feat(client-codecommit): AWS CodeCommit now supports customer managed…

… keys from AWS Key Management Service. UpdateRepositoryEncryptionKey is added for updating the key configuration. CreateRepository, GetRepository, BatchGetRepositories are updated with new input or output parameters.

clients/client-codecommit/README.md

@@ -39,6 +39,11 @@ CodeCommit API along with usage examples.</p>
 </li>
 <li>
 <p>
+<a>UpdateRepositoryEncryptionKey</a>, which updates the Key Management Service encryption key used
+to encrypt and decrypt a repository.</p>
+</li>
+<li>
+<p>
 <a>UpdateRepositoryName</a>, which changes the name of the
 repository. If you change the name of a repository, no other users of that
 repository can access it until you send them the new HTTPS or SSH URL to
@@ -1199,6 +1204,14 @@ UpdateRepositoryDescription
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/codecommit/command/UpdateRepositoryDescriptionCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-codecommit/Interface/UpdateRepositoryDescriptionCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-codecommit/Interface/UpdateRepositoryDescriptionCommandOutput/)
 
+</details>
+<details>
+<summary>
+UpdateRepositoryEncryptionKey
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/codecommit/command/UpdateRepositoryEncryptionKeyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-codecommit/Interface/UpdateRepositoryEncryptionKeyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-codecommit/Interface/UpdateRepositoryEncryptionKeyCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-codecommit/src/CodeCommit.ts

@@ -352,6 +352,11 @@ import {
   UpdateRepositoryDescriptionCommandInput,
   UpdateRepositoryDescriptionCommandOutput,
 } from "./commands/UpdateRepositoryDescriptionCommand";
+import {
+  UpdateRepositoryEncryptionKeyCommand,
+  UpdateRepositoryEncryptionKeyCommandInput,
+  UpdateRepositoryEncryptionKeyCommandOutput,
+} from "./commands/UpdateRepositoryEncryptionKeyCommand";
 import {
   UpdateRepositoryNameCommand,
   UpdateRepositoryNameCommandInput,
@@ -436,6 +441,7 @@ const commands = {
   UpdatePullRequestStatusCommand,
   UpdatePullRequestTitleCommand,
   UpdateRepositoryDescriptionCommand,
+  UpdateRepositoryEncryptionKeyCommand,
   UpdateRepositoryNameCommand,
 };
 
@@ -1638,6 +1644,23 @@ export interface CodeCommit {
     cb: (err: any, data?: UpdateRepositoryDescriptionCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link UpdateRepositoryEncryptionKeyCommand}
+   */
+  updateRepositoryEncryptionKey(
+    args: UpdateRepositoryEncryptionKeyCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<UpdateRepositoryEncryptionKeyCommandOutput>;
+  updateRepositoryEncryptionKey(
+    args: UpdateRepositoryEncryptionKeyCommandInput,
+    cb: (err: any, data?: UpdateRepositoryEncryptionKeyCommandOutput) => void
+  ): void;
+  updateRepositoryEncryptionKey(
+    args: UpdateRepositoryEncryptionKeyCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: UpdateRepositoryEncryptionKeyCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link UpdateRepositoryNameCommand}
    */
@@ -1690,6 +1713,11 @@ export interface CodeCommit {
  *             </li>
  *             <li>
  *                <p>
+ *                   <a>UpdateRepositoryEncryptionKey</a>, which updates the Key Management Service encryption key used
+ *               to encrypt and decrypt a repository.</p>
+ *             </li>
+ *             <li>
+ *                <p>
  *                   <a>UpdateRepositoryName</a>, which changes the name of the
  *                     repository. If you change the name of a repository, no other users of that
  *                     repository can access it until you send them the new HTTPS or SSH URL to

clients/client-codecommit/src/CodeCommitClient.ts

@@ -269,6 +269,10 @@ import {
   UpdateRepositoryDescriptionCommandInput,
   UpdateRepositoryDescriptionCommandOutput,
 } from "./commands/UpdateRepositoryDescriptionCommand";
+import {
+  UpdateRepositoryEncryptionKeyCommandInput,
+  UpdateRepositoryEncryptionKeyCommandOutput,
+} from "./commands/UpdateRepositoryEncryptionKeyCommand";
 import {
   UpdateRepositoryNameCommandInput,
   UpdateRepositoryNameCommandOutput,
@@ -365,6 +369,7 @@ export type ServiceInputTypes =
   | UpdatePullRequestStatusCommandInput
   | UpdatePullRequestTitleCommandInput
   | UpdateRepositoryDescriptionCommandInput
+  | UpdateRepositoryEncryptionKeyCommandInput
   | UpdateRepositoryNameCommandInput;
 
