSEncryptionContext() { - return !string.IsNullOrEmpty(this._serverSideEncryptionKeyManagementServiceEncryptionContext); + return this._ssekmsEncryptionContext != null; } /// - /// Indicates whether to use an S3 Bucket Key for server-side encryption with KMS keys (SSE-KMS). + /// Gets and sets the property SSEKMSKeyId. + /// + /// If you specify x-amz-server-side-encryption with aws:kms, this header + /// indicates the ID of the KMS symmetric encryption customer managed key that was used + /// for object encryption. + /// /// - public bool? BucketKeyEnabled + [AWSProperty(Sensitive=true)] + public string SSEKMSKeyId { - get { return this._bucketKeyEnabled; } - set { this._bucketKeyEnabled = value; } + get { return this._ssekmsKeyId; } + set { this._ssekmsKeyId = value; } } - /// - /// Checks if BucketKeyEnabled property is set. - /// - internal bool IsSetBucketKeyEnabled() + // Check to see if SSEKMSKeyId property is set + internal bool IsSetSSEKMSKeyId() { - return this._bucketKeyEnabled.HasValue; + return this._ssekmsKeyId != null; } + } } \ No newline at end of file diff --git a/sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/CreateSessionRequestMarshaller.cs b/sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/CreateSessionRequestMarshaller.cs similarity index 68% rename from sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/CreateSessionRequestMarshaller.cs rename to sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/CreateSessionRequestMarshaller.cs index 3fe78d871b4f..babfb0c7cad8 100644 --- a/sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/CreateSessionRequestMarshaller.cs +++ b/sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/CreateSessionRequestMarshaller.cs @@ -13,17 +13,30 @@ * permissions and limitations under the License. */ +/* + * Do not modify this file. This file is generated from the s3-2006-03-01.normal.json service model. + */ +using System; +using System.Collections.Generic; +using System.Globalization; +using System.IO; +using System.Text; +using System.Xml.Serialization; + +using Amazon.S3.Model; using Amazon.Runtime; using Amazon.Runtime.Internal; using Amazon.Runtime.Internal.Transform; using Amazon.Runtime.Internal.Util; +using System.Xml; +#pragma warning disable CS0612,CS0618 namespace Amazon.S3.Model.Internal.MarshallTransformations { /// /// CreateSession Request Marshaller /// - public class CreateSessionRequestMarshaller : IMarshaller, IMarshaller + public partial class CreateSessionRequestMarshaller : IMarshaller , IMarshaller { /// /// Marshaller the request object to the HTTP request. @@ -43,45 +56,42 @@ public IRequest Marshall(AmazonWebServiceRequest input) public IRequest Marshall(CreateSessionRequest publicRequest) { var request = new DefaultRequest(publicRequest, "Amazon.S3"); + PreMarshallCustomization(request, publicRequest); request.HttpMethod = "GET"; request.AddSubResource("session"); - - if (!publicRequest.IsSetBucketName()) + + if (publicRequest.IsSetBucketKeyEnabled()) { - throw new AmazonS3Exception("Request object does not have required field BucketName set"); - } - - if (publicRequest.IsSetSessionMode()) - { - request.Headers["x-amz-create-session-mode"] = publicRequest.SessionMode; + request.Headers["x-amz-server-side-encryption-bucket-key-enabled"] = StringUtils.FromBool(publicRequest.BucketKeyEnabled); } - - if (publicRequest.IsSetServerSideEncryptionMethod()) + + if (publicRequest.IsSetServerSideEncryption()) { request.Headers["x-amz-server-side-encryption"] = publicRequest.ServerSideEncryption; } - - if (publicRequest.IsSetSSEKMSKeyId()) + + if (publicRequest.IsSetSessionMode()) { - request.Headers["x-amz-server-side-encryption-aws-kms-key-id"] = publicRequest.SSEKMSKeyId; + request.Headers["x-amz-create-session-mode"] = publicRequest.SessionMode; } - - if (publicRequest.IsSetSSEKMSEncryptionContext()) + + if (publicRequest.IsSetSSEKMSEncryptionContext()) { request.Headers["x-amz-server-side-encryption-context"] = publicRequest.SSEKMSEncryptionContext; } - - if (publicRequest.IsSetBucketKeyEnabled()) + + if (publicRequest.IsSetSSEKMSKeyId()) { - request.Headers["x-amz-server-side-encryption-bucket-key-enabled"] = S3Transforms.ToStringValue(publicRequest.BucketKeyEnabled.Value); + request.Headers["x-amz-server-side-encryption-aws-kms-key-id"] = publicRequest.SSEKMSKeyId; } + if (!publicRequest.IsSetBucketName()) + throw new AmazonS3Exception("Request object does not have required field BucketName set"); + request.ResourcePath = "/"; - request.AddPathResource("{Bucket}", StringUtils.FromString(publicRequest.BucketName)); - request.ResourcePath = "/{Bucket}"; - + PostMarshallCustomization(request, publicRequest); return request; } - private static CreateSessionRequestMarshaller _instance = new CreateSessionRequestMarshaller(); + private static CreateSessionRequestMarshaller _instance = new CreateSessionRequestMarshaller(); internal static CreateSessionRequestMarshaller GetInstance() { @@ -95,12 +105,11 @@ public static CreateSessionRequestMarshaller Instance { get { - if (_instance == null) - { - _instance = new CreateSessionRequestMarshaller(); - } return _instance; } } - } + + partial void PostMarshallCustomization(DefaultRequest defaultRequest, CreateSessionRequest publicRequest); + partial void PreMarshallCustomization(DefaultRequest defaultRequest, CreateSessionRequest publicRequest); + } } \ No newline at end of file diff --git a/sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/CreateSessionResponseUnmarshaller.cs b/sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/CreateSessionResponseUnmarshaller.cs similarity index 68% rename from sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/CreateSessionResponseUnmarshaller.cs rename to sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/CreateSessionResponseUnmarshaller.cs index 9347e453a240..6bf0b2448b16 100644 --- a/sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/CreateSessionResponseUnmarshaller.cs +++ b/sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/CreateSessionResponseUnmarshaller.cs @@ -12,9 +12,17 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ + +/* + * Do not modify this file. This file is generated from the s3-2006-03-01.normal.json service model. + */ using System; +using System.Collections.Generic; +using System.Globalization; using System.IO; using System.Net; +using System.Text; +using System.Xml.Serialization; using Amazon.S3.Model; using Amazon.Runtime; @@ -22,12 +30,13 @@ using Amazon.Runtime.Internal.Transform; using Amazon.Runtime.Internal.Util; +#pragma warning disable CS0612,CS0618 namespace Amazon.S3.Model.Internal.MarshallTransformations { /// /// Response Unmarshaller for CreateSession operation /// - public class CreateSessionResponseUnmarshaller : S3ReponseUnmarshaller + public partial class CreateSessionResponseUnmarshaller : S3ReponseUnmarshaller { /// /// Unmarshaller the response from the service to the response class. @@ -37,18 +46,30 @@ public class CreateSessionResponseUnmarshaller : S3ReponseUnmarshaller public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { CreateSessionResponse response = new CreateSessionResponse(); - UnmarshallResult(context, response); - + UnmarshallResult(context,response); + if (context.ResponseData.IsHeaderPresent("x-amz-server-side-encryption-bucket-key-enabled")) + response.BucketKeyEnabled = bool.Parse(context.ResponseData.GetHeaderValue("x-amz-server-side-encryption-bucket-key-enabled")); + if (context.ResponseData.IsHeaderPresent("x-amz-server-side-encryption")) + response.ServerSideEncryption = context.ResponseData.GetHeaderValue("x-amz-server-side-encryption"); + if (context.ResponseData.IsHeaderPresent("x-amz-server-side-encryption-context")) + response.SSEKMSEncryptionContext = context.ResponseData.GetHeaderValue("x-amz-server-side-encryption-context"); + if (context.ResponseData.IsHeaderPresent("x-amz-server-side-encryption-aws-kms-key-id")) + response.SSEKMSKeyId = context.ResponseData.GetHeaderValue("x-amz-server-side-encryption-aws-kms-key-id"); + + PostUnmarshallCustomization(context, response); return response; - } + } private static void UnmarshallResult(XmlUnmarshallerContext context, CreateSessionResponse response) { int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; - if (context.IsStartOfDocument) - targetDepth += 1; - + if (context.IsStartOfDocument) + targetDepth += 1; + if (context.IsEmptyResponse) + { + return; + } while (context.Read()) { if (context.IsStartElement || context.IsAttribute) @@ -65,28 +86,9 @@ private static void UnmarshallResult(XmlUnmarshallerContext context, CreateSessi return; } } - - IWebResponseData responseData = context.ResponseData; - if (responseData.IsHeaderPresent("x-amz-server-side-encryption")) - { - response.ServerSideEncryption = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-server-side-encryption")); - } - if (responseData.IsHeaderPresent("x-amz-server-side-encryption-aws-kms-key-id")) - { - response.SSEKMSKeyId = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-server-side-encryption-aws-kms-key-id")); - } - if (responseData.IsHeaderPresent("x-amz-server-side-encryption-context")) - { - response.SSEKMSEncryptionContext = S3Transforms.ToString(responseData.GetHeaderValue("x-amz-server-side-encryption-context")); - } - if (responseData.IsHeaderPresent("x-amz-server-side-encryption-bucket-key-enabled")) - { - response.BucketKeyEnabled = S3Transforms.ToBool(responseData.GetHeaderValue("x-amz-server-side-encryption-bucket-key-enabled")); - } - return; } - + /// /// Unmarshaller error response to exception. @@ -97,7 +99,7 @@ private static void UnmarshallResult(XmlUnmarshallerContext context, CreateSessi /// public override AmazonServiceException UnmarshallException(XmlUnmarshallerContext context, Exception innerException, HttpStatusCode statusCode) { - var errorResponse = S3ErrorResponseUnmarshaller.Instance.Unmarshall(context); + S3ErrorResponse errorResponse = S3ErrorResponseUnmarshaller.Instance.Unmarshall(context); errorResponse.InnerException = innerException; errorResponse.StatusCode = statusCode; @@ -111,11 +113,12 @@ public override AmazonServiceException UnmarshallException(XmlUnmarshallerContex return NoSuchBucketExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse); } } - return base.ConstructS3Exception(context, errorResponse, innerException, statusCode); } - private static CreateSessionResponseUnmarshaller _instance = new CreateSessionResponseUnmarshaller(); + partial void PostUnmarshallCustomization(XmlUnmarshallerContext context, CreateSessionResponse response); + + private static CreateSessionResponseUnmarshaller _instance = new CreateSessionResponseUnmarshaller(); internal static CreateSessionResponseUnmarshaller GetInstance() { @@ -129,10 +132,6 @@ public static CreateSessionResponseUnmarshaller Instance { get { - if (_instance == null) - { - _instance = new CreateSessionResponseUnmarshaller(); - } return _instance; } } diff --git a/sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/SessionCredentialsUnmarshaller.cs b/sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/SessionCredentialsUnmarshaller.cs similarity index 76% rename from sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/SessionCredentialsUnmarshaller.cs rename to sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/SessionCredentialsUnmarshaller.cs index c4b6dd774343..83512928c5c0 100644 --- a/sdk/src/Services/S3/Custom/Model/Internal/MarshallTransformations/SessionCredentialsUnmarshaller.cs +++ b/sdk/src/Services/S3/Generated/Model/Internal/MarshallTransformations/SessionCredentialsUnmarshaller.cs @@ -1,4 +1,4 @@ -/* +/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). @@ -12,17 +12,31 @@ * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ + +/* + * Do not modify this file. This file is generated from the s3-2006-03-01.normal.json service model. + */ +using System; using System.Collections.Generic; +using System.Globalization; +using System.IO; +using System.Net; +using System.Text; +using System.Xml.Serialization; using Amazon.S3.Model; +using Amazon.Runtime; +using Amazon.Runtime.Internal; using Amazon.Runtime.Internal.Transform; +using Amazon.Runtime.Internal.Util; +#pragma warning disable CS0612,CS0618 namespace Amazon.S3.Model.Internal.MarshallTransformations { /// /// Response Unmarshaller for SessionCredentials Object /// - public class SessionCredentialsUnmarshaller : IXmlUnmarshaller + public partial class SessionCredentialsUnmarshaller : IXmlUnmarshaller { /// /// Unmarshaller the response from the service to