2022/07/14 - CodeArtifact - 2 new3 updated api methods
Changes This release introduces Package Origin Controls, a mechanism used to counteract Dependency Confusion attacks. Adds two new APIs, PutPackageOriginConfiguration and DescribePackage, and updates the ListPackage, DescribePackageVersion and ListPackageVersion APIs in support of the feature.
Sets the package origin configuration for a package.
The package origin configuration determines how new versions of a package can be added to a repository. You can allow or block direct publishing of new package versions, or ingestion and retaining of new package versions from an external connection or upstream source. For more information about package origin controls and configuration, see Editing package origin controls in the CodeArtifact User Guide.
PutPackageOriginConfiguration can be called on a package that doesn't yet exist in the repository. When called on a package that does not exist, a package is created in the repository with no versions and the requested restrictions are set on the package. This can be used to preemptively block ingesting or retaining any versions from external connections or upstream repositories, or to block publishing any versions of the package into the repository before connecting any package managers or publishers to the repository.
See also: AWS API Documentation
Request Syntax
client.put_package_origin_configuration( domain='string', domainOwner='string', repository='string', format='npm'|'pypi'|'maven'|'nuget', namespace='string', package='string', restrictions={ 'publish': 'ALLOW'|'BLOCK', 'upstream': 'ALLOW'|'BLOCK' } )
string
[REQUIRED]
The name of the domain that contains the repository that contains the package.
string
The 12-digit account number of the Amazon Web Services account that owns the domain. It does not include dashes or spaces.
string
[REQUIRED]
The name of the repository that contains the package.
string
[REQUIRED]
A format that specifies the type of the package to be updated.
string
The namespace of the package to be updated. The package component that specifies its namespace depends on its type. For example:
The namespace of a Maven package is its groupId.
The namespace of an npm package is its scope.
Python and NuGet packages do not contain a corresponding component, packages of those formats do not have a namespace.
string
[REQUIRED]
The name of the package to be updated.
dict
[REQUIRED]
A PackageOriginRestrictions object that contains information about the upstream and publish package origin restrictions. The upstream restriction determines if new package versions can be ingested or retained from external connections or upstream repositories. The publish restriction determines if new package versions can be published directly to the repository.
You must include both the desired upstream and publish restrictions.
publish (string) -- [REQUIRED]
The package origin configuration that determines if new versions of the package can be published directly to the repository.
upstream (string) -- [REQUIRED]
The package origin configuration that determines if new versions of the package can be added to the repository from an external connection or upstream source.
dict
Response Syntax
{ 'originConfiguration': { 'restrictions': { 'publish': 'ALLOW'|'BLOCK', 'upstream': 'ALLOW'|'BLOCK' } } }
Response Structure
(dict) --
originConfiguration (dict) --
A PackageOriginConfiguration object that describes the origin configuration set for the package. It contains a PackageOriginRestrictions object that describes how new versions of the package can be introduced to the repository.
restrictions (dict) --
A PackageOriginRestrictions object that contains information about the upstream and publish package origin configuration for the package.
publish (string) --
The package origin configuration that determines if new versions of the package can be published directly to the repository.
upstream (string) --
The package origin configuration that determines if new versions of the package can be added to the repository from an external connection or upstream source.
Returns a PackageDescription object that contains information about the requested package.
See also: AWS API Documentation
Request Syntax
client.describe_package( domain='string', domainOwner='string', repository='string', format='npm'|'pypi'|'maven'|'nuget', namespace='string', package='string' )
string
[REQUIRED]
The name of the domain that contains the repository that contains the package.
string
The 12-digit account number of the Amazon Web Services account that owns the domain. It does not include dashes or spaces.
string
[REQUIRED]
The name of the repository that contains the requested package.
string
[REQUIRED]
A format that specifies the type of the requested package.
string
The namespace of the requested package. The package component that specifies its namespace depends on its type. For example:
The namespace of a Maven package is its groupId. The namespace is required when requesting Maven packages.
The namespace of an npm package is its scope.
