1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCreateCertificateAuthority = "CreateCertificateAuthority" 17 18// CreateCertificateAuthorityRequest generates a "aws/request.Request" representing the 19// client's request for the CreateCertificateAuthority operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CreateCertificateAuthority for more information on using the CreateCertificateAuthority 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CreateCertificateAuthorityRequest method. 34// req, resp := client.CreateCertificateAuthorityRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 42func (c *ACMPCA) CreateCertificateAuthorityRequest(input *CreateCertificateAuthorityInput) (req *request.Request, output *CreateCertificateAuthorityOutput) { 43 op := &request.Operation{ 44 Name: opCreateCertificateAuthority, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CreateCertificateAuthorityInput{} 51 } 52 53 output = &CreateCertificateAuthorityOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CreateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 59// 60// Creates a root or subordinate private certificate authority (CA). You must 61// specify the CA configuration, the certificate revocation list (CRL) configuration, 62// the CA type, and an optional idempotency token to avoid accidental creation 63// of multiple CAs. The CA configuration specifies the name of the algorithm 64// and key size to be used to create the CA private key, the type of signing 65// algorithm that the CA uses, and X.500 subject information. The CRL configuration 66// specifies the CRL expiration period in days (the validity period of the CRL), 67// the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the 68// S3 bucket that is included in certificates issued by the CA. If successful, 69// this action returns the Amazon Resource Name (ARN) of the CA. 70// 71// ACM Private CA assets that are stored in Amazon S3 can be protected with 72// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 73// 74// Both PCA and the IAM principal must have permission to write to the S3 bucket 75// that you specify. If the IAM principal making the call does not have permission 76// to write to the bucket, then an exception is thrown. For more information, 77// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 78// 79// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 80// with awserr.Error's Code and Message methods to get detailed information about 81// the error. 82// 83// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 84// API operation CreateCertificateAuthority for usage and error information. 85// 86// Returned Error Types: 87// * InvalidArgsException 88// One or more of the specified arguments was not valid. 89// 90// * InvalidPolicyException 91// The resource policy is invalid or is missing a required statement. For general 92// information about IAM policy and statement structure, see Overview of JSON 93// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 94// 95// * InvalidTagException 96// The tag associated with the CA is not valid. The invalid argument is contained 97// in the message field. 98// 99// * LimitExceededException 100// An ACM Private CA quota has been exceeded. See the exception message returned 101// to determine the quota that was exceeded. 102// 103// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 104func (c *ACMPCA) CreateCertificateAuthority(input *CreateCertificateAuthorityInput) (*CreateCertificateAuthorityOutput, error) { 105 req, out := c.CreateCertificateAuthorityRequest(input) 106 return out, req.Send() 107} 108 109// CreateCertificateAuthorityWithContext is the same as CreateCertificateAuthority with the addition of 110// the ability to pass a context and additional request options. 111// 112// See CreateCertificateAuthority for details on how to use this API operation. 113// 114// The context must be non-nil and will be used for request cancellation. If 115// the context is nil a panic will occur. In the future the SDK may create 116// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 117// for more information on using Contexts. 118func (c *ACMPCA) CreateCertificateAuthorityWithContext(ctx aws.Context, input *CreateCertificateAuthorityInput, opts ...request.Option) (*CreateCertificateAuthorityOutput, error) { 119 req, out := c.CreateCertificateAuthorityRequest(input) 120 req.SetContext(ctx) 121 req.ApplyOptions(opts...) 122 return out, req.Send() 123} 124 125const opCreateCertificateAuthorityAuditReport = "CreateCertificateAuthorityAuditReport" 126 127// CreateCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 128// client's request for the CreateCertificateAuthorityAuditReport operation. The "output" return 129// value will be populated with the request's response once the request completes 130// successfully. 131// 132// Use "Send" method on the returned Request to send the API call to the service. 133// the "output" return value is not valid until after Send returns without error. 134// 135// See CreateCertificateAuthorityAuditReport for more information on using the CreateCertificateAuthorityAuditReport 136// API call, and error handling. 137// 138// This method is useful when you want to inject custom logic or configuration 139// into the SDK's request lifecycle. Such as custom headers, or retry logic. 140// 141// 142// // Example sending a request using the CreateCertificateAuthorityAuditReportRequest method. 143// req, resp := client.CreateCertificateAuthorityAuditReportRequest(params) 144// 145// err := req.Send() 146// if err == nil { // resp is now filled 147// fmt.Println(resp) 148// } 149// 150// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 151func (c *ACMPCA) CreateCertificateAuthorityAuditReportRequest(input *CreateCertificateAuthorityAuditReportInput) (req *request.Request, output *CreateCertificateAuthorityAuditReportOutput) { 152 op := &request.Operation{ 153 Name: opCreateCertificateAuthorityAuditReport, 154 HTTPMethod: "POST", 155 HTTPPath: "/", 156 } 157 158 if input == nil { 159 input = &CreateCertificateAuthorityAuditReportInput{} 160 } 161 162 output = &CreateCertificateAuthorityAuditReportOutput{} 163 req = c.newRequest(op, input, output) 164 return 165} 166 167// CreateCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 168// 169// Creates an audit report that lists every time that your CA private key is 170// used. The report is saved in the Amazon S3 bucket that you specify on input. 171// The IssueCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 172// and RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 173// actions use the private key. 174// 175// Both PCA and the IAM principal must have permission to write to the S3 bucket 176// that you specify. If the IAM principal making the call does not have permission 177// to write to the bucket, then an exception is thrown. For more information, 178// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 179// 180// ACM Private CA assets that are stored in Amazon S3 can be protected with 181// encryption. For more information, see Encrypting Your Audit Reports (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption). 182// 183// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 184// with awserr.Error's Code and Message methods to get detailed information about 185// the error. 186// 187// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 188// API operation CreateCertificateAuthorityAuditReport for usage and error information. 189// 190// Returned Error Types: 191// * RequestInProgressException 192// Your request is already in progress. 193// 194// * RequestFailedException 195// The request has failed for an unspecified reason. 196// 197// * ResourceNotFoundException 198// A resource such as a private CA, S3 bucket, certificate, audit report, or 199// policy cannot be found. 200// 201// * InvalidArnException 202// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 203// 204// * InvalidArgsException 205// One or more of the specified arguments was not valid. 206// 207// * InvalidStateException 208// The state of the private CA does not allow this action to occur. 209// 210// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 211func (c *ACMPCA) CreateCertificateAuthorityAuditReport(input *CreateCertificateAuthorityAuditReportInput) (*CreateCertificateAuthorityAuditReportOutput, error) { 212 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 213 return out, req.Send() 214} 215 216// CreateCertificateAuthorityAuditReportWithContext is the same as CreateCertificateAuthorityAuditReport with the addition of 217// the ability to pass a context and additional request options. 218// 219// See CreateCertificateAuthorityAuditReport for details on how to use this API operation. 220// 221// The context must be non-nil and will be used for request cancellation. If 222// the context is nil a panic will occur. In the future the SDK may create 223// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 224// for more information on using Contexts. 225func (c *ACMPCA) CreateCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *CreateCertificateAuthorityAuditReportInput, opts ...request.Option) (*CreateCertificateAuthorityAuditReportOutput, error) { 226 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 227 req.SetContext(ctx) 228 req.ApplyOptions(opts...) 229 return out, req.Send() 230} 231 232const opCreatePermission = "CreatePermission" 233 234// CreatePermissionRequest generates a "aws/request.Request" representing the 235// client's request for the CreatePermission operation. The "output" return 236// value will be populated with the request's response once the request completes 237// successfully. 238// 239// Use "Send" method on the returned Request to send the API call to the service. 240// the "output" return value is not valid until after Send returns without error. 241// 242// See CreatePermission for more information on using the CreatePermission 243// API call, and error handling. 244// 245// This method is useful when you want to inject custom logic or configuration 246// into the SDK's request lifecycle. Such as custom headers, or retry logic. 247// 248// 249// // Example sending a request using the CreatePermissionRequest method. 250// req, resp := client.CreatePermissionRequest(params) 251// 252// err := req.Send() 253// if err == nil { // resp is now filled 254// fmt.Println(resp) 255// } 256// 257// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 258func (c *ACMPCA) CreatePermissionRequest(input *CreatePermissionInput) (req *request.Request, output *CreatePermissionOutput) { 259 op := &request.Operation{ 260 Name: opCreatePermission, 261 HTTPMethod: "POST", 262 HTTPPath: "/", 263 } 264 265 if input == nil { 266 input = &CreatePermissionInput{} 267 } 268 269 output = &CreatePermissionOutput{} 270 req = c.newRequest(op, input, output) 271 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 272 return 273} 274 275// CreatePermission API operation for AWS Certificate Manager Private Certificate Authority. 276// 277// Grants one or more permissions on a private CA to the AWS Certificate Manager 278// (ACM) service principal (acm.amazonaws.com). These permissions allow ACM 279// to issue and renew ACM certificates that reside in the same AWS account as 280// the CA. 281// 282// You can list current permissions with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 283// action and revoke them with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 284// action. 285// 286// About Permissions 287// 288// * If the private CA and the certificates it issues reside in the same 289// account, you can use CreatePermission to grant permissions for ACM to 290// carry out automatic certificate renewals. 291// 292// * For automatic certificate renewal to succeed, the ACM service principal 293// needs permissions to create, retrieve, and list certificates. 294// 295// * If the private CA and the ACM certificates reside in different accounts, 296// then permissions cannot be used to enable automatic renewals. Instead, 297// the ACM certificate owner must set up a resource-based policy to enable 298// cross-account issuance and renewals. For more information, see Using a 299// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 300// 301// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 302// with awserr.Error's Code and Message methods to get detailed information about 303// the error. 304// 305// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 306// API operation CreatePermission for usage and error information. 307// 308// Returned Error Types: 309// * ResourceNotFoundException 310// A resource such as a private CA, S3 bucket, certificate, audit report, or 311// policy cannot be found. 312// 313// * InvalidArnException 314// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 315// 316// * PermissionAlreadyExistsException 317// The designated permission has already been given to the user. 318// 319// * LimitExceededException 320// An ACM Private CA quota has been exceeded. See the exception message returned 321// to determine the quota that was exceeded. 322// 323// * InvalidStateException 324// The state of the private CA does not allow this action to occur. 325// 326// * RequestFailedException 327// The request has failed for an unspecified reason. 328// 329// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 330func (c *ACMPCA) CreatePermission(input *CreatePermissionInput) (*CreatePermissionOutput, error) { 331 req, out := c.CreatePermissionRequest(input) 332 return out, req.Send() 333} 334 335// CreatePermissionWithContext is the same as CreatePermission with the addition of 336// the ability to pass a context and additional request options. 337// 338// See CreatePermission for details on how to use this API operation. 339// 340// The context must be non-nil and will be used for request cancellation. If 341// the context is nil a panic will occur. In the future the SDK may create 342// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 343// for more information on using Contexts. 344func (c *ACMPCA) CreatePermissionWithContext(ctx aws.Context, input *CreatePermissionInput, opts ...request.Option) (*CreatePermissionOutput, error) { 345 req, out := c.CreatePermissionRequest(input) 346 req.SetContext(ctx) 347 req.ApplyOptions(opts...) 348 return out, req.Send() 349} 350 351const opDeleteCertificateAuthority = "DeleteCertificateAuthority" 352 353// DeleteCertificateAuthorityRequest generates a "aws/request.Request" representing the 354// client's request for the DeleteCertificateAuthority operation. The "output" return 355// value will be populated with the request's response once the request completes 356// successfully. 357// 358// Use "Send" method on the returned Request to send the API call to the service. 359// the "output" return value is not valid until after Send returns without error. 360// 361// See DeleteCertificateAuthority for more information on using the DeleteCertificateAuthority 362// API call, and error handling. 363// 364// This method is useful when you want to inject custom logic or configuration 365// into the SDK's request lifecycle. Such as custom headers, or retry logic. 366// 367// 368// // Example sending a request using the DeleteCertificateAuthorityRequest method. 369// req, resp := client.DeleteCertificateAuthorityRequest(params) 370// 371// err := req.Send() 372// if err == nil { // resp is now filled 373// fmt.Println(resp) 374// } 375// 376// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 377func (c *ACMPCA) DeleteCertificateAuthorityRequest(input *DeleteCertificateAuthorityInput) (req *request.Request, output *DeleteCertificateAuthorityOutput) { 378 op := &request.Operation{ 379 Name: opDeleteCertificateAuthority, 380 HTTPMethod: "POST", 381 HTTPPath: "/", 382 } 383 384 if input == nil { 385 input = &DeleteCertificateAuthorityInput{} 386 } 387 388 output = &DeleteCertificateAuthorityOutput{} 389 req = c.newRequest(op, input, output) 390 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 391 return 392} 393 394// DeleteCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 395// 396// Deletes a private certificate authority (CA). You must provide the Amazon 397// Resource Name (ARN) of the private CA that you want to delete. You can find 398// the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 399// action. 400// 401// Deleting a CA will invalidate other CAs and certificates below it in your 402// CA hierarchy. 403// 404// Before you can delete a CA that you have created and activated, you must 405// disable it. To do this, call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 406// action and set the CertificateAuthorityStatus parameter to DISABLED. 407// 408// Additionally, you can delete a CA if you are waiting for it to be created 409// (that is, the status of the CA is CREATING). You can also delete it if the 410// CA has been created but you haven't yet imported the signed certificate into 411// ACM Private CA (that is, the status of the CA is PENDING_CERTIFICATE). 412// 413// When you successfully call DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html), 414// the CA's status changes to DELETED. However, the CA won't be permanently 415// deleted until the restoration period has passed. By default, if you do not 416// set the PermanentDeletionTimeInDays parameter, the CA remains restorable 417// for 30 days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority 418// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 419// action returns the time remaining in the restoration window of a private 420// CA in the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority 421// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html) 422// action. 423// 424// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 425// with awserr.Error's Code and Message methods to get detailed information about 426// the error. 427// 428// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 429// API operation DeleteCertificateAuthority for usage and error information. 430// 431// Returned Error Types: 432// * ConcurrentModificationException 433// A previous update to your private CA is still ongoing. 434// 435// * ResourceNotFoundException 436// A resource such as a private CA, S3 bucket, certificate, audit report, or 437// policy cannot be found. 438// 439// * InvalidArnException 440// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 441// 442// * InvalidStateException 443// The state of the private CA does not allow this action to occur. 444// 445// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 446func (c *ACMPCA) DeleteCertificateAuthority(input *DeleteCertificateAuthorityInput) (*DeleteCertificateAuthorityOutput, error) { 447 req, out := c.DeleteCertificateAuthorityRequest(input) 448 return out, req.Send() 449} 450 451// DeleteCertificateAuthorityWithContext is the same as DeleteCertificateAuthority with the addition of 452// the ability to pass a context and additional request options. 453// 454// See DeleteCertificateAuthority for details on how to use this API operation. 455// 456// The context must be non-nil and will be used for request cancellation. If 457// the context is nil a panic will occur. In the future the SDK may create 458// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 459// for more information on using Contexts. 460func (c *ACMPCA) DeleteCertificateAuthorityWithContext(ctx aws.Context, input *DeleteCertificateAuthorityInput, opts ...request.Option) (*DeleteCertificateAuthorityOutput, error) { 461 req, out := c.DeleteCertificateAuthorityRequest(input) 462 req.SetContext(ctx) 463 req.ApplyOptions(opts...) 464 return out, req.Send() 465} 466 467const opDeletePermission = "DeletePermission" 468 469// DeletePermissionRequest generates a "aws/request.Request" representing the 470// client's request for the DeletePermission operation. The "output" return 471// value will be populated with the request's response once the request completes 472// successfully. 473// 474// Use "Send" method on the returned Request to send the API call to the service. 475// the "output" return value is not valid until after Send returns without error. 476// 477// See DeletePermission for more information on using the DeletePermission 478// API call, and error handling. 479// 480// This method is useful when you want to inject custom logic or configuration 481// into the SDK's request lifecycle. Such as custom headers, or retry logic. 482// 483// 484// // Example sending a request using the DeletePermissionRequest method. 485// req, resp := client.DeletePermissionRequest(params) 486// 487// err := req.Send() 488// if err == nil { // resp is now filled 489// fmt.Println(resp) 490// } 491// 492// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 493func (c *ACMPCA) DeletePermissionRequest(input *DeletePermissionInput) (req *request.Request, output *DeletePermissionOutput) { 494 op := &request.Operation{ 495 Name: opDeletePermission, 496 HTTPMethod: "POST", 497 HTTPPath: "/", 498 } 499 500 if input == nil { 501 input = &DeletePermissionInput{} 502 } 503 504 output = &DeletePermissionOutput{} 505 req = c.newRequest(op, input, output) 506 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 507 return 508} 509 510// DeletePermission API operation for AWS Certificate Manager Private Certificate Authority. 511// 512// Revokes permissions on a private CA granted to the AWS Certificate Manager 513// (ACM) service principal (acm.amazonaws.com). 514// 515// These permissions allow ACM to issue and renew ACM certificates that reside 516// in the same AWS account as the CA. If you revoke these permissions, ACM will 517// no longer renew the affected certificates automatically. 518// 519// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 520// action and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 521// action. 522// 523// About Permissions 524// 525// * If the private CA and the certificates it issues reside in the same 526// account, you can use CreatePermission to grant permissions for ACM to 527// carry out automatic certificate renewals. 528// 529// * For automatic certificate renewal to succeed, the ACM service principal 530// needs permissions to create, retrieve, and list certificates. 531// 532// * If the private CA and the ACM certificates reside in different accounts, 533// then permissions cannot be used to enable automatic renewals. Instead, 534// the ACM certificate owner must set up a resource-based policy to enable 535// cross-account issuance and renewals. For more information, see Using a 536// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 537// 538// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 539// with awserr.Error's Code and Message methods to get detailed information about 540// the error. 541// 542// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 543// API operation DeletePermission for usage and error information. 544// 545// Returned Error Types: 546// * ResourceNotFoundException 547// A resource such as a private CA, S3 bucket, certificate, audit report, or 548// policy cannot be found. 549// 550// * InvalidArnException 551// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 552// 553// * InvalidStateException 554// The state of the private CA does not allow this action to occur. 555// 556// * RequestFailedException 557// The request has failed for an unspecified reason. 558// 559// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 560func (c *ACMPCA) DeletePermission(input *DeletePermissionInput) (*DeletePermissionOutput, error) { 561 req, out := c.DeletePermissionRequest(input) 562 return out, req.Send() 563} 564 565// DeletePermissionWithContext is the same as DeletePermission with the addition of 566// the ability to pass a context and additional request options. 567// 568// See DeletePermission for details on how to use this API operation. 569// 570// The context must be non-nil and will be used for request cancellation. If 571// the context is nil a panic will occur. In the future the SDK may create 572// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 573// for more information on using Contexts. 574func (c *ACMPCA) DeletePermissionWithContext(ctx aws.Context, input *DeletePermissionInput, opts ...request.Option) (*DeletePermissionOutput, error) { 575 req, out := c.DeletePermissionRequest(input) 576 req.SetContext(ctx) 577 req.ApplyOptions(opts...) 578 return out, req.Send() 579} 580 581const opDeletePolicy = "DeletePolicy" 582 583// DeletePolicyRequest generates a "aws/request.Request" representing the 584// client's request for the DeletePolicy operation. The "output" return 585// value will be populated with the request's response once the request completes 586// successfully. 587// 588// Use "Send" method on the returned Request to send the API call to the service. 589// the "output" return value is not valid until after Send returns without error. 590// 591// See DeletePolicy for more information on using the DeletePolicy 592// API call, and error handling. 593// 594// This method is useful when you want to inject custom logic or configuration 595// into the SDK's request lifecycle. Such as custom headers, or retry logic. 596// 597// 598// // Example sending a request using the DeletePolicyRequest method. 599// req, resp := client.DeletePolicyRequest(params) 600// 601// err := req.Send() 602// if err == nil { // resp is now filled 603// fmt.Println(resp) 604// } 605// 606// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 607func (c *ACMPCA) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 608 op := &request.Operation{ 609 Name: opDeletePolicy, 610 HTTPMethod: "POST", 611 HTTPPath: "/", 612 } 613 614 if input == nil { 615 input = &DeletePolicyInput{} 616 } 617 618 output = &DeletePolicyOutput{} 619 req = c.newRequest(op, input, output) 620 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 621 return 622} 623 624// DeletePolicy API operation for AWS Certificate Manager Private Certificate Authority. 625// 626// Deletes the resource-based policy attached to a private CA. Deletion will 627// remove any access that the policy has granted. If there is no policy attached 628// to the private CA, this action will return successful. 629// 630// If you delete a policy that was applied through AWS Resource Access Manager 631// (RAM), the CA will be removed from all shares in which it was included. 632// 633// The AWS Certificate Manager Service Linked Role that the policy supports 634// is not affected when you delete the policy. 635// 636// The current policy can be shown with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 637// and updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html). 638// 639// About Policies 640// 641// * A policy grants access on a private CA to an AWS customer account, to 642// AWS Organizations, or to an AWS Organizations unit. Policies are under 643// the control of a CA administrator. For more information, see Using a Resource 644// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 645// 646// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 647// certificates signed by a CA in another account. 648// 649// * For ACM to manage automatic renewal of these certificates, the ACM user 650// must configure a Service Linked Role (SLR). The SLR allows the ACM service 651// to assume the identity of the user, subject to confirmation against the 652// ACM Private CA policy. For more information, see Using a Service Linked 653// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 654// 655// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 656// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 657// 658// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 659// with awserr.Error's Code and Message methods to get detailed information about 660// the error. 661// 662// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 663// API operation DeletePolicy for usage and error information. 664// 665// Returned Error Types: 666// * ConcurrentModificationException 667// A previous update to your private CA is still ongoing. 668// 669// * InvalidArnException 670// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 671// 672// * InvalidStateException 673// The state of the private CA does not allow this action to occur. 674// 675// * LockoutPreventedException 676// The current action was prevented because it would lock the caller out from 677// performing subsequent actions. Verify that the specified parameters would 678// not result in the caller being denied access to the resource. 679// 680// * RequestFailedException 681// The request has failed for an unspecified reason. 682// 683// * ResourceNotFoundException 684// A resource such as a private CA, S3 bucket, certificate, audit report, or 685// policy cannot be found. 686// 687// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 688func (c *ACMPCA) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 689 req, out := c.DeletePolicyRequest(input) 690 return out, req.Send() 691} 692 693// DeletePolicyWithContext is the same as DeletePolicy with the addition of 694// the ability to pass a context and additional request options. 695// 696// See DeletePolicy for details on how to use this API operation. 697// 698// The context must be non-nil and will be used for request cancellation. If 699// the context is nil a panic will occur. In the future the SDK may create 700// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 701// for more information on using Contexts. 702func (c *ACMPCA) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 703 req, out := c.DeletePolicyRequest(input) 704 req.SetContext(ctx) 705 req.ApplyOptions(opts...) 706 return out, req.Send() 707} 708 709const opDescribeCertificateAuthority = "DescribeCertificateAuthority" 710 711// DescribeCertificateAuthorityRequest generates a "aws/request.Request" representing the 712// client's request for the DescribeCertificateAuthority operation. The "output" return 713// value will be populated with the request's response once the request completes 714// successfully. 715// 716// Use "Send" method on the returned Request to send the API call to the service. 717// the "output" return value is not valid until after Send returns without error. 718// 719// See DescribeCertificateAuthority for more information on using the DescribeCertificateAuthority 720// API call, and error handling. 721// 722// This method is useful when you want to inject custom logic or configuration 723// into the SDK's request lifecycle. Such as custom headers, or retry logic. 724// 725// 726// // Example sending a request using the DescribeCertificateAuthorityRequest method. 