Add support for deletion protection on EKS clusters

Author: aws-sdk-dotnet-automation

generator/ServiceModels/eks/eks-2017-11-01.api.json

@@ -229,7 +229,8 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ClientException"},
         {"shape":"ServerException"},
-        {"shape":"ServiceUnavailableException"}
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"InvalidRequestException"}
       ]
     },
     "DeleteEksAnywhereSubscription":{
@@ -1345,7 +1346,8 @@
         "zonalShiftConfig":{"shape":"ZonalShiftConfigResponse"},
         "remoteNetworkConfig":{"shape":"RemoteNetworkConfigResponse"},
         "computeConfig":{"shape":"ComputeConfigResponse"},
-        "storageConfig":{"shape":"StorageConfigResponse"}
+        "storageConfig":{"shape":"StorageConfigResponse"},
+        "deletionProtection":{"shape":"BoxedBoolean"}
       }
     },
     "ClusterHealth":{
@@ -1603,7 +1605,8 @@
         "zonalShiftConfig":{"shape":"ZonalShiftConfigRequest"},
         "remoteNetworkConfig":{"shape":"RemoteNetworkConfigRequest"},
         "computeConfig":{"shape":"ComputeConfigRequest"},
-        "storageConfig":{"shape":"StorageConfigRequest"}
+        "storageConfig":{"shape":"StorageConfigRequest"},
+        "deletionProtection":{"shape":"BoxedBoolean"}
       }
     },
     "CreateClusterResponse":{
@@ -3852,7 +3855,8 @@
         "computeConfig":{"shape":"ComputeConfigRequest"},
         "kubernetesNetworkConfig":{"shape":"KubernetesNetworkConfigRequest"},
         "storageConfig":{"shape":"StorageConfigRequest"},
-        "remoteNetworkConfig":{"shape":"RemoteNetworkConfigRequest"}
+        "remoteNetworkConfig":{"shape":"RemoteNetworkConfigRequest"},
+        "deletionProtection":{"shape":"BoxedBoolean"}
       }
     },
     "UpdateClusterConfigResponse":{
@@ -4031,7 +4035,8 @@
         "ComputeConfig",
         "StorageConfig",
         "KubernetesNetworkConfig",
-        "RemoteNetworkConfig"
+        "RemoteNetworkConfig",
+        "DeletionProtection"
       ]
     },
     "UpdateParams":{
@@ -4102,7 +4107,8 @@
         "UpgradePolicyUpdate",
         "ZonalShiftConfigUpdate",
         "AutoModeUpdate",
-        "RemoteNetworkConfigUpdate"
+        "RemoteNetworkConfigUpdate",
+        "DeletionProtectionUpdate"
       ]
     },
     "UpgradePolicyRequest":{