the response class. @@ -34,10 +48,10 @@ public SessionCredentials Unmarshall(XmlUnmarshallerContext context) SessionCredentials unmarshalledObject = new SessionCredentials(); int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; - - if (context.IsStartOfDocument) - targetDepth += 2; - + + if (context.IsStartOfDocument) + targetDepth += 2; + while (context.Read()) { if (context.IsStartElement || context.IsAttribute) @@ -50,7 +64,7 @@ public SessionCredentials Unmarshall(XmlUnmarshallerContext context) } if (context.TestExpression("Expiration", targetDepth)) { - var unmarshaller = DateTimeUnmarshaller.Instance; + var unmarshaller = NullableDateTimeUnmarshaller.Instance; unmarshalledObject.Expiration = unmarshaller.Unmarshall(context); continue; } @@ -66,16 +80,20 @@ public SessionCredentials Unmarshall(XmlUnmarshallerContext context) unmarshalledObject.SessionToken = unmarshaller.Unmarshall(context); continue; } + + XmlStructureUnmarshallCustomization(context, unmarshalledObject, targetDepth); } else if (context.IsEndElement && context.CurrentDepth < originalDepth) { return unmarshalledObject; } - } + } return unmarshalledObject; } - private static SessionCredentialsUnmarshaller _instance = new SessionCredentialsUnmarshaller(); + partial void XmlStructureUnmarshallCustomization(XmlUnmarshallerContext context, SessionCredentials unmarshalledObject, int targetDepth); + + private static SessionCredentialsUnmarshaller _instance = new SessionCredentialsUnmarshaller(); /// /// Gets the singleton. @@ -84,10 +102,6 @@ public static SessionCredentialsUnmarshaller Instance { get { - if (_instance == null) - { - _instance = new SessionCredentialsUnmarshaller(); - } return _instance; } } diff --git a/sdk/src/Services/S3/Custom/Model/SessionCredentials.cs b/sdk/src/Services/S3/Generated/Model/SessionCredentials.cs similarity index 86% rename from sdk/src/Services/S3/Custom/Model/SessionCredentials.cs rename to sdk/src/Services/S3/Generated/Model/SessionCredentials.cs index 67f18e808da0..303ea7d772ba 100644 --- a/sdk/src/Services/S3/Custom/Model/SessionCredentials.cs +++ b/sdk/src/Services/S3/Generated/Model/SessionCredentials.cs @@ -1,4 +1,4 @@ -/* +/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). @@ -13,10 +13,20 @@ * permissions and limitations under the License. */ - +/* + * Do not modify this file. This file is generated from the s3-2006-03-01.normal.json service model. + */ using System; +using System.Collections.Generic; +using System.Xml.Serialization; +using System.Text; +using System.IO; +using System.Net; + +using Amazon.Runtime; using Amazon.Runtime.Internal; +#pragma warning disable CS0612,CS0618,CS1570 namespace Amazon.S3.Model { /// @@ -25,7 +35,7 @@ namespace Amazon.S3.Model /// /// /// Directory buckets - These session credentials are only supported for the authentication - /// and authorization of Zonal endpoint APIs on directory buckets. + /// and authorization of Zonal endpoint API operations on directory buckets. /// /// /// @@ -44,7 +54,7 @@ public partial class SessionCredentials /// requests cryptographically. /// /// - [AWSProperty(Required = true)] + [AWSProperty(Required=true)] public string AccessKeyId { get { return this._accessKeyId; } @@ -66,7 +76,7 @@ internal bool IsSetAccessKeyId() /// extended or refreshed beyond the original specified interval. /// /// - [AWSProperty(Required = true)] + [AWSProperty(Required=true)] public DateTime? Expiration { get { return this._expiration; } @@ -76,7 +86,7 @@ public DateTime? Expiration // Check to see if Expiration property is set internal bool IsSetExpiration() { - return this._expiration.HasValue; + return this._expiration.HasValue; } /// @@ -87,7 +97,7 @@ internal bool IsSetExpiration() /// from being altered. /// /// - [AWSProperty(Required = true, Sensitive = true)] + [AWSProperty(Required=true, Sensitive=true)] public string SecretAccessKey { get { return this._secretAccessKey; } @@ -107,7 +117,7 @@ internal bool IsSetSecretAccessKey() /// the temporary security credentials. /// /// - [AWSProperty(Required = true, Sensitive = true)] + [AWSProperty(Required=true, Sensitive=true)] public string SessionToken { get { return this._sessionToken; }