727// req, resp := client.DescribeCertificateAuthorityRequest(params) 728// 729// err := req.Send() 730// if err == nil { // resp is now filled 731// fmt.Println(resp) 732// } 733// 734// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 735func (c *ACMPCA) DescribeCertificateAuthorityRequest(input *DescribeCertificateAuthorityInput) (req *request.Request, output *DescribeCertificateAuthorityOutput) { 736 op := &request.Operation{ 737 Name: opDescribeCertificateAuthority, 738 HTTPMethod: "POST", 739 HTTPPath: "/", 740 } 741 742 if input == nil { 743 input = &DescribeCertificateAuthorityInput{} 744 } 745 746 output = &DescribeCertificateAuthorityOutput{} 747 req = c.newRequest(op, input, output) 748 return 749} 750 751// DescribeCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 752// 753// Lists information about your private certificate authority (CA) or one that 754// has been shared with you. You specify the private CA on input by its ARN 755// (Amazon Resource Name). The output contains the status of your CA. This can 756// be any of the following: 757// 758// * CREATING - ACM Private CA is creating your private certificate authority. 759// 760// * PENDING_CERTIFICATE - The certificate is pending. You must use your 761// ACM Private CA-hosted or on-premises root or subordinate CA to sign your 762// private CA CSR and then import it into PCA. 763// 764// * ACTIVE - Your private CA is active. 765// 766// * DISABLED - Your private CA has been disabled. 767// 768// * EXPIRED - Your private CA certificate has expired. 769// 770// * FAILED - Your private CA has failed. Your CA can fail because of problems 771// such a network outage or back-end AWS failure or other errors. A failed 772// CA can never return to the pending state. You must create a new CA. 773// 774// * DELETED - Your private CA is within the restoration period, after which 775// it is permanently deleted. The length of time remaining in the CA's restoration 776// period is also included in this action's output. 777// 778// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 779// with awserr.Error's Code and Message methods to get detailed information about 780// the error. 781// 782// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 783// API operation DescribeCertificateAuthority for usage and error information. 784// 785// Returned Error Types: 786// * ResourceNotFoundException 787// A resource such as a private CA, S3 bucket, certificate, audit report, or 788// policy cannot be found. 789// 790// * InvalidArnException 791// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 792// 793// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 794func (c *ACMPCA) DescribeCertificateAuthority(input *DescribeCertificateAuthorityInput) (*DescribeCertificateAuthorityOutput, error) { 795 req, out := c.DescribeCertificateAuthorityRequest(input) 796 return out, req.Send() 797} 798 799// DescribeCertificateAuthorityWithContext is the same as DescribeCertificateAuthority with the addition of 800// the ability to pass a context and additional request options. 801// 802// See DescribeCertificateAuthority for details on how to use this API operation. 803// 804// The context must be non-nil and will be used for request cancellation. If 805// the context is nil a panic will occur. In the future the SDK may create 806// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 807// for more information on using Contexts. 808func (c *ACMPCA) DescribeCertificateAuthorityWithContext(ctx aws.Context, input *DescribeCertificateAuthorityInput, opts ...request.Option) (*DescribeCertificateAuthorityOutput, error) { 809 req, out := c.DescribeCertificateAuthorityRequest(input) 810 req.SetContext(ctx) 811 req.ApplyOptions(opts...) 812 return out, req.Send() 813} 814 815const opDescribeCertificateAuthorityAuditReport = "DescribeCertificateAuthorityAuditReport" 816 817// DescribeCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 818// client's request for the DescribeCertificateAuthorityAuditReport operation. The "output" return 819// value will be populated with the request's response once the request completes 820// successfully. 821// 822// Use "Send" method on the returned Request to send the API call to the service. 823// the "output" return value is not valid until after Send returns without error. 824// 825// See DescribeCertificateAuthorityAuditReport for more information on using the DescribeCertificateAuthorityAuditReport 826// API call, and error handling. 827// 828// This method is useful when you want to inject custom logic or configuration 829// into the SDK's request lifecycle. Such as custom headers, or retry logic. 830// 831// 832// // Example sending a request using the DescribeCertificateAuthorityAuditReportRequest method. 833// req, resp := client.DescribeCertificateAuthorityAuditReportRequest(params) 834// 835// err := req.Send() 836// if err == nil { // resp is now filled 837// fmt.Println(resp) 838// } 839// 840// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 841func (c *ACMPCA) DescribeCertificateAuthorityAuditReportRequest(input *DescribeCertificateAuthorityAuditReportInput) (req *request.Request, output *DescribeCertificateAuthorityAuditReportOutput) { 842 op := &request.Operation{ 843 Name: opDescribeCertificateAuthorityAuditReport, 844 HTTPMethod: "POST", 845 HTTPPath: "/", 846 } 847 848 if input == nil { 849 input = &DescribeCertificateAuthorityAuditReportInput{} 850 } 851 852 output = &DescribeCertificateAuthorityAuditReportOutput{} 853 req = c.newRequest(op, input, output) 854 return 855} 856 857// DescribeCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 858// 859// Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport 860// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 861// action. Audit information is created every time the certificate authority 862// (CA) private key is used. The private key is used when you call the IssueCertificate 863// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 864// action or the RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 865// action. 866// 867// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 868// with awserr.Error's Code and Message methods to get detailed information about 869// the error. 870// 871// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 872// API operation DescribeCertificateAuthorityAuditReport for usage and error information. 873// 874// Returned Error Types: 875// * ResourceNotFoundException 876// A resource such as a private CA, S3 bucket, certificate, audit report, or 877// policy cannot be found. 878// 879// * InvalidArnException 880// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 881// 882// * InvalidArgsException 883// One or more of the specified arguments was not valid. 884// 885// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 886func (c *ACMPCA) DescribeCertificateAuthorityAuditReport(input *DescribeCertificateAuthorityAuditReportInput) (*DescribeCertificateAuthorityAuditReportOutput, error) { 887 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 888 return out, req.Send() 889} 890 891// DescribeCertificateAuthorityAuditReportWithContext is the same as DescribeCertificateAuthorityAuditReport with the addition of 892// the ability to pass a context and additional request options. 893// 894// See DescribeCertificateAuthorityAuditReport for details on how to use this API operation. 895// 896// The context must be non-nil and will be used for request cancellation. If 897// the context is nil a panic will occur. In the future the SDK may create 898// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 899// for more information on using Contexts. 900func (c *ACMPCA) DescribeCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *DescribeCertificateAuthorityAuditReportInput, opts ...request.Option) (*DescribeCertificateAuthorityAuditReportOutput, error) { 901 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 902 req.SetContext(ctx) 903 req.ApplyOptions(opts...) 904 return out, req.Send() 905} 906 907const opGetCertificate = "GetCertificate" 908 909// GetCertificateRequest generates a "aws/request.Request" representing the 910// client's request for the GetCertificate operation. The "output" return 911// value will be populated with the request's response once the request completes 912// successfully. 913// 914// Use "Send" method on the returned Request to send the API call to the service. 915// the "output" return value is not valid until after Send returns without error. 916// 917// See GetCertificate for more information on using the GetCertificate 918// API call, and error handling. 919// 920// This method is useful when you want to inject custom logic or configuration 921// into the SDK's request lifecycle. Such as custom headers, or retry logic. 922// 923// 924// // Example sending a request using the GetCertificateRequest method. 925// req, resp := client.GetCertificateRequest(params) 926// 927// err := req.Send() 928// if err == nil { // resp is now filled 929// fmt.Println(resp) 930// } 931// 932// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 933func (c *ACMPCA) GetCertificateRequest(input *GetCertificateInput) (req *request.Request, output *GetCertificateOutput) { 934 op := &request.Operation{ 935 Name: opGetCertificate, 936 HTTPMethod: "POST", 937 HTTPPath: "/", 938 } 939 940 if input == nil { 941 input = &GetCertificateInput{} 942 } 943 944 output = &GetCertificateOutput{} 945 req = c.newRequest(op, input, output) 946 return 947} 948 949// GetCertificate API operation for AWS Certificate Manager Private Certificate Authority. 950// 951// Retrieves a certificate from your private CA or one that has been shared 952// with you. The ARN of the certificate is returned when you call the IssueCertificate 953// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 954// action. You must specify both the ARN of your private CA and the ARN of the 955// issued certificate when calling the GetCertificate action. You can retrieve 956// the certificate if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport 957// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 958// action to create a report that contains information about all of the certificates 959// issued and revoked by your private CA. 960// 961// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 962// with awserr.Error's Code and Message methods to get detailed information about 963// the error. 964// 965// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 966// API operation GetCertificate for usage and error information. 967// 968// Returned Error Types: 969// * RequestInProgressException 970// Your request is already in progress. 971// 972// * RequestFailedException 973// The request has failed for an unspecified reason. 974// 975// * ResourceNotFoundException 976// A resource such as a private CA, S3 bucket, certificate, audit report, or 977// policy cannot be found. 978// 979// * InvalidArnException 980// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 981// 982// * InvalidStateException 983// The state of the private CA does not allow this action to occur. 984// 985// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 986func (c *ACMPCA) GetCertificate(input *GetCertificateInput) (*GetCertificateOutput, error) { 987 req, out := c.GetCertificateRequest(input) 988 return out, req.Send() 989} 990 991// GetCertificateWithContext is the same as GetCertificate with the addition of 992// the ability to pass a context and additional request options. 993// 994// See GetCertificate for details on how to use this API operation. 995// 996// The context must be non-nil and will be used for request cancellation. If 997// the context is nil a panic will occur. In the future the SDK may create 998// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 999// for more information on using Contexts. 1000func (c *ACMPCA) GetCertificateWithContext(ctx aws.Context, input *GetCertificateInput, opts ...request.Option) (*GetCertificateOutput, error) { 1001 req, out := c.GetCertificateRequest(input) 1002 req.SetContext(ctx) 1003 req.ApplyOptions(opts...) 1004 return out, req.Send() 1005} 1006 1007const opGetCertificateAuthorityCertificate = "GetCertificateAuthorityCertificate" 1008 1009// GetCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1010// client's request for the GetCertificateAuthorityCertificate operation. The "output" return 1011// value will be populated with the request's response once the request completes 1012// successfully. 1013// 1014// Use "Send" method on the returned Request to send the API call to the service. 1015// the "output" return value is not valid until after Send returns without error. 1016// 1017// See GetCertificateAuthorityCertificate for more information on using the GetCertificateAuthorityCertificate 1018// API call, and error handling. 1019// 1020// This method is useful when you want to inject custom logic or configuration 1021// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1022// 1023// 1024// // Example sending a request using the GetCertificateAuthorityCertificateRequest method. 1025// req, resp := client.GetCertificateAuthorityCertificateRequest(params) 1026// 1027// err := req.Send() 1028// if err == nil { // resp is now filled 1029// fmt.Println(resp) 1030// } 1031// 1032// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1033func (c *ACMPCA) GetCertificateAuthorityCertificateRequest(input *GetCertificateAuthorityCertificateInput) (req *request.Request, output *GetCertificateAuthorityCertificateOutput) { 1034 op := &request.Operation{ 1035 Name: opGetCertificateAuthorityCertificate, 1036 HTTPMethod: "POST", 1037 HTTPPath: "/", 1038 } 1039 1040 if input == nil { 1041 input = &GetCertificateAuthorityCertificateInput{} 1042 } 1043 1044 output = &GetCertificateAuthorityCertificateOutput{} 1045 req = c.newRequest(op, input, output) 1046 return 1047} 1048 1049// GetCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1050// 1051// Retrieves the certificate and certificate chain for your private certificate 1052// authority (CA) or one that has been shared with you. Both the certificate 1053// and the chain are base64 PEM-encoded. The chain does not include the CA certificate. 1054// Each certificate in the chain signs the one before it. 1055// 1056// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1057// with awserr.Error's Code and Message methods to get detailed information about 1058// the error. 1059// 1060// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1061// API operation GetCertificateAuthorityCertificate for usage and error information. 1062// 1063// Returned Error Types: 1064// * ResourceNotFoundException 1065// A resource such as a private CA, S3 bucket, certificate, audit report, or 1066// policy cannot be found. 1067// 1068// * InvalidStateException 1069// The state of the private CA does not allow this action to occur. 1070// 1071// * InvalidArnException 1072// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1073// 1074// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1075func (c *ACMPCA) GetCertificateAuthorityCertificate(input *GetCertificateAuthorityCertificateInput) (*GetCertificateAuthorityCertificateOutput, error) { 1076 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1077 return out, req.Send() 1078} 1079 1080// GetCertificateAuthorityCertificateWithContext is the same as GetCertificateAuthorityCertificate with the addition of 1081// the ability to pass a context and additional request options. 1082// 1083// See GetCertificateAuthorityCertificate for details on how to use this API operation. 1084// 1085// The context must be non-nil and will be used for request cancellation. If 1086// the context is nil a panic will occur. In the future the SDK may create 1087// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1088// for more information on using Contexts. 1089func (c *ACMPCA) GetCertificateAuthorityCertificateWithContext(ctx aws.Context, input *GetCertificateAuthorityCertificateInput, opts ...request.Option) (*GetCertificateAuthorityCertificateOutput, error) { 1090 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1091 req.SetContext(ctx) 1092 req.ApplyOptions(opts...) 1093 return out, req.Send() 1094} 1095 1096const opGetCertificateAuthorityCsr = "GetCertificateAuthorityCsr" 1097 1098// GetCertificateAuthorityCsrRequest generates a "aws/request.Request" representing the 1099// client's request for the GetCertificateAuthorityCsr operation. The "output" return 1100// value will be populated with the request's response once the request completes 1101// successfully. 1102// 1103// Use "Send" method on the returned Request to send the API call to the service. 1104// the "output" return value is not valid until after Send returns without error. 1105// 1106// See GetCertificateAuthorityCsr for more information on using the GetCertificateAuthorityCsr 1107// API call, and error handling. 1108// 1109// This method is useful when you want to inject custom logic or configuration 1110// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1111// 1112// 1113// // Example sending a request using the GetCertificateAuthorityCsrRequest method. 1114// req, resp := client.GetCertificateAuthorityCsrRequest(params) 1115// 1116// err := req.Send() 1117// if err == nil { // resp is now filled 1118// fmt.Println(resp) 1119// } 1120// 1121// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1122func (c *ACMPCA) GetCertificateAuthorityCsrRequest(input *GetCertificateAuthorityCsrInput) (req *request.Request, output *GetCertificateAuthorityCsrOutput) { 1123 op := &request.Operation{ 1124 Name: opGetCertificateAuthorityCsr, 1125 HTTPMethod: "POST", 1126 HTTPPath: "/", 1127 } 1128 1129 if input == nil { 1130 input = &GetCertificateAuthorityCsrInput{} 1131 } 1132 1133 output = &GetCertificateAuthorityCsrOutput{} 1134 req = c.newRequest(op, input, output) 1135 return 1136} 1137 1138// GetCertificateAuthorityCsr API operation for AWS Certificate Manager Private Certificate Authority. 1139// 1140// Retrieves the certificate signing request (CSR) for your private certificate 1141// authority (CA). The CSR is created when you call the CreateCertificateAuthority 1142// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1143// action. Sign the CSR with your ACM Private CA-hosted or on-premises root 1144// or subordinate CA. Then import the signed certificate back into ACM Private 1145// CA by calling the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 1146// action. The CSR is returned as a base64 PEM-encoded string. 1147// 1148// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1149// with awserr.Error's Code and Message methods to get detailed information about 1150// the error. 1151// 1152// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1153// API operation GetCertificateAuthorityCsr for usage and error information. 1154// 1155// Returned Error Types: 1156// * RequestInProgressException 1157// Your request is already in progress. 1158// 1159// * RequestFailedException 1160// The request has failed for an unspecified reason. 1161// 1162// * ResourceNotFoundException 1163// A resource such as a private CA, S3 bucket, certificate, audit report, or 1164// policy cannot be found. 1165// 1166// * InvalidArnException 1167// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1168// 1169// * InvalidStateException 1170// The state of the private CA does not allow this action to occur. 1171// 1172// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1173func (c *ACMPCA) GetCertificateAuthorityCsr(input *GetCertificateAuthorityCsrInput) (*GetCertificateAuthorityCsrOutput, error) { 1174 req, out := c.GetCertificateAuthorityCsrRequest(input) 1175 return out, req.Send() 1176} 1177 1178// GetCertificateAuthorityCsrWithContext is the same as GetCertificateAuthorityCsr with the addition of 1179// the ability to pass a context and additional request options. 1180// 1181// See GetCertificateAuthorityCsr for details on how to use this API operation. 1182// 1183// The context must be non-nil and will be used for request cancellation. If 1184// the context is nil a panic will occur. In the future the SDK may create 1185// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1186// for more information on using Contexts. 1187func (c *ACMPCA) GetCertificateAuthorityCsrWithContext(ctx aws.Context, input *GetCertificateAuthorityCsrInput, opts ...request.Option) (*GetCertificateAuthorityCsrOutput, error) { 1188 req, out := c.GetCertificateAuthorityCsrRequest(input) 1189 req.SetContext(ctx) 1190 req.ApplyOptions(opts...) 1191 return out, req.Send() 1192} 1193 1194const opGetPolicy = "GetPolicy" 1195 1196// GetPolicyRequest generates a "aws/request.Request" representing the 1197// client's request for the GetPolicy operation. The "output" return 1198// value will be populated with the request's response once the request completes 1199// successfully. 1200// 1201// Use "Send" method on the returned Request to send the API call to the service. 1202// the "output" return value is not valid until after Send returns without error. 1203// 1204// See GetPolicy for more information on using the GetPolicy 1205// API call, and error handling. 1206// 1207// This method is useful when you want to inject custom logic or configuration 1208// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1209// 1210// 1211// // Example sending a request using the GetPolicyRequest method. 1212// req, resp := client.GetPolicyRequest(params) 1213// 1214// err := req.Send() 1215// if err == nil { // resp is now filled 1216// fmt.Println(resp) 1217// } 1218// 1219// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1220func (c *ACMPCA) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) { 1221 op := &request.Operation{ 1222 Name: opGetPolicy, 1223 HTTPMethod: "POST", 1224 HTTPPath: "/", 1225 } 1226 1227 if input == nil { 1228 input = &GetPolicyInput{} 1229 } 1230 1231 output = &GetPolicyOutput{} 1232 req = c.newRequest(op, input, output) 1233 return 1234} 1235 1236// GetPolicy API operation for AWS Certificate Manager Private Certificate Authority. 1237// 1238// Retrieves the resource-based policy attached to a private CA. If either the 1239// private CA resource or the policy cannot be found, this action returns a 1240// ResourceNotFoundException. 1241// 1242// The policy can be attached or updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html) 1243// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 1244// 1245// About Policies 1246// 1247// * A policy grants access on a private CA to an AWS customer account, to 1248// AWS Organizations, or to an AWS Organizations unit. Policies are under 1249// the control of a CA administrator. For more information, see Using a Resource 1250// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1251// 1252// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 1253// certificates signed by a CA in another account. 1254// 1255// * For ACM to manage automatic renewal of these certificates, the ACM user 1256// must configure a Service Linked Role (SLR). The SLR allows the ACM service 1257// to assume the identity of the user, subject to confirmation against the 1258// ACM Private CA policy. For more information, see Using a Service Linked 1259// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 1260// 1261// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 1262// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 1263// 1264// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1265// with awserr.Error's Code and Message methods to get detailed information about 1266// the error. 1267// 1268// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1269// API operation GetPolicy for usage and error information. 1270// 1271// Returned Error Types: 1272// * InvalidArnException 1273// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1274// 1275// * InvalidStateException 1276// The state of the private CA does not allow this action to occur. 1277// 1278// * RequestFailedException 1279// The request has failed for an unspecified reason. 1280// 1281// * ResourceNotFoundException 1282// A resource such as a private CA, S3 bucket, certificate, audit report, or 1283// policy cannot be found. 1284// 1285// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1286func (c *ACMPCA) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) { 1287 req, out := c.GetPolicyRequest(input) 1288 return out, req.Send() 1289} 1290 1291// GetPolicyWithContext is the same as GetPolicy with the addition of 1292// the ability to pass a context and additional request options. 1293// 1294// See GetPolicy for details on how to use this API operation. 1295// 1296// The context must be non-nil and will be used for request cancellation. If 1297// the context is nil a panic will occur. In the future the SDK may create 1298// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1299// for more information on using Contexts. 1300func (c *ACMPCA) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error) { 1301 req, out := c.GetPolicyRequest(input) 1302 req.SetContext(ctx) 1303 req.ApplyOptions(opts...) 1304 return out, req.Send() 1305} 1306 1307const opImportCertificateAuthorityCertificate = "ImportCertificateAuthorityCertificate" 1308 1309// ImportCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1310// client's request for the ImportCertificateAuthorityCertificate operation. The "output" return 1311// value will be populated with the request's response once the request completes 1312// successfully. 1313// 1314// Use "Send" method on the returned Request to send the API call to the service. 1315// the "output" return value is not valid until after Send returns without error. 1316// 1317// See ImportCertificateAuthorityCertificate for more information on using the ImportCertificateAuthorityCertificate 1318// API call, and error handling. 1319// 1320// This method is useful when you want to inject custom logic or configuration 1321// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1322// 1323// 1324// // Example sending a request using the ImportCertificateAuthorityCertificateRequest method. 1325// req, resp := client.ImportCertificateAuthorityCertificateRequest(params) 1326// 1327// err := req.Send() 1328// if err == nil { // resp is now filled 1329// fmt.Println(resp) 1330// } 1331// 1332// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1333func (c *ACMPCA) ImportCertificateAuthorityCertificateRequest(input *ImportCertificateAuthorityCertificateInput) (req *request.Request, output *ImportCertificateAuthorityCertificateOutput) { 1334 op := &request.Operation{ 1335 Name: opImportCertificateAuthorityCertificate, 1336 HTTPMethod: "POST", 1337 HTTPPath: "/", 1338 } 1339 1340 if input == nil { 1341 input = &ImportCertificateAuthorityCertificateInput{} 1342 } 1343 1344 output = &ImportCertificateAuthorityCertificateOutput{} 1345 req = c.newRequest(op, input, output) 1346 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1347 return 1348} 1349 1350// ImportCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1351// 1352// Imports a signed private CA certificate into ACM Private CA. This action 1353// is used when you are using a chain of trust whose root is located outside 1354// ACM Private CA. Before you can call this action, the following preparations 1355// must in place: 1356// 1357// In ACM Private CA, call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1358// action to create the private CA that you plan to back with the imported certificate. 1359// 1360// Call the GetCertificateAuthorityCsr (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html) 1361// action to generate a certificate signing request (CSR). 1362// 1363// Sign the CSR using a root or intermediate CA hosted by either an on-premises 1364// PKI hierarchy or by a commercial CA. 1365// 1366// Create a certificate chain and copy the signed certificate and the certificate 1367// chain to your working directory. 1368// 1369// ACM Private CA supports three scenarios for installing a CA certificate: 1370// 1371// * Installing a certificate for a root CA hosted by ACM Private CA. 1372// 1373// * Installing a subordinate CA certificate whose parent authority is hosted 1374// by ACM Private CA. 1375// 1376// * Installing a subordinate CA certificate whose parent authority is externally 1377// hosted. 1378// 1379// The following additional requirements apply when you import a CA certificate. 1380// 1381// * Only a self-signed certificate can be imported as a root CA. 1382// 1383// * A self-signed certificate cannot be imported as a subordinate CA. 1384// 1385// * Your certificate chain must not include the private CA certificate that 1386// you are importing. 1387// 1388// * Your root CA must be the last certificate in your chain. The subordinate 1389// certificate, if any, that your root CA signed must be next to last. The 1390// subordinate certificate signed by the preceding subordinate CA must come 1391// next, and so on until your chain is built. 1392// 1393// * The chain must be PEM-encoded. 1394// 1395// * The maximum allowed size of a certificate is 32 KB. 1396// 1397// * The maximum allowed size of a certificate chain is 2 MB. 1398// 1399// Enforcement of Critical Constraints 1400// 1401// ACM Private CA allows the following extensions to be marked critical in the 1402// imported CA certificate or chain. 1403// 1404// * Basic constraints (must be marked critical) 1405// 1406// * Subject alternative names 1407// 1408// * Key usage 1409// 1410// * Extended key usage 1411// 1412// * Authority key identifier 1413// 1414// * Subject key identifier 1415// 1416// * Issuer alternative name 1417// 1418// * Subject directory attributes 1419// 1420// * Subject information access 1421// 1422// * Certificate policies 1423// 1424// * Policy mappings 1425// 1426// * Inhibit anyPolicy 1427// 1428// ACM Private CA rejects the following extensions when they are marked critical 1429// in an imported CA certificate or chain. 1430// 1431// * Name constraints 1432// 1433// * Policy constraints 1434// 1435// * CRL distribution points 1436// 1437// * Authority information access 1438// 1439// * Freshest CRL 1440// 1441// * Any other extension 1442// 1443// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1444// with awserr.Error's Code and Message methods to get detailed information about 1445// the error. 1446// 1447// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1448// API operation ImportCertificateAuthorityCertificate for usage and error information. 1449// 1450// Returned Error Types: 1451// * ConcurrentModificationException 1452// A previous update to your private CA is still ongoing. 1453// 1454// * RequestInProgressException 1455// Your request is already in progress. 1456// 1457// * RequestFailedException 1458// The request has failed for an unspecified reason. 1459// 1460// * ResourceNotFoundException 1461// A resource such as a private CA, S3 bucket, certificate, audit report, or 1462// policy cannot be found. 1463// 1464// * InvalidArnException 1465// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1466// 1467// * InvalidRequestException 1468// The request action cannot be performed or is prohibited. 1469// 1470// * InvalidStateException 1471// The state of the private CA does not allow this action to occur. 1472// 1473// * MalformedCertificateException 1474// One or more fields in the certificate are invalid. 1475// 1476// * CertificateMismatchException 1477// The certificate authority certificate you are importing does not comply with 1478// conditions specified in the certificate that signed it. 1479// 1480// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1481func (c *ACMPCA) ImportCertificateAuthorityCertificate(input *ImportCertificateAuthorityCertificateInput) (*ImportCertificateAuthorityCertificateOutput, error) { 1482 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1483 return out, req.Send() 1484} 1485 1486// ImportCertificateAuthorityCertificateWithContext is the same as ImportCertificateAuthorityCertificate with the addition of 1487// the ability to pass a context and additional request options. 