 /**
@@ -448,6 +453,7 @@ export type ServiceOutputTypes =
   | UpdatePullRequestStatusCommandOutput
   | UpdatePullRequestTitleCommandOutput
   | UpdateRepositoryDescriptionCommandOutput
+  | UpdateRepositoryEncryptionKeyCommandOutput
   | UpdateRepositoryNameCommandOutput;
 
 /**
@@ -654,6 +660,11 @@ export interface CodeCommitClientResolvedConfig extends CodeCommitClientResolved
  *             </li>
  *             <li>
  *                <p>
+ *                   <a>UpdateRepositoryEncryptionKey</a>, which updates the Key Management Service encryption key used
+ *               to encrypt and decrypt a repository.</p>
+ *             </li>
+ *             <li>
+ *                <p>
  *                   <a>UpdateRepositoryName</a>, which changes the name of the
  *                     repository. If you change the name of a repository, no other users of that
  *                     repository can access it until you send them the new HTTPS or SSH URL to

clients/client-codecommit/src/commands/BatchGetRepositoriesCommand.ts

@@ -71,11 +71,20 @@ export interface BatchGetRepositoriesCommandOutput extends BatchGetRepositoriesO
  * //       cloneUrlHttp: "STRING_VALUE",
  * //       cloneUrlSsh: "STRING_VALUE",
  * //       Arn: "STRING_VALUE",
+ * //       kmsKeyId: "STRING_VALUE",
  * //     },
  * //   ],
  * //   repositoriesNotFound: [ // RepositoryNotFoundList
  * //     "STRING_VALUE",
  * //   ],
+ * //   errors: [ // BatchGetRepositoriesErrorsList
+ * //     { // BatchGetRepositoriesError
+ * //       repositoryId: "STRING_VALUE",
+ * //       repositoryName: "STRING_VALUE",
+ * //       errorCode: "EncryptionIntegrityChecksFailedException" || "EncryptionKeyAccessDeniedException" || "EncryptionKeyDisabledException" || "EncryptionKeyNotFoundException" || "EncryptionKeyUnavailableException" || "RepositoryDoesNotExistException",
+ * //       errorMessage: "STRING_VALUE",
+ * //     },
+ * //   ],
  * // };
  *
  * ```

clients/client-codecommit/src/commands/CreateRepositoryCommand.ts

@@ -50,6 +50,7 @@ export interface CreateRepositoryCommandOutput extends CreateRepositoryOutput, _
  *   tags: { // TagsMap
  *     "<keys>": "STRING_VALUE",
  *   },
+ *   kmsKeyId: "STRING_VALUE",
  * };
  * const command = new CreateRepositoryCommand(input);
  * const response = await client.send(command);
@@ -65,6 +66,7 @@ export interface CreateRepositoryCommandOutput extends CreateRepositoryOutput, _
  * //     cloneUrlHttp: "STRING_VALUE",
  * //     cloneUrlSsh: "STRING_VALUE",
  * //     Arn: "STRING_VALUE",
+ * //     kmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *
@@ -85,6 +87,13 @@ export interface CreateRepositoryCommandOutput extends CreateRepositoryOutput, _
  * @throws {@link EncryptionKeyDisabledException} (client fault)
  *  <p>The encryption key is disabled.</p>
  *
+ * @throws {@link EncryptionKeyInvalidIdException} (client fault)
+ *  <p>The Key Management Service encryption key is not valid.</p>
+ *
+ * @throws {@link EncryptionKeyInvalidUsageException} (client fault)
+ *  <p>A KMS encryption key was used to try and encrypt or decrypt a repository, but either the repository or the key was not
+ *         in a valid state to support the operation.</p>
+ *
  * @throws {@link EncryptionKeyNotFoundException} (client fault)
  *  <p>No encryption key was found.</p>
  *

clients/client-codecommit/src/commands/GetRepositoryCommand.ts

@@ -68,6 +68,7 @@ export interface GetRepositoryCommandOutput extends GetRepositoryOutput, __Metad
  * //     cloneUrlHttp: "STRING_VALUE",
  * //     cloneUrlSsh: "STRING_VALUE",
  * //     Arn: "STRING_VALUE",
+ * //     kmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-codecommit/src/commands/ListFileCommitHistoryCommand.ts

@@ -15,7 +15,8 @@ import {
 } from "@smithy/types";
 
 import { CodeCommitClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CodeCommitClient";
