Skip to content

Commit

Permalink
feat(client-storage-gateway): Added new SMBSecurityStrategy enum name…
Browse files Browse the repository at this point in the history 
…d MandatoryEncryptionNoAes128, new mode enforces encryption and disables AES 128-bit algorithums.
  • Loading branch information
awstools committed May 21, 2024
1 parent d452a91 commit 076c64e
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 24 deletions.
2 changes: 1 addition & 1 deletion clients/client-storage-gateway/src/commands/DescribeSMBSettingsCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ export interface DescribeSMBSettingsCommandOutput extends DescribeSMBSettingsOut
* // DomainName: "STRING_VALUE",
* // ActiveDirectoryStatus: "ACCESS_DENIED" || "DETACHED" || "JOINED" || "JOINING" || "NETWORK_ERROR" || "TIMEOUT" || "UNKNOWN_ERROR",
* // SMBGuestPasswordSet: true || false,
* // SMBSecurityStrategy: "ClientSpecified" || "MandatorySigning" || "MandatoryEncryption",
* // SMBSecurityStrategy: "ClientSpecified" || "MandatorySigning" || "MandatoryEncryption" || "MandatoryEncryptionNoAes128",
* // FileSharesVisible: true || false,
* // SMBLocalGroups: { // SMBLocalGroups
* // GatewayAdmins: [ // UserList
Expand Down
2 changes: 1 addition & 1 deletion clients/client-storage-gateway/src/commands/UpdateSMBSecurityStrategyCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ export interface UpdateSMBSecurityStrategyCommandOutput extends UpdateSMBSecurit
* const client = new StorageGatewayClient(config);
* const input = { // UpdateSMBSecurityStrategyInput
* GatewayARN: "STRING_VALUE", // required
* SMBSecurityStrategy: "ClientSpecified" || "MandatorySigning" || "MandatoryEncryption", // required
* SMBSecurityStrategy: "ClientSpecified" || "MandatorySigning" || "MandatoryEncryption" || "MandatoryEncryptionNoAes128", // required
* };
* const command = new UpdateSMBSecurityStrategyCommand(input);
* const response = await client.send(command);
Expand Down
52 changes: 36 additions & 16 deletions clients/client-storage-gateway/src/models/models_0.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,10 @@ export interface ActivateGatewayInput {

/**
* <p>A value that indicates the time zone you want to set for the gateway. The time zone is
* of the format "GMT-hr:mm" or "GMT+hr:mm". For example, GMT-4:00 indicates the time is 4
* hours behind GMT. GMT+2:00 indicates the time is 2 hours ahead of GMT. The time zone is
* used, for example, for scheduling snapshots and your gateway's maintenance
* schedule.</p>
* of the format "GMT", "GMT-hr:mm", or "GMT+hr:mm". For example, GMT indicates Greenwich Mean
* Time without any offset. GMT-4:00 indicates the time is 4 hours behind GMT. GMT+2:00
* indicates the time is 2 hours ahead of GMT. The time zone is used, for example, for
* scheduling snapshots and your gateway's maintenance schedule.</p>
* @public
*/
GatewayTimezone: string | undefined;
Expand All @@ -115,8 +115,9 @@ export interface ActivateGatewayInput {
* <p>A value that defines the type of gateway to activate. The type specified is critical to
* all later functions of the gateway and cannot be changed after activation. The default
* value is <code>CACHED</code>.</p>
* <p>Valid Values: <code>STORED</code> | <code>CACHED</code> | <code>VTL</code> |
* <code>VTL_SNOW</code> | <code>FILE_S3</code> | <code>FILE_FSX_SMB</code>
* <p>Valid Values: <code>STORED</code> | <code>CACHED</code> | <code>VTL</code>
* | <code>FILE_S3</code> |
* <code>FILE_FSX_SMB</code>
* </p>
* @public
*/
Expand Down Expand Up @@ -3309,6 +3310,9 @@ export interface DescribeGatewayInformationOutput {

/**
* <p>The type of hardware or software platform on which the gateway is running.</p>
* <note>
* <p>Tape Gateway is no longer available on Snow Family devices.</p>
* </note>
* @public
*/
HostEnvironment?: HostEnvironment;
Expand Down Expand Up @@ -4102,6 +4106,7 @@ export interface SMBLocalGroups {
export const SMBSecurityStrategy = {
ClientSpecified: "ClientSpecified",
MandatoryEncryption: "MandatoryEncryption",
MandatoryEncryptionNoAes128: "MandatoryEncryptionNoAes128",
MandatorySigning: "MandatorySigning",
} as const;