1488// 1489// See ImportCertificateAuthorityCertificate for details on how to use this API operation. 1490// 1491// The context must be non-nil and will be used for request cancellation. If 1492// the context is nil a panic will occur. In the future the SDK may create 1493// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1494// for more information on using Contexts. 1495func (c *ACMPCA) ImportCertificateAuthorityCertificateWithContext(ctx aws.Context, input *ImportCertificateAuthorityCertificateInput, opts ...request.Option) (*ImportCertificateAuthorityCertificateOutput, error) { 1496 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1497 req.SetContext(ctx) 1498 req.ApplyOptions(opts...) 1499 return out, req.Send() 1500} 1501 1502const opIssueCertificate = "IssueCertificate" 1503 1504// IssueCertificateRequest generates a "aws/request.Request" representing the 1505// client's request for the IssueCertificate operation. The "output" return 1506// value will be populated with the request's response once the request completes 1507// successfully. 1508// 1509// Use "Send" method on the returned Request to send the API call to the service. 1510// the "output" return value is not valid until after Send returns without error. 1511// 1512// See IssueCertificate for more information on using the IssueCertificate 1513// API call, and error handling. 1514// 1515// This method is useful when you want to inject custom logic or configuration 1516// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1517// 1518// 1519// // Example sending a request using the IssueCertificateRequest method. 1520// req, resp := client.IssueCertificateRequest(params) 1521// 1522// err := req.Send() 1523// if err == nil { // resp is now filled 1524// fmt.Println(resp) 1525// } 1526// 1527// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1528func (c *ACMPCA) IssueCertificateRequest(input *IssueCertificateInput) (req *request.Request, output *IssueCertificateOutput) { 1529 op := &request.Operation{ 1530 Name: opIssueCertificate, 1531 HTTPMethod: "POST", 1532 HTTPPath: "/", 1533 } 1534 1535 if input == nil { 1536 input = &IssueCertificateInput{} 1537 } 1538 1539 output = &IssueCertificateOutput{} 1540 req = c.newRequest(op, input, output) 1541 return 1542} 1543 1544// IssueCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1545// 1546// Uses your private certificate authority (CA), or one that has been shared 1547// with you, to issue a client certificate. This action returns the Amazon Resource 1548// Name (ARN) of the certificate. You can retrieve the certificate by calling 1549// the GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 1550// action and specifying the ARN. 1551// 1552// You cannot use the ACM ListCertificateAuthorities action to retrieve the 1553// ARNs of the certificates that you issue by using ACM Private CA. 1554// 1555// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1556// with awserr.Error's Code and Message methods to get detailed information about 1557// the error. 1558// 1559// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1560// API operation IssueCertificate for usage and error information. 1561// 1562// Returned Error Types: 1563// * LimitExceededException 1564// An ACM Private CA quota has been exceeded. See the exception message returned 1565// to determine the quota that was exceeded. 1566// 1567// * ResourceNotFoundException 1568// A resource such as a private CA, S3 bucket, certificate, audit report, or 1569// policy cannot be found. 1570// 1571// * InvalidStateException 1572// The state of the private CA does not allow this action to occur. 1573// 1574// * InvalidArnException 1575// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1576// 1577// * InvalidArgsException 1578// One or more of the specified arguments was not valid. 1579// 1580// * MalformedCSRException 1581// The certificate signing request is invalid. 1582// 1583// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1584func (c *ACMPCA) IssueCertificate(input *IssueCertificateInput) (*IssueCertificateOutput, error) { 1585 req, out := c.IssueCertificateRequest(input) 1586 return out, req.Send() 1587} 1588 1589// IssueCertificateWithContext is the same as IssueCertificate with the addition of 1590// the ability to pass a context and additional request options. 1591// 1592// See IssueCertificate for details on how to use this API operation. 1593// 1594// The context must be non-nil and will be used for request cancellation. If 1595// the context is nil a panic will occur. In the future the SDK may create 1596// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1597// for more information on using Contexts. 1598func (c *ACMPCA) IssueCertificateWithContext(ctx aws.Context, input *IssueCertificateInput, opts ...request.Option) (*IssueCertificateOutput, error) { 1599 req, out := c.IssueCertificateRequest(input) 1600 req.SetContext(ctx) 1601 req.ApplyOptions(opts...) 1602 return out, req.Send() 1603} 1604 1605const opListCertificateAuthorities = "ListCertificateAuthorities" 1606 1607// ListCertificateAuthoritiesRequest generates a "aws/request.Request" representing the 1608// client's request for the ListCertificateAuthorities operation. The "output" return 1609// value will be populated with the request's response once the request completes 1610// successfully. 1611// 1612// Use "Send" method on the returned Request to send the API call to the service. 1613// the "output" return value is not valid until after Send returns without error. 1614// 1615// See ListCertificateAuthorities for more information on using the ListCertificateAuthorities 1616// API call, and error handling. 1617// 1618// This method is useful when you want to inject custom logic or configuration 1619// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1620// 1621// 1622// // Example sending a request using the ListCertificateAuthoritiesRequest method. 1623// req, resp := client.ListCertificateAuthoritiesRequest(params) 1624// 1625// err := req.Send() 1626// if err == nil { // resp is now filled 1627// fmt.Println(resp) 1628// } 1629// 1630// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1631func (c *ACMPCA) ListCertificateAuthoritiesRequest(input *ListCertificateAuthoritiesInput) (req *request.Request, output *ListCertificateAuthoritiesOutput) { 1632 op := &request.Operation{ 1633 Name: opListCertificateAuthorities, 1634 HTTPMethod: "POST", 1635 HTTPPath: "/", 1636 Paginator: &request.Paginator{ 1637 InputTokens: []string{"NextToken"}, 1638 OutputTokens: []string{"NextToken"}, 1639 LimitToken: "MaxResults", 1640 TruncationToken: "", 1641 }, 1642 } 1643 1644 if input == nil { 1645 input = &ListCertificateAuthoritiesInput{} 1646 } 1647 1648 output = &ListCertificateAuthoritiesOutput{} 1649 req = c.newRequest(op, input, output) 1650 return 1651} 1652 1653// ListCertificateAuthorities API operation for AWS Certificate Manager Private Certificate Authority. 1654// 1655// Lists the private certificate authorities that you created by using the CreateCertificateAuthority 1656// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1657// action. 1658// 1659// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1660// with awserr.Error's Code and Message methods to get detailed information about 1661// the error. 1662// 1663// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1664// API operation ListCertificateAuthorities for usage and error information. 1665// 1666// Returned Error Types: 1667// * InvalidNextTokenException 1668// The token specified in the NextToken argument is not valid. Use the token 1669// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1670// 1671// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1672func (c *ACMPCA) ListCertificateAuthorities(input *ListCertificateAuthoritiesInput) (*ListCertificateAuthoritiesOutput, error) { 1673 req, out := c.ListCertificateAuthoritiesRequest(input) 1674 return out, req.Send() 1675} 1676 1677// ListCertificateAuthoritiesWithContext is the same as ListCertificateAuthorities with the addition of 1678// the ability to pass a context and additional request options. 1679// 1680// See ListCertificateAuthorities for details on how to use this API operation. 1681// 1682// The context must be non-nil and will be used for request cancellation. If 1683// the context is nil a panic will occur. In the future the SDK may create 1684// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1685// for more information on using Contexts. 1686func (c *ACMPCA) ListCertificateAuthoritiesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, opts ...request.Option) (*ListCertificateAuthoritiesOutput, error) { 1687 req, out := c.ListCertificateAuthoritiesRequest(input) 1688 req.SetContext(ctx) 1689 req.ApplyOptions(opts...) 1690 return out, req.Send() 1691} 1692 1693// ListCertificateAuthoritiesPages iterates over the pages of a ListCertificateAuthorities operation, 1694// calling the "fn" function with the response data for each page. To stop 1695// iterating, return false from the fn function. 1696// 1697// See ListCertificateAuthorities method for more information on how to use this operation. 1698// 1699// Note: This operation can generate multiple requests to a service. 1700// 1701// // Example iterating over at most 3 pages of a ListCertificateAuthorities operation. 1702// pageNum := 0 1703// err := client.ListCertificateAuthoritiesPages(params, 1704// func(page *acmpca.ListCertificateAuthoritiesOutput, lastPage bool) bool { 1705// pageNum++ 1706// fmt.Println(page) 1707// return pageNum <= 3 1708// }) 1709// 1710func (c *ACMPCA) ListCertificateAuthoritiesPages(input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool) error { 1711 return c.ListCertificateAuthoritiesPagesWithContext(aws.BackgroundContext(), input, fn) 1712} 1713 1714// ListCertificateAuthoritiesPagesWithContext same as ListCertificateAuthoritiesPages except 1715// it takes a Context and allows setting request options on the pages. 1716// 1717// The context must be non-nil and will be used for request cancellation. If 1718// the context is nil a panic will occur. In the future the SDK may create 1719// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1720// for more information on using Contexts. 1721func (c *ACMPCA) ListCertificateAuthoritiesPagesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool, opts ...request.Option) error { 1722 p := request.Pagination{ 1723 NewRequest: func() (*request.Request, error) { 1724 var inCpy *ListCertificateAuthoritiesInput 1725 if input != nil { 1726 tmp := *input 1727 inCpy = &tmp 1728 } 1729 req, _ := c.ListCertificateAuthoritiesRequest(inCpy) 1730 req.SetContext(ctx) 1731 req.ApplyOptions(opts...) 1732 return req, nil 1733 }, 1734 } 1735 1736 for p.Next() { 1737 if !fn(p.Page().(*ListCertificateAuthoritiesOutput), !p.HasNextPage()) { 1738 break 1739 } 1740 } 1741 1742 return p.Err() 1743} 1744 1745const opListPermissions = "ListPermissions" 1746 1747// ListPermissionsRequest generates a "aws/request.Request" representing the 1748// client's request for the ListPermissions operation. The "output" return 1749// value will be populated with the request's response once the request completes 1750// successfully. 1751// 1752// Use "Send" method on the returned Request to send the API call to the service. 1753// the "output" return value is not valid until after Send returns without error. 1754// 1755// See ListPermissions for more information on using the ListPermissions 1756// API call, and error handling. 1757// 1758// This method is useful when you want to inject custom logic or configuration 1759// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1760// 1761// 1762// // Example sending a request using the ListPermissionsRequest method. 1763// req, resp := client.ListPermissionsRequest(params) 1764// 1765// err := req.Send() 1766// if err == nil { // resp is now filled 1767// fmt.Println(resp) 1768// } 1769// 1770// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1771func (c *ACMPCA) ListPermissionsRequest(input *ListPermissionsInput) (req *request.Request, output *ListPermissionsOutput) { 1772 op := &request.Operation{ 1773 Name: opListPermissions, 1774 HTTPMethod: "POST", 1775 HTTPPath: "/", 1776 Paginator: &request.Paginator{ 1777 InputTokens: []string{"NextToken"}, 1778 OutputTokens: []string{"NextToken"}, 1779 LimitToken: "MaxResults", 1780 TruncationToken: "", 1781 }, 1782 } 1783 1784 if input == nil { 1785 input = &ListPermissionsInput{} 1786 } 1787 1788 output = &ListPermissionsOutput{} 1789 req = c.newRequest(op, input, output) 1790 return 1791} 1792 1793// ListPermissions API operation for AWS Certificate Manager Private Certificate Authority. 1794// 1795// List all permissions on a private CA, if any, granted to the AWS Certificate 1796// Manager (ACM) service principal (acm.amazonaws.com). 1797// 1798// These permissions allow ACM to issue and renew ACM certificates that reside 1799// in the same AWS account as the CA. 1800// 1801// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 1802// action and revoked with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 1803// action. 1804// 1805// About Permissions 1806// 1807// * If the private CA and the certificates it issues reside in the same 1808// account, you can use CreatePermission to grant permissions for ACM to 1809// carry out automatic certificate renewals. 1810// 1811// * For automatic certificate renewal to succeed, the ACM service principal 1812// needs permissions to create, retrieve, and list certificates. 1813// 1814// * If the private CA and the ACM certificates reside in different accounts, 1815// then permissions cannot be used to enable automatic renewals. Instead, 1816// the ACM certificate owner must set up a resource-based policy to enable 1817// cross-account issuance and renewals. For more information, see Using a 1818// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1819// 1820// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1821// with awserr.Error's Code and Message methods to get detailed information about 1822// the error. 1823// 1824// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1825// API operation ListPermissions for usage and error information. 1826// 1827// Returned Error Types: 1828// * ResourceNotFoundException 1829// A resource such as a private CA, S3 bucket, certificate, audit report, or 1830// policy cannot be found. 1831// 1832// * InvalidArnException 1833// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1834// 1835// * InvalidNextTokenException 1836// The token specified in the NextToken argument is not valid. Use the token 1837// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1838// 1839// * InvalidStateException 1840// The state of the private CA does not allow this action to occur. 1841// 1842// * RequestFailedException 1843// The request has failed for an unspecified reason. 1844// 1845// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1846func (c *ACMPCA) ListPermissions(input *ListPermissionsInput) (*ListPermissionsOutput, error) { 1847 req, out := c.ListPermissionsRequest(input) 1848 return out, req.Send() 1849} 1850 1851// ListPermissionsWithContext is the same as ListPermissions with the addition of 1852// the ability to pass a context and additional request options. 1853// 1854// See ListPermissions for details on how to use this API operation. 1855// 1856// The context must be non-nil and will be used for request cancellation. If 1857// the context is nil a panic will occur. In the future the SDK may create 1858// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1859// for more information on using Contexts. 1860func (c *ACMPCA) ListPermissionsWithContext(ctx aws.Context, input *ListPermissionsInput, opts ...request.Option) (*ListPermissionsOutput, error) { 1861 req, out := c.ListPermissionsRequest(input) 1862 req.SetContext(ctx) 1863 req.ApplyOptions(opts...) 1864 return out, req.Send() 1865} 1866 1867// ListPermissionsPages iterates over the pages of a ListPermissions operation, 1868// calling the "fn" function with the response data for each page. To stop 1869// iterating, return false from the fn function. 1870// 1871// See ListPermissions method for more information on how to use this operation. 1872// 1873// Note: This operation can generate multiple requests to a service. 1874// 1875// // Example iterating over at most 3 pages of a ListPermissions operation. 1876// pageNum := 0 1877// err := client.ListPermissionsPages(params, 1878// func(page *acmpca.ListPermissionsOutput, lastPage bool) bool { 1879// pageNum++ 1880// fmt.Println(page) 1881// return pageNum <= 3 1882// }) 1883// 1884func (c *ACMPCA) ListPermissionsPages(input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool) error { 1885 return c.ListPermissionsPagesWithContext(aws.BackgroundContext(), input, fn) 1886} 1887 1888// ListPermissionsPagesWithContext same as ListPermissionsPages except 1889// it takes a Context and allows setting request options on the pages. 1890// 1891// The context must be non-nil and will be used for request cancellation. If 1892// the context is nil a panic will occur. In the future the SDK may create 1893// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1894// for more information on using Contexts. 1895func (c *ACMPCA) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool, opts ...request.Option) error { 1896 p := request.Pagination{ 1897 NewRequest: func() (*request.Request, error) { 1898 var inCpy *ListPermissionsInput 1899 if input != nil { 1900 tmp := *input 1901 inCpy = &tmp 1902 } 1903 req, _ := c.ListPermissionsRequest(inCpy) 1904 req.SetContext(ctx) 1905 req.ApplyOptions(opts...) 1906 return req, nil 1907 }, 1908 } 1909 1910 for p.Next() { 1911 if !fn(p.Page().(*ListPermissionsOutput), !p.HasNextPage()) { 1912 break 1913 } 1914 } 1915 1916 return p.Err() 1917} 1918 1919const opListTags = "ListTags" 1920 1921// ListTagsRequest generates a "aws/request.Request" representing the 1922// client's request for the ListTags operation. The "output" return 1923// value will be populated with the request's response once the request completes 1924// successfully. 1925// 1926// Use "Send" method on the returned Request to send the API call to the service. 1927// the "output" return value is not valid until after Send returns without error. 1928// 1929// See ListTags for more information on using the ListTags 1930// API call, and error handling. 1931// 1932// This method is useful when you want to inject custom logic or configuration 1933// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1934// 1935// 1936// // Example sending a request using the ListTagsRequest method. 1937// req, resp := client.ListTagsRequest(params) 1938// 1939// err := req.Send() 1940// if err == nil { // resp is now filled 1941// fmt.Println(resp) 1942// } 1943// 1944// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1945func (c *ACMPCA) ListTagsRequest(input *ListTagsInput) (req *request.Request, output *ListTagsOutput) { 1946 op := &request.Operation{ 1947 Name: opListTags, 1948 HTTPMethod: "POST", 1949 HTTPPath: "/", 1950 Paginator: &request.Paginator{ 1951 InputTokens: []string{"NextToken"}, 1952 OutputTokens: []string{"NextToken"}, 1953 LimitToken: "MaxResults", 1954 TruncationToken: "", 1955 }, 1956 } 1957 1958 if input == nil { 1959 input = &ListTagsInput{} 1960 } 1961 1962 output = &ListTagsOutput{} 1963 req = c.newRequest(op, input, output) 1964 return 1965} 1966 1967// ListTags API operation for AWS Certificate Manager Private Certificate Authority. 1968// 1969// Lists the tags, if any, that are associated with your private CA or one that 1970// has been shared with you. Tags are labels that you can use to identify and 1971// organize your CAs. Each tag consists of a key and an optional value. Call 1972// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 1973// action to add one or more tags to your CA. Call the UntagCertificateAuthority 1974// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 1975// action to remove tags. 1976// 1977// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1978// with awserr.Error's Code and Message methods to get detailed information about 1979// the error. 1980// 1981// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1982// API operation ListTags for usage and error information. 1983// 1984// Returned Error Types: 1985// * ResourceNotFoundException 1986// A resource such as a private CA, S3 bucket, certificate, audit report, or 1987// policy cannot be found. 1988// 1989// * InvalidArnException 1990// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1991// 1992// * InvalidStateException 1993// The state of the private CA does not allow this action to occur. 1994// 1995// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1996func (c *ACMPCA) ListTags(input *ListTagsInput) (*ListTagsOutput, error) { 1997 req, out := c.ListTagsRequest(input) 1998 return out, req.Send() 1999} 2000 2001// ListTagsWithContext is the same as ListTags with the addition of 2002// the ability to pass a context and additional request options. 2003// 2004// See ListTags for details on how to use this API operation. 2005// 2006// The context must be non-nil and will be used for request cancellation. If 2007// the context is nil a panic will occur. In the future the SDK may create 2008// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2009// for more information on using Contexts. 2010func (c *ACMPCA) ListTagsWithContext(ctx aws.Context, input *ListTagsInput, opts ...request.Option) (*ListTagsOutput, error) { 2011 req, out := c.ListTagsRequest(input) 2012 req.SetContext(ctx) 2013 req.ApplyOptions(opts...) 2014 return out, req.Send() 2015} 2016 2017// ListTagsPages iterates over the pages of a ListTags operation, 2018// calling the "fn" function with the response data for each page. To stop 2019// iterating, return false from the fn function. 2020// 2021// See ListTags method for more information on how to use this operation. 2022// 2023// Note: This operation can generate multiple requests to a service. 2024// 2025// // Example iterating over at most 3 pages of a ListTags operation. 2026// pageNum := 0 2027// err := client.ListTagsPages(params, 2028// func(page *acmpca.ListTagsOutput, lastPage bool) bool { 2029// pageNum++ 2030// fmt.Println(page) 2031// return pageNum <= 3 2032// }) 2033// 2034func (c *ACMPCA) ListTagsPages(input *ListTagsInput, fn func(*ListTagsOutput, bool) bool) error { 2035 return c.ListTagsPagesWithContext(aws.BackgroundContext(), input, fn) 2036} 2037 2038// ListTagsPagesWithContext same as ListTagsPages except 2039// it takes a Context and allows setting request options on the pages. 2040// 2041// The context must be non-nil and will be used for request cancellation. If 2042// the context is nil a panic will occur. In the future the SDK may create 2043// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2044// for more information on using Contexts. 2045func (c *ACMPCA) ListTagsPagesWithContext(ctx aws.Context, input *ListTagsInput, fn func(*ListTagsOutput, bool) bool, opts ...request.Option) error { 2046 p := request.Pagination{ 2047 NewRequest: func() (*request.Request, error) { 2048 var inCpy *ListTagsInput 2049 if input != nil { 2050 tmp := *input 2051 inCpy = &tmp 2052 } 2053 req, _ := c.ListTagsRequest(inCpy) 2054 req.SetContext(ctx) 2055 req.ApplyOptions(opts...) 2056 return req, nil 2057 }, 2058 } 2059 2060 for p.Next() { 2061 if !fn(p.Page().(*ListTagsOutput), !p.HasNextPage()) { 2062 break 2063 } 2064 } 2065 2066 return p.Err() 2067} 2068 2069const opPutPolicy = "PutPolicy" 2070 2071// PutPolicyRequest generates a "aws/request.Request" representing the 2072// client's request for the PutPolicy operation. The "output" return 2073// value will be populated with the request's response once the request completes 2074// successfully. 2075// 2076// Use "Send" method on the returned Request to send the API call to the service. 2077// the "output" return value is not valid until after Send returns without error. 2078// 2079// See PutPolicy for more information on using the PutPolicy 2080// API call, and error handling. 2081// 2082// This method is useful when you want to inject custom logic or configuration 2083// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2084// 2085// 2086// // Example sending a request using the PutPolicyRequest method. 2087// req, resp := client.PutPolicyRequest(params) 2088// 2089// err := req.Send() 2090// if err == nil { // resp is now filled 2091// fmt.Println(resp) 2092// } 2093// 2094// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2095func (c *ACMPCA) PutPolicyRequest(input *PutPolicyInput) (req *request.Request, output *PutPolicyOutput) { 2096 op := &request.Operation{ 2097 Name: opPutPolicy, 2098 HTTPMethod: "POST", 2099 HTTPPath: "/", 2100 } 2101 2102 if input == nil { 2103 input = &PutPolicyInput{} 2104 } 2105 2106 output = &PutPolicyOutput{} 2107 req = c.newRequest(op, input, output) 2108 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2109 return 2110} 2111 2112// PutPolicy API operation for AWS Certificate Manager Private Certificate Authority. 2113// 2114// Attaches a resource-based policy to a private CA. 2115// 2116// A policy can also be applied by sharing a private CA through AWS Resource 2117// Access Manager (RAM). For more information, see Attach a Policy for Cross-Account 2118// Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2119// 2120// The policy can be displayed with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 2121// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 2122// 2123// About Policies 2124// 2125// * A policy grants access on a private CA to an AWS customer account, to 2126// AWS Organizations, or to an AWS Organizations unit. Policies are under 2127// the control of a CA administrator. For more information, see Using a Resource 2128// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 2129// 2130// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 2131// certificates signed by a CA in another account. 2132// 2133// * For ACM to manage automatic renewal of these certificates, the ACM user 2134// must configure a Service Linked Role (SLR). The SLR allows the ACM service 2135// to assume the identity of the user, subject to confirmation against the 2136// ACM Private CA policy. For more information, see Using a Service Linked 2137// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 2138// 2139// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 2140// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2141// 2142// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2143// with awserr.Error's Code and Message methods to get detailed information about 2144// the error. 2145// 2146// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2147// API operation PutPolicy for usage and error information. 2148// 2149// Returned Error Types: 2150// * ConcurrentModificationException 2151// A previous update to your private CA is still ongoing. 2152// 2153// * InvalidArnException 2154// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2155// 2156// * InvalidStateException 2157// The state of the private CA does not allow this action to occur. 2158// 2159// * InvalidPolicyException 2160// The resource policy is invalid or is missing a required statement. For general 2161// information about IAM policy and statement structure, see Overview of JSON 2162// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2163// 2164// * LockoutPreventedException 2165// The current action was prevented because it would lock the caller out from 2166// performing subsequent actions. Verify that the specified parameters would 2167// not result in the caller being denied access to the resource. 2168// 2169// * RequestFailedException 2170// The request has failed for an unspecified reason. 2171// 2172// * ResourceNotFoundException 2173// A resource such as a private CA, S3 bucket, certificate, audit report, or 2174// policy cannot be found. 2175// 2176// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2177func (c *ACMPCA) PutPolicy(input *PutPolicyInput) (*PutPolicyOutput, error) { 2178 req, out := c.PutPolicyRequest(input) 2179 return out, req.Send() 2180} 2181 2182// PutPolicyWithContext is the same as PutPolicy with the addition of 2183// the ability to pass a context and additional request options. 2184// 2185// See PutPolicy for details on how to use this API operation. 2186// 2187// The context must be non-nil and will be used for request cancellation. If 2188// the context is nil a panic will occur. In the future the SDK may create 2189// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2190// for more information on using Contexts. 2191func (c *ACMPCA) PutPolicyWithContext(ctx aws.Context, input *PutPolicyInput, opts ...request.Option) (*PutPolicyOutput, error) { 2192 req, out := c.PutPolicyRequest(input) 2193 req.SetContext(ctx) 2194 req.ApplyOptions(opts...) 2195 return out, req.Send() 2196} 2197 2198const opRestoreCertificateAuthority = "RestoreCertificateAuthority" 2199 2200// RestoreCertificateAuthorityRequest generates a "aws/request.Request" representing the 2201// client's request for the RestoreCertificateAuthority operation. The "output" return 2202// value will be populated with the request's response once the request completes 2203// successfully. 2204// 2205// Use "Send" method on the returned Request to send the API call to the service. 2206// the "output" return value is not valid until after Send returns without error. 2207// 2208// See RestoreCertificateAuthority for more information on using the RestoreCertificateAuthority 2209// API call, and error handling. 2210// 2211// This method is useful when you want to inject custom logic or configuration 2212// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2213// 2214// 2215// // Example sending a request using the RestoreCertificateAuthorityRequest method. 2216// req, resp := client.RestoreCertificateAuthorityRequest(params) 2217// 2218// err := req.Send() 2219// if err == nil { // resp is now filled 2220// fmt.Println(resp) 2221// } 2222// 2223// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2224func (c *ACMPCA) RestoreCertificateAuthorityRequest(input *RestoreCertificateAuthorityInput) (req *request.Request, output *RestoreCertificateAuthorityOutput) { 2225 op := &request.Operation{ 2226 Name: opRestoreCertificateAuthority, 2227 HTTPMethod: "POST", 2228 HTTPPath: "/", 2229 } 2230 2231 if input == nil { 2232 input = &RestoreCertificateAuthorityInput{} 2233 } 2234 2235 output = &RestoreCertificateAuthorityOutput{} 2236 req = c.newRequest(op, input, output) 2237 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2238 return 2239} 2240 2241// RestoreCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2242// 2243// Restores a certificate authority (CA) that is in the DELETED state. You can 2244// restore a CA during the period that you defined in the PermanentDeletionTimeInDays 2245// parameter of the DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html) 2246// action. Currently, you can specify 7 to 30 days. If you did not specify a 2247// PermanentDeletionTimeInDays value, by default you can restore the CA at any 2248// time in a 30 day period. You can check the time remaining in the restoration 2249// period of a private CA in the DELETED state by calling the DescribeCertificateAuthority 2250// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 2251// or ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 2252// actions. The status of a restored CA is set to its pre-deletion status when 2253// the RestoreCertificateAuthority action returns. To change its status to ACTIVE, 2254// call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 2255// action. If the private CA was in the PENDING_CERTIFICATE state at deletion, 2256// you must use the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 2257// action to import a certificate authority into the private CA before it can 2258// be activated. You cannot restore a CA after the restoration period has ended. 