-import { ListFileCommitHistoryRequest, ListFileCommitHistoryResponse } from "../models/models_0";
+import { ListFileCommitHistoryRequest } from "../models/models_0";
+import { ListFileCommitHistoryResponse } from "../models/models_1";
 import { de_ListFileCommitHistoryCommand, se_ListFileCommitHistoryCommand } from "../protocols/Aws_json1_1";
 
 /**

clients/client-codecommit/src/commands/ListPullRequestsCommand.ts

@@ -15,8 +15,7 @@ import {
 } from "@smithy/types";
 
 import { CodeCommitClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CodeCommitClient";
-import { ListPullRequestsInput } from "../models/models_0";
-import { ListPullRequestsOutput } from "../models/models_1";
+import { ListPullRequestsInput, ListPullRequestsOutput } from "../models/models_1";
 import { de_ListPullRequestsCommand, se_ListPullRequestsCommand } from "../protocols/Aws_json1_1";
 
 /**

clients/client-codecommit/src/commands/UpdateRepositoryEncryptionKeyCommand.ts

@@ -0,0 +1,189 @@
+// smithy-typescript generated code
+import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http";
+import { Command as $Command } from "@smithy/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+  SMITHY_CONTEXT_KEY,
+} from "@smithy/types";
+
+import { CodeCommitClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CodeCommitClient";
+import { UpdateRepositoryEncryptionKeyInput, UpdateRepositoryEncryptionKeyOutput } from "../models/models_1";
+import {
+  de_UpdateRepositoryEncryptionKeyCommand,
+  se_UpdateRepositoryEncryptionKeyCommand,
+} from "../protocols/Aws_json1_1";
+
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link UpdateRepositoryEncryptionKeyCommand}.
+ */
+export interface UpdateRepositoryEncryptionKeyCommandInput extends UpdateRepositoryEncryptionKeyInput {}
+/**
+ * @public
+ *
+ * The output of {@link UpdateRepositoryEncryptionKeyCommand}.
+ */
+export interface UpdateRepositoryEncryptionKeyCommandOutput
+  extends UpdateRepositoryEncryptionKeyOutput,
+    __MetadataBearer {}
+
+/**
+ * @public
+ * <p>Updates the Key Management Service encryption key used to encrypt and decrypt a CodeCommit repository.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { CodeCommitClient, UpdateRepositoryEncryptionKeyCommand } from "@aws-sdk/client-codecommit"; // ES Modules import
+ * // const { CodeCommitClient, UpdateRepositoryEncryptionKeyCommand } = require("@aws-sdk/client-codecommit"); // CommonJS import
+ * const client = new CodeCommitClient(config);
+ * const input = { // UpdateRepositoryEncryptionKeyInput
+ *   repositoryName: "STRING_VALUE", // required
+ *   kmsKeyId: "STRING_VALUE", // required
+ * };
+ * const command = new UpdateRepositoryEncryptionKeyCommand(input);
+ * const response = await client.send(command);
+ * // { // UpdateRepositoryEncryptionKeyOutput
+ * //   repositoryId: "STRING_VALUE",
+ * //   kmsKeyId: "STRING_VALUE",
+ * //   originalKmsKeyId: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param UpdateRepositoryEncryptionKeyCommandInput - {@link UpdateRepositoryEncryptionKeyCommandInput}
+ * @returns {@link UpdateRepositoryEncryptionKeyCommandOutput}
+ * @see {@link UpdateRepositoryEncryptionKeyCommandInput} for command's `input` shape.
+ * @see {@link UpdateRepositoryEncryptionKeyCommandOutput} for command's `response` shape.
+ * @see {@link CodeCommitClientResolvedConfig | config} for CodeCommitClient's `config` shape.
+ *
+ * @throws {@link EncryptionIntegrityChecksFailedException} (server fault)
+ *  <p>An encryption integrity check failed.</p>
+ *
+ * @throws {@link EncryptionKeyAccessDeniedException} (client fault)
+ *  <p>An encryption key could not be accessed.</p>
+ *
+ * @throws {@link EncryptionKeyDisabledException} (client fault)
+ *  <p>The encryption key is disabled.</p>
+ *
+ * @throws {@link EncryptionKeyInvalidIdException} (client fault)