Python and NuGet packages do not contain a corresponding component, packages of those formats do not have a namespace.
string
[REQUIRED]
The name of the requested package.
dict
Response Syntax
{ 'package': { 'format': 'npm'|'pypi'|'maven'|'nuget', 'namespace': 'string', 'name': 'string', 'originConfiguration': { 'restrictions': { 'publish': 'ALLOW'|'BLOCK', 'upstream': 'ALLOW'|'BLOCK' } } } }
Response Structure
(dict) --
package (dict) --
A PackageDescription object that contains information about the requested package.
format (string) --
A format that specifies the type of the package.
namespace (string) --
The namespace of the package. The package component that specifies its namespace depends on its type. For example:
The namespace of a Maven package is its groupId.
The namespace of an npm package is its scope.
Python and NuGet packages do not contain a corresponding component, packages of those formats do not have a namespace.
name (string) --
The name of the package.
originConfiguration (dict) --
The package origin configuration for the package.
restrictions (dict) --
A PackageOriginRestrictions object that contains information about the upstream and publish package origin configuration for the package.
publish (string) --
The package origin configuration that determines if new versions of the package can be published directly to the repository.
upstream (string) --
The package origin configuration that determines if new versions of the package can be added to the repository from an external connection or upstream source.
{'packageVersion': {'origin': {'domainEntryPoint': {'externalConnectionName': 'string', 'repositoryName': 'string'}, 'originType': 'INTERNAL | EXTERNAL | UNKNOWN'}}}
Returns a PackageVersionDescription object that contains information about the requested package version.
See also: AWS API Documentation
Request Syntax
client.describe_package_version( domain='string', domainOwner='string', repository='string', format='npm'|'pypi'|'maven'|'nuget', namespace='string', package='string', packageVersion='string' )
string
[REQUIRED]
The name of the domain that contains the repository that contains the package version.
string
The 12-digit account number of the Amazon Web Services account that owns the domain. It does not include dashes or spaces.
string
[REQUIRED]
The name of the repository that contains the package version.
string
[REQUIRED]
A format that specifies the type of the requested package version.
string
The namespace of the requested package version. The package version component that specifies its namespace depends on its type. For example:
The namespace of a Maven package version is its groupId.
The namespace of an npm package version is its scope.
Python and NuGet package versions do not contain a corresponding component, package versions of those formats do not have a namespace.
string
[REQUIRED]
The name of the requested package version.
string
[REQUIRED]
A string that contains the package version (for example, 3.5.2).
dict
Response Syntax
{ 'packageVersion': { 'format': 'npm'|'pypi'|'maven'|'nuget', 'namespace': 'string', 'packageName': 'string', 'displayName': 'string', 'version': 'string', 'summary': 'string', 'homePage': 'string', 'sourceCodeRepository': 'string', 'publishedTime': datetime(2015, 1, 1), 'licenses': [ { 'name': 'string', 'url': 'string' }, ], 'revision': 'string', 'status': 'Published'|'Unfinished'|'Unlisted'|'Archived'|'Disposed'|'Deleted', 'origin': { 'domainEntryPoint': { 'repositoryName': 'string', 'externalConnectionName': 'string' }, 'originType': 'INTERNAL'|'EXTERNAL'|'UNKNOWN' } } }
Response Structure
(dict) --
packageVersion (dict) --
A PackageVersionDescription object that contains information about the requested package version.
format (string) --
The format of the package version.
namespace (string) --
The namespace of the package version. The package version component that specifies its namespace depends on its type. For example:
The namespace of a Maven package version is its groupId.
The namespace of an npm package version is its scope.
Python and NuGet package versions do not contain a corresponding component, package versions of those formats do not have a namespace.
packageName (string) --
The name of the requested package.
displayName (string) --
The name of the package that is displayed. The displayName varies depending on the package version's format. For example, if an npm package is named ui, is in the namespace vue, and has the format npm, then the displayName is @vue/ui.
version (string) --
The version of the package.
summary (string) --
A summary of the package version. The summary is extracted from the package. The information in and detail level of the summary depends on the package version's format.
homePage (string) --
The homepage associated with the package.
sourceCodeRepository (string) --
The repository for the source code in the package version, or the source code used to build it.
publishedTime (datetime) --
A timestamp that contains the date and time the package version was published.
licenses (list) --
Information about licenses associated with the package version.