Expand Down Expand Up @@ -4184,23 +4189,33 @@ export interface DescribeSMBSettingsOutput {
* <ul>
* <li>
* <p>
* <code>ClientSpecified</code>: If you use this option, requests are established
* <code>ClientSpecified</code>: If you choose this option, requests are established
* based on what is negotiated by the client. This option is recommended when you want
* to maximize compatibility across different clients in your environment. Only
* supported for S3 File Gateways.</p>
* to maximize compatibility across different clients in your environment. Supported
* only for S3 File Gateway.</p>
* </li>
* <li>
* <p>
* <code>MandatorySigning</code>: If you use this option, File Gateway only allows
* connections from SMBv2 or SMBv3 clients that have signing turned on. This option
* works with SMB clients on Microsoft Windows Vista, Windows Server 2008, or later.
* </p>
* </li>
* <li>
* <p>
* <code>MandatorySigning</code>: If you use this option, file gateway only allows
* connections from SMBv2 or SMBv3 clients that have signing enabled. This option works
* with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.</p>
* <code>MandatoryEncryption</code>: If you use this option, File Gateway only allows
* connections from SMBv3 clients that have encryption turned on. Both 256-bit and
* 128-bit algorithms are allowed. This option is recommended for environments that
* handle sensitive data. It works with SMB clients on Microsoft Windows 8, Windows
* Server 2012, or later.</p>
* </li>
* <li>
* <p>
* <code>MandatoryEncryption</code>: If you use this option, file gateway only allows
* connections from SMBv3 clients that have encryption enabled. This option is highly
* recommended for environments that handle sensitive data. This option works with SMB
* clients on Microsoft Windows 8, Windows Server 2012 or newer.</p>
* <code>EnforceEncryption</code>: If you use this option, File Gateway only allows
* connections from SMBv3 clients that use 256-bit AES encryption algorithms. 128-bit
* algorithms are not allowed. This option is recommended for environments that handle
* sensitive data. It works with SMB clients on Microsoft Windows 8, Windows Server
* 2012, or later.</p>
* </li>
* </ul>
* @public
Expand Down Expand Up @@ -5421,6 +5436,9 @@ export interface GatewayInfo {