generator/ServiceModels/eks/eks-2017-11-01.docs.json

@@ -306,17 +306,20 @@
       "refs": {
         "AccessConfigResponse$bootstrapClusterCreatorAdminPermissions": "<p>Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time.</p>",
         "BlockStorage$enabled": "<p>Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account.</p>",
+        "Cluster$deletionProtection": "<p>The current deletion protection setting for the cluster. When <code>true</code>, deletion protection is enabled and the cluster cannot be deleted until protection is disabled. When <code>false</code>, the cluster can be deleted normally. This setting only applies to clusters in an active state.</p>",
         "ComputeConfigRequest$enabled": "<p>Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.</p>",
         "ComputeConfigResponse$enabled": "<p>Indicates if the compute capability is enabled on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.</p>",
         "CreateAccessConfigRequest$bootstrapClusterCreatorAdminPermissions": "<p>Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time. The default value is <code>true</code>.</p>",
         "CreateClusterRequest$bootstrapSelfManagedAddons": "<p>If you set this value to <code>False</code> when creating a cluster, the default networking add-ons will not be installed.</p> <p>The default networking add-ons include <code>vpc-cni</code>, <code>coredns</code>, and <code>kube-proxy</code>.</p> <p>Use this option when you plan to install third-party alternative add-ons or self-manage the default networking add-ons.</p>",
+        "CreateClusterRequest$deletionProtection": "<p>Indicates whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. This helps prevent accidental cluster deletion. Default value is <code>false</code>.</p>",
         "CreatePodIdentityAssociationRequest$disableSessionTags": "<p>Disable the automatic sessions tags that are appended by EKS Pod Identity.</p> <p>EKS Pod Identity adds a pre-defined set of session tags when it assumes the role. You can use these tags to author a single role that can work across resources by allowing access to Amazon Web Services resources based on matching tags. By default, EKS Pod Identity attaches six tags, including tags for cluster name, namespace, and service account name. For the list of tags added by EKS Pod Identity, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags\">List of session tags added by EKS Pod Identity</a> in the <i>Amazon EKS User Guide</i>.</p> <p>Amazon Web Services compresses inline session policies, managed policy ARNs, and session tags into a packed binary format that has a separate limit. If you receive a <code>PackedPolicyTooLarge</code> error indicating the packed binary format has exceeded the size limit, you can attempt to reduce the size by disabling the session tags added by EKS Pod Identity.</p>",
         "DescribeClusterVersionsRequest$defaultOnly": "<p>Filter to show only default versions.</p>",
         "DescribeClusterVersionsRequest$includeAll": "<p>Include all available versions in the response.</p>",
         "ElasticLoadBalancing$enabled": "<p>Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.</p>",
         "LogSetup$enabled": "<p>If a log type is enabled, that log type exports its control plane logs to CloudWatch Logs . If a log type isn't enabled, that log type doesn't export its control plane logs. Each individual log type can be enabled or disabled independently.</p>",
         "NodeRepairConfig$enabled": "<p>Specifies whether to enable node auto repair for the node group. Node auto repair is disabled by default.</p>",
         "PodIdentityAssociation$disableSessionTags": "<p>The state of the automatic sessions tags. The value of <i>true</i> disables these tags.</p> <p>EKS Pod Identity adds a pre-defined set of session tags when it assumes the role. You can use these tags to author a single role that can work across resources by allowing access to Amazon Web Services resources based on matching tags. By default, EKS Pod Identity attaches six tags, including tags for cluster name, namespace, and service account name. For the list of tags added by EKS Pod Identity, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags\">List of session tags added by EKS Pod Identity</a> in the <i>Amazon EKS User Guide</i>.</p>",
+        "UpdateClusterConfigRequest$deletionProtection": "<p>Specifies whether to enable or disable deletion protection for the cluster. When enabled (<code>true</code>), the cluster cannot be deleted until deletion protection is explicitly disabled. When disabled (<code>false</code>), the cluster can be deleted normally.</p>",
         "UpdatePodIdentityAssociationRequest$disableSessionTags": "<p>Disable the automatic sessions tags that are appended by EKS Pod Identity.</p> <p>EKS Pod Identity adds a pre-defined set of session tags when it assumes the role. You can use these tags to author a single role that can work across resources by allowing access to Amazon Web Services resources based on matching tags. By default, EKS Pod Identity attaches six tags, including tags for cluster name, namespace, and service account name. For the list of tags added by EKS Pod Identity, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags\">List of session tags added by EKS Pod Identity</a> in the <i>Amazon EKS User Guide</i>.</p> <p>Amazon Web Services compresses inline session policies, managed policy ARNs, and session tags into a packed binary format that has a separate limit. If you receive a <code>PackedPolicyTooLarge</code> error indicating the packed binary format has exceeded the size limit, you can attempt to reduce the size by disabling the session tags added by EKS Pod Identity.</p>",
         "VpcConfigRequest$endpointPublicAccess": "<p>Set this value to <code>false</code> to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is <code>true</code>, which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of the <code>ipFamily</code> for the cluster. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html\">Cluster API server endpoint</a> in the <i> <i>Amazon EKS User Guide</i> </i>.</p>",
         "VpcConfigRequest$endpointPrivateAccess": "<p>Set this value to <code>true</code> to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is <code>false</code>, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or Fargate pods in the cluster, then ensure that <code>publicAccessCidrs</code> includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html\">Cluster API server endpoint</a> in the <i> <i>Amazon EKS User Guide</i> </i>.</p>",