(dict) --
Details of the license data.
name (string) --
Name of the license.
url (string) --
The URL for license data.
revision (string) --
The revision of the package version.
status (string) --
A string that contains the status of the package version.
origin (dict) --
A PackageVersionOrigin object that contains information about how the package version was added to the repository.
domainEntryPoint (dict) --
A DomainEntryPoint object that contains information about from which repository or external connection the package version was added to the domain.
repositoryName (string) --
The name of the repository that a package was originally published to.
externalConnectionName (string) --
The name of the external connection that a package was ingested from.
originType (string) --
Describes how the package version was originally added to the domain. An INTERNAL origin type means the package version was published directly to a repository in the domain. An EXTERNAL origin type means the package version was ingested from an external connection.
{'originType': 'INTERNAL | EXTERNAL | UNKNOWN'}Response
{'versions': {'origin': {'domainEntryPoint': {'externalConnectionName': 'string', 'repositoryName': 'string'}, 'originType': 'INTERNAL | EXTERNAL | UNKNOWN'}}}
Returns a list of PackageVersionSummary objects for package versions in a repository that match the request parameters.
See also: AWS API Documentation
Request Syntax
client.list_package_versions( domain='string', domainOwner='string', repository='string', format='npm'|'pypi'|'maven'|'nuget', namespace='string', package='string', status='Published'|'Unfinished'|'Unlisted'|'Archived'|'Disposed'|'Deleted', sortBy='PUBLISHED_TIME', maxResults=123, nextToken='string', originType='INTERNAL'|'EXTERNAL'|'UNKNOWN' )
string
[REQUIRED]
The name of the domain that contains the repository that contains the requested package versions.
string
The 12-digit account number of the Amazon Web Services account that owns the domain. It does not include dashes or spaces.
string
[REQUIRED]
The name of the repository that contains the requested package versions.
string
[REQUIRED]
The format of the returned package versions.
string
The namespace of the package that contains the requested package versions. The package component that specifies its namespace depends on its type. For example:
The namespace of a Maven package is its groupId.
The namespace of an npm package is its scope.
Python and NuGet packages do not contain a corresponding component, packages of those formats do not have a namespace.
string
[REQUIRED]
The name of the package for which you want to request package versions.
string
A string that filters the requested package versions by status.
string
How to sort the requested list of package versions.
integer
The maximum number of results to return per page.
string
The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
string
The originType used to filter package versions. Only package versions with the provided originType will be returned.
dict
Response Syntax
{ 'defaultDisplayVersion': 'string', 'format': 'npm'|'pypi'|'maven'|'nuget', 'namespace': 'string', 'package': 'string', 'versions': [ { 'version': 'string', 'revision': 'string', 'status': 'Published'|'Unfinished'|'Unlisted'|'Archived'|'Disposed'|'Deleted', 'origin': { 'domainEntryPoint': { 'repositoryName': 'string', 'externalConnectionName': 'string' }, 'originType': 'INTERNAL'|'EXTERNAL'|'UNKNOWN' } }, ], 'nextToken': 'string' }
Response Structure
(dict) --
defaultDisplayVersion (string) --
The default package version to display. This depends on the package format:
For Maven and PyPI packages, it's the most recently published package version.
For npm packages, it's the version referenced by the latest tag. If the latest tag is not set, it's the most recently published package version.
format (string) --
A format of the package.
namespace (string) --
The namespace of the package that contains the requested package versions. The package component that specifies its namespace depends on its type. For example:
The namespace of a Maven package is its groupId.
The namespace of an npm package is its scope.
Python and NuGet packages do not contain a corresponding component, packages of those formats do not have a namespace.
package (string) --
The name of the package.
versions (list) --
The returned list of PackageVersionSummary objects.