2259// 2260// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2261// with awserr.Error's Code and Message methods to get detailed information about 2262// the error. 2263// 2264// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2265// API operation RestoreCertificateAuthority for usage and error information. 2266// 2267// Returned Error Types: 2268// * ResourceNotFoundException 2269// A resource such as a private CA, S3 bucket, certificate, audit report, or 2270// policy cannot be found. 2271// 2272// * InvalidStateException 2273// The state of the private CA does not allow this action to occur. 2274// 2275// * InvalidArnException 2276// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2277// 2278// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2279func (c *ACMPCA) RestoreCertificateAuthority(input *RestoreCertificateAuthorityInput) (*RestoreCertificateAuthorityOutput, error) { 2280 req, out := c.RestoreCertificateAuthorityRequest(input) 2281 return out, req.Send() 2282} 2283 2284// RestoreCertificateAuthorityWithContext is the same as RestoreCertificateAuthority with the addition of 2285// the ability to pass a context and additional request options. 2286// 2287// See RestoreCertificateAuthority for details on how to use this API operation. 2288// 2289// The context must be non-nil and will be used for request cancellation. If 2290// the context is nil a panic will occur. In the future the SDK may create 2291// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2292// for more information on using Contexts. 2293func (c *ACMPCA) RestoreCertificateAuthorityWithContext(ctx aws.Context, input *RestoreCertificateAuthorityInput, opts ...request.Option) (*RestoreCertificateAuthorityOutput, error) { 2294 req, out := c.RestoreCertificateAuthorityRequest(input) 2295 req.SetContext(ctx) 2296 req.ApplyOptions(opts...) 2297 return out, req.Send() 2298} 2299 2300const opRevokeCertificate = "RevokeCertificate" 2301 2302// RevokeCertificateRequest generates a "aws/request.Request" representing the 2303// client's request for the RevokeCertificate operation. The "output" return 2304// value will be populated with the request's response once the request completes 2305// successfully. 2306// 2307// Use "Send" method on the returned Request to send the API call to the service. 2308// the "output" return value is not valid until after Send returns without error. 2309// 2310// See RevokeCertificate for more information on using the RevokeCertificate 2311// API call, and error handling. 2312// 2313// This method is useful when you want to inject custom logic or configuration 2314// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2315// 2316// 2317// // Example sending a request using the RevokeCertificateRequest method. 2318// req, resp := client.RevokeCertificateRequest(params) 2319// 2320// err := req.Send() 2321// if err == nil { // resp is now filled 2322// fmt.Println(resp) 2323// } 2324// 2325// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2326func (c *ACMPCA) RevokeCertificateRequest(input *RevokeCertificateInput) (req *request.Request, output *RevokeCertificateOutput) { 2327 op := &request.Operation{ 2328 Name: opRevokeCertificate, 2329 HTTPMethod: "POST", 2330 HTTPPath: "/", 2331 } 2332 2333 if input == nil { 2334 input = &RevokeCertificateInput{} 2335 } 2336 2337 output = &RevokeCertificateOutput{} 2338 req = c.newRequest(op, input, output) 2339 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2340 return 2341} 2342 2343// RevokeCertificate API operation for AWS Certificate Manager Private Certificate Authority. 2344// 2345// Revokes a certificate that was issued inside ACM Private CA. If you enable 2346// a certificate revocation list (CRL) when you create or update your private 2347// CA, information about the revoked certificates will be included in the CRL. 2348// ACM Private CA writes the CRL to an S3 bucket that you specify. A CRL is 2349// typically updated approximately 30 minutes after a certificate is revoked. 2350// If for any reason the CRL update fails, ACM Private CA attempts makes further 2351// attempts every 15 minutes. With Amazon CloudWatch, you can create alarms 2352// for the metrics CRLGenerated and MisconfiguredCRLBucket. For more information, 2353// see Supported CloudWatch Metrics (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html). 2354// 2355// Both PCA and the IAM principal must have permission to write to the S3 bucket 2356// that you specify. If the IAM principal making the call does not have permission 2357// to write to the bucket, then an exception is thrown. For more information, 2358// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2359// 2360// ACM Private CA also writes revocation information to the audit report. For 2361// more information, see CreateCertificateAuthorityAuditReport (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html). 2362// 2363// You cannot revoke a root CA self-signed certificate. 2364// 2365// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2366// with awserr.Error's Code and Message methods to get detailed information about 2367// the error. 2368// 2369// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2370// API operation RevokeCertificate for usage and error information. 2371// 2372// Returned Error Types: 2373// * ConcurrentModificationException 2374// A previous update to your private CA is still ongoing. 2375// 2376// * InvalidArnException 2377// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2378// 2379// * InvalidRequestException 2380// The request action cannot be performed or is prohibited. 2381// 2382// * InvalidStateException 2383// The state of the private CA does not allow this action to occur. 2384// 2385// * LimitExceededException 2386// An ACM Private CA quota has been exceeded. See the exception message returned 2387// to determine the quota that was exceeded. 2388// 2389// * ResourceNotFoundException 2390// A resource such as a private CA, S3 bucket, certificate, audit report, or 2391// policy cannot be found. 2392// 2393// * RequestAlreadyProcessedException 2394// Your request has already been completed. 2395// 2396// * RequestInProgressException 2397// Your request is already in progress. 2398// 2399// * RequestFailedException 2400// The request has failed for an unspecified reason. 2401// 2402// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2403func (c *ACMPCA) RevokeCertificate(input *RevokeCertificateInput) (*RevokeCertificateOutput, error) { 2404 req, out := c.RevokeCertificateRequest(input) 2405 return out, req.Send() 2406} 2407 2408// RevokeCertificateWithContext is the same as RevokeCertificate with the addition of 2409// the ability to pass a context and additional request options. 2410// 2411// See RevokeCertificate for details on how to use this API operation. 2412// 2413// The context must be non-nil and will be used for request cancellation. If 2414// the context is nil a panic will occur. In the future the SDK may create 2415// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2416// for more information on using Contexts. 2417func (c *ACMPCA) RevokeCertificateWithContext(ctx aws.Context, input *RevokeCertificateInput, opts ...request.Option) (*RevokeCertificateOutput, error) { 2418 req, out := c.RevokeCertificateRequest(input) 2419 req.SetContext(ctx) 2420 req.ApplyOptions(opts...) 2421 return out, req.Send() 2422} 2423 2424const opTagCertificateAuthority = "TagCertificateAuthority" 2425 2426// TagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2427// client's request for the TagCertificateAuthority operation. The "output" return 2428// value will be populated with the request's response once the request completes 2429// successfully. 2430// 2431// Use "Send" method on the returned Request to send the API call to the service. 2432// the "output" return value is not valid until after Send returns without error. 2433// 2434// See TagCertificateAuthority for more information on using the TagCertificateAuthority 2435// API call, and error handling. 2436// 2437// This method is useful when you want to inject custom logic or configuration 2438// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2439// 2440// 2441// // Example sending a request using the TagCertificateAuthorityRequest method. 2442// req, resp := client.TagCertificateAuthorityRequest(params) 2443// 2444// err := req.Send() 2445// if err == nil { // resp is now filled 2446// fmt.Println(resp) 2447// } 2448// 2449// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2450func (c *ACMPCA) TagCertificateAuthorityRequest(input *TagCertificateAuthorityInput) (req *request.Request, output *TagCertificateAuthorityOutput) { 2451 op := &request.Operation{ 2452 Name: opTagCertificateAuthority, 2453 HTTPMethod: "POST", 2454 HTTPPath: "/", 2455 } 2456 2457 if input == nil { 2458 input = &TagCertificateAuthorityInput{} 2459 } 2460 2461 output = &TagCertificateAuthorityOutput{} 2462 req = c.newRequest(op, input, output) 2463 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2464 return 2465} 2466 2467// TagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2468// 2469// Adds one or more tags to your private CA. Tags are labels that you can use 2470// to identify and organize your AWS resources. Each tag consists of a key and 2471// an optional value. You specify the private CA on input by its Amazon Resource 2472// Name (ARN). You specify the tag by using a key-value pair. You can apply 2473// a tag to just one private CA if you want to identify a specific characteristic 2474// of that CA, or you can apply the same tag to multiple private CAs if you 2475// want to filter for a common relationship among those CAs. To remove one or 2476// more tags, use the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 2477// action. Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2478// action to see what tags are associated with your CA. 2479// 2480// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2481// with awserr.Error's Code and Message methods to get detailed information about 2482// the error. 2483// 2484// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2485// API operation TagCertificateAuthority for usage and error information. 2486// 2487// Returned Error Types: 2488// * ResourceNotFoundException 2489// A resource such as a private CA, S3 bucket, certificate, audit report, or 2490// policy cannot be found. 2491// 2492// * InvalidArnException 2493// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2494// 2495// * InvalidStateException 2496// The state of the private CA does not allow this action to occur. 2497// 2498// * InvalidTagException 2499// The tag associated with the CA is not valid. The invalid argument is contained 2500// in the message field. 2501// 2502// * TooManyTagsException 2503// You can associate up to 50 tags with a private CA. Exception information 2504// is contained in the exception message field. 2505// 2506// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2507func (c *ACMPCA) TagCertificateAuthority(input *TagCertificateAuthorityInput) (*TagCertificateAuthorityOutput, error) { 2508 req, out := c.TagCertificateAuthorityRequest(input) 2509 return out, req.Send() 2510} 2511 2512// TagCertificateAuthorityWithContext is the same as TagCertificateAuthority with the addition of 2513// the ability to pass a context and additional request options. 2514// 2515// See TagCertificateAuthority for details on how to use this API operation. 2516// 2517// The context must be non-nil and will be used for request cancellation. If 2518// the context is nil a panic will occur. In the future the SDK may create 2519// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2520// for more information on using Contexts. 2521func (c *ACMPCA) TagCertificateAuthorityWithContext(ctx aws.Context, input *TagCertificateAuthorityInput, opts ...request.Option) (*TagCertificateAuthorityOutput, error) { 2522 req, out := c.TagCertificateAuthorityRequest(input) 2523 req.SetContext(ctx) 2524 req.ApplyOptions(opts...) 2525 return out, req.Send() 2526} 2527 2528const opUntagCertificateAuthority = "UntagCertificateAuthority" 2529 2530// UntagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2531// client's request for the UntagCertificateAuthority operation. The "output" return 2532// value will be populated with the request's response once the request completes 2533// successfully. 2534// 2535// Use "Send" method on the returned Request to send the API call to the service. 2536// the "output" return value is not valid until after Send returns without error. 2537// 2538// See UntagCertificateAuthority for more information on using the UntagCertificateAuthority 2539// API call, and error handling. 2540// 2541// This method is useful when you want to inject custom logic or configuration 2542// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2543// 2544// 2545// // Example sending a request using the UntagCertificateAuthorityRequest method. 2546// req, resp := client.UntagCertificateAuthorityRequest(params) 2547// 2548// err := req.Send() 2549// if err == nil { // resp is now filled 2550// fmt.Println(resp) 2551// } 2552// 2553// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2554func (c *ACMPCA) UntagCertificateAuthorityRequest(input *UntagCertificateAuthorityInput) (req *request.Request, output *UntagCertificateAuthorityOutput) { 2555 op := &request.Operation{ 2556 Name: opUntagCertificateAuthority, 2557 HTTPMethod: "POST", 2558 HTTPPath: "/", 2559 } 2560 2561 if input == nil { 2562 input = &UntagCertificateAuthorityInput{} 2563 } 2564 2565 output = &UntagCertificateAuthorityOutput{} 2566 req = c.newRequest(op, input, output) 2567 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2568 return 2569} 2570 2571// UntagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2572// 2573// Remove one or more tags from your private CA. A tag consists of a key-value 2574// pair. If you do not specify the value portion of the tag when calling this 2575// action, the tag will be removed regardless of value. If you specify a value, 2576// the tag is removed only if it is associated with the specified value. To 2577// add tags to a private CA, use the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html). 2578// Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2579// action to see what tags are associated with your CA. 2580// 2581// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2582// with awserr.Error's Code and Message methods to get detailed information about 2583// the error. 2584// 2585// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2586// API operation UntagCertificateAuthority for usage and error information. 2587// 2588// Returned Error Types: 2589// * ResourceNotFoundException 2590// A resource such as a private CA, S3 bucket, certificate, audit report, or 2591// policy cannot be found. 2592// 2593// * InvalidArnException 2594// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2595// 2596// * InvalidStateException 2597// The state of the private CA does not allow this action to occur. 2598// 2599// * InvalidTagException 2600// The tag associated with the CA is not valid. The invalid argument is contained 2601// in the message field. 2602// 2603// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2604func (c *ACMPCA) UntagCertificateAuthority(input *UntagCertificateAuthorityInput) (*UntagCertificateAuthorityOutput, error) { 2605 req, out := c.UntagCertificateAuthorityRequest(input) 2606 return out, req.Send() 2607} 2608 2609// UntagCertificateAuthorityWithContext is the same as UntagCertificateAuthority with the addition of 2610// the ability to pass a context and additional request options. 2611// 2612// See UntagCertificateAuthority for details on how to use this API operation. 2613// 2614// The context must be non-nil and will be used for request cancellation. If 2615// the context is nil a panic will occur. In the future the SDK may create 2616// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2617// for more information on using Contexts. 2618func (c *ACMPCA) UntagCertificateAuthorityWithContext(ctx aws.Context, input *UntagCertificateAuthorityInput, opts ...request.Option) (*UntagCertificateAuthorityOutput, error) { 2619 req, out := c.UntagCertificateAuthorityRequest(input) 2620 req.SetContext(ctx) 2621 req.ApplyOptions(opts...) 2622 return out, req.Send() 2623} 2624 2625const opUpdateCertificateAuthority = "UpdateCertificateAuthority" 2626 2627// UpdateCertificateAuthorityRequest generates a "aws/request.Request" representing the 2628// client's request for the UpdateCertificateAuthority operation. The "output" return 2629// value will be populated with the request's response once the request completes 2630// successfully. 2631// 2632// Use "Send" method on the returned Request to send the API call to the service. 2633// the "output" return value is not valid until after Send returns without error. 2634// 2635// See UpdateCertificateAuthority for more information on using the UpdateCertificateAuthority 2636// API call, and error handling. 2637// 2638// This method is useful when you want to inject custom logic or configuration 2639// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2640// 2641// 2642// // Example sending a request using the UpdateCertificateAuthorityRequest method. 2643// req, resp := client.UpdateCertificateAuthorityRequest(params) 2644// 2645// err := req.Send() 2646// if err == nil { // resp is now filled 2647// fmt.Println(resp) 2648// } 2649// 2650// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2651func (c *ACMPCA) UpdateCertificateAuthorityRequest(input *UpdateCertificateAuthorityInput) (req *request.Request, output *UpdateCertificateAuthorityOutput) { 2652 op := &request.Operation{ 2653 Name: opUpdateCertificateAuthority, 2654 HTTPMethod: "POST", 2655 HTTPPath: "/", 2656 } 2657 2658 if input == nil { 2659 input = &UpdateCertificateAuthorityInput{} 2660 } 2661 2662 output = &UpdateCertificateAuthorityOutput{} 2663 req = c.newRequest(op, input, output) 2664 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2665 return 2666} 2667 2668// UpdateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2669// 2670// Updates the status or configuration of a private certificate authority (CA). 2671// Your private CA must be in the ACTIVE or DISABLED state before you can update 2672// it. You can disable a private CA that is in the ACTIVE state or make a CA 2673// that is in the DISABLED state active again. 2674// 2675// Both PCA and the IAM principal must have permission to write to the S3 bucket 2676// that you specify. If the IAM principal making the call does not have permission 2677// to write to the bucket, then an exception is thrown. For more information, 2678// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2679// 2680// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2681// with awserr.Error's Code and Message methods to get detailed information about 2682// the error. 2683// 2684// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2685// API operation UpdateCertificateAuthority for usage and error information. 2686// 2687// Returned Error Types: 2688// * ConcurrentModificationException 2689// A previous update to your private CA is still ongoing. 2690// 2691// * ResourceNotFoundException 2692// A resource such as a private CA, S3 bucket, certificate, audit report, or 2693// policy cannot be found. 2694// 2695// * InvalidArgsException 2696// One or more of the specified arguments was not valid. 2697// 2698// * InvalidArnException 2699// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2700// 2701// * InvalidStateException 2702// The state of the private CA does not allow this action to occur. 2703// 2704// * InvalidPolicyException 2705// The resource policy is invalid or is missing a required statement. For general 2706// information about IAM policy and statement structure, see Overview of JSON 2707// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2708// 2709// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2710func (c *ACMPCA) UpdateCertificateAuthority(input *UpdateCertificateAuthorityInput) (*UpdateCertificateAuthorityOutput, error) { 2711 req, out := c.UpdateCertificateAuthorityRequest(input) 2712 return out, req.Send() 2713} 2714 2715// UpdateCertificateAuthorityWithContext is the same as UpdateCertificateAuthority with the addition of 2716// the ability to pass a context and additional request options. 2717// 2718// See UpdateCertificateAuthority for details on how to use this API operation. 2719// 2720// The context must be non-nil and will be used for request cancellation. If 2721// the context is nil a panic will occur. In the future the SDK may create 2722// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2723// for more information on using Contexts. 2724func (c *ACMPCA) UpdateCertificateAuthorityWithContext(ctx aws.Context, input *UpdateCertificateAuthorityInput, opts ...request.Option) (*UpdateCertificateAuthorityOutput, error) { 2725 req, out := c.UpdateCertificateAuthorityRequest(input) 2726 req.SetContext(ctx) 2727 req.ApplyOptions(opts...) 2728 return out, req.Send() 2729} 2730 2731// Contains information about the certificate subject. The Subject field in 2732// the certificate identifies the entity that owns or controls the public key 2733// in the certificate. The entity can be a user, computer, device, or service. 2734// The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 2735// of relative distinguished names (RDNs). The RDNs are separated by commas 2736// in the certificate. 2737type ASN1Subject struct { 2738 _ struct{} `type:"structure"` 2739 2740 // For CA and end-entity certificates in a private PKI, the common name (CN) 2741 // can be any string within the length limit. 2742 // 2743 // Note: In publicly trusted certificates, the common name must be a fully qualified 2744 // domain name (FQDN) associated with the certificate subject. 2745 CommonName *string `type:"string"` 2746 2747 // Two-digit code that specifies the country in which the certificate subject 2748 // located. 2749 Country *string `min:"2" type:"string"` 2750 2751 // Disambiguating information for the certificate subject. 2752 DistinguishedNameQualifier *string `type:"string"` 2753 2754 // Typically a qualifier appended to the name of an individual. Examples include 2755 // Jr. for junior, Sr. for senior, and III for third. 2756 GenerationQualifier *string `type:"string"` 2757 2758 // First name. 2759 GivenName *string `type:"string"` 2760 2761 // Concatenation that typically contains the first letter of the GivenName, 2762 // the first letter of the middle name if one exists, and the first letter of 2763 // the Surname. 2764 Initials *string `type:"string"` 2765 2766 // The locality (such as a city or town) in which the certificate subject is 2767 // located. 2768 Locality *string `type:"string"` 2769 2770 // Legal name of the organization with which the certificate subject is affiliated. 2771 Organization *string `type:"string"` 2772 2773 // A subdivision or unit of the organization (such as sales or finance) with 2774 // which the certificate subject is affiliated. 2775 OrganizationalUnit *string `type:"string"` 2776 2777 // Typically a shortened version of a longer GivenName. For example, Jonathan 2778 // is often shortened to John. Elizabeth is often shortened to Beth, Liz, or 2779 // Eliza. 2780 Pseudonym *string `type:"string"` 2781 2782 // The certificate serial number. 2783 SerialNumber *string `type:"string"` 2784 2785 // State in which the subject of the certificate is located. 2786 State *string `type:"string"` 2787 2788 // Family name. In the US and the UK, for example, the surname of an individual 2789 // is ordered last. In Asian cultures the surname is typically ordered first. 2790 Surname *string `type:"string"` 2791 2792 // A title such as Mr. or Ms., which is pre-pended to the name to refer formally 2793 // to the certificate subject. 2794 Title *string `type:"string"` 2795} 2796 2797// String returns the string representation 2798func (s ASN1Subject) String() string { 2799 return awsutil.Prettify(s) 2800} 2801 2802// GoString returns the string representation 2803func (s ASN1Subject) GoString() string { 2804 return s.String() 2805} 2806 2807// Validate inspects the fields of the type to determine if they are valid. 2808func (s *ASN1Subject) Validate() error { 2809 invalidParams := request.ErrInvalidParams{Context: "ASN1Subject"} 2810 if s.Country != nil && len(*s.Country) < 2 { 2811 invalidParams.Add(request.NewErrParamMinLen("Country", 2)) 2812 } 2813 2814 if invalidParams.Len() > 0 { 2815 return invalidParams 2816 } 2817 return nil 2818} 2819 2820// SetCommonName sets the CommonName field's value. 2821func (s *ASN1Subject) SetCommonName(v string) *ASN1Subject { 2822 s.CommonName = &v 2823 return s 2824} 2825 2826// SetCountry sets the Country field's value. 2827func (s *ASN1Subject) SetCountry(v string) *ASN1Subject { 2828 s.Country = &v 2829 return s 2830} 2831 2832// SetDistinguishedNameQualifier sets the DistinguishedNameQualifier field's value. 2833func (s *ASN1Subject) SetDistinguishedNameQualifier(v string) *ASN1Subject { 2834 s.DistinguishedNameQualifier = &v 2835 return s 2836} 2837 2838// SetGenerationQualifier sets the GenerationQualifier field's value. 2839func (s *ASN1Subject) SetGenerationQualifier(v string) *ASN1Subject { 2840 s.GenerationQualifier = &v 2841 return s 2842} 2843 2844// SetGivenName sets the GivenName field's value. 2845func (s *ASN1Subject) SetGivenName(v string) *ASN1Subject { 2846 s.GivenName = &v 2847 return s 2848} 2849 2850// SetInitials sets the Initials field's value. 2851func (s *ASN1Subject) SetInitials(v string) *ASN1Subject { 2852 s.Initials = &v 2853 return s 2854} 2855 2856// SetLocality sets the Locality field's value. 2857func (s *ASN1Subject) SetLocality(v string) *ASN1Subject { 2858 s.Locality = &v 2859 return s 2860} 2861 2862// SetOrganization sets the Organization field's value. 2863func (s *ASN1Subject) SetOrganization(v string) *ASN1Subject { 2864 s.Organization = &v 2865 return s 2866} 2867 2868// SetOrganizationalUnit sets the OrganizationalUnit field's value. 2869func (s *ASN1Subject) SetOrganizationalUnit(v string) *ASN1Subject { 2870 s.OrganizationalUnit = &v 2871 return s 2872} 2873 2874// SetPseudonym sets the Pseudonym field's value. 2875func (s *ASN1Subject) SetPseudonym(v string) *ASN1Subject { 2876 s.Pseudonym = &v 2877 return s 2878} 2879 2880// SetSerialNumber sets the SerialNumber field's value. 2881func (s *ASN1Subject) SetSerialNumber(v string) *ASN1Subject { 2882 s.SerialNumber = &v 2883 return s 2884} 2885 2886// SetState sets the State field's value. 2887func (s *ASN1Subject) SetState(v string) *ASN1Subject { 2888 s.State = &v 2889 return s 2890} 2891 2892// SetSurname sets the Surname field's value. 2893func (s *ASN1Subject) SetSurname(v string) *ASN1Subject { 2894 s.Surname = &v 2895 return s 2896} 2897 2898// SetTitle sets the Title field's value. 2899func (s *ASN1Subject) SetTitle(v string) *ASN1Subject { 2900 s.Title = &v 2901 return s 2902} 2903 2904// Provides access information used by the authorityInfoAccess and subjectInfoAccess 2905// extensions described in RFC 5280 (https://tools.ietf.org/html/rfc5280). 2906type AccessDescription struct { 2907 _ struct{} `type:"structure"` 2908 2909 // The location of AccessDescription information. 2910 // 2911 // AccessLocation is a required field 2912 AccessLocation *GeneralName `type:"structure" required:"true"` 2913 2914 // The type and format of AccessDescription information. 2915 // 2916 // AccessMethod is a required field 2917 AccessMethod *AccessMethod `type:"structure" required:"true"` 2918} 2919 2920// String returns the string representation 2921func (s AccessDescription) String() string { 2922 return awsutil.Prettify(s) 2923} 2924 2925// GoString returns the string representation 2926func (s AccessDescription) GoString() string { 2927 return s.String() 2928} 2929 2930// Validate inspects the fields of the type to determine if they are valid. 2931func (s *AccessDescription) Validate() error { 2932 invalidParams := request.ErrInvalidParams{Context: "AccessDescription"} 2933 if s.AccessLocation == nil { 2934 invalidParams.Add(request.NewErrParamRequired("AccessLocation")) 2935 } 2936 if s.AccessMethod == nil { 2937 invalidParams.Add(request.NewErrParamRequired("AccessMethod")) 2938 } 2939 if s.AccessLocation != nil { 2940 if err := s.AccessLocation.Validate(); err != nil { 2941 invalidParams.AddNested("AccessLocation", err.(request.ErrInvalidParams)) 2942 } 2943 } 2944 2945 if invalidParams.Len() > 0 { 2946 return invalidParams 2947 } 2948 return nil 2949} 2950 2951// SetAccessLocation sets the AccessLocation field's value. 2952func (s *AccessDescription) SetAccessLocation(v *GeneralName) *AccessDescription { 2953 s.AccessLocation = v 2954 return s 2955} 2956 2957// SetAccessMethod sets the AccessMethod field's value. 2958func (s *AccessDescription) SetAccessMethod(v *AccessMethod) *AccessDescription { 2959 s.AccessMethod = v 2960 return s 2961} 2962 2963// Describes the type and format of extension access. Only one of CustomObjectIdentifier 2964// or AccessMethodType may be provided. Providing both results in InvalidArgsException. 2965type AccessMethod struct { 2966 _ struct{} `type:"structure"` 2967 2968 // Specifies the AccessMethod. 2969 AccessMethodType *string `type:"string" enum:"AccessMethodType"` 2970 2971 // An object identifier (OID) specifying the AccessMethod. The OID must satisfy 2972 // the regular expression shown below. For more information, see NIST's definition 2973 // of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 2974 CustomObjectIdentifier *string `type:"string"` 2975} 2976 2977// String returns the string representation 2978func (s AccessMethod) String() string { 2979 return awsutil.Prettify(s) 2980} 2981 2982// GoString returns the string representation 2983func (s AccessMethod) GoString() string { 2984 return s.String() 2985} 2986 2987// SetAccessMethodType sets the AccessMethodType field's value. 2988func (s *AccessMethod) SetAccessMethodType(v string) *AccessMethod { 2989 s.AccessMethodType = &v 2990 return s 2991} 2992 2993// SetCustomObjectIdentifier sets the CustomObjectIdentifier field's value. 2994func (s *AccessMethod) SetCustomObjectIdentifier(v string) *AccessMethod { 2995 s.CustomObjectIdentifier = &v 2996 return s 2997} 2998 2999// Contains X.509 certificate information to be placed in an issued certificate. 3000// An APIPassthrough or APICSRPassthrough template variant must be selected, 3001// or else this parameter is ignored. 3002// 3003// If conflicting or duplicate certificate information is supplied from other 3004// sources, ACM Private CA applies order of operation rules (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) 3005// to determine what information is used. 3006type ApiPassthrough struct { 3007 _ struct{} `type:"structure"` 3008 3009 // Specifies X.509 extension information for a certificate. 3010 Extensions *Extensions `type:"structure"` 3011 3012 // Contains information about the certificate subject. The Subject field in 3013 // the certificate identifies the entity that owns or controls the public key 3014 // in the certificate. The entity can be a user, computer, device, or service. 3015 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 3016 // of relative distinguished names (RDNs). The RDNs are separated by commas 3017 // in the certificate. 3018 Subject *ASN1Subject `type:"structure"` 3019} 3020 3021// String returns the string representation 3022func (s ApiPassthrough) String() string { 3023 return awsutil.Prettify(s) 3024} 3025 3026// GoString returns the string representation 3027func (s ApiPassthrough) GoString() string { 3028 return s.String() 3029} 3030 3031// Validate inspects the fields of the type to determine if they are valid. 3032func (s *ApiPassthrough) Validate() error { 3033 invalidParams := request.ErrInvalidParams{Context: "ApiPassthrough"} 3034 if s.Extensions != nil { 3035 if err := s.Extensions.Validate(); err != nil { 3036 invalidParams.AddNested("Extensions", err.(request.ErrInvalidParams)) 3037 } 3038 } 3039 if s.Subject != nil { 3040 if err := s.Subject.Validate(); err != nil { 3041 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3042 } 3043 } 3044 3045 if invalidParams.Len() > 0 { 3046 return invalidParams 3047 } 3048 return nil 3049} 3050 3051// SetExtensions sets the Extensions field's value. 3052func (s *ApiPassthrough) SetExtensions(v *Extensions) *ApiPassthrough { 3053 s.Extensions = v 3054 return s 3055} 3056 3057// SetSubject sets the Subject field's value. 3058func (s *ApiPassthrough) SetSubject(v *ASN1Subject) *ApiPassthrough { 3059 s.Subject = v 3060 return s 3061} 3062 3063// Contains information about your private certificate authority (CA). Your 3064// private CA can issue and revoke X.509 digital certificates. Digital certificates 3065// verify that the entity named in the certificate Subject field owns or controls 3066// the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority 3067// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3068// action to create your private CA. You must then call the GetCertificateAuthorityCertificate 3069// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) 3070// action to retrieve a private CA certificate signing request (CSR). Sign the 3071// CSR with your ACM Private CA-hosted or on-premises root or subordinate CA 3072// certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 3073// action to import the signed certificate into AWS Certificate Manager (ACM). 3074type CertificateAuthority struct { 3075 _ struct{} `type:"structure"` 3076 3077 // Amazon Resource Name (ARN) for your private certificate authority (CA). The 3078 // format is 12345678-1234-1234-1234-123456789012 . 3079 Arn *string `min:"5" type:"string"` 3080 3081 // Your private CA configuration. 3082 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure"` 3083 3084 // Date and time at which your private CA was created. 3085 CreatedAt *time.Time `type:"timestamp"` 3086 3087 // Reason the request to create your private CA failed. 3088 FailureReason *string `type:"string" enum:"FailureReason"` 3089 3090 // Defines a cryptographic key management compliance standard used for handling 3091 // CA keys. 3092 // 3093 // Default: FIPS_140_2_LEVEL_3_OR_HIGHER 3094 // 3095 // Note: AWS Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. 3096 // You must explicitly specify this parameter and value when creating a CA in 3097 // that Region. Specifying a different value (or no value) results in an InvalidArgsException 3098 // with the message "A certificate authority cannot be created in this region 3099 // with the specified security standard." 3100 KeyStorageSecurityStandard *string `type:"string" enum:"KeyStorageSecurityStandard"` 3101 3102 // Date and time at which your private CA was last updated. 3103 LastStateChangeAt *time.Time `type:"timestamp"` 3104 3105 // Date and time after which your private CA certificate is not valid. 3106 NotAfter *time.Time `type:"timestamp"` 3107 3108 // Date and time before which your private CA certificate is not valid. 3109 NotBefore *time.Time `type:"timestamp"` 3110 3111 // The AWS account ID that owns the certificate authority. 3112 OwnerAccount *string `min:"12" type:"string"` 3113 3114 // The period during which a deleted CA can be restored. For more information, 3115 // see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest 3116 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html) 3117 // action. 3118 RestorableUntil *time.Time `type:"timestamp"` 3119 3120 // Information about the certificate revocation list (CRL) created and maintained 3121 // by your private CA. 3122 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3123 3124 // Serial number of your private CA. 3125 Serial *string `type:"string"` 3126 3127 // Status of your private CA. 3128 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 3129 3130 // Type of your private CA. 3131 Type *string `type:"string" enum:"CertificateAuthorityType"` 3132} 3133 3134// String returns the string representation 3135func (s CertificateAuthority) String() string { 3136 return awsutil.Prettify(s) 3137} 3138 3139// GoString returns the string representation 3140func (s CertificateAuthority) GoString() string { 3141 return s.String() 3142} 3143 3144// SetArn sets the Arn field's value. 3145func (s *CertificateAuthority) SetArn(v string) *CertificateAuthority { 3146 s.Arn = &v 3147 return s 3148} 3149 3150// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3151func (s *CertificateAuthority) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CertificateAuthority { 3152 s.CertificateAuthorityConfiguration = v 3153 return s 3154} 3155 3156// SetCreatedAt sets the CreatedAt field's value. 3157func (s *CertificateAuthority) SetCreatedAt(v time.Time) *CertificateAuthority { 3158 s.CreatedAt = &v 3159 return s 3160} 3161 3162// SetFailureReason sets the FailureReason field's value. 3163func (s *CertificateAuthority) SetFailureReason(v string) *CertificateAuthority { 3164 s.FailureReason = &v 3165 return s 3166} 3167 3168// SetKeyStorageSecurityStandard sets the KeyStorageSecurityStandard field's value. 3169func (s *CertificateAuthority) SetKeyStorageSecurityStandard(v string) *CertificateAuthority { 3170 s.KeyStorageSecurityStandard = &v 3171 return s 3172} 3173 3174// SetLastStateChangeAt sets the LastStateChangeAt field's value. 3175func (s *CertificateAuthority) SetLastStateChangeAt(v time.Time) *CertificateAuthority { 3176 s.LastStateChangeAt = &v 3177 return s 3178} 3179 3180// SetNotAfter sets the NotAfter field's value. 3181func (s *CertificateAuthority) SetNotAfter(v time.Time) *CertificateAuthority { 3182 s.NotAfter = &v 3183 return s 3184} 3185 3186// SetNotBefore sets the NotBefore field's value. 3187func (s *CertificateAuthority) SetNotBefore(v time.Time) *CertificateAuthority { 3188 s.NotBefore = &v 3189 return s 3190} 3191 3192// SetOwnerAccount sets the OwnerAccount field's value. 3193func (s *CertificateAuthority) SetOwnerAccount(v string) *CertificateAuthority { 3194 s.OwnerAccount = &v 3195 return s 3196} 3197 3198// SetRestorableUntil sets the RestorableUntil field's value. 3199func (s *CertificateAuthority) SetRestorableUntil(v time.Time) *CertificateAuthority { 3200 s.RestorableUntil = &v 3201 return s 3202} 3203 3204// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3205func (s *CertificateAuthority) SetRevocationConfiguration(v *RevocationConfiguration) *CertificateAuthority { 3206 s.RevocationConfiguration = v 3207 return s 3208} 3209 3210// SetSerial sets the Serial field's value. 3211func (s *CertificateAuthority) SetSerial(v string) *CertificateAuthority { 3212 s.Serial = &v 3213 return s 3214} 3215 3216// SetStatus sets the Status field's value. 3217func (s *CertificateAuthority) SetStatus(v string) *CertificateAuthority { 3218 s.Status = &v 3219 return s 3220} 3221 3222// SetType sets the Type field's value. 3223func (s *CertificateAuthority) SetType(v string) *CertificateAuthority { 3224 s.Type = &v 3225 return s 3226} 3227 3228// Contains configuration information for your private certificate authority 3229// (CA). This includes information about the class of public key algorithm and 3230// the key pair that your private CA creates when it issues a certificate. It 3231// also includes the signature algorithm that it uses when issuing certificates, 3232// and its X.500 distinguished name. You must specify this information when 3233// you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3234// action. 3235type CertificateAuthorityConfiguration struct { 3236 _ struct{} `type:"structure"` 3237 3238 // Specifies information to be added to the extension section of the certificate 3239 // signing request (CSR). 3240 CsrExtensions *CsrExtensions `type:"structure"` 3241 3242 // Type of the public key algorithm and size, in bits, of the key pair that 3243 // your CA creates when it issues a certificate. When you create a subordinate 3244 // CA, you must use a key algorithm supported by the parent CA. 3245 // 3246 // KeyAlgorithm is a required field 3247 KeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` 3248 3249 // Name of the algorithm your private CA uses to sign certificate requests. 3250 // 3251 // This parameter should not be confused with the SigningAlgorithm parameter 3252 // used to sign certificates when they are issued. 3253 // 3254 // SigningAlgorithm is a required field 3255 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 3256 3257 // Structure that contains X.500 distinguished name information for your private 3258 // CA. 3259 // 3260 // Subject is a required field 3261 Subject *ASN1Subject `type:"structure" required:"true"` 3262} 3263 3264// String returns the string representation 3265func (s CertificateAuthorityConfiguration) String() string { 3266 return awsutil.Prettify(s) 3267} 3268 3269// GoString returns the string representation 3270func (s CertificateAuthorityConfiguration) GoString() string { 3271 return s.String() 3272} 3273 3274// Validate inspects the fields of the type to determine if they are valid. 3275func (s *CertificateAuthorityConfiguration) Validate() error { 3276 invalidParams := request.ErrInvalidParams{Context: "CertificateAuthorityConfiguration"} 3277 if s.KeyAlgorithm == nil { 3278 invalidParams.Add(request.NewErrParamRequired("KeyAlgorithm")) 3279 } 3280 if s.SigningAlgorithm == nil { 3281 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 3282 } 3283 if s.Subject == nil { 3284 invalidParams.Add(request.NewErrParamRequired("Subject")) 3285 } 3286 if s.CsrExtensions != nil { 3287 if err := s.CsrExtensions.Validate(); err != nil { 3288 invalidParams.AddNested("CsrExtensions", err.(request.ErrInvalidParams)) 3289 } 3290 } 3291 if s.Subject != nil { 3292 if err := s.Subject.Validate(); err != nil { 3293 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3294 } 3295 } 3296 3297 if invalidParams.Len() > 0 { 3298 return invalidParams 3299 } 3300 return nil 3301} 3302 3303// SetCsrExtensions sets the CsrExtensions field's value. 3304func (s *CertificateAuthorityConfiguration) SetCsrExtensions(v *CsrExtensions) *CertificateAuthorityConfiguration { 3305 s.CsrExtensions = v 3306 return s 3307} 3308 3309// SetKeyAlgorithm sets the KeyAlgorithm field's value. 3310func (s *CertificateAuthorityConfiguration) SetKeyAlgorithm(v string) *CertificateAuthorityConfiguration { 3311 s.KeyAlgorithm = &v 3312 return s 3313} 3314 3315// SetSigningAlgorithm sets the SigningAlgorithm field's value. 3316func (s *CertificateAuthorityConfiguration) SetSigningAlgorithm(v string) *CertificateAuthorityConfiguration { 3317 s.SigningAlgorithm = &v 3318 return s 3319} 3320 3321// SetSubject sets the Subject field's value. 3322func (s *CertificateAuthorityConfiguration) SetSubject(v *ASN1Subject) *CertificateAuthorityConfiguration { 3323 s.Subject = v 3324 return s 3325} 3326 3327// The certificate authority certificate you are importing does not comply with 3328// conditions specified in the certificate that signed it. 3329type CertificateMismatchException struct { 3330 _ struct{} `type:"structure"` 3331 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3332 3333 Message_ *string `locationName:"message" type:"string"` 3334} 3335 3336// String returns the string representation 3337func (s CertificateMismatchException) String() string { 3338 return awsutil.Prettify(s) 3339} 3340 3341// GoString returns the string representation 3342func (s CertificateMismatchException) GoString() string { 3343 return s.String() 3344} 3345 3346func newErrorCertificateMismatchException(v protocol.ResponseMetadata) error { 3347 return &CertificateMismatchException{ 3348 RespMetadata: v, 3349 } 3350} 3351 3352// Code returns the exception type name. 3353func (s *CertificateMismatchException) Code() string { 3354 return "CertificateMismatchException" 3355} 3356 3357// Message returns the exception's message. 3358func (s *CertificateMismatchException) Message() string { 3359 if s.Message_ != nil { 3360 return *s.Message_ 3361 } 3362 return "" 3363} 3364 3365// OrigErr always returns nil, satisfies awserr.Error interface. 3366func (s *CertificateMismatchException) OrigErr() error { 3367 return nil 3368} 3369 3370func (s *CertificateMismatchException) Error() string { 3371 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3372} 3373 3374// Status code returns the HTTP status code for the request's response error. 3375func (s *CertificateMismatchException) StatusCode() int { 3376 return s.RespMetadata.StatusCode 3377} 3378 3379// RequestID returns the service's response RequestID for request. 3380func (s *CertificateMismatchException) RequestID() string { 3381 return s.RespMetadata.RequestID 3382} 3383 3384// A previous update to your private CA is still ongoing. 3385type ConcurrentModificationException struct { 3386 _ struct{} `type:"structure"` 3387 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3388 3389 Message_ *string `locationName:"message" type:"string"` 3390} 3391 3392// String returns the string representation 3393func (s ConcurrentModificationException) String() string { 3394 return awsutil.Prettify(s) 3395} 3396 3397// GoString returns the string representation 3398func (s ConcurrentModificationException) GoString() string { 3399 return s.String() 3400} 3401 3402func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error { 3403 return &ConcurrentModificationException{ 3404 RespMetadata: v, 3405 } 3406} 3407 3408// Code returns the exception type name. 3409func (s *ConcurrentModificationException) Code() string { 3410 return "ConcurrentModificationException" 3411} 3412 3413// Message returns the exception's message. 3414func (s *ConcurrentModificationException) Message() string { 3415 if s.Message_ != nil { 3416 return *s.Message_ 3417 } 3418 return "" 3419} 3420 3421// OrigErr always returns nil, satisfies awserr.Error interface. 3422func (s *ConcurrentModificationException) OrigErr() error { 3423 return nil 3424} 3425 3426func (s *ConcurrentModificationException) Error() string { 3427 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3428} 3429 3430// Status code returns the HTTP status code for the request's response error. 3431func (s *ConcurrentModificationException) StatusCode() int { 3432 return s.RespMetadata.StatusCode 3433} 3434 3435// RequestID returns the service's response RequestID for request. 3436func (s *ConcurrentModificationException) RequestID() string { 3437 return s.RespMetadata.RequestID 3438} 3439 3440type CreateCertificateAuthorityAuditReportInput struct { 3441 _ struct{} `type:"structure"` 3442 3443 // The format in which to create the report. This can be either JSON or CSV. 3444 // 3445 // AuditReportResponseFormat is a required field 3446 AuditReportResponseFormat *string `type:"string" required:"true" enum:"AuditReportResponseFormat"` 3447 3448 // The Amazon Resource Name (ARN) of the CA to be audited. This is of the form: 3449 // 3450 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3451 // 3452 // CertificateAuthorityArn is a required field 3453 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3454 3455 // The name of the S3 bucket that will contain the audit report. 3456 // 3457 // S3BucketName is a required field 3458 S3BucketName *string `min:"3" type:"string" required:"true"` 3459} 3460 3461// String returns the string representation 3462func (s CreateCertificateAuthorityAuditReportInput) String() string { 3463 return awsutil.Prettify(s) 3464} 3465 3466// GoString returns the string representation 3467func (s CreateCertificateAuthorityAuditReportInput) GoString() string { 3468 return s.String() 3469} 3470 3471// Validate inspects the fields of the type to determine if they are valid. 3472func (s *CreateCertificateAuthorityAuditReportInput) Validate() error { 3473 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityAuditReportInput"} 3474 if s.AuditReportResponseFormat == nil { 3475 invalidParams.Add(request.NewErrParamRequired("AuditReportResponseFormat")) 3476 } 3477 if s.CertificateAuthorityArn == nil { 3478 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3479 } 3480 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3481 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3482 } 3483 if s.S3BucketName == nil { 3484 invalidParams.Add(request.NewErrParamRequired("S3BucketName")) 3485 } 3486 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 3487 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 3488 } 3489 3490 if invalidParams.Len() > 0 { 3491 return invalidParams 3492 } 3493 return nil 3494} 3495 3496// SetAuditReportResponseFormat sets the AuditReportResponseFormat field's value. 3497func (s *CreateCertificateAuthorityAuditReportInput) SetAuditReportResponseFormat(v string) *CreateCertificateAuthorityAuditReportInput { 3498 s.AuditReportResponseFormat = &v 3499 return s 3500} 3501 3502// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3503func (s *CreateCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityAuditReportInput { 3504 s.CertificateAuthorityArn = &v 3505 return s 3506} 3507 3508// SetS3BucketName sets the S3BucketName field's value. 3509func (s *CreateCertificateAuthorityAuditReportInput) SetS3BucketName(v string) *CreateCertificateAuthorityAuditReportInput { 3510 s.S3BucketName = &v 3511 return s 3512} 3513 3514type CreateCertificateAuthorityAuditReportOutput struct { 3515 _ struct{} `type:"structure"` 3516 3517 // An alphanumeric string that contains a report identifier. 3518 AuditReportId *string `min:"36" type:"string"` 3519 3520 // The key that uniquely identifies the report file in your S3 bucket. 3521 S3Key *string `type:"string"` 3522} 3523 3524// String returns the string representation 3525func (s CreateCertificateAuthorityAuditReportOutput) String() string { 3526 return awsutil.Prettify(s) 3527} 3528 3529// GoString returns the string representation 3530func (s CreateCertificateAuthorityAuditReportOutput) GoString() string { 3531 return s.String() 3532} 3533 3534// SetAuditReportId sets the AuditReportId field's value. 3535func (s *CreateCertificateAuthorityAuditReportOutput) SetAuditReportId(v string) *CreateCertificateAuthorityAuditReportOutput { 3536 s.AuditReportId = &v 3537 return s 3538} 3539 3540// SetS3Key sets the S3Key field's value. 3541func (s *CreateCertificateAuthorityAuditReportOutput) SetS3Key(v string) *CreateCertificateAuthorityAuditReportOutput { 3542 s.S3Key = &v 3543 return s 3544} 3545 3546type CreateCertificateAuthorityInput struct { 3547 _ struct{} `type:"structure"` 3548 3549 // Name and bit size of the private key algorithm, the name of the signing algorithm, 3550 // and X.500 certificate subject information. 3551 // 3552 // CertificateAuthorityConfiguration is a required field 3553 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure" required:"true"` 3554 3555 // The type of the certificate authority. 3556 // 3557 // CertificateAuthorityType is a required field 3558 CertificateAuthorityType *string `type:"string" required:"true" enum:"CertificateAuthorityType"` 3559 3560 // Custom string that can be used to distinguish between calls to the CreateCertificateAuthority 3561 // action. Idempotency tokens for CreateCertificateAuthority time out after 3562 // five minutes. Therefore, if you call CreateCertificateAuthority multiple 3563 // times with the same idempotency token within five minutes, ACM Private CA 3564 // recognizes that you are requesting only certificate authority and will issue 3565 // only one. If you change the idempotency token for each call, PCA recognizes 3566 // that you are requesting multiple certificate authorities. 3567 IdempotencyToken *string `min:"1" type:"string"` 3568 3569 // Specifies a cryptographic key management compliance standard used for handling 3570 // CA keys. 3571 // 3572 // Default: FIPS_140_2_LEVEL_3_OR_HIGHER 3573 // 3574 // Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in Region ap-northeast-3. 3575 // When creating a CA in the ap-northeast-3, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER 3576 // as the argument for KeyStorageSecurityStandard. Failure to do this results 3577 // in an InvalidArgsException with the message, "A certificate authority cannot 3578 // be created in this region with the specified security standard." 3579 KeyStorageSecurityStandard *string `type:"string" enum:"KeyStorageSecurityStandard"` 3580 3581 // Contains a Boolean value that you can use to enable a certification revocation 3582 // list (CRL) for the CA, the name of the S3 bucket to which ACM Private CA 3583 // will write the CRL, and an optional CNAME alias that you can use to hide 3584 // the name of your bucket in the CRL Distribution Points extension of your 3585 // CA certificate. For more information, see the CrlConfiguration (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html) 3586 // structure. 3587 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3588 3589 // Key-value pairs that will be attached to the new private CA. You can associate 3590 // up to 50 tags with a private CA. For information using tags with IAM to manage 3591 // permissions, see Controlling Access Using IAM Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html). 3592 Tags []*Tag `min:"1" type:"list"` 3593} 3594 3595// String returns the string representation 3596func (s CreateCertificateAuthorityInput) String() string { 3597 return awsutil.Prettify(s) 3598} 3599 3600// GoString returns the string representation 3601func (s CreateCertificateAuthorityInput) GoString() string { 3602 return s.String() 3603} 3604 3605// Validate inspects the fields of the type to determine if they are valid. 3606func (s *CreateCertificateAuthorityInput) Validate() error { 3607 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityInput"} 3608 if s.CertificateAuthorityConfiguration == nil { 3609 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityConfiguration")) 3610 } 3611 if s.CertificateAuthorityType == nil { 3612 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityType")) 3613 } 3614 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 3615 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 3616 } 3617 if s.Tags != nil && len(s.Tags) < 1 { 3618 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 3619 } 3620 if s.CertificateAuthorityConfiguration != nil { 3621 if err := s.CertificateAuthorityConfiguration.Validate(); err != nil { 3622 invalidParams.AddNested("CertificateAuthorityConfiguration", err.(request.ErrInvalidParams)) 3623 } 3624 } 3625 if s.RevocationConfiguration != nil { 3626 if err := s.RevocationConfiguration.Validate(); err != nil { 3627 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 3628 } 3629 } 3630 if s.Tags != nil { 3631 for i, v := range s.Tags { 3632 if v == nil { 3633 continue 3634 } 3635 if err := v.Validate(); err != nil { 3636 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 3637 } 3638 } 3639 } 3640 3641 if invalidParams.Len() > 0 { 3642 return invalidParams 3643 } 3644 return nil 3645} 3646 3647// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3648func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CreateCertificateAuthorityInput { 3649 s.CertificateAuthorityConfiguration = v 3650 return s 3651} 3652 3653// SetCertificateAuthorityType sets the CertificateAuthorityType field's value. 3654func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityType(v string) *CreateCertificateAuthorityInput { 3655 s.CertificateAuthorityType = &v 3656 return s 3657} 3658 3659// SetIdempotencyToken sets the IdempotencyToken field's value. 3660func (s *CreateCertificateAuthorityInput) SetIdempotencyToken(v string) *CreateCertificateAuthorityInput { 3661 s.IdempotencyToken = &v 3662 return s 3663} 3664 3665// SetKeyStorageSecurityStandard sets the KeyStorageSecurityStandard field's value. 3666func (s *CreateCertificateAuthorityInput) SetKeyStorageSecurityStandard(v string) *CreateCertificateAuthorityInput { 3667 s.KeyStorageSecurityStandard = &v 3668 return s 3669} 3670 3671// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3672func (s *CreateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *CreateCertificateAuthorityInput { 3673 s.RevocationConfiguration = v 3674 return s 3675} 3676 3677// SetTags sets the Tags field's value. 3678func (s *CreateCertificateAuthorityInput) SetTags(v []*Tag) *CreateCertificateAuthorityInput { 3679 s.Tags = v 3680 return s 3681} 3682 3683type CreateCertificateAuthorityOutput struct { 3684 _ struct{} `type:"structure"` 3685 3686 // If successful, the Amazon Resource Name (ARN) of the certificate authority 3687 // (CA). This is of the form: 3688 // 3689 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3690 CertificateAuthorityArn *string `min:"5" type:"string"` 3691} 3692 3693// String returns the string representation 3694func (s CreateCertificateAuthorityOutput) String() string { 3695 return awsutil.Prettify(s) 3696} 3697 3698// GoString returns the string representation 3699func (s CreateCertificateAuthorityOutput) GoString() string { 3700 return s.String() 3701} 3702 3703// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3704func (s *CreateCertificateAuthorityOutput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityOutput { 3705 s.CertificateAuthorityArn = &v 3706 return s 3707} 3708 3709type CreatePermissionInput struct { 3710 _ struct{} `type:"structure"` 3711 3712 // The actions that the specified AWS service principal can use. These include 3713 // IssueCertificate, GetCertificate, and ListPermissions. 3714 // 3715 // Actions is a required field 3716 Actions []*string `min:"1" type:"list" required:"true"` 3717 3718 // The Amazon Resource Name (ARN) of the CA that grants the permissions. You 3719 // can find the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 3720 // action. This must have the following form: 3721 // 3722 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3723 // 3724 // CertificateAuthorityArn is a required field 3725 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3726 3727 // The AWS service or identity that receives the permission. At this time, the 3728 // only valid principal is acm.amazonaws.com. 3729 // 3730 // Principal is a required field 3731 Principal *string `type:"string" required:"true"` 3732 3733 // The ID of the calling account. 3734 SourceAccount *string `min:"12" type:"string"` 3735} 3736 3737// String returns the string representation 3738func (s CreatePermissionInput) String() string { 3739 return awsutil.Prettify(s) 3740} 3741 3742// GoString returns the string representation 3743func (s CreatePermissionInput) GoString() string { 3744 return s.String() 3745} 3746 3747// Validate inspects the fields of the type to determine if they are valid. 3748func (s *CreatePermissionInput) Validate() error { 3749 invalidParams := request.ErrInvalidParams{Context: "CreatePermissionInput"} 3750 if s.Actions == nil { 3751 invalidParams.Add(request.NewErrParamRequired("Actions")) 3752 } 3753 if s.Actions != nil && len(s.Actions) < 1 { 3754 invalidParams.Add(request.NewErrParamMinLen("Actions", 1)) 3755 } 3756 if s.CertificateAuthorityArn == nil { 3757 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3758 } 3759 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3760 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3761 } 3762 if s.Principal == nil { 3763 invalidParams.Add(request.NewErrParamRequired("Principal")) 3764 } 3765 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 3766 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 3767 } 3768 3769 if invalidParams.Len() > 0 { 3770 return invalidParams 3771 } 3772 return nil 3773} 3774 3775// SetActions sets the Actions field's value. 3776func (s *CreatePermissionInput) SetActions(v []*string) *CreatePermissionInput { 3777 s.Actions = v 3778 return s 3779} 3780 3781// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3782func (s *CreatePermissionInput) SetCertificateAuthorityArn(v string) *CreatePermissionInput { 3783 s.CertificateAuthorityArn = &v 3784 return s 3785} 3786 3787// SetPrincipal sets the Principal field's value. 3788func (s *CreatePermissionInput) SetPrincipal(v string) *CreatePermissionInput { 3789 s.Principal = &v 3790 return s 3791} 3792 3793// SetSourceAccount sets the SourceAccount field's value. 3794func (s *CreatePermissionInput) SetSourceAccount(v string) *CreatePermissionInput { 3795 s.SourceAccount = &v 3796 return s 3797} 3798 3799type CreatePermissionOutput struct { 3800 _ struct{} `type:"structure"` 3801} 3802 3803// String returns the string representation 3804func (s CreatePermissionOutput) String() string { 3805 return awsutil.Prettify(s) 3806} 3807 3808// GoString returns the string representation 3809func (s CreatePermissionOutput) GoString() string { 3810 return s.String() 3811} 3812 3813// Contains configuration information for a certificate revocation list (CRL). 3814// Your private certificate authority (CA) creates base CRLs. Delta CRLs are 3815// not supported. You can enable CRLs for your new or an existing private CA 3816// by setting the Enabled parameter to true. Your private CA writes CRLs to 3817// an S3 bucket that you specify in the S3BucketName parameter. You can hide 3818// the name of your bucket by specifying a value for the CustomCname parameter. 3819// Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution 3820// Points extension of each certificate it issues. Your S3 bucket policy must 3821// give write permission to ACM Private CA. 3822// 3823// ACM Private CA assets that are stored in Amazon S3 can be protected with 3824// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 3825// 3826// Your private CA uses the value in the ExpirationInDays parameter to calculate 3827// the nextUpdate field in the CRL. The CRL is refreshed at 1/2 the age of next 3828// update or when a certificate is revoked. When a certificate is revoked, it 3829// is recorded in the next CRL that is generated and in the next audit report. 3830// Only time valid certificates are listed in the CRL. Expired certificates 3831// are not included. 3832// 3833// CRLs contain the following fields: 3834// 3835// * Version: The current version number defined in RFC 5280 is V2. The integer 3836// value is 0x1. 3837// 3838// * Signature Algorithm: The name of the algorithm used to sign the CRL. 3839// 3840// * Issuer: The X.500 distinguished name of your private CA that issued 3841// the CRL. 3842// 3843// * Last Update: The issue date and time of this CRL. 3844// 3845// * Next Update: The day and time by which the next CRL will be issued. 3846// 3847// * Revoked Certificates: List of revoked certificates. Each list item contains 3848// the following information. Serial Number: The serial number, in hexadecimal 3849// format, of the revoked certificate. Revocation Date: Date and time the 3850// certificate was revoked. CRL Entry Extensions: Optional extensions for 3851// the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked. 3852// 3853// * CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key 3854// Identifier: Identifies the public key associated with the private key 3855// used to sign the certificate. X509v3 CRL Number:: Decimal sequence number 3856// for the CRL. 3857// 3858// * Signature Algorithm: Algorithm used by your private CA to sign the CRL. 3859// 3860// * Signature Value: Signature computed over the CRL. 3861// 3862// Certificate revocation lists created by ACM Private CA are DER-encoded. You 3863// can use the following OpenSSL command to list a CRL. 3864// 3865// openssl crl -inform DER -text -in crl_path -noout 3866type CrlConfiguration struct { 3867 _ struct{} `type:"structure"` 3868 3869 // Name inserted into the certificate CRL Distribution Points extension that 3870 // enables the use of an alias for the CRL distribution point. Use this value 3871 // if you don't want the name of your S3 bucket to be public. 3872 CustomCname *string `type:"string"` 3873 3874 // Boolean value that specifies whether certificate revocation lists (CRLs) 3875 // are enabled. You can use this value to enable certificate revocation for 3876 // a new CA when you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3877 // action or for an existing CA when you call the UpdateCertificateAuthority 3878 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 3879 // action. 3880 // 3881 // Enabled is a required field 3882 Enabled *bool `type:"boolean" required:"true"` 3883 3884 // Validity period of the CRL in days. 3885 ExpirationInDays *int64 `min:"1" type:"integer"` 3886 3887 // Name of the S3 bucket that contains the CRL. If you do not provide a value 3888 // for the CustomCname argument, the name of your S3 bucket is placed into the 3889 // CRL Distribution Points extension of the issued certificate. You can change 3890 // the name of your bucket by calling the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 3891 // action. You must specify a bucket policy (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies) 3892 // that allows ACM Private CA to write the CRL to your bucket. 3893 S3BucketName *string `min:"3" type:"string"` 3894 3895 // Determines whether the CRL will be publicly readable or privately held in 3896 // the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible 3897 // over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the 3898 // owner of the CRL S3 bucket can access the CRL, and your PKI clients may need 3899 // an alternative method of access. 3900 // 3901 // If no value is specified, the default is PUBLIC_READ. 3902 // 3903 // Note: This default can cause CA creation to fail in some circumstances. If 3904 // you have have enabled the Block Public Access (BPA) feature in your S3 account, 3905 // then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL, 3906 // and not doing so results in an error. If you have disabled BPA in S3, then 3907 // you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value. 3908 // 3909 // For more information, see Blocking public access to the S3 bucket (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa). 3910 S3ObjectAcl *string `type:"string" enum:"S3ObjectAcl"` 3911} 3912 3913// String returns the string representation 3914func (s CrlConfiguration) String() string { 3915 return awsutil.Prettify(s) 3916} 3917 3918// GoString returns the string representation 3919func (s CrlConfiguration) GoString() string { 3920 return s.String() 3921} 3922 3923// Validate inspects the fields of the type to determine if they are valid. 3924func (s *CrlConfiguration) Validate() error { 3925 invalidParams := request.ErrInvalidParams{Context: "CrlConfiguration"} 3926 if s.Enabled == nil { 3927 invalidParams.Add(request.NewErrParamRequired("Enabled")) 3928 } 3929 if s.ExpirationInDays != nil && *s.ExpirationInDays < 1 { 3930 invalidParams.Add(request.NewErrParamMinValue("ExpirationInDays", 1)) 3931 } 3932 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 3933 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 3934 } 3935 3936 if invalidParams.Len() > 0 { 3937 return invalidParams 3938 } 3939 return nil 3940} 3941 3942// SetCustomCname sets the CustomCname field's value. 3943func (s *CrlConfiguration) SetCustomCname(v string) *CrlConfiguration { 3944 s.CustomCname = &v 3945 return s 3946} 3947 3948// SetEnabled sets the Enabled field's value. 3949func (s *CrlConfiguration) SetEnabled(v bool) *CrlConfiguration { 3950 s.Enabled = &v 3951 return s 3952} 3953 3954// SetExpirationInDays sets the ExpirationInDays field's value. 3955func (s *CrlConfiguration) SetExpirationInDays(v int64) *CrlConfiguration { 3956 s.ExpirationInDays = &v 3957 return s 3958} 3959 3960// SetS3BucketName sets the S3BucketName field's value. 3961func (s *CrlConfiguration) SetS3BucketName(v string) *CrlConfiguration { 3962 s.S3BucketName = &v 3963 return s 3964} 3965 3966// SetS3ObjectAcl sets the S3ObjectAcl field's value. 3967func (s *CrlConfiguration) SetS3ObjectAcl(v string) *CrlConfiguration { 3968 s.S3ObjectAcl = &v 3969 return s 3970} 3971 3972// Describes the certificate extensions to be added to the certificate signing 3973// request (CSR). 3974type CsrExtensions struct { 3975 _ struct{} `type:"structure"` 3976 3977 // Indicates the purpose of the certificate and of the key contained in the 3978 // certificate. 3979 KeyUsage *KeyUsage `type:"structure"` 3980 3981 // For CA certificates, provides a path to additional information pertaining 3982 // to the CA, such as revocation and policy. For more information, see Subject 3983 // Information Access (https://tools.ietf.org/html/rfc5280#section-4.2.2.2) 3984 // in RFC 5280. 3985 SubjectInformationAccess []*AccessDescription `type:"list"` 3986} 3987 3988// String returns the string representation 3989func (s CsrExtensions) String() string { 3990 return awsutil.Prettify(s) 3991} 3992 3993// GoString returns the string representation 3994func (s CsrExtensions) GoString() string { 3995 return s.String() 3996} 3997 3998// Validate inspects the fields of the type to determine if they are valid. 3999func (s *CsrExtensions) Validate() error { 4000 invalidParams := request.ErrInvalidParams{Context: "CsrExtensions"} 4001 if s.SubjectInformationAccess != nil { 4002 for i, v := range s.SubjectInformationAccess { 4003 if v == nil { 4004 continue 4005 } 4006 if err := v.Validate(); err != nil { 4007 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectInformationAccess", i), err.(request.ErrInvalidParams)) 4008 } 4009 } 4010 } 4011 4012 if invalidParams.Len() > 0 { 4013 return invalidParams 4014 } 4015 return nil 4016} 4017 4018// SetKeyUsage sets the KeyUsage field's value. 4019func (s *CsrExtensions) SetKeyUsage(v *KeyUsage) *CsrExtensions { 4020 s.KeyUsage = v 4021 return s 4022} 4023 4024// SetSubjectInformationAccess sets the SubjectInformationAccess field's value. 4025func (s *CsrExtensions) SetSubjectInformationAccess(v []*AccessDescription) *CsrExtensions { 4026 s.SubjectInformationAccess = v 4027 return s 4028} 4029 4030type DeleteCertificateAuthorityInput struct { 4031 _ struct{} `type:"structure"` 4032 4033 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4034 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4035 // This must have the following form: 4036 // 4037 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4038 // 4039 // CertificateAuthorityArn is a required field 4040 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4041 4042 // The number of days to make a CA restorable after it has been deleted. This 4043 // can be anywhere from 7 to 30 days, with 30 being the default. 4044 PermanentDeletionTimeInDays *int64 `min:"7" type:"integer"` 4045} 4046 4047// String returns the string representation 4048func (s DeleteCertificateAuthorityInput) String() string { 4049 return awsutil.Prettify(s) 4050} 4051 4052// GoString returns the string representation 4053func (s DeleteCertificateAuthorityInput) GoString() string { 4054 return s.String() 4055} 4056 4057// Validate inspects the fields of the type to determine if they are valid. 4058func (s *DeleteCertificateAuthorityInput) Validate() error { 4059 invalidParams := request.ErrInvalidParams{Context: "DeleteCertificateAuthorityInput"} 4060 if s.CertificateAuthorityArn == nil { 4061 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4062 } 4063 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4064 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4065 } 4066 if s.PermanentDeletionTimeInDays != nil && *s.PermanentDeletionTimeInDays < 7 { 4067 invalidParams.Add(request.NewErrParamMinValue("PermanentDeletionTimeInDays", 7)) 4068 } 4069 4070 if invalidParams.Len() > 0 { 4071 return invalidParams 4072 } 4073 return nil 4074} 4075 4076// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4077func (s *DeleteCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DeleteCertificateAuthorityInput { 4078 s.CertificateAuthorityArn = &v 4079 return s 4080} 4081 4082// SetPermanentDeletionTimeInDays sets the PermanentDeletionTimeInDays field's value. 4083func (s *DeleteCertificateAuthorityInput) SetPermanentDeletionTimeInDays(v int64) *DeleteCertificateAuthorityInput { 4084 s.PermanentDeletionTimeInDays = &v 4085 return s 4086} 4087 4088type DeleteCertificateAuthorityOutput struct { 4089 _ struct{} `type:"structure"` 4090} 4091 4092// String returns the string representation 4093func (s DeleteCertificateAuthorityOutput) String() string { 4094 return awsutil.Prettify(s) 4095} 4096 4097// GoString returns the string representation 4098func (s DeleteCertificateAuthorityOutput) GoString() string { 4099 return s.String() 4100} 4101 4102type DeletePermissionInput struct { 4103 _ struct{} `type:"structure"` 4104 4105 // The Amazon Resource Number (ARN) of the private CA that issued the permissions. 4106 // You can find the CA's ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4107 // action. This must have the following form: 4108 // 4109 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4110 // 4111 // CertificateAuthorityArn is a required field 4112 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4113 4114 // The AWS service or identity that will have its CA permissions revoked. At 4115 // this time, the only valid service principal is acm.amazonaws.com 4116 // 4117 // Principal is a required field 4118 Principal *string `type:"string" required:"true"` 4119 4120 // The AWS account that calls this action. 4121 SourceAccount *string `min:"12" type:"string"` 4122} 4123 4124// String returns the string representation 4125func (s DeletePermissionInput) String() string { 4126 return awsutil.Prettify(s) 4127} 4128 4129// GoString returns the string representation 4130func (s DeletePermissionInput) GoString() string { 4131 return s.String() 4132} 4133 4134// Validate inspects the fields of the type to determine if they are valid. 4135func (s *DeletePermissionInput) Validate() error { 4136 invalidParams := request.ErrInvalidParams{Context: "DeletePermissionInput"} 4137 if s.CertificateAuthorityArn == nil { 4138 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4139 } 4140 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4141 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4142 } 4143 if s.Principal == nil { 4144 invalidParams.Add(request.NewErrParamRequired("Principal")) 4145 } 4146 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 4147 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 4148 } 4149 4150 if invalidParams.Len() > 0 { 4151 return invalidParams 4152 } 4153 return nil 4154} 4155 4156// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4157func (s *DeletePermissionInput) SetCertificateAuthorityArn(v string) *DeletePermissionInput { 4158 s.CertificateAuthorityArn = &v 4159 return s 4160} 4161 4162// SetPrincipal sets the Principal field's value. 4163func (s *DeletePermissionInput) SetPrincipal(v string) *DeletePermissionInput { 4164 s.Principal = &v 4165 return s 4166} 4167 4168// SetSourceAccount sets the SourceAccount field's value. 4169func (s *DeletePermissionInput) SetSourceAccount(v string) *DeletePermissionInput { 4170 s.SourceAccount = &v 4171 return s 4172} 4173 4174type DeletePermissionOutput struct { 4175 _ struct{} `type:"structure"` 4176} 4177 4178// String returns the string representation 4179func (s DeletePermissionOutput) String() string { 4180 return awsutil.Prettify(s) 4181} 4182 4183// GoString returns the string representation 4184func (s DeletePermissionOutput) GoString() string { 4185 return s.String() 4186} 4187 4188type DeletePolicyInput struct { 4189 _ struct{} `type:"structure"` 4190 4191 // The Amazon Resource Number (ARN) of the private CA that will have its policy 4192 // deleted. You can find the CA's ARN by calling the ListCertificateAuthorities 4193 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4194 // action. The ARN value must have the form arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab. 4195 // 4196 // ResourceArn is a required field 4197 ResourceArn *string `min:"5" type:"string" required:"true"` 4198} 4199 4200// String returns the string representation 4201func (s DeletePolicyInput) String() string { 4202 return awsutil.Prettify(s) 4203} 4204 4205// GoString returns the string representation 4206func (s DeletePolicyInput) GoString() string { 4207 return s.String() 4208} 4209 4210// Validate inspects the fields of the type to determine if they are valid. 4211func (s *DeletePolicyInput) Validate() error { 4212 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 4213 if s.ResourceArn == nil { 4214 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 4215 } 4216 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 4217 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 4218 } 4219 4220 if invalidParams.Len() > 0 { 4221 return invalidParams 4222 } 4223 return nil 4224} 4225 4226// SetResourceArn sets the ResourceArn field's value. 4227func (s *DeletePolicyInput) SetResourceArn(v string) *DeletePolicyInput { 4228 s.ResourceArn = &v 4229 return s 4230} 4231 4232type DeletePolicyOutput struct { 4233 _ struct{} `type:"structure"` 4234} 4235 4236// String returns the string representation 4237func (s DeletePolicyOutput) String() string { 4238 return awsutil.Prettify(s) 4239} 4240 4241// GoString returns the string representation 4242func (s DeletePolicyOutput) GoString() string { 4243 return s.String() 4244} 4245 4246type DescribeCertificateAuthorityAuditReportInput struct { 4247 _ struct{} `type:"structure"` 4248 4249 // The report ID returned by calling the CreateCertificateAuthorityAuditReport 4250 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 4251 // action. 4252 // 4253 // AuditReportId is a required field 4254 AuditReportId *string `min:"36" type:"string" required:"true"` 4255 4256 // The Amazon Resource Name (ARN) of the private CA. This must be of the form: 4257 // 4258 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4259 // 4260 // CertificateAuthorityArn is a required field 4261 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4262} 4263 4264// String returns the string representation 4265func (s DescribeCertificateAuthorityAuditReportInput) String() string { 4266 return awsutil.Prettify(s) 4267} 4268 4269// GoString returns the string representation 4270func (s DescribeCertificateAuthorityAuditReportInput) GoString() string { 4271 return s.String() 4272} 4273 4274// Validate inspects the fields of the type to determine if they are valid. 4275func (s *DescribeCertificateAuthorityAuditReportInput) Validate() error { 4276 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityAuditReportInput"} 4277 if s.AuditReportId == nil { 4278 invalidParams.Add(request.NewErrParamRequired("AuditReportId")) 4279 } 4280 if s.AuditReportId != nil && len(*s.AuditReportId) < 36 { 4281 invalidParams.Add(request.NewErrParamMinLen("AuditReportId", 36)) 4282 } 4283 if s.CertificateAuthorityArn == nil { 4284 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4285 } 4286 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4287 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4288 } 4289 4290 if invalidParams.Len() > 0 { 4291 return invalidParams 4292 } 4293 return nil 4294} 4295 4296// SetAuditReportId sets the AuditReportId field's value. 4297func (s *DescribeCertificateAuthorityAuditReportInput) SetAuditReportId(v string) *DescribeCertificateAuthorityAuditReportInput { 4298 s.AuditReportId = &v 4299 return s 4300} 4301 4302// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4303func (s *DescribeCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityAuditReportInput { 4304 s.CertificateAuthorityArn = &v 4305 return s 4306} 4307 4308type DescribeCertificateAuthorityAuditReportOutput struct { 4309 _ struct{} `type:"structure"` 4310 4311 // Specifies whether report creation is in progress, has succeeded, or has failed. 4312 AuditReportStatus *string `type:"string" enum:"AuditReportStatus"` 4313 4314 // The date and time at which the report was created. 4315 CreatedAt *time.Time `type:"timestamp"` 4316 4317 // Name of the S3 bucket that contains the report. 4318 S3BucketName *string `min:"3" type:"string"` 4319 4320 // S3 key that uniquely identifies the report file in your S3 bucket. 4321 S3Key *string `type:"string"` 4322} 4323 4324// String returns the string representation 4325func (s DescribeCertificateAuthorityAuditReportOutput) String() string { 4326 return awsutil.Prettify(s) 4327} 4328 4329// GoString returns the string representation 4330func (s DescribeCertificateAuthorityAuditReportOutput) GoString() string { 4331 return s.String() 4332} 4333 4334// SetAuditReportStatus sets the AuditReportStatus field's value. 4335func (s *DescribeCertificateAuthorityAuditReportOutput) SetAuditReportStatus(v string) *DescribeCertificateAuthorityAuditReportOutput { 4336 s.AuditReportStatus = &v 4337 return s 4338} 4339 4340// SetCreatedAt sets the CreatedAt field's value. 4341func (s *DescribeCertificateAuthorityAuditReportOutput) SetCreatedAt(v time.Time) *DescribeCertificateAuthorityAuditReportOutput { 4342 s.CreatedAt = &v 4343 return s 4344} 4345 4346// SetS3BucketName sets the S3BucketName field's value. 4347func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3BucketName(v string) *DescribeCertificateAuthorityAuditReportOutput { 4348 s.S3BucketName = &v 4349 return s 4350} 4351 4352// SetS3Key sets the S3Key field's value. 4353func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3Key(v string) *DescribeCertificateAuthorityAuditReportOutput { 4354 s.S3Key = &v 4355 return s 4356} 4357 4358type DescribeCertificateAuthorityInput struct { 4359 _ struct{} `type:"structure"` 4360 4361 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4362 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4363 // This must be of the form: 4364 // 4365 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4366 // 4367 // CertificateAuthorityArn is a required field 4368 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4369} 4370 4371// String returns the string representation 4372func (s DescribeCertificateAuthorityInput) String() string { 4373 return awsutil.Prettify(s) 4374} 4375 4376// GoString returns the string representation 4377func (s DescribeCertificateAuthorityInput) GoString() string { 4378 return s.String() 4379} 4380 4381// Validate inspects the fields of the type to determine if they are valid. 4382func (s *DescribeCertificateAuthorityInput) Validate() error { 4383 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityInput"} 4384 if s.CertificateAuthorityArn == nil { 4385 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4386 } 4387 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4388 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4389 } 4390 4391 if invalidParams.Len() > 0 { 4392 return invalidParams 4393 } 4394 return nil 4395} 4396 4397// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4398func (s *DescribeCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityInput { 4399 s.CertificateAuthorityArn = &v 4400 return s 4401} 4402 4403type DescribeCertificateAuthorityOutput struct { 4404 _ struct{} `type:"structure"` 4405 4406 // A CertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html) 4407 // structure that contains information about your private CA. 4408 CertificateAuthority *CertificateAuthority `type:"structure"` 4409} 4410 4411// String returns the string representation 4412func (s DescribeCertificateAuthorityOutput) String() string { 4413 return awsutil.Prettify(s) 4414} 4415 4416// GoString returns the string representation 4417func (s DescribeCertificateAuthorityOutput) GoString() string { 4418 return s.String() 4419} 4420 4421// SetCertificateAuthority sets the CertificateAuthority field's value. 4422func (s *DescribeCertificateAuthorityOutput) SetCertificateAuthority(v *CertificateAuthority) *DescribeCertificateAuthorityOutput { 4423 s.CertificateAuthority = v 4424 return s 4425} 4426 4427// Describes an Electronic Data Interchange (EDI) entity as described in as 4428// defined in Subject Alternative Name (https://tools.ietf.org/html/rfc5280) 4429// in RFC 5280. 4430type EdiPartyName struct { 4431 _ struct{} `type:"structure"` 4432 4433 // Specifies the name assigner. 4434 NameAssigner *string `type:"string"` 4435 4436 // Specifies the party name. 4437 // 4438 // PartyName is a required field 4439 PartyName *string `type:"string" required:"true"` 4440} 4441 4442// String returns the string representation 4443func (s EdiPartyName) String() string { 4444 return awsutil.Prettify(s) 4445} 4446 4447// GoString returns the string representation 4448func (s EdiPartyName) GoString() string { 4449 return s.String() 4450} 4451 4452// Validate inspects the fields of the type to determine if they are valid. 4453func (s *EdiPartyName) Validate() error { 4454 invalidParams := request.ErrInvalidParams{Context: "EdiPartyName"} 4455 if s.PartyName == nil { 4456 invalidParams.Add(request.NewErrParamRequired("PartyName")) 4457 } 4458 4459 if invalidParams.Len() > 0 { 4460 return invalidParams 4461 } 4462 return nil 4463} 4464 4465// SetNameAssigner sets the NameAssigner field's value. 4466func (s *EdiPartyName) SetNameAssigner(v string) *EdiPartyName { 4467 s.NameAssigner = &v 4468 return s 4469} 4470 4471// SetPartyName sets the PartyName field's value. 4472func (s *EdiPartyName) SetPartyName(v string) *EdiPartyName { 4473 s.PartyName = &v 4474 return s 4475} 4476 4477// Specifies additional purposes for which the certified public key may be used 4478// other than basic purposes indicated in the KeyUsage extension. 4479type ExtendedKeyUsage struct { 4480 _ struct{} `type:"structure"` 4481 4482 // Specifies a custom ExtendedKeyUsage with an object identifier (OID). 4483 ExtendedKeyUsageObjectIdentifier *string `type:"string"` 4484 4485 // Specifies a standard ExtendedKeyUsage as defined as in RFC 5280 (https://tools.ietf.org/html/rfc5280#section-4.2.1.12). 4486 ExtendedKeyUsageType *string `type:"string" enum:"ExtendedKeyUsageType"` 4487} 4488 4489// String returns the string representation 4490func (s ExtendedKeyUsage) String() string { 4491 return awsutil.Prettify(s) 4492} 4493 4494// GoString returns the string representation 4495func (s ExtendedKeyUsage) GoString() string { 4496 return s.String() 4497} 4498 4499// SetExtendedKeyUsageObjectIdentifier sets the ExtendedKeyUsageObjectIdentifier field's value. 4500func (s *ExtendedKeyUsage) SetExtendedKeyUsageObjectIdentifier(v string) *ExtendedKeyUsage { 4501 s.ExtendedKeyUsageObjectIdentifier = &v 4502 return s 4503} 4504 4505// SetExtendedKeyUsageType sets the ExtendedKeyUsageType field's value. 4506func (s *ExtendedKeyUsage) SetExtendedKeyUsageType(v string) *ExtendedKeyUsage { 4507 s.ExtendedKeyUsageType = &v 4508 return s 4509} 4510 4511// Contains X.509 extension information for a certificate. 4512type Extensions struct { 4513 _ struct{} `type:"structure"` 4514 4515 // Contains a sequence of one or more policy information terms, each of which 4516 // consists of an object identifier (OID) and optional qualifiers. For more 4517 // information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 4518 // 4519 // In an end-entity certificate, these terms indicate the policy under which 4520 // the certificate was issued and the purposes for which it may be used. In 4521 // a CA certificate, these terms limit the set of policies for certification 4522 // paths that include this certificate. 4523 CertificatePolicies []*PolicyInformation `min:"1" type:"list"` 4524 4525 // Specifies additional purposes for which the certified public key may be used 4526 // other than basic purposes indicated in the KeyUsage extension. 4527 ExtendedKeyUsage []*ExtendedKeyUsage `min:"1" type:"list"` 4528 4529 // Defines one or more purposes for which the key contained in the certificate 4530 // can be used. Default value for each option is false. 4531 KeyUsage *KeyUsage `type:"structure"` 4532 4533 // The subject alternative name extension allows identities to be bound to the 4534 // subject of the certificate. These identities may be included in addition 4535 // to or in place of the identity in the subject field of the certificate. 4536 SubjectAlternativeNames []*GeneralName `min:"1" type:"list"` 4537} 4538 4539// String returns the string representation 4540func (s Extensions) String() string { 4541 return awsutil.Prettify(s) 4542} 4543 4544// GoString returns the string representation 4545func (s Extensions) GoString() string { 4546 return s.String() 4547} 4548 4549// Validate inspects the fields of the type to determine if they are valid. 4550func (s *Extensions) Validate() error { 4551 invalidParams := request.ErrInvalidParams{Context: "Extensions"} 4552 if s.CertificatePolicies != nil && len(s.CertificatePolicies) < 1 { 4553 invalidParams.Add(request.NewErrParamMinLen("CertificatePolicies", 1)) 4554 } 4555 if s.ExtendedKeyUsage != nil && len(s.ExtendedKeyUsage) < 1 { 4556 invalidParams.Add(request.NewErrParamMinLen("ExtendedKeyUsage", 1)) 4557 } 4558 if s.SubjectAlternativeNames != nil && len(s.SubjectAlternativeNames) < 1 { 4559 invalidParams.Add(request.NewErrParamMinLen("SubjectAlternativeNames", 1)) 4560 } 4561 if s.CertificatePolicies != nil { 4562 for i, v := range s.CertificatePolicies { 4563 if v == nil { 4564 continue 4565 } 4566 if err := v.Validate(); err != nil { 4567 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CertificatePolicies", i), err.(request.ErrInvalidParams)) 4568 } 4569 } 4570 } 4571 if s.SubjectAlternativeNames != nil { 4572 for i, v := range s.SubjectAlternativeNames { 4573 if v == nil { 4574 continue 4575 } 4576 if err := v.Validate(); err != nil { 4577 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectAlternativeNames", i), err.(request.ErrInvalidParams)) 4578 } 4579 } 4580 } 4581 4582 if invalidParams.Len() > 0 { 4583 return invalidParams 4584 } 4585 return nil 4586} 4587 4588// SetCertificatePolicies sets the CertificatePolicies field's value. 4589func (s *Extensions) SetCertificatePolicies(v []*PolicyInformation) *Extensions { 4590 s.CertificatePolicies = v 4591 return s 4592} 4593 4594// SetExtendedKeyUsage sets the ExtendedKeyUsage field's value. 4595func (s *Extensions) SetExtendedKeyUsage(v []*ExtendedKeyUsage) *Extensions { 4596 s.ExtendedKeyUsage = v 4597 return s 4598} 4599 4600// SetKeyUsage sets the KeyUsage field's value. 4601func (s *Extensions) SetKeyUsage(v *KeyUsage) *Extensions { 4602 s.KeyUsage = v 4603 return s 4604} 4605 4606// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. 4607func (s *Extensions) SetSubjectAlternativeNames(v []*GeneralName) *Extensions { 4608 s.SubjectAlternativeNames = v 4609 return s 4610} 4611 4612// Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). 4613// Only one of the following naming options should be provided. Providing more 4614// than one option results in an InvalidArgsException error. 4615type GeneralName struct { 4616 _ struct{} `type:"structure"` 4617 4618 // Contains information about the certificate subject. The Subject field in 4619 // the certificate identifies the entity that owns or controls the public key 4620 // in the certificate. The entity can be a user, computer, device, or service. 4621 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 4622 // of relative distinguished names (RDNs). The RDNs are separated by commas 4623 // in the certificate. 4624 DirectoryName *ASN1Subject `type:"structure"` 4625 4626 // Represents GeneralName as a DNS name. 4627 DnsName *string `type:"string"` 4628 4629 // Represents GeneralName as an EdiPartyName object. 4630 EdiPartyName *EdiPartyName `type:"structure"` 4631 4632 // Represents GeneralName as an IPv4 or IPv6 address. 4633 IpAddress *string `type:"string"` 4634 4635 // Represents GeneralName using an OtherName object. 4636 OtherName *OtherName `type:"structure"` 4637 4638 // Represents GeneralName as an object identifier (OID). 4639 RegisteredId *string `type:"string"` 4640 4641 // Represents GeneralName as an RFC 822 (https://tools.ietf.org/html/rfc822) 4642 // email address. 4643 Rfc822Name *string `type:"string"` 4644 4645 // Represents GeneralName as a URI. 4646 UniformResourceIdentifier *string `type:"string"` 4647} 4648 4649// String returns the string representation 4650func (s GeneralName) String() string { 4651 return awsutil.Prettify(s) 4652} 4653 4654// GoString returns the string representation 4655func (s GeneralName) GoString() string { 4656 return s.String() 4657} 4658 4659// Validate inspects the fields of the type to determine if they are valid. 4660func (s *GeneralName) Validate() error { 4661 invalidParams := request.ErrInvalidParams{Context: "GeneralName"} 4662 if s.DirectoryName != nil { 4663 if err := s.DirectoryName.Validate(); err != nil { 4664 invalidParams.AddNested("DirectoryName", err.(request.ErrInvalidParams)) 4665 } 4666 } 4667 if s.EdiPartyName != nil { 4668 if err := s.EdiPartyName.Validate(); err != nil { 4669 invalidParams.AddNested("EdiPartyName", err.(request.ErrInvalidParams)) 4670 } 4671 } 4672 if s.OtherName != nil { 4673 if err := s.OtherName.Validate(); err != nil { 4674 invalidParams.AddNested("OtherName", err.(request.ErrInvalidParams)) 4675 } 4676 } 4677 4678 if invalidParams.Len() > 0 { 4679 return invalidParams 4680 } 4681 return nil 4682} 4683 4684// SetDirectoryName sets the DirectoryName field's value. 4685func (s *GeneralName) SetDirectoryName(v *ASN1Subject) *GeneralName { 4686 s.DirectoryName = v 4687 return s 4688} 4689 4690// SetDnsName sets the DnsName field's value. 4691func (s *GeneralName) SetDnsName(v string) *GeneralName { 4692 s.DnsName = &v 4693 return s 4694} 4695 4696// SetEdiPartyName sets the EdiPartyName field's value. 4697func (s *GeneralName) SetEdiPartyName(v *EdiPartyName) *GeneralName { 4698 s.EdiPartyName = v 4699 return s 4700} 4701 4702// SetIpAddress sets the IpAddress field's value. 4703func (s *GeneralName) SetIpAddress(v string) *GeneralName { 4704 s.IpAddress = &v 4705 return s 4706} 4707 4708// SetOtherName sets the OtherName field's value. 4709func (s *GeneralName) SetOtherName(v *OtherName) *GeneralName { 4710 s.OtherName = v 4711 return s 4712} 4713 4714// SetRegisteredId sets the RegisteredId field's value. 4715func (s *GeneralName) SetRegisteredId(v string) *GeneralName { 4716 s.RegisteredId = &v 4717 return s 4718} 4719 4720// SetRfc822Name sets the Rfc822Name field's value. 4721func (s *GeneralName) SetRfc822Name(v string) *GeneralName { 4722 s.Rfc822Name = &v 4723 return s 4724} 4725 4726// SetUniformResourceIdentifier sets the UniformResourceIdentifier field's value. 4727func (s *GeneralName) SetUniformResourceIdentifier(v string) *GeneralName { 4728 s.UniformResourceIdentifier = &v 4729 return s 4730} 4731 4732type GetCertificateAuthorityCertificateInput struct { 4733 _ struct{} `type:"structure"` 4734 4735 // The Amazon Resource Name (ARN) of your private CA. This is of the form: 4736 // 4737 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4738 // 4739 // CertificateAuthorityArn is a required field 4740 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4741} 4742 4743// String returns the string representation 4744func (s GetCertificateAuthorityCertificateInput) String() string { 4745 return awsutil.Prettify(s) 4746} 4747 4748// GoString returns the string representation 4749func (s GetCertificateAuthorityCertificateInput) GoString() string { 4750 return s.String() 4751} 4752 4753// Validate inspects the fields of the type to determine if they are valid. 4754func (s *GetCertificateAuthorityCertificateInput) Validate() error { 4755 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCertificateInput"} 4756 if s.CertificateAuthorityArn == nil { 4757 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4758 } 4759 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4760 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4761 } 4762 4763 if invalidParams.Len() > 0 { 4764 return invalidParams 4765 } 4766 return nil 4767} 4768 4769// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4770func (s *GetCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCertificateInput { 4771 s.CertificateAuthorityArn = &v 4772 return s 4773} 4774 4775type GetCertificateAuthorityCertificateOutput struct { 4776 _ struct{} `type:"structure"` 4777 4778 // Base64-encoded certificate authority (CA) certificate. 4779 Certificate *string `type:"string"` 4780 4781 // Base64-encoded certificate chain that includes any intermediate certificates 4782 // and chains up to root certificate that you used to sign your private CA certificate. 4783 // The chain does not include your private CA certificate. If this is a root 4784 // CA, the value will be null. 4785 CertificateChain *string `type:"string"` 4786} 4787 4788// String returns the string representation 4789func (s GetCertificateAuthorityCertificateOutput) String() string { 4790 return awsutil.Prettify(s) 4791} 4792 4793// GoString returns the string representation 4794func (s GetCertificateAuthorityCertificateOutput) GoString() string { 4795 return s.String() 4796} 4797 4798// SetCertificate sets the Certificate field's value. 4799func (s *GetCertificateAuthorityCertificateOutput) SetCertificate(v string) *GetCertificateAuthorityCertificateOutput { 4800 s.Certificate = &v 4801 return s 4802} 4803 4804// SetCertificateChain sets the CertificateChain field's value. 4805func (s *GetCertificateAuthorityCertificateOutput) SetCertificateChain(v string) *GetCertificateAuthorityCertificateOutput { 4806 s.CertificateChain = &v 4807 return s 4808} 4809 4810type GetCertificateAuthorityCsrInput struct { 4811 _ struct{} `type:"structure"` 4812 4813 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 4814 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 4815 // action. This must be of the form: 4816 // 4817 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 4818 // 4819 // CertificateAuthorityArn is a required field 4820 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4821} 4822 4823// String returns the string representation 4824func (s GetCertificateAuthorityCsrInput) String() string { 4825 return awsutil.Prettify(s) 4826} 4827 4828// GoString returns the string representation 4829func (s GetCertificateAuthorityCsrInput) GoString() string { 4830 return s.String() 4831} 4832 4833// Validate inspects the fields of the type to determine if they are valid. 4834func (s *GetCertificateAuthorityCsrInput) Validate() error { 4835 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCsrInput"} 4836 if s.CertificateAuthorityArn == nil { 4837 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4838 } 4839 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4840 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4841 } 4842 4843 if invalidParams.Len() > 0 { 4844 return invalidParams 4845 } 4846 return nil 4847} 4848 4849// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4850func (s *GetCertificateAuthorityCsrInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCsrInput { 4851 s.CertificateAuthorityArn = &v 4852 return s 4853} 4854 4855type GetCertificateAuthorityCsrOutput struct { 4856 _ struct{} `type:"structure"` 4857 4858 // The base64 PEM-encoded certificate signing request (CSR) for your private 4859 // CA certificate. 4860 Csr *string `type:"string"` 4861} 4862 4863// String returns the string representation 4864func (s GetCertificateAuthorityCsrOutput) String() string { 4865 return awsutil.Prettify(s) 4866} 4867 4868// GoString returns the string representation 4869func (s GetCertificateAuthorityCsrOutput) GoString() string { 4870 return s.String() 4871} 4872 4873// SetCsr sets the Csr field's value. 4874func (s *GetCertificateAuthorityCsrOutput) SetCsr(v string) *GetCertificateAuthorityCsrOutput { 4875 s.Csr = &v 4876 return s 4877} 4878 4879type GetCertificateInput struct { 4880 _ struct{} `type:"structure"` 4881 4882 // The ARN of the issued certificate. The ARN contains the certificate serial 4883 // number and must be in the following form: 4884 // 4885 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 4886 // 4887 // CertificateArn is a required field 4888 CertificateArn *string `min:"5" type:"string" required:"true"` 4889 4890 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4891 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4892 // This must be of the form: 4893 // 4894 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4895 // 4896 // CertificateAuthorityArn is a required field 4897 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4898} 4899 4900// String returns the string representation 4901func (s GetCertificateInput) String() string { 4902 return awsutil.Prettify(s) 4903} 4904 4905// GoString returns the string representation 4906func (s GetCertificateInput) GoString() string { 4907 return s.String() 4908} 4909 4910// Validate inspects the fields of the type to determine if they are valid. 4911func (s *GetCertificateInput) Validate() error { 4912 invalidParams := request.ErrInvalidParams{Context: "GetCertificateInput"} 4913 if s.CertificateArn == nil { 4914 invalidParams.Add(request.NewErrParamRequired("CertificateArn")) 4915 } 4916 if s.CertificateArn != nil && len(*s.CertificateArn) < 5 { 4917 invalidParams.Add(request.NewErrParamMinLen("CertificateArn", 5)) 4918 } 4919 if s.CertificateAuthorityArn == nil { 4920 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4921 } 4922 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4923 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4924 } 4925 4926 if invalidParams.Len() > 0 { 4927 return invalidParams 4928 } 4929 return nil 4930} 4931 4932// SetCertificateArn sets the CertificateArn field's value. 4933func (s *GetCertificateInput) SetCertificateArn(v string) *GetCertificateInput { 4934 s.CertificateArn = &v 4935 return s 4936} 4937 4938// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4939func (s *GetCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateInput { 4940 s.CertificateAuthorityArn = &v 4941 return s 4942} 4943 4944type GetCertificateOutput struct { 4945 _ struct{} `type:"structure"` 4946 4947 // The base64 PEM-encoded certificate specified by the CertificateArn parameter. 4948 Certificate *string `type:"string"` 4949 4950 // The base64 PEM-encoded certificate chain that chains up to the root CA certificate 4951 // that you used to sign your private CA certificate. 4952 CertificateChain *string `type:"string"` 4953} 4954 4955// String returns the string representation 4956func (s GetCertificateOutput) String() string { 4957 return awsutil.Prettify(s) 4958} 4959 4960// GoString returns the string representation 4961func (s GetCertificateOutput) GoString() string { 4962 return s.String() 4963} 4964 4965// SetCertificate sets the Certificate field's value. 4966func (s *GetCertificateOutput) SetCertificate(v string) *GetCertificateOutput { 4967 s.Certificate = &v 4968 return s 4969} 4970 4971// SetCertificateChain sets the CertificateChain field's value. 4972func (s *GetCertificateOutput) SetCertificateChain(v string) *GetCertificateOutput { 4973 s.CertificateChain = &v 4974 return s 4975} 4976 4977type GetPolicyInput struct { 4978 _ struct{} `type:"structure"` 4979 4980 // The Amazon Resource Number (ARN) of the private CA that will have its policy 4981 // retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities 4982 // action. 4983 // 4984 // ResourceArn is a required field 4985 ResourceArn *string `min:"5" type:"string" required:"true"` 4986} 4987 4988// String returns the string representation 4989func (s GetPolicyInput) String() string { 4990 return awsutil.Prettify(s) 4991} 4992 4993// GoString returns the string representation 4994func (s GetPolicyInput) GoString() string { 4995 return s.String() 4996} 4997 4998// Validate inspects the fields of the type to determine if they are valid. 4999func (s *GetPolicyInput) Validate() error { 5000 invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"} 5001 if s.ResourceArn == nil { 5002 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 5003 } 5004 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 5005 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 5006 } 5007 5008 if invalidParams.Len() > 0 { 5009 return invalidParams 5010 } 5011 return nil 5012} 5013 5014// SetResourceArn sets the ResourceArn field's value. 5015func (s *GetPolicyInput) SetResourceArn(v string) *GetPolicyInput { 5016 s.ResourceArn = &v 5017 return s 5018} 5019 5020type GetPolicyOutput struct { 5021 _ struct{} `type:"structure"` 5022 5023 // The policy attached to the private CA as a JSON document. 5024 Policy *string `min:"1" type:"string"` 5025} 5026 5027// String returns the string representation 5028func (s GetPolicyOutput) String() string { 5029 return awsutil.Prettify(s) 5030} 5031 5032// GoString returns the string representation 5033func (s GetPolicyOutput) GoString() string { 5034 return s.String() 5035} 5036 5037// SetPolicy sets the Policy field's value. 5038func (s *GetPolicyOutput) SetPolicy(v string) *GetPolicyOutput { 5039 s.Policy = &v 5040 return s 5041} 5042 5043type ImportCertificateAuthorityCertificateInput struct { 5044 _ struct{} `type:"structure"` 5045 5046 // The PEM-encoded certificate for a private CA. This may be a self-signed certificate 5047 // in the case of a root CA, or it may be signed by another CA that you control. 5048 // 5049 // Certificate is automatically base64 encoded/decoded by the SDK. 5050 // 5051 // Certificate is a required field 5052 Certificate []byte `min:"1" type:"blob" required:"true"` 5053 5054 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5055 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5056 // This must be of the form: 5057 // 5058 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5059 // 5060 // CertificateAuthorityArn is a required field 5061 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5062 5063 // A PEM-encoded file that contains all of your certificates, other than the 5064 // certificate you're importing, chaining up to your root CA. Your ACM Private 5065 // CA-hosted or on-premises root certificate is the last in the chain, and each 5066 // certificate in the chain signs the one preceding. 5067 // 5068 // This parameter must be supplied when you import a subordinate CA. When you 5069 // import a root CA, there is no chain. 5070 // 5071 // CertificateChain is automatically base64 encoded/decoded by the SDK. 5072 CertificateChain []byte `type:"blob"` 5073} 5074 5075// String returns the string representation 5076func (s ImportCertificateAuthorityCertificateInput) String() string { 5077 return awsutil.Prettify(s) 5078} 5079 5080// GoString returns the string representation 5081func (s ImportCertificateAuthorityCertificateInput) GoString() string { 5082 return s.String() 5083} 5084 5085// Validate inspects the fields of the type to determine if they are valid. 5086func (s *ImportCertificateAuthorityCertificateInput) Validate() error { 5087 invalidParams := request.ErrInvalidParams{Context: "ImportCertificateAuthorityCertificateInput"} 5088 if s.Certificate == nil { 5089 invalidParams.Add(request.NewErrParamRequired("Certificate")) 5090 } 5091 if s.Certificate != nil && len(s.Certificate) < 1 { 5092 invalidParams.Add(request.NewErrParamMinLen("Certificate", 1)) 5093 } 5094 if s.CertificateAuthorityArn == nil { 5095 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5096 } 5097 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5098 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5099 } 5100 5101 if invalidParams.Len() > 0 { 5102 return invalidParams 5103 } 5104 return nil 5105} 5106 5107// SetCertificate sets the Certificate field's value. 5108func (s *ImportCertificateAuthorityCertificateInput) SetCertificate(v []byte) *ImportCertificateAuthorityCertificateInput { 5109 s.Certificate = v 5110 return s 5111} 5112 5113// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5114func (s *ImportCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *ImportCertificateAuthorityCertificateInput { 5115 s.CertificateAuthorityArn = &v 5116 return s 5117} 5118 5119// SetCertificateChain sets the CertificateChain field's value. 5120func (s *ImportCertificateAuthorityCertificateInput) SetCertificateChain(v []byte) *ImportCertificateAuthorityCertificateInput { 5121 s.CertificateChain = v 5122 return s 5123} 5124 5125type ImportCertificateAuthorityCertificateOutput struct { 5126 _ struct{} `type:"structure"` 5127} 5128 5129// String returns the string representation 5130func (s ImportCertificateAuthorityCertificateOutput) String() string { 5131 return awsutil.Prettify(s) 5132} 5133 5134// GoString returns the string representation 5135func (s ImportCertificateAuthorityCertificateOutput) GoString() string { 5136 return s.String() 5137} 5138 5139// One or more of the specified arguments was not valid. 5140type InvalidArgsException struct { 5141 _ struct{} `type:"structure"` 5142 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5143 5144 Message_ *string `locationName:"message" type:"string"` 5145} 5146 5147// String returns the string representation 5148func (s InvalidArgsException) String() string { 5149 return awsutil.Prettify(s) 5150} 5151 5152// GoString returns the string representation 5153func (s InvalidArgsException) GoString() string { 5154 return s.String() 5155} 5156 5157func newErrorInvalidArgsException(v protocol.ResponseMetadata) error { 5158 return &InvalidArgsException{ 5159 RespMetadata: v, 5160 } 5161} 5162 5163// Code returns the exception type name. 5164func (s *InvalidArgsException) Code() string { 5165 return "InvalidArgsException" 5166} 5167 5168// Message returns the exception's message. 5169func (s *InvalidArgsException) Message() string { 5170 if s.Message_ != nil { 5171 return *s.Message_ 5172 } 5173 return "" 5174} 5175 5176// OrigErr always returns nil, satisfies awserr.Error interface. 5177func (s *InvalidArgsException) OrigErr() error { 5178 return nil 5179} 5180 5181func (s *InvalidArgsException) Error() string { 5182 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5183} 5184 5185// Status code returns the HTTP status code for the request's response error. 5186func (s *InvalidArgsException) StatusCode() int { 5187 return s.RespMetadata.StatusCode 5188} 5189 5190// RequestID returns the service's response RequestID for request. 5191func (s *InvalidArgsException) RequestID() string { 5192 return s.RespMetadata.RequestID 5193} 5194 5195// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 5196type InvalidArnException struct { 5197 _ struct{} `type:"structure"` 5198 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5199 5200 Message_ *string `locationName:"message" type:"string"` 5201} 5202 5203// String returns the string representation 5204func (s InvalidArnException) String() string { 5205 return awsutil.Prettify(s) 5206} 5207 5208// GoString returns the string representation 5209func (s InvalidArnException) GoString() string { 5210 return s.String() 5211} 5212 5213func newErrorInvalidArnException(v protocol.ResponseMetadata) error { 5214 return &InvalidArnException{ 5215 RespMetadata: v, 5216 } 5217} 5218 5219// Code returns the exception type name. 5220func (s *InvalidArnException) Code() string { 5221 return "InvalidArnException" 5222} 5223 5224// Message returns the exception's message. 5225func (s *InvalidArnException) Message() string { 5226 if s.Message_ != nil { 5227 return *s.Message_ 5228 } 5229 return "" 5230} 5231 5232// OrigErr always returns nil, satisfies awserr.Error interface. 5233func (s *InvalidArnException) OrigErr() error { 5234 return nil 5235} 5236 5237func (s *InvalidArnException) Error() string { 5238 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5239} 5240 5241// Status code returns the HTTP status code for the request's response error. 5242func (s *InvalidArnException) StatusCode() int { 5243 return s.RespMetadata.StatusCode 5244} 5245 5246// RequestID returns the service's response RequestID for request. 5247func (s *InvalidArnException) RequestID() string { 5248 return s.RespMetadata.RequestID 5249} 5250 5251// The token specified in the NextToken argument is not valid. Use the token 5252// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 5253type InvalidNextTokenException struct { 5254 _ struct{} `type:"structure"` 5255 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5256 5257 Message_ *string `locationName:"message" type:"string"` 5258} 5259 5260// String returns the string representation 5261func (s InvalidNextTokenException) String() string { 5262 return awsutil.Prettify(s) 5263} 5264 5265// GoString returns the string representation 5266func (s InvalidNextTokenException) GoString() string { 5267 return s.String() 5268} 5269 5270func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { 5271 return &InvalidNextTokenException{ 5272 RespMetadata: v, 5273 } 5274} 5275 5276// Code returns the exception type name. 5277func (s *InvalidNextTokenException) Code() string { 5278 return "InvalidNextTokenException" 5279} 5280 5281// Message returns the exception's message. 5282func (s *InvalidNextTokenException) Message() string { 5283 if s.Message_ != nil { 5284 return *s.Message_ 5285 } 5286 return "" 5287} 5288 5289// OrigErr always returns nil, satisfies awserr.Error interface. 5290func (s *InvalidNextTokenException) OrigErr() error { 5291 return nil 5292} 5293 5294func (s *InvalidNextTokenException) Error() string { 5295 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5296} 5297 5298// Status code returns the HTTP status code for the request's response error. 5299func (s *InvalidNextTokenException) StatusCode() int { 5300 return s.RespMetadata.StatusCode 5301} 5302 5303// RequestID returns the service's response RequestID for request. 5304func (s *InvalidNextTokenException) RequestID() string { 5305 return s.RespMetadata.RequestID 5306} 5307 5308// The resource policy is invalid or is missing a required statement. For general 5309// information about IAM policy and statement structure, see Overview of JSON 5310// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 5311type InvalidPolicyException struct { 5312 _ struct{} `type:"structure"` 5313 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5314 5315 Message_ *string `locationName:"message" type:"string"` 5316} 5317 5318// String returns the string representation 5319func (s InvalidPolicyException) String() string { 5320 return awsutil.Prettify(s) 5321} 5322 5323// GoString returns the string representation 5324func (s InvalidPolicyException) GoString() string { 5325 return s.String() 5326} 5327 5328func newErrorInvalidPolicyException(v protocol.ResponseMetadata) error { 5329 return &InvalidPolicyException{ 5330 RespMetadata: v, 5331 } 5332} 5333 5334// Code returns the exception type name. 5335func (s *InvalidPolicyException) Code() string { 5336 return "InvalidPolicyException" 5337} 5338 5339// Message returns the exception's message. 5340func (s *InvalidPolicyException) Message() string { 5341 if s.Message_ != nil { 5342 return *s.Message_ 5343 } 5344 return "" 5345} 5346 5347// OrigErr always returns nil, satisfies awserr.Error interface. 5348func (s *InvalidPolicyException) OrigErr() error { 5349 return nil 5350} 5351 5352func (s *InvalidPolicyException) Error() string { 5353 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5354} 5355 5356// Status code returns the HTTP status code for the request's response error. 5357func (s *InvalidPolicyException) StatusCode() int { 5358 return s.RespMetadata.StatusCode 5359} 5360 5361// RequestID returns the service's response RequestID for request. 5362func (s *InvalidPolicyException) RequestID() string { 5363 return s.RespMetadata.RequestID 5364} 5365 5366// The request action cannot be performed or is prohibited. 5367type InvalidRequestException struct { 5368 _ struct{} `type:"structure"` 5369 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5370 5371 Message_ *string `locationName:"message" type:"string"` 5372} 5373 5374// String returns the string representation 5375func (s InvalidRequestException) String() string { 5376 return awsutil.Prettify(s) 5377} 5378 5379// GoString returns the string representation 5380func (s InvalidRequestException) GoString() string { 5381 return s.String() 5382} 5383 5384func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { 5385 return &InvalidRequestException{ 5386 RespMetadata: v, 5387 } 5388} 5389 5390// Code returns the exception type name. 5391func (s *InvalidRequestException) Code() string { 5392 return "InvalidRequestException" 5393} 5394 5395// Message returns the exception's message. 5396func (s *InvalidRequestException) Message() string { 5397 if s.Message_ != nil { 5398 return *s.Message_ 5399 } 5400 return "" 5401} 5402 5403// OrigErr always returns nil, satisfies awserr.Error interface. 5404func (s *InvalidRequestException) OrigErr() error { 5405 return nil 5406} 5407 5408func (s *InvalidRequestException) Error() string { 5409 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5410} 5411 5412// Status code returns the HTTP status code for the request's response error. 5413func (s *InvalidRequestException) StatusCode() int { 5414 return s.RespMetadata.StatusCode 5415} 5416 5417// RequestID returns the service's response RequestID for request. 5418func (s *InvalidRequestException) RequestID() string { 5419 return s.RespMetadata.RequestID 5420} 5421 5422// The state of the private CA does not allow this action to occur. 5423type InvalidStateException struct { 5424 _ struct{} `type:"structure"` 5425 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5426 5427 Message_ *string `locationName:"message" type:"string"` 5428} 5429 5430// String returns the string representation 5431func (s InvalidStateException) String() string { 5432 return awsutil.Prettify(s) 5433} 5434 5435// GoString returns the string representation 5436func (s InvalidStateException) GoString() string { 5437 return s.String() 5438} 5439 5440func newErrorInvalidStateException(v protocol.ResponseMetadata) error { 5441 return &InvalidStateException{ 5442 RespMetadata: v, 5443 } 5444} 5445 5446// Code returns the exception type name. 5447func (s *InvalidStateException) Code() string { 5448 return "InvalidStateException" 5449} 5450 5451// Message returns the exception's message. 5452func (s *InvalidStateException) Message() string { 5453 if s.Message_ != nil { 5454 return *s.Message_ 5455 } 5456 return "" 5457} 5458 5459// OrigErr always returns nil, satisfies awserr.Error interface. 5460func (s *InvalidStateException) OrigErr() error { 5461 return nil 5462} 5463 5464func (s *InvalidStateException) Error() string { 5465 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5466} 5467 5468// Status code returns the HTTP status code for the request's response error. 5469func (s *InvalidStateException) StatusCode() int { 5470 return s.RespMetadata.StatusCode 5471} 5472 5473// RequestID returns the service's response RequestID for request. 5474func (s *InvalidStateException) RequestID() string { 5475 return s.RespMetadata.RequestID 5476} 5477 5478// The tag associated with the CA is not valid. The invalid argument is contained 5479// in the message field. 5480type InvalidTagException struct { 5481 _ struct{} `type:"structure"` 5482 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5483 5484 Message_ *string `locationName:"message" type:"string"` 5485} 5486 5487// String returns the string representation 5488func (s InvalidTagException) String() string { 5489 return awsutil.Prettify(s) 5490} 5491 5492// GoString returns the string representation 5493func (s InvalidTagException) GoString() string { 5494 return s.String() 5495} 5496 5497func newErrorInvalidTagException(v protocol.ResponseMetadata) error { 5498 return &InvalidTagException{ 5499 RespMetadata: v, 5500 } 5501} 5502 5503// Code returns the exception type name. 5504func (s *InvalidTagException) Code() string { 5505 return "InvalidTagException" 5506} 5507 5508// Message returns the exception's message. 5509func (s *InvalidTagException) Message() string { 5510 if s.Message_ != nil { 5511 return *s.Message_ 5512 } 5513 return "" 5514} 5515 5516// OrigErr always returns nil, satisfies awserr.Error interface. 5517func (s *InvalidTagException) OrigErr() error { 5518 return nil 5519} 5520 5521func (s *InvalidTagException) Error() string { 5522 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5523} 5524 5525// Status code returns the HTTP status code for the request's response error. 5526func (s *InvalidTagException) StatusCode() int { 5527 return s.RespMetadata.StatusCode 5528} 5529 5530// RequestID returns the service's response RequestID for request. 5531func (s *InvalidTagException) RequestID() string { 5532 return s.RespMetadata.RequestID 5533} 5534 5535type IssueCertificateInput struct { 5536 _ struct{} `type:"structure"` 5537 5538 // Specifies X.509 certificate information to be included in the issued certificate. 5539 // An APIPassthrough or APICSRPassthrough template variant must be selected, 5540 // or else this parameter is ignored. For more information about using these 5541 // templates, see Understanding Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5542 // 5543 // If conflicting or duplicate certificate information is supplied during certificate 5544 // issuance, ACM Private CA applies order of operation rules (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) 5545 // to determine what information is used. 5546 ApiPassthrough *ApiPassthrough `type:"structure"` 5547 5548 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5549 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5550 // This must be of the form: 5551 // 5552 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5553 // 5554 // CertificateAuthorityArn is a required field 5555 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5556 5557 // The certificate signing request (CSR) for the certificate you want to issue. 5558 // As an example, you can use the following OpenSSL command to create the CSR 5559 // and a 2048 bit RSA private key. 5560 // 5561 // openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem 5562 // -out csr/test_cert_.csr 5563 // 5564 // If you have a configuration file, you can then use the following OpenSSL 5565 // command. The usr_cert block in the configuration file contains your X509 5566 // version 3 extensions. 5567 // 5568 // openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 5569 // -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr 5570 // 5571 // Note: A CSR must provide either a subject name or a subject alternative name 5572 // or the request will be rejected. 5573 // 5574 // Csr is automatically base64 encoded/decoded by the SDK. 5575 // 5576 // Csr is a required field 5577 Csr []byte `min:"1" type:"blob" required:"true"` 5578 5579 // Alphanumeric string that can be used to distinguish between calls to the 5580 // IssueCertificate action. Idempotency tokens for IssueCertificate time out 5581 // after one minute. Therefore, if you call IssueCertificate multiple times 5582 // with the same idempotency token within one minute, ACM Private CA recognizes 5583 // that you are requesting only one certificate and will issue only one. If 5584 // you change the idempotency token for each call, PCA recognizes that you are 5585 // requesting multiple certificates. 5586 IdempotencyToken *string `min:"1" type:"string"` 5587 5588 // The name of the algorithm that will be used to sign the certificate to be 5589 // issued. 5590 // 5591 // This parameter should not be confused with the SigningAlgorithm parameter 5592 // used to sign a CSR in the CreateCertificateAuthority action. 5593 // 5594 // SigningAlgorithm is a required field 5595 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 5596 5597 // Specifies a custom configuration template to use when issuing a certificate. 5598 // If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1 5599 // template. For CA certificates, you should choose the shortest path length 5600 // that meets your needs. The path length is indicated by the PathLenN portion 5601 // of the ARN, where N is the CA depth (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth). 5602 // 5603 // Note: The CA depth configured on a subordinate CA certificate must not exceed 5604 // the limit set by its parents in the CA hierarchy. 5605 // 5606 // For a list of TemplateArn values supported by ACM Private CA, see Understanding 5607 // Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5608 TemplateArn *string `min:"5" type:"string"` 5609 5610 // Information describing the end of the validity period of the certificate. 5611 // This parameter sets the “Not After” date for the certificate. 5612 // 5613 // Certificate validity is the period of time during which a certificate is 5614 // valid. Validity can be expressed as an explicit date and time when the certificate 5615 // expires, or as a span of time after issuance, stated in days, months, or 5616 // years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 5617 // in RFC 5280. 5618 // 5619 // This value is unaffected when ValidityNotBefore is also specified. For example, 5620 // if Validity is set to 20 days in the future, the certificate will expire 5621 // 20 days from issuance time regardless of the ValidityNotBefore value. 5622 // 5623 // The end of the validity period configured on a certificate must not exceed 5624 // the limit set on its parents in the CA hierarchy. 5625 // 5626 // Validity is a required field 5627 Validity *Validity `type:"structure" required:"true"` 5628 5629 // Information describing the start of the validity period of the certificate. 5630 // This parameter sets the “Not Before" date for the certificate. 5631 // 5632 // By default, when issuing a certificate, ACM Private CA sets the "Not Before" 5633 // date to the issuance time minus 60 minutes. This compensates for clock inconsistencies 5634 // across computer systems. The ValidityNotBefore parameter can be used to customize 5635 // the “Not Before” value. 5636 // 5637 // Unlike the Validity parameter, the ValidityNotBefore parameter is optional. 5638 // 5639 // The ValidityNotBefore value is expressed as an explicit date and time, using 5640 // the Validity type value ABSOLUTE. For more information, see Validity (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html) 5641 // in this API reference and Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 5642 // in RFC 5280. 5643 ValidityNotBefore *Validity `type:"structure"` 5644} 5645 5646// String returns the string representation 5647func (s IssueCertificateInput) String() string { 5648 return awsutil.Prettify(s) 5649} 5650 5651// GoString returns the string representation 5652func (s IssueCertificateInput) GoString() string { 5653 return s.String() 5654} 5655 5656// Validate inspects the fields of the type to determine if they are valid. 5657func (s *IssueCertificateInput) Validate() error { 5658 invalidParams := request.ErrInvalidParams{Context: "IssueCertificateInput"} 5659 if s.CertificateAuthorityArn == nil { 5660 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5661 } 5662 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5663 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5664 } 5665 if s.Csr == nil { 5666 invalidParams.Add(request.NewErrParamRequired("Csr")) 5667 } 5668 if s.Csr != nil && len(s.Csr) < 1 { 5669 invalidParams.Add(request.NewErrParamMinLen("Csr", 1)) 5670 } 5671 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 5672 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 5673 } 5674 if s.SigningAlgorithm == nil { 5675 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 5676 } 5677 if s.TemplateArn != nil && len(*s.TemplateArn) < 5 { 5678 invalidParams.Add(request.NewErrParamMinLen("TemplateArn", 5)) 5679 } 5680 if s.Validity == nil { 5681 invalidParams.Add(request.NewErrParamRequired("Validity")) 5682 } 5683 if s.ApiPassthrough != nil { 5684 if err := s.ApiPassthrough.Validate(); err != nil { 5685 invalidParams.AddNested("ApiPassthrough", err.(request.ErrInvalidParams)) 5686 } 5687 } 5688 if s.Validity != nil { 5689 if err := s.Validity.Validate(); err != nil { 5690 invalidParams.AddNested("Validity", err.(request.ErrInvalidParams)) 5691 } 5692 } 5693 if s.ValidityNotBefore != nil { 5694 if err := s.ValidityNotBefore.Validate(); err != nil { 5695 invalidParams.AddNested("ValidityNotBefore", err.(request.ErrInvalidParams)) 5696 } 5697 } 5698 5699 if invalidParams.Len() > 0 { 5700 return invalidParams 5701 } 5702 return nil 5703} 5704 5705// SetApiPassthrough sets the ApiPassthrough field's value. 5706func (s *IssueCertificateInput) SetApiPassthrough(v *ApiPassthrough) *IssueCertificateInput { 5707 s.ApiPassthrough = v 5708 return s 5709} 5710 5711// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5712func (s *IssueCertificateInput) SetCertificateAuthorityArn(v string) *IssueCertificateInput { 5713 s.CertificateAuthorityArn = &v 5714 return s 5715} 5716 5717// SetCsr sets the Csr field's value. 5718func (s *IssueCertificateInput) SetCsr(v []byte) *IssueCertificateInput { 5719 s.Csr = v 5720 return s 5721} 5722 5723// SetIdempotencyToken sets the IdempotencyToken field's value. 5724func (s *IssueCertificateInput) SetIdempotencyToken(v string) *IssueCertificateInput { 5725 s.IdempotencyToken = &v 5726 return s 5727} 5728 5729// SetSigningAlgorithm sets the SigningAlgorithm field's value. 5730func (s *IssueCertificateInput) SetSigningAlgorithm(v string) *IssueCertificateInput { 5731 s.SigningAlgorithm = &v 5732 return s 5733} 5734 5735// SetTemplateArn sets the TemplateArn field's value. 5736func (s *IssueCertificateInput) SetTemplateArn(v string) *IssueCertificateInput { 5737 s.TemplateArn = &v 5738 return s 5739} 5740 5741// SetValidity sets the Validity field's value. 5742func (s *IssueCertificateInput) SetValidity(v *Validity) *IssueCertificateInput { 5743 s.Validity = v 5744 return s 5745} 5746 5747// SetValidityNotBefore sets the ValidityNotBefore field's value. 5748func (s *IssueCertificateInput) SetValidityNotBefore(v *Validity) *IssueCertificateInput { 5749 s.ValidityNotBefore = v 5750 return s 5751} 5752 5753type IssueCertificateOutput struct { 5754 _ struct{} `type:"structure"` 5755 5756 // The Amazon Resource Name (ARN) of the issued certificate and the certificate 5757 // serial number. This is of the form: 5758 // 5759 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 5760 CertificateArn *string `min:"5" type:"string"` 5761} 5762 5763// String returns the string representation 5764func (s IssueCertificateOutput) String() string { 5765 return awsutil.Prettify(s) 5766} 5767 5768// GoString returns the string representation 5769func (s IssueCertificateOutput) GoString() string { 5770 return s.String() 5771} 5772 5773// SetCertificateArn sets the CertificateArn field's value. 5774func (s *IssueCertificateOutput) SetCertificateArn(v string) *IssueCertificateOutput { 5775 s.CertificateArn = &v 5776 return s 5777} 5778 5779// Defines one or more purposes for which the key contained in the certificate 5780// can be used. Default value for each option is false. 5781type KeyUsage struct { 5782 _ struct{} `type:"structure"` 5783 5784 // Key can be used to sign CRLs. 5785 CRLSign *bool `type:"boolean"` 5786 5787 // Key can be used to decipher data. 5788 DataEncipherment *bool `type:"boolean"` 5789 5790 // Key can be used only to decipher data. 5791 DecipherOnly *bool `type:"boolean"` 5792 5793 // Key can be used for digital signing. 5794 DigitalSignature *bool `type:"boolean"` 5795 5796 // Key can be used only to encipher data. 5797 EncipherOnly *bool `type:"boolean"` 5798 5799 // Key can be used in a key-agreement protocol. 5800 KeyAgreement *bool `type:"boolean"` 5801 5802 // Key can be used to sign certificates. 5803 KeyCertSign *bool `type:"boolean"` 5804 5805 // Key can be used to encipher data. 5806 KeyEncipherment *bool `type:"boolean"` 5807 5808 // Key can be used for non-repudiation. 5809 NonRepudiation *bool `type:"boolean"` 5810} 5811 5812// String returns the string representation 5813func (s KeyUsage) String() string { 5814 return awsutil.Prettify(s) 5815} 5816 5817// GoString returns the string representation 5818func (s KeyUsage) GoString() string { 5819 return s.String() 5820} 5821 5822// SetCRLSign sets the CRLSign field's value. 5823func (s *KeyUsage) SetCRLSign(v bool) *KeyUsage { 5824 s.CRLSign = &v 5825 return s 5826} 5827 5828// SetDataEncipherment sets the DataEncipherment field's value. 5829func (s *KeyUsage) SetDataEncipherment(v bool) *KeyUsage { 5830 s.DataEncipherment = &v 5831 return s 5832} 5833 5834// SetDecipherOnly sets the DecipherOnly field's value. 5835func (s *KeyUsage) SetDecipherOnly(v bool) *KeyUsage { 5836 s.DecipherOnly = &v 5837 return s 5838} 5839 5840// SetDigitalSignature sets the DigitalSignature field's value. 5841func (s *KeyUsage) SetDigitalSignature(v bool) *KeyUsage { 5842 s.DigitalSignature = &v 5843 return s 5844} 5845 5846// SetEncipherOnly sets the EncipherOnly field's value. 5847func (s *KeyUsage) SetEncipherOnly(v bool) *KeyUsage { 5848 s.EncipherOnly = &v 5849 return s 5850} 5851 5852// SetKeyAgreement sets the KeyAgreement field's value. 5853func (s *KeyUsage) SetKeyAgreement(v bool) *KeyUsage { 5854 s.KeyAgreement = &v 5855 return s 5856} 5857 5858// SetKeyCertSign sets the KeyCertSign field's value. 5859func (s *KeyUsage) SetKeyCertSign(v bool) *KeyUsage { 5860 s.KeyCertSign = &v 5861 return s 5862} 5863 5864// SetKeyEncipherment sets the KeyEncipherment field's value. 5865func (s *KeyUsage) SetKeyEncipherment(v bool) *KeyUsage { 5866 s.KeyEncipherment = &v 5867 return s 5868} 5869 5870// SetNonRepudiation sets the NonRepudiation field's value. 5871func (s *KeyUsage) SetNonRepudiation(v bool) *KeyUsage { 5872 s.NonRepudiation = &v 5873 return s 5874} 5875 5876// An ACM Private CA quota has been exceeded. See the exception message returned 5877// to determine the quota that was exceeded. 5878type LimitExceededException struct { 5879 _ struct{} `type:"structure"` 5880 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5881 5882 Message_ *string `locationName:"message" type:"string"` 5883} 5884 5885// String returns the string representation 5886func (s LimitExceededException) String() string { 5887 return awsutil.Prettify(s) 5888} 5889 5890// GoString returns the string representation 5891func (s LimitExceededException) GoString() string { 5892 return s.String() 5893} 5894 5895func newErrorLimitExceededException(v protocol.ResponseMetadata) error { 5896 return &LimitExceededException{ 5897 RespMetadata: v, 5898 } 5899} 5900 5901// Code returns the exception type name. 5902func (s *LimitExceededException) Code() string { 5903 return "LimitExceededException" 5904} 5905 5906// Message returns the exception's message. 5907func (s *LimitExceededException) Message() string { 5908 if s.Message_ != nil { 5909 return *s.Message_ 5910 } 5911 return "" 5912} 5913 5914// OrigErr always returns nil, satisfies awserr.Error interface. 5915func (s *LimitExceededException) OrigErr() error { 5916 return nil 5917} 5918 5919func (s *LimitExceededException) Error() string { 5920 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5921} 5922 5923// Status code returns the HTTP status code for the request's response error. 5924func (s *LimitExceededException) StatusCode() int { 5925 return s.RespMetadata.StatusCode 5926} 5927 5928// RequestID returns the service's response RequestID for request. 5929func (s *LimitExceededException) RequestID() string { 5930 return s.RespMetadata.RequestID 5931} 5932 5933type ListCertificateAuthoritiesInput struct { 5934 _ struct{} `type:"structure"` 5935 5936 // Use this parameter when paginating results to specify the maximum number 5937 // of items to return in the response on each page. If additional items exist 5938 // beyond the number you specify, the NextToken element is sent in the response. 5939 // Use this NextToken value in a subsequent request to retrieve additional items. 5940 MaxResults *int64 `min:"1" type:"integer"` 5941 5942 // Use this parameter when paginating results in a subsequent request after 5943 // you receive a response with truncated results. Set it to the value of the 5944 // NextToken parameter from the response you just received. 5945 NextToken *string `min:"1" type:"string"` 5946 5947 // Use this parameter to filter the returned set of certificate authorities 5948 // based on their owner. The default is SELF. 5949 ResourceOwner *string `type:"string" enum:"ResourceOwner"` 5950} 5951 5952// String returns the string representation 5953func (s ListCertificateAuthoritiesInput) String() string { 5954 return awsutil.Prettify(s) 5955} 5956 5957// GoString returns the string representation 5958func (s ListCertificateAuthoritiesInput) GoString() string { 5959 return s.String() 5960} 5961 5962// Validate inspects the fields of the type to determine if they are valid. 5963func (s *ListCertificateAuthoritiesInput) Validate() error { 5964 invalidParams := request.ErrInvalidParams{Context: "ListCertificateAuthoritiesInput"} 5965 if s.MaxResults != nil && *s.MaxResults < 1 { 5966 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 5967 } 5968 if s.NextToken != nil && len(*s.NextToken) < 1 { 5969 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 5970 } 5971 5972 if invalidParams.Len() > 0 { 5973 return invalidParams 5974 } 5975 return nil 5976} 5977 5978// SetMaxResults sets the MaxResults field's value. 5979func (s *ListCertificateAuthoritiesInput) SetMaxResults(v int64) *ListCertificateAuthoritiesInput { 5980 s.MaxResults = &v 5981 return s 5982} 5983 5984// SetNextToken sets the NextToken field's value. 5985func (s *ListCertificateAuthoritiesInput) SetNextToken(v string) *ListCertificateAuthoritiesInput { 5986 s.NextToken = &v 5987 return s 5988} 5989 5990// SetResourceOwner sets the ResourceOwner field's value. 5991func (s *ListCertificateAuthoritiesInput) SetResourceOwner(v string) *ListCertificateAuthoritiesInput { 5992 s.ResourceOwner = &v 5993 return s 5994} 5995 5996type ListCertificateAuthoritiesOutput struct { 5997 _ struct{} `type:"structure"` 5998 5999 // Summary information about each certificate authority you have created. 6000 CertificateAuthorities []*CertificateAuthority `type:"list"` 6001 6002 // When the list is truncated, this value is present and should be used for 6003 // the NextToken parameter in a subsequent pagination request. 6004 NextToken *string `min:"1" type:"string"` 6005} 6006 6007// String returns the string representation 6008func (s ListCertificateAuthoritiesOutput) String() string { 6009 return awsutil.Prettify(s) 6010} 6011 6012// GoString returns the string representation 6013func (s ListCertificateAuthoritiesOutput) GoString() string { 6014 return s.String() 6015} 6016 6017// SetCertificateAuthorities sets the CertificateAuthorities field's value. 6018func (s *ListCertificateAuthoritiesOutput) SetCertificateAuthorities(v []*CertificateAuthority) *ListCertificateAuthoritiesOutput { 6019 s.CertificateAuthorities = v 6020 return s 6021} 6022 6023// SetNextToken sets the NextToken field's value. 6024func (s *ListCertificateAuthoritiesOutput) SetNextToken(v string) *ListCertificateAuthoritiesOutput { 6025 s.NextToken = &v 6026 return s 6027} 6028 6029type ListPermissionsInput struct { 6030 _ struct{} `type:"structure"` 6031 6032 // The Amazon Resource Number (ARN) of the private CA to inspect. You can find 6033 // the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6034 // action. This must be of the form: arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 6035 // You can get a private CA's ARN by running the ListCertificateAuthorities 6036 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6037 // action. 6038 // 6039 // CertificateAuthorityArn is a required field 6040 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 6041 6042 // When paginating results, use this parameter to specify the maximum number 6043 // of items to return in the response. If additional items exist beyond the 6044 // number you specify, the NextToken element is sent in the response. Use this 6045 // NextToken value in a subsequent request to retrieve additional items. 6046 MaxResults *int64 `min:"1" type:"integer"` 6047 6048 // When paginating results, use this parameter in a subsequent request after 6049 // you receive a response with truncated results. Set it to the value of NextToken 6050 // from the response you just received. 6051 NextToken *string `min:"1" type:"string"` 6052} 6053 6054// String returns the string representation 6055func (s ListPermissionsInput) String() string { 6056 return awsutil.Prettify(s) 6057} 6058 6059// GoString returns the string representation 6060func (s ListPermissionsInput) GoString() string { 6061 return s.String() 6062} 6063 6064// Validate inspects the fields of the type to determine if they are valid. 6065func (s *ListPermissionsInput) Validate() error { 6066 invalidParams := request.ErrInvalidParams{Context: "ListPermissionsInput"} 6067 if s.CertificateAuthorityArn == nil { 6068 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6069 } 6070 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6071 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6072 } 6073 if s.MaxResults != nil && *s.MaxResults < 1 { 6074 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6075 } 6076 if s.NextToken != nil && len(*s.NextToken) < 1 { 6077 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6078 } 6079 6080 if invalidParams.Len() > 0 { 6081 return invalidParams 6082 } 6083 return nil 6084} 6085 6086// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6087func (s *ListPermissionsInput) SetCertificateAuthorityArn(v string) *ListPermissionsInput { 6088 s.CertificateAuthorityArn = &v 6089 return s 6090} 6091 6092// SetMaxResults sets the MaxResults field's value. 6093func (s *ListPermissionsInput) SetMaxResults(v int64) *ListPermissionsInput { 6094 s.MaxResults = &v 6095 return s 6096} 6097 6098// SetNextToken sets the NextToken field's value. 6099func (s *ListPermissionsInput) SetNextToken(v string) *ListPermissionsInput { 6100 s.NextToken = &v 6101 return s 6102} 6103 6104type ListPermissionsOutput struct { 6105 _ struct{} `type:"structure"` 6106 6107 // When the list is truncated, this value is present and should be used for 6108 // the NextToken parameter in a subsequent pagination request. 6109 NextToken *string `min:"1" type:"string"` 6110 6111 // Summary information about each permission assigned by the specified private 6112 // CA, including the action enabled, the policy provided, and the time of creation. 6113 Permissions []*Permission `type:"list"` 6114} 6115 6116// String returns the string representation 6117func (s ListPermissionsOutput) String() string { 6118 return awsutil.Prettify(s) 6119} 6120 6121// GoString returns the string representation 6122func (s ListPermissionsOutput) GoString() string { 6123 return s.String() 6124} 6125 6126// SetNextToken sets the NextToken field's value. 6127func (s *ListPermissionsOutput) SetNextToken(v string) *ListPermissionsOutput { 6128 s.NextToken = &v 6129 return s 6130} 6131 6132// SetPermissions sets the Permissions field's value. 6133func (s *ListPermissionsOutput) SetPermissions(v []*Permission) *ListPermissionsOutput { 6134 s.Permissions = v 6135 return s 6136} 6137 6138type ListTagsInput struct { 6139 _ struct{} `type:"structure"` 6140 6141 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 6142 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 6143 // action. This must be of the form: 6144 // 6145 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 6146 // 6147 // CertificateAuthorityArn is a required field 6148 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 6149 6150 // Use this parameter when paginating results to specify the maximum number 6151 // of items to return in the response. If additional items exist beyond the 6152 // number you specify, the NextToken element is sent in the response. Use this 6153 // NextToken value in a subsequent request to retrieve additional items. 6154 MaxResults *int64 `min:"1" type:"integer"` 6155 6156 // Use this parameter when paginating results in a subsequent request after 6157 // you receive a response with truncated results. Set it to the value of NextToken 6158 // from the response you just received. 6159 NextToken *string `min:"1" type:"string"` 6160} 6161 6162// String returns the string representation 6163func (s ListTagsInput) String() string { 6164 return awsutil.Prettify(s) 6165} 6166 6167// GoString returns the string representation 6168func (s ListTagsInput) GoString() string { 6169 return s.String() 6170} 6171 6172// Validate inspects the fields of the type to determine if they are valid. 6173func (s *ListTagsInput) Validate() error { 6174 invalidParams := request.ErrInvalidParams{Context: "ListTagsInput"} 6175 if s.CertificateAuthorityArn == nil { 6176 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6177 } 6178 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6179 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6180 } 6181 if s.MaxResults != nil && *s.MaxResults < 1 { 6182 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6183 } 6184 if s.NextToken != nil && len(*s.NextToken) < 1 { 6185 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6186 } 6187 6188 if invalidParams.Len() > 0 { 6189 return invalidParams 6190 } 6191 return nil 6192} 6193 6194// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6195func (s *ListTagsInput) SetCertificateAuthorityArn(v string) *ListTagsInput { 6196 s.CertificateAuthorityArn = &v 6197 return s 6198} 6199 6200// SetMaxResults sets the MaxResults field's value. 6201func (s *ListTagsInput) SetMaxResults(v int64) *ListTagsInput { 6202 s.MaxResults = &v 6203 return s 6204} 6205 6206// SetNextToken sets the NextToken field's value. 6207func (s *ListTagsInput) SetNextToken(v string) *ListTagsInput { 6208 s.NextToken = &v 6209 return s 6210} 6211 6212type ListTagsOutput struct { 6213 _ struct{} `type:"structure"` 6214 6215 // When the list is truncated, this value is present and should be used for 6216 // the NextToken parameter in a subsequent pagination request. 6217 NextToken *string `min:"1" type:"string"` 6218 6219 // The tags associated with your private CA. 6220 Tags []*Tag `min:"1" type:"list"` 6221} 6222 6223// String returns the string representation 6224func (s ListTagsOutput) String() string { 6225 return awsutil.Prettify(s) 6226} 6227 6228// GoString returns the string representation 6229func (s ListTagsOutput) GoString() string { 6230 return s.String() 6231} 6232 6233// SetNextToken sets the NextToken field's value. 6234func (s *ListTagsOutput) SetNextToken(v string) *ListTagsOutput { 6235 s.NextToken = &v 6236 return s 6237} 6238 6239// SetTags sets the Tags field's value. 6240func (s *ListTagsOutput) SetTags(v []*Tag) *ListTagsOutput { 6241 s.Tags = v 6242 return s 6243} 6244 6245// The current action was prevented because it would lock the caller out from 6246// performing subsequent actions. Verify that the specified parameters would 6247// not result in the caller being denied access to the resource. 6248type LockoutPreventedException struct { 6249 _ struct{} `type:"structure"` 6250 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6251 6252 Message_ *string `locationName:"message" type:"string"` 6253} 6254 6255// String returns the string representation 6256func (s LockoutPreventedException) String() string { 6257 return awsutil.Prettify(s) 6258} 6259 6260// GoString returns the string representation 6261func (s LockoutPreventedException) GoString() string { 6262 return s.String() 6263} 6264 6265func newErrorLockoutPreventedException(v protocol.ResponseMetadata) error { 6266 return &LockoutPreventedException{ 6267 RespMetadata: v, 6268 } 6269} 6270 6271// Code returns the exception type name. 6272func (s *LockoutPreventedException) Code() string { 6273 return "LockoutPreventedException" 6274} 6275 6276// Message returns the exception's message. 6277func (s *LockoutPreventedException) Message() string { 6278 if s.Message_ != nil { 6279 return *s.Message_ 6280 } 6281 return "" 6282} 6283 6284// OrigErr always returns nil, satisfies awserr.Error interface. 6285func (s *LockoutPreventedException) OrigErr() error { 6286 return nil 6287} 6288 6289func (s *LockoutPreventedException) Error() string { 6290 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6291} 6292 6293// Status code returns the HTTP status code for the request's response error. 6294func (s *LockoutPreventedException) StatusCode() int { 6295 return s.RespMetadata.StatusCode 6296} 6297 6298// RequestID returns the service's response RequestID for request. 6299func (s *LockoutPreventedException) RequestID() string { 6300 return s.RespMetadata.RequestID 6301} 6302 6303// The certificate signing request is invalid. 6304type MalformedCSRException struct { 6305 _ struct{} `type:"structure"` 6306 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6307 6308 Message_ *string `locationName:"message" type:"string"` 6309} 6310 6311// String returns the string representation 6312func (s MalformedCSRException) String() string { 6313 return awsutil.Prettify(s) 6314} 6315 6316// GoString returns the string representation 6317func (s MalformedCSRException) GoString() string { 6318 return s.String() 6319} 6320 6321func newErrorMalformedCSRException(v protocol.ResponseMetadata) error { 6322 return &MalformedCSRException{ 6323 RespMetadata: v, 6324 } 6325} 6326 6327// Code returns the exception type name. 6328func (s *MalformedCSRException) Code() string { 6329 return "MalformedCSRException" 6330} 6331 6332// Message returns the exception's message. 6333func (s *MalformedCSRException) Message() string { 6334 if s.Message_ != nil { 6335 return *s.Message_ 6336 } 6337 return "" 6338} 6339 6340// OrigErr always returns nil, satisfies awserr.Error interface. 6341func (s *MalformedCSRException) OrigErr() error { 6342 return nil 6343} 6344 6345func (s *MalformedCSRException) Error() string { 6346 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6347} 6348 6349// Status code returns the HTTP status code for the request's response error. 6350func (s *MalformedCSRException) StatusCode() int { 6351 return s.RespMetadata.StatusCode 6352} 6353 6354// RequestID returns the service's response RequestID for request. 6355func (s *MalformedCSRException) RequestID() string { 6356 return s.RespMetadata.RequestID 6357} 6358 6359// One or more fields in the certificate are invalid. 6360type MalformedCertificateException struct { 6361 _ struct{} `type:"structure"` 6362 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6363 6364 Message_ *string `locationName:"message" type:"string"` 6365} 6366 6367// String returns the string representation 6368func (s MalformedCertificateException) String() string { 6369 return awsutil.Prettify(s) 6370} 6371 6372// GoString returns the string representation 6373func (s MalformedCertificateException) GoString() string { 6374 return s.String() 6375} 6376 6377func newErrorMalformedCertificateException(v protocol.ResponseMetadata) error { 6378 return &MalformedCertificateException{ 6379 RespMetadata: v, 6380 } 6381} 6382 6383// Code returns the exception type name. 6384func (s *MalformedCertificateException) Code() string { 6385 return "MalformedCertificateException" 6386} 6387 6388// Message returns the exception's message. 6389func (s *MalformedCertificateException) Message() string { 6390 if s.Message_ != nil { 6391 return *s.Message_ 6392 } 6393 return "" 6394} 6395 6396// OrigErr always returns nil, satisfies awserr.Error interface. 6397func (s *MalformedCertificateException) OrigErr() error { 6398 return nil 6399} 6400 6401func (s *MalformedCertificateException) Error() string { 6402 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6403} 6404 6405// Status code returns the HTTP status code for the request's response error. 6406func (s *MalformedCertificateException) StatusCode() int { 6407 return s.RespMetadata.StatusCode 6408} 6409 6410// RequestID returns the service's response RequestID for request. 6411func (s *MalformedCertificateException) RequestID() string { 6412 return s.RespMetadata.RequestID 6413} 6414 6415// Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) 6416// and value. The OID must satisfy the regular expression shown below. For more 6417// information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 6418type OtherName struct { 6419 _ struct{} `type:"structure"` 6420 6421 // Specifies an OID. 6422 // 6423 // TypeId is a required field 6424 TypeId *string `type:"string" required:"true"` 6425 6426 // Specifies an OID value. 6427 // 6428 // Value is a required field 6429 Value *string `type:"string" required:"true"` 6430} 6431 6432// String returns the string representation 6433func (s OtherName) String() string { 6434 return awsutil.Prettify(s) 6435} 6436 6437// GoString returns the string representation 6438func (s OtherName) GoString() string { 6439 return s.String() 6440} 6441 6442// Validate inspects the fields of the type to determine if they are valid. 6443func (s *OtherName) Validate() error { 6444 invalidParams := request.ErrInvalidParams{Context: "OtherName"} 6445 if s.TypeId == nil { 6446 invalidParams.Add(request.NewErrParamRequired("TypeId")) 6447 } 6448 if s.Value == nil { 6449 invalidParams.Add(request.NewErrParamRequired("Value")) 6450 } 6451 6452 if invalidParams.Len() > 0 { 6453 return invalidParams 6454 } 6455 return nil 6456} 6457 6458// SetTypeId sets the TypeId field's value. 6459func (s *OtherName) SetTypeId(v string) *OtherName { 6460 s.TypeId = &v 6461 return s 6462} 6463 6464// SetValue sets the Value field's value. 6465func (s *OtherName) SetValue(v string) *OtherName { 6466 s.Value = &v 6467 return s 6468} 6469 6470// Permissions designate which private CA actions can be performed by an AWS 6471// service or entity. In order for ACM to automatically renew private certificates, 6472// you must give the ACM service principal all available permissions (IssueCertificate, 6473// GetCertificate, and ListPermissions). Permissions can be assigned with the 6474// CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 6475// action, removed with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 6476// action, and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 6477// action. 6478type Permission struct { 6479 _ struct{} `type:"structure"` 6480 6481 // The private CA actions that can be performed by the designated AWS service. 6482 Actions []*string `min:"1" type:"list"` 6483 6484 // The Amazon Resource Number (ARN) of the private CA from which the permission 6485 // was issued. 6486 CertificateAuthorityArn *string `min:"5" type:"string"` 6487 6488 // The time at which the permission was created. 6489 CreatedAt *time.Time `type:"timestamp"` 6490 6491 // The name of the policy that is associated with the permission. 6492 Policy *string `min:"1" type:"string"` 6493 6494 // The AWS service or entity that holds the permission. At this time, the only 6495 // valid principal is acm.amazonaws.com. 6496 Principal *string `type:"string"` 6497 6498 // The ID of the account that assigned the permission. 6499 SourceAccount *string `min:"12" type:"string"` 6500} 6501 6502// String returns the string representation 6503func (s Permission) String() string { 6504 return awsutil.Prettify(s) 6505} 6506 6507// GoString returns the string representation 