+ *  <p>The Key Management Service encryption key is not valid.</p>
+ *
+ * @throws {@link EncryptionKeyInvalidUsageException} (client fault)
+ *  <p>A KMS encryption key was used to try and encrypt or decrypt a repository, but either the repository or the key was not
+ *         in a valid state to support the operation.</p>
+ *
+ * @throws {@link EncryptionKeyNotFoundException} (client fault)
+ *  <p>No encryption key was found.</p>
+ *
+ * @throws {@link EncryptionKeyRequiredException} (client fault)
+ *  <p>A KMS encryption key ID is required but was not specified.</p>
+ *
+ * @throws {@link EncryptionKeyUnavailableException} (client fault)
+ *  <p>The encryption key is not available.</p>
+ *
+ * @throws {@link InvalidRepositoryNameException} (client fault)
+ *  <p>A specified repository name is not valid.</p>
+ *          <note>
+ *             <p>This exception occurs only when a specified repository name is not valid. Other
+ *                 exceptions occur when a required repository parameter is missing, or when a
+ *                 specified repository does not exist.</p>
+ *          </note>
+ *
+ * @throws {@link RepositoryDoesNotExistException} (client fault)
+ *  <p>The specified repository does not exist.</p>
+ *
+ * @throws {@link RepositoryNameRequiredException} (client fault)
+ *  <p>A repository name is required, but was not specified.</p>
+ *
+ * @throws {@link CodeCommitServiceException}
+ * <p>Base exception class for all service exceptions from CodeCommit service.</p>
+ *
+ */
+export class UpdateRepositoryEncryptionKeyCommand extends $Command<
+  UpdateRepositoryEncryptionKeyCommandInput,
+  UpdateRepositoryEncryptionKeyCommandOutput,
+  CodeCommitClientResolvedConfig
+> {
+  public static getEndpointParameterInstructions(): EndpointParameterInstructions {
+    return {
+      UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
+      Endpoint: { type: "builtInParams", name: "endpoint" },
+      Region: { type: "builtInParams", name: "region" },
+      UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
+    };
+  }
+
+  /**
+   * @public
+   */
+  constructor(readonly input: UpdateRepositoryEncryptionKeyCommandInput) {
+    super();
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: CodeCommitClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<UpdateRepositoryEncryptionKeyCommandInput, UpdateRepositoryEncryptionKeyCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+    this.middlewareStack.use(
+      getEndpointPlugin(configuration, UpdateRepositoryEncryptionKeyCommand.getEndpointParameterInstructions())
+    );
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "CodeCommitClient";
+    const commandName = "UpdateRepositoryEncryptionKeyCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: (_: any) => _,
+      outputFilterSensitiveLog: (_: any) => _,
+      [SMITHY_CONTEXT_KEY]: {
+        service: "CodeCommit_20150413",
+        operation: "UpdateRepositoryEncryptionKey",
+      },
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  /**
+   * @internal
+   */
+  private serialize(input: UpdateRepositoryEncryptionKeyCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return se_UpdateRepositoryEncryptionKeyCommand(input, context);
+  }
+
+  /**
+   * @internal
+   */
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<UpdateRepositoryEncryptionKeyCommandOutput> {
+    return de_UpdateRepositoryEncryptionKeyCommand(output, context);
+  }
+}

clients/client-codecommit/src/commands/index.ts

@@ -76,4 +76,5 @@ export * from "./UpdatePullRequestDescriptionCommand";
 export * from "./UpdatePullRequestStatusCommand";
 export * from "./UpdatePullRequestTitleCommand";
 export * from "./UpdateRepositoryDescriptionCommand";
+export * from "./UpdateRepositoryEncryptionKeyCommand";
 export * from "./UpdateRepositoryNameCommand";