feat(aws-android-sdk-kms): update models to latest (#3114)

Co-authored-by: Thomas Leing <[email protected]>

Author: awsmobilesdk

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/AWSKMS.java

@@ -20,13 +20,14 @@
 /**
  * <p>
  * The request was rejected because the specified CloudHSM cluster is already
- * associated with a custom key store or it shares a backup history with a
- * cluster that is associated with a custom key store. Each custom key store
- * must be associated with a different CloudHSM cluster.
+ * associated with an CloudHSM key store in the account, or it shares a backup
+ * history with an CloudHSM key store in the account. Each CloudHSM key store in
+ * the account must be associated with a different CloudHSM cluster.
  * </p>
  * <p>
- * Clusters that share a backup history have the same cluster certificate. To
- * view the cluster certificate of a cluster, use the <a href=
+ * CloudHSM clusters that share a backup history have the same cluster
+ * certificate. To view the cluster certificate of an CloudHSM cluster, use the
+ * <a href=
  * "https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html"
  * >DescribeClusters</a> operation.
  * </p>

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/AWSKMSClient.java

@@ -20,13 +20,13 @@
 /**
  * <p>
  * The request was rejected because the associated CloudHSM cluster did not meet
- * the configuration requirements for a custom key store.
+ * the configuration requirements for an CloudHSM key store.
  * </p>
  * <ul>
  * <li>
  * <p>
- * The cluster must be configured with private subnets in at least two different
- * Availability Zones in the Region.
+ * The CloudHSM cluster must be configured with private subnets in at least two
+ * different Availability Zones in the Region.
  * </p>
  * </li>
  * <li>
@@ -38,16 +38,16 @@
  * and outbound rules that allow TCP traffic on ports 2223-2225. The
  * <b>Source</b> in the inbound rules and the <b>Destination</b> in the outbound
  * rules must match the security group ID. These rules are set by default when
- * you create the cluster. Do not delete or change them. To get information
- * about a particular security group, use the <a href=
+ * you create the CloudHSM cluster. Do not delete or change them. To get
+ * information about a particular security group, use the <a href=
  * "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html"
  * >DescribeSecurityGroups</a> operation.
  * </p>
  * </li>
  * <li>
  * <p>
- * The cluster must contain at least as many HSMs as the operation requires. To
- * add HSMs, use the CloudHSM <a href=
+ * The CloudHSM cluster must contain at least as many HSMs as the operation
+ * requires. To add HSMs, use the CloudHSM <a href=
  * "https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html"
  * >CreateHsm</a> operation.
  * </p>
@@ -62,7 +62,7 @@
  * </ul>
  * <p>
  * For information about the requirements for an CloudHSM cluster that is
- * associated with a custom key store, see <a href=
+ * associated with an CloudHSM key store, see <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore"
  * >Assemble the Prerequisites</a> in the <i>Key Management Service Developer
  * Guide</i>. For information about creating a private subnet for an CloudHSM

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/CloudHsmClusterInUseException.java

@@ -19,9 +19,9 @@
 
 /**
  * <p>
- * The request was rejected because the CloudHSM cluster that is associated with
- * the custom key store is not active. Initialize and activate the cluster and
- * try the command again. For detailed instructions, see <a href=
+ * The request was rejected because the CloudHSM cluster associated with the
+ * CloudHSM key store is not active. Initialize and activate the cluster and try
+ * the command again. For detailed instructions, see <a href=
  * "https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html"
  * >Getting Started</a> in the <i>CloudHSM User Guide</i>.
  * </p>

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/CloudHsmClusterInvalidConfigurationException.java

@@ -21,17 +21,18 @@
  * <p>
  * The request was rejected because the specified CloudHSM cluster has a
  * different cluster certificate than the original cluster. You cannot use the
- * operation to specify an unrelated cluster.
+ * operation to specify an unrelated cluster for an CloudHSM key store.
  * </p>
  * <p>
- * Specify a cluster that shares a backup history with the original cluster.
- * This includes clusters that were created from a backup of the current
- * cluster, and clusters that were created from the same backup that produced
- * the current cluster.
+ * Specify an CloudHSM cluster that shares a backup history with the original
+ * cluster. This includes clusters that were created from a backup of the
+ * current cluster, and clusters that were created from the same backup that
+ * produced the current cluster.
  * </p>
  * <p>
- * Clusters that share a backup history have the same cluster certificate. To
- * view the cluster certificate of a cluster, use the <a href=
+ * CloudHSM clusters that share a backup history have the same cluster
+ * certificate. To view the cluster certificate of an CloudHSM cluster, use the
+ * <a href=
  * "https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html"
  * >DescribeClusters</a> operation.
  * </p>