(dict) --
Details about a package version, including its status, version, and revision. The ListPackageVersions operation returns a list of PackageVersionSummary objects.
version (string) --
Information about a package version.
revision (string) --
The revision associated with a package version.
status (string) --
A string that contains the status of the package version. It can be one of the following:
origin (dict) --
A PackageVersionOrigin object that contains information about how the package version was added to the repository.
domainEntryPoint (dict) --
A DomainEntryPoint object that contains information about from which repository or external connection the package version was added to the domain.
repositoryName (string) --
The name of the repository that a package was originally published to.
externalConnectionName (string) --
The name of the external connection that a package was ingested from.
originType (string) --
Describes how the package version was originally added to the domain. An INTERNAL origin type means the package version was published directly to a repository in the domain. An EXTERNAL origin type means the package version was ingested from an external connection.
nextToken (string) --
If there are additional results, this is the token for the next set of results.
{'publish': 'ALLOW | BLOCK', 'upstream': 'ALLOW | BLOCK'}Response
{'packages': {'originConfiguration': {'restrictions': {'publish': 'ALLOW | ' 'BLOCK', 'upstream': 'ALLOW | ' 'BLOCK'}}}}
Returns a list of PackageSummary objects for packages in a repository that match the request parameters.
See also: AWS API Documentation
Request Syntax
client.list_packages( domain='string', domainOwner='string', repository='string', format='npm'|'pypi'|'maven'|'nuget', namespace='string', packagePrefix='string', maxResults=123, nextToken='string', publish='ALLOW'|'BLOCK', upstream='ALLOW'|'BLOCK' )
string
[REQUIRED]
The name of the domain that contains the repository that contains the requested packages.
string
The 12-digit account number of the Amazon Web Services account that owns the domain. It does not include dashes or spaces.
string
[REQUIRED]
The name of the repository that contains the requested packages.
string
The format used to filter requested packages. Only packages from the provided format will be returned.
string
The namespace used to filter requested packages. Only packages with the provided namespace will be returned. The package component that specifies its namespace depends on its type. For example:
The namespace of a Maven package is its groupId.
The namespace of an npm package is its scope.
Python and NuGet packages do not contain a corresponding component, packages of those formats do not have a namespace.
string
A prefix used to filter requested packages. Only packages with names that start with packagePrefix are returned.
integer
The maximum number of results to return per page.
string
The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
string
The value of the Publish package origin control restriction used to filter requested packages. Only packages with the provided restriction are returned. For more information, see PackageOriginRestrictions.
string
The value of the Upstream package origin control restriction used to filter requested packages. Only packages with the provided restriction are returned. For more information, see PackageOriginRestrictions.
dict
Response Syntax
{ 'packages': [ { 'format': 'npm'|'pypi'|'maven'|'nuget', 'namespace': 'string', 'package': 'string', 'originConfiguration': { 'restrictions': { 'publish': 'ALLOW'|'BLOCK', 'upstream': 'ALLOW'|'BLOCK' } } }, ], 'nextToken': 'string' }
Response Structure
(dict) --
packages (list) --
The list of returned PackageSummary objects.
(dict) --
Details about a package, including its format, namespace, and name. The ListPackages operation returns a list of PackageSummary objects.
format (string) --
The format of the package.
namespace (string) --
The namespace of the package. The package component that specifies its namespace depends on its type. For example:
The namespace of a Maven package is its groupId.
The namespace of an npm package is its scope.
Python and NuGet packages do not contain a corresponding component, packages of those formats do not have a namespace.
package (string) --
The name of the package.
originConfiguration (dict) --
A PackageOriginConfiguration object that contains a PackageOriginRestrictions object that contains information about the upstream and publish package origin restrictions.
restrictions (dict) --
A PackageOriginRestrictions object that contains information about the upstream and publish package origin configuration for the package.
publish (string) --
The package origin configuration that determines if new versions of the package can be published directly to the repository.
upstream (string) --
The package origin configuration that determines if new versions of the package can be added to the repository from an external connection or upstream source.
nextToken (string) --
If there are additional results, this is the token for the next set of results.