generator/ServiceModels/eks/eks-2017-11-01.normal.json

@@ -241,7 +241,8 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ClientException"},
         {"shape":"ServerException"},
-        {"shape":"ServiceUnavailableException"}
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"InvalidRequestException"}
       ],
       "documentation":"<p>Deletes an Amazon EKS cluster control plane.</p> <p>If you have active services in your cluster that are associated with a load balancer, you must delete those services before deleting the cluster so that the load balancers are deleted properly. Otherwise, you can have orphaned resources in your VPC that prevent you from being able to delete the VPC. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/delete-cluster.html\">Deleting a cluster</a> in the <i>Amazon EKS User Guide</i>.</p> <p>If you have managed node groups or Fargate profiles attached to the cluster, you must delete them first. For more information, see <code>DeleteNodgroup</code> and <code>DeleteFargateProfile</code>.</p>"
     },
@@ -1740,6 +1741,10 @@
         "storageConfig":{
           "shape":"StorageConfigResponse",
           "documentation":"<p>Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account. For more information, see EKS Auto Mode block storage capability in the <i>Amazon EKS User Guide</i>.</p>"
+        },
+        "deletionProtection":{
+          "shape":"BoxedBoolean",
+          "documentation":"<p>The current deletion protection setting for the cluster. When <code>true</code>, deletion protection is enabled and the cluster cannot be deleted until protection is disabled. When <code>false</code>, the cluster can be deleted normally. This setting only applies to clusters in an active state.</p>"
         }
       },
       "documentation":"<p>An object representing an Amazon EKS cluster.</p>"
@@ -2201,6 +2206,10 @@
         "storageConfig":{
           "shape":"StorageConfigRequest",
           "documentation":"<p>Enable or disable the block storage capability of EKS Auto Mode when creating your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account.</p>"
+        },
+        "deletionProtection":{
+          "shape":"BoxedBoolean",
+          "documentation":"<p>Indicates whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. This helps prevent accidental cluster deletion. Default value is <code>false</code>.</p>"
         }
       }
     },
@@ -5672,7 +5681,11 @@
           "shape":"StorageConfigRequest",
           "documentation":"<p>Update the configuration of the block storage capability of your EKS Auto Mode cluster. For example, enable the capability.</p>"
         },
-        "remoteNetworkConfig":{"shape":"RemoteNetworkConfigRequest"}
+        "remoteNetworkConfig":{"shape":"RemoteNetworkConfigRequest"},
+        "deletionProtection":{
+          "shape":"BoxedBoolean",
+          "documentation":"<p>Specifies whether to enable or disable deletion protection for the cluster. When enabled (<code>true</code>), the cluster cannot be deleted until deletion protection is explicitly disabled. When disabled (<code>false</code>), the cluster can be deleted normally.</p>"
+        }
       }
     },
     "UpdateClusterConfigResponse":{
@@ -5917,7 +5930,8 @@
         "ComputeConfig",
         "StorageConfig",
         "KubernetesNetworkConfig",
-        "RemoteNetworkConfig"
+        "RemoteNetworkConfig",
+        "DeletionProtection"
       ]
     },
     "UpdateParams":{
@@ -6010,7 +6024,8 @@
         "UpgradePolicyUpdate",
         "ZonalShiftConfigUpdate",
         "AutoModeUpdate",
-        "RemoteNetworkConfigUpdate"
+        "RemoteNetworkConfigUpdate",
+        "DeletionProtectionUpdate"
       ]
     },
     "UpgradePolicyRequest":{

sdk/src/Services/EKS/Generated/Model/Cluster.cs

@@ -41,6 +41,7 @@ public partial class Cluster
         private ComputeConfigResponse _computeConfig;
         private ConnectorConfigResponse _connectorConfig;
         private DateTime? _createdAt;
+        private bool? _deletionProtection;
         private List<EncryptionConfig> _encryptionConfig = AWSConfigs.InitializeCollections ? new List<EncryptionConfig>() : null;
         private string _endpoint;
         private ClusterHealth _health;
@@ -192,6 +193,27 @@ internal bool IsSetCreatedAt()
             return this._createdAt.HasValue; 
         }
 
+        /// <summary>
+        /// Gets and sets the property DeletionProtection. 
+        /// <para>
+        /// The current deletion protection setting for the cluster. When <c>true</c>, deletion
+        /// protection is enabled and the cluster cannot be deleted until protection is disabled.
+        /// When <c>false</c>, the cluster can be deleted normally. This setting only applies
+        /// to clusters in an active state.
+        /// </para>
+        /// </summary>
+        public bool DeletionProtection
+        {
+            get { return this._deletionProtection.GetValueOrDefault(); }
+            set { this._deletionProtection = value; }
+        }
+
+        // Check to see if DeletionProtection property is set
+        internal bool IsSetDeletionProtection()
+        {
+            return this._deletionProtection.HasValue; 
+        }
+
         /// <summary>
         /// Gets and sets the property EncryptionConfig. 
         /// <para>