/**
* <p>The type of hardware or software platform on which the gateway is running.</p>
* <note>
* <p>Tape Gateway is no longer available on Snow Family devices.</p>
* </note>
* @public
*/
HostEnvironment?: HostEnvironment;
Expand Down Expand Up @@ -6353,6 +6371,8 @@ export interface RefreshCacheInput {
* <p>A comma-separated list of the paths of folders to refresh in the cache. The default is
* [<code>"/"</code>]. The default refreshes objects and folders at the root of the Amazon S3 bucket. If <code>Recursive</code> is set to <code>true</code>, the entire S3
* bucket that the file share has access to is refreshed.</p>
* <p>Do not include <code>/</code> when specifying folder names. For example, you would
* specify <code>samplefolder</code> rather than <code>samplefolder/</code>.</p>
* @public
*/
FolderList?: string[];
Expand Down
18 changes: 12 additions & 6 deletions codegen/sdk-codegen/aws-models/storage-gateway.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
"GatewayTimezone": {
"target": "com.amazonaws.storagegateway#GatewayTimezone",
"traits": {
"smithy.api#documentation": "<p>A value that indicates the time zone you want to set for the gateway. The time zone is\n of the format \"GMT-hr:mm\" or \"GMT+hr:mm\". For example, GMT-4:00 indicates the time is 4\n hours behind GMT. GMT+2:00 indicates the time is 2 hours ahead of GMT. The time zone is\n used, for example, for scheduling snapshots and your gateway's maintenance\n schedule.</p>",
"smithy.api#documentation": "<p>A value that indicates the time zone you want to set for the gateway. The time zone is\n of the format \"GMT\", \"GMT-hr:mm\", or \"GMT+hr:mm\". For example, GMT indicates Greenwich Mean\n Time without any offset. GMT-4:00 indicates the time is 4 hours behind GMT. GMT+2:00\n indicates the time is 2 hours ahead of GMT. The time zone is used, for example, for\n scheduling snapshots and your gateway's maintenance schedule.</p>",
"smithy.api#required": {}
}
},
Expand All @@ -101,7 +101,7 @@
"GatewayType": {
"target": "com.amazonaws.storagegateway#GatewayType",
"traits": {
"smithy.api#documentation": "<p>A value that defines the type of gateway to activate. The type specified is critical to\n all later functions of the gateway and cannot be changed after activation. The default\n value is <code>CACHED</code>.</p>\n <p>Valid Values: <code>STORED</code> | <code>CACHED</code> | <code>VTL</code> |\n <code>VTL_SNOW</code> | <code>FILE_S3</code> | <code>FILE_FSX_SMB</code>\n </p>"
"smithy.api#documentation": "<p>A value that defines the type of gateway to activate. The type specified is critical to\n all later functions of the gateway and cannot be changed after activation. The default\n value is <code>CACHED</code>.</p>\n <p>Valid Values: <code>STORED</code> | <code>CACHED</code> | <code>VTL</code>\n | <code>FILE_S3</code> |\n <code>FILE_FSX_SMB</code>\n </p>"
}
},
"TapeDriveType": {
Expand Down Expand Up @@ -3707,7 +3707,7 @@
"HostEnvironment": {
"target": "com.amazonaws.storagegateway#HostEnvironment",
"traits": {
"smithy.api#documentation": "<p>The type of hardware or software platform on which the gateway is running.</p>"
"smithy.api#documentation": "<p>The type of hardware or software platform on which the gateway is running.</p>\n <note>\n <p>Tape Gateway is no longer available on Snow Family devices.</p>\n </note>"
}
},
"EndpointType": {
Expand Down Expand Up @@ -4014,7 +4014,7 @@
"SMBSecurityStrategy": {
"target": "com.amazonaws.storagegateway#SMBSecurityStrategy",
"traits": {
"smithy.api#documentation": "<p>The type of security strategy that was specified for file gateway.</p>\n <ul>\n <li>\n <p>\n <code>ClientSpecified</code>: If you use this option, requests are established\n based on what is negotiated by the client. This option is recommended when you want\n to maximize compatibility across different clients in your environment. Only\n supported for S3 File Gateways.</p>\n </li>\n <li>\n <p>\n <code>MandatorySigning</code>: If you use this option, file gateway only allows\n connections from SMBv2 or SMBv3 clients that have signing enabled. This option works\n with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.</p>\n </li>\n <li>\n <p>\n <code>MandatoryEncryption</code>: If you use this option, file gateway only allows\n connections from SMBv3 clients that have encryption enabled. This option is highly\n recommended for environments that handle sensitive data. This option works with SMB\n clients on Microsoft Windows 8, Windows Server 2012 or newer.</p>\n </li>\n </ul>"
"smithy.api#documentation": "<p>The type of security strategy that was specified for file gateway.</p>\n <ul>\n <li>\n <p>\n <code>ClientSpecified</code>: If you choose this option, requests are established\n based on what is negotiated by the client. This option is recommended when you want\n to maximize compatibility across different clients in your environment. Supported\n only for S3 File Gateway.</p>\n </li>\n <li>\n <p>\n <code>MandatorySigning</code>: If you use this option, File Gateway only allows\n connections from SMBv2 or SMBv3 clients that have signing turned on. This option\n works with SMB clients on Microsoft Windows Vista, Windows Server 2008, or later.\n </p>\n </li>\n <li>\n <p>\n <code>MandatoryEncryption</code>: If you use this option, File Gateway only allows\n connections from SMBv3 clients that have encryption turned on. Both 256-bit and\n 128-bit algorithms are allowed. This option is recommended for environments that\n handle sensitive data. It works with SMB clients on Microsoft Windows 8, Windows\n Server 2012, or later.</p>\n </li>\n <li>\n <p>\n <code>EnforceEncryption</code>: If you use this option, File Gateway only allows\n connections from SMBv3 clients that use 256-bit AES encryption algorithms. 128-bit\n algorithms are not allowed. This option is recommended for environments that handle\n sensitive data. It works with SMB clients on Microsoft Windows 8, Windows Server\n 2012, or later.</p>\n </li>\n </ul>"
}
},
"FileSharesVisible": {
Expand Down Expand Up @@ -5946,7 +5946,7 @@
"HostEnvironment": {
"target": "com.amazonaws.storagegateway#HostEnvironment",
"traits": {
"smithy.api#documentation": "<p>The type of hardware or software platform on which the gateway is running.</p>"
"smithy.api#documentation": "<p>The type of hardware or software platform on which the gateway is running.</p>\n <note>\n <p>Tape Gateway is no longer available on Snow Family devices.</p>\n </note>"
}
},
"HostEnvironmentId": {
Expand Down Expand Up @@ -7726,7 +7726,7 @@
"FolderList": {
"target": "com.amazonaws.storagegateway#FolderList",
"traits": {
"smithy.api#documentation": "<p>A comma-separated list of the paths of folders to refresh in the cache. The default is\n [<code>\"/\"</code>]. The default refreshes objects and folders at the root of the Amazon S3 bucket. If <code>Recursive</code> is set to <code>true</code>, the entire S3\n bucket that the file share has access to is refreshed.</p>"
"smithy.api#documentation": "<p>A comma-separated list of the paths of folders to refresh in the cache. The default is\n [<code>\"/\"</code>]. The default refreshes objects and folders at the root of the Amazon S3 bucket. If <code>Recursive</code> is set to <code>true</code>, the entire S3\n bucket that the file share has access to is refreshed.</p>\n <p>Do not include <code>/</code> when specifying folder names. For example, you would\n specify <code>samplefolder</code> rather than <code>samplefolder/</code>.</p>"
}
},
"Recursive": {
Expand Down Expand Up @@ -8293,6 +8293,12 @@
"traits": {
"smithy.api#enumValue": "MandatoryEncryption"
}
},
"MandatoryEncryptionNoAes128": {
"target": "smithy.api#Unit",
"traits": {
"smithy.api#enumValue": "MandatoryEncryptionNoAes128"
}
}
}
},
Expand Down

0 comments on commit 076c64e

Please sign in to comment.