1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package kms 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11 "time" 12) 13 14// Schedules the deletion of a customer master key (CMK). You may provide a waiting 15// period, specified in days, before deletion occurs. If you do not provide a 16// waiting period, the default period of 30 days is used. When this operation is 17// successful, the key state of the CMK changes to PendingDeletion. Before the 18// waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the 19// CMK. After the waiting period ends, AWS KMS deletes the CMK and all AWS KMS data 20// associated with it, including all aliases that refer to it. Deleting a CMK is a 21// destructive and potentially dangerous operation. When a CMK is deleted, all data 22// that was encrypted under the CMK is unrecoverable. To prevent the use of a CMK 23// without deleting it, use DisableKey. If you schedule deletion of a CMK from a 24// custom key store 25// (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), 26// when the waiting period expires, ScheduleKeyDeletion deletes the CMK from AWS 27// KMS. Then AWS KMS makes a best effort to delete the key material from the 28// associated AWS CloudHSM cluster. However, you might need to manually delete the 29// orphaned key material 30// (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) 31// from the cluster and its backups. For more information about scheduling a CMK 32// for deletion, see Deleting Customer Master Keys 33// (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in 34// the AWS Key Management Service Developer Guide. The CMK that you use for this 35// operation must be in a compatible key state. For details, see How Key State 36// Affects Use of a Customer Master Key 37// (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the 38// AWS Key Management Service Developer Guide. Cross-account use: No. You cannot 39// perform this operation on a CMK in a different AWS account. Required 40// permissions: kms:ScheduleKeyDeletion 41// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) 42// (key policy) Related operations 43// 44// * CancelKeyDeletion 45// 46// * DisableKey 47func (c *Client) ScheduleKeyDeletion(ctx context.Context, params *ScheduleKeyDeletionInput, optFns ...func(*Options)) (*ScheduleKeyDeletionOutput, error) { 48 if params == nil { 49 params = &ScheduleKeyDeletionInput{} 50 } 51 52 result, metadata, err := c.invokeOperation(ctx, "ScheduleKeyDeletion", params, optFns, addOperationScheduleKeyDeletionMiddlewares) 53 if err != nil { 54 return nil, err 55 } 56 57 out := result.(*ScheduleKeyDeletionOutput) 58 out.ResultMetadata = metadata 59 return out, nil 60} 61 62type ScheduleKeyDeletionInput struct { 63 64 // The unique identifier of the customer master key (CMK) to delete. Specify the 65 // key ID or the Amazon Resource Name (ARN) of the CMK. For example: 66 // 67 // * Key ID: 68 // 1234abcd-12ab-34cd-56ef-1234567890ab 69 // 70 // * Key ARN: 71 // arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 72 // 73 // To 74 // get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 75 // 76 // This member is required. 77 KeyId *string 78 79 // The waiting period, specified in number of days. After the waiting period ends, 80 // AWS KMS deletes the customer master key (CMK). This value is optional. If you 81 // include a value, it must be between 7 and 30, inclusive. If you do not include a 82 // value, it defaults to 30. 83 PendingWindowInDays *int32 84} 85 86type ScheduleKeyDeletionOutput struct { 87 88 // The date and time after which AWS KMS deletes the customer master key (CMK). 89 DeletionDate *time.Time 90 91 // The Amazon Resource Name (key ARN 92 // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) 93 // of the CMK whose deletion is scheduled. 94 KeyId *string 95 96 // Metadata pertaining to the operation's result. 97 ResultMetadata middleware.Metadata 98} 99 100func addOperationScheduleKeyDeletionMiddlewares(stack *middleware.Stack, options Options) (err error) { 101 err = stack.Serialize.Add(&awsAwsjson11_serializeOpScheduleKeyDeletion{}, middleware.After) 102 if err != nil { 103 return err 104 } 105 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpScheduleKeyDeletion{}, middleware.After) 106 if err != nil { 107 return err 108 } 109 if err = addSetLoggerMiddleware(stack, options); err != nil { 110 return err 111 } 112 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 113 return err 114 } 115 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 116 return err 117 } 118 if err = addResolveEndpointMiddleware(stack, options); err != nil { 119 return err 120 } 121 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 122 return err 123 } 124 if err = addRetryMiddlewares(stack, options); err != nil { 125 return err 126 } 127 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 128 return err 129 } 130 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 131 return err 132 } 133 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 134 return err 135 } 136 if err = addClientUserAgent(stack); err != nil { 137 return err 138 } 139 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 140 return err 141 } 142 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 143 return err 144 } 145 if err = addOpScheduleKeyDeletionValidationMiddleware(stack); err != nil { 146 return err 147 } 148 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opScheduleKeyDeletion(options.Region), middleware.Before); err != nil { 149 return err 150 } 151 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 152 return err 153 } 154 if err = addResponseErrorMiddleware(stack); err != nil { 155 return err 156 } 157 if err = addRequestResponseLogging(stack, options); err != nil { 158 return err 159 } 160 return nil 161} 162 163func newServiceMetadataMiddleware_opScheduleKeyDeletion(region string) *awsmiddleware.RegisterServiceMetadata { 164 return &awsmiddleware.RegisterServiceMetadata{ 165 Region: region, 166 ServiceID: ServiceID, 167 SigningName: "kms", 168 OperationName: "ScheduleKeyDeletion", 169 } 170} 171