sdk/src/Services/EKS/Generated/Model/CreateClusterRequest.cs

@@ -93,6 +93,7 @@ public partial class CreateClusterRequest : AmazonEKSRequest
         private bool? _bootstrapSelfManagedAddons;
         private string _clientRequestToken;
         private ComputeConfigRequest _computeConfig;
+        private bool? _deletionProtection;
         private List<EncryptionConfig> _encryptionConfig = AWSConfigs.InitializeCollections ? new List<EncryptionConfig>() : null;
         private KubernetesNetworkConfigRequest _kubernetesNetworkConfig;
         private Logging _logging;
@@ -192,6 +193,26 @@ internal bool IsSetComputeConfig()
             return this._computeConfig != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property DeletionProtection. 
+        /// <para>
+        /// Indicates whether to enable deletion protection for the cluster. When enabled, the
+        /// cluster cannot be deleted unless deletion protection is first disabled. This helps
+        /// prevent accidental cluster deletion. Default value is <c>false</c>.
+        /// </para>
+        /// </summary>
+        public bool DeletionProtection
+        {
+            get { return this._deletionProtection.GetValueOrDefault(); }
+            set { this._deletionProtection = value; }
+        }
+
+        // Check to see if DeletionProtection property is set
+        internal bool IsSetDeletionProtection()
+        {
+            return this._deletionProtection.HasValue; 
+        }
+
         /// <summary>
         /// Gets and sets the property EncryptionConfig. 
         /// <para>

sdk/src/Services/EKS/Generated/Model/Internal/MarshallTransformations/ClusterUnmarshaller.cs

@@ -108,6 +108,12 @@ public Cluster Unmarshall(JsonUnmarshallerContext context)
                     unmarshalledObject.CreatedAt = unmarshaller.Unmarshall(context);
                     continue;
                 }
+                if (context.TestExpression("deletionProtection", targetDepth))
+                {
+                    var unmarshaller = BoolUnmarshaller.Instance;
+                    unmarshalledObject.DeletionProtection = unmarshaller.Unmarshall(context);
+                    continue;
+                }
                 if (context.TestExpression("encryptionConfig", targetDepth))
                 {
                     var unmarshaller = new ListUnmarshaller<EncryptionConfig, EncryptionConfigUnmarshaller>(EncryptionConfigUnmarshaller.Instance);

sdk/src/Services/EKS/Generated/Model/Internal/MarshallTransformations/CreateClusterRequestMarshaller.cs

@@ -106,6 +106,12 @@ public IRequest Marshall(CreateClusterRequest publicRequest)
                     context.Writer.WriteObjectEnd();
                 }
 
+                if(publicRequest.IsSetDeletionProtection())
+                {
+                    context.Writer.WritePropertyName("deletionProtection");
+                    context.Writer.Write(publicRequest.DeletionProtection);
+                }
+
                 if(publicRequest.IsSetEncryptionConfig())
                 {
                     context.Writer.WritePropertyName("encryptionConfig");

sdk/src/Services/EKS/Generated/Model/Internal/MarshallTransformations/DeleteClusterResponseUnmarshaller.cs

@@ -85,6 +85,10 @@ public override AmazonServiceException UnmarshallException(JsonUnmarshallerConte
                 {
                     return ClientExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);
                 }
+                if (errorResponse.Code != null && errorResponse.Code.Equals("InvalidRequestException"))
+                {
+                    return InvalidRequestExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);
+                }
                 if (errorResponse.Code != null && errorResponse.Code.Equals("ResourceInUseException"))
                 {
                     return ResourceInUseExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);

sdk/src/Services/EKS/Generated/Model/Internal/MarshallTransformations/UpdateClusterConfigRequestMarshaller.cs

@@ -103,6 +103,12 @@ public IRequest Marshall(UpdateClusterConfigRequest publicRequest)
                     context.Writer.WriteObjectEnd();
                 }
 
+                if(publicRequest.IsSetDeletionProtection())
+                {
+                    context.Writer.WritePropertyName("deletionProtection");
+                    context.Writer.Write(publicRequest.DeletionProtection);
+                }
+
                 if(publicRequest.IsSetKubernetesNetworkConfig())
                 {
                     context.Writer.WritePropertyName("kubernetesNetworkConfig");