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/CloudHsmClusterNotActiveException.java

@@ -23,39 +23,32 @@
  * <p>
  * Connects or reconnects a <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
- * >custom key store</a> to its associated CloudHSM cluster.
+ * >custom key store</a> to its backing key store. For an CloudHSM key store,
+ * <code>ConnectCustomKeyStore</code> connects the key store to its associated
+ * CloudHSM cluster. For an external key store,
+ * <code>ConnectCustomKeyStore</code> connects the key store to the external key
+ * store proxy that communicates with your external key manager.
  * </p>
  * <p>
  * The custom key store must be connected before you can create KMS keys in the
  * key store or use the KMS keys it contains. You can disconnect and reconnect a
  * custom key store at any time.
  * </p>
  * <p>
- * To connect a custom key store, its associated CloudHSM cluster must have at
- * least one active HSM. To get the number of active HSMs in a cluster, use the
- * <a href=
- * "https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html"
- * >DescribeClusters</a> operation. To add HSMs to the cluster, use the <a href=
- * "https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html"
- * >CreateHsm</a> operation. Also, the <a href=
- * "https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser"
- * > <code>kmsuser</code> crypto user</a> (CU) must not be logged into the
- * cluster. This prevents KMS from using this account to log in.
- * </p>
- * <p>
- * The connection process can take an extended amount of time to complete; up to
- * 20 minutes. This operation starts the connection process, but it does not
- * wait for it to complete. When it succeeds, this operation quickly returns an
- * HTTP 200 response and a JSON object with no properties. However, this
+ * The connection process for a custom key store can take an extended amount of
+ * time to complete. This operation starts the connection process, but it does
+ * not wait for it to complete. When it succeeds, this operation quickly returns
+ * an HTTP 200 response and a JSON object with no properties. However, this
  * response does not indicate that the custom key store is connected. To get the
  * connection state of the custom key store, use the
  * <a>DescribeCustomKeyStores</a> operation.
  * </p>
  * <p>
- * During the connection process, KMS finds the CloudHSM cluster that is
- * associated with the custom key store, creates the connection infrastructure,
- * connects to the cluster, logs into the CloudHSM client as the
- * <code>kmsuser</code> CU, and rotates its password.
+ * This operation is part of the <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
+ * >custom key stores</a> feature in KMS, which combines the convenience and
+ * extensive integration of KMS with the isolation and control of a key store
+ * that you own and manage.
  * </p>
  * <p>
  * The <code>ConnectCustomKeyStore</code> operation might fail for various
@@ -71,10 +64,59 @@
  * <code>ConnectCustomKeyStore</code> again.
  * </p>
  * <p>
- * If you are having trouble connecting or disconnecting a custom key store, see
- * <a href=
+ * <b>CloudHSM key store</b>
+ * </p>
+ * <p>
+ * During the connection process for an CloudHSM key store, KMS finds the
+ * CloudHSM cluster that is associated with the custom key store, creates the
+ * connection infrastructure, connects to the cluster, logs into the CloudHSM
+ * client as the <code>kmsuser</code> CU, and rotates its password.
+ * </p>
+ * <p>
+ * To connect an CloudHSM key store, its associated CloudHSM cluster must have
+ * at least one active HSM. To get the number of active HSMs in a cluster, use
+ * the <a href=
+ * "https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html"
+ * >DescribeClusters</a> operation. To add HSMs to the cluster, use the <a href=
+ * "https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html"
+ * >CreateHsm</a> operation. Also, the <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser"
+ * > <code>kmsuser</code> crypto user</a> (CU) must not be logged into the
+ * cluster. This prevents KMS from using this account to log in.
+ * </p>
+ * <p>
+ * If you are having trouble connecting or disconnecting a CloudHSM key store,
+ * see <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html"
- * >Troubleshooting a Custom Key Store</a> in the <i>Key Management Service
+ * >Troubleshooting an CloudHSM key store</a> in the <i>Key Management Service
+ * Developer Guide</i>.
+ * </p>
+ * <p>
+ * <b>External key store</b>
+ * </p>
+ * <p>
+ * When you connect an external key store that uses public endpoint
+ * connectivity, KMS tests its ability to communicate with your external key
+ * manager by sending a request via the external key store proxy.
+ * </p>
+ * <p>
+ * When you connect to an external key store that uses VPC endpoint service
+ * connectivity, KMS establishes the networking elements that it needs to
+ * communicate with your external key manager via the external key store proxy.
+ * This includes creating an interface endpoint to the VPC endpoint service and
+ * a private hosted zone for traffic between KMS and the VPC endpoint service.
+ * </p>
+ * <p>
+ * To connect an external key store, KMS must be able to connect to the external
+ * key store proxy, the external key store proxy must be able to communicate
+ * with your external key manager, and the external key manager must be
+ * available for cryptographic operations.
+ * </p>
+ * <p>
+ * If you are having trouble connecting or disconnecting an external key store,
+ * see <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html"
+ * >Troubleshooting an external key store</a> in the <i>Key Management Service
  * Developer Guide</i>.
  * </p>
  * <p>

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/CloudHsmClusterNotRelatedException.java

@@ -32,7 +32,15 @@ public enum ConnectionErrorCodeType {
     USER_NOT_FOUND("USER_NOT_FOUND"),
     USER_LOGGED_IN("USER_LOGGED_IN"),
     SUBNET_NOT_FOUND("SUBNET_NOT_FOUND"),
-    INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET("INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET");
+    INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET("INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET"),
+    XKS_PROXY_ACCESS_DENIED("XKS_PROXY_ACCESS_DENIED"),
+    XKS_PROXY_NOT_REACHABLE("XKS_PROXY_NOT_REACHABLE"),
+    XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND("XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND"),
+    XKS_PROXY_INVALID_RESPONSE("XKS_PROXY_INVALID_RESPONSE"),
+    XKS_PROXY_INVALID_CONFIGURATION("XKS_PROXY_INVALID_CONFIGURATION"),
+    XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION("XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION"),
+    XKS_PROXY_TIMED_OUT("XKS_PROXY_TIMED_OUT"),
+    XKS_PROXY_INVALID_TLS_CONFIGURATION("XKS_PROXY_INVALID_TLS_CONFIGURATION");
 
     private String value;
 
@@ -58,6 +66,15 @@ public String toString() {
         enumMap.put("USER_LOGGED_IN", USER_LOGGED_IN);
         enumMap.put("SUBNET_NOT_FOUND", SUBNET_NOT_FOUND);
         enumMap.put("INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET", INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET);
+        enumMap.put("XKS_PROXY_ACCESS_DENIED", XKS_PROXY_ACCESS_DENIED);
+        enumMap.put("XKS_PROXY_NOT_REACHABLE", XKS_PROXY_NOT_REACHABLE);
+        enumMap.put("XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND", XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND);
+        enumMap.put("XKS_PROXY_INVALID_RESPONSE", XKS_PROXY_INVALID_RESPONSE);
+        enumMap.put("XKS_PROXY_INVALID_CONFIGURATION", XKS_PROXY_INVALID_CONFIGURATION);
+        enumMap.put("XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION",
+                XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION);
+        enumMap.put("XKS_PROXY_TIMED_OUT", XKS_PROXY_TIMED_OUT);
+        enumMap.put("XKS_PROXY_INVALID_TLS_CONFIGURATION", XKS_PROXY_INVALID_TLS_CONFIGURATION);
     }
 
     /**

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/ConnectCustomKeyStoreRequest.java

@@ -28,7 +28,7 @@
  * Adding, deleting, or updating an alias can allow or deny permission to the
  * KMS key. For details, see <a
  * href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">ABAC
- * in KMS</a> in the <i>Key Management Service Developer Guide</i>.
+ * for KMS</a> in the <i>Key Management Service Developer Guide</i>.
  * </p>
  * </note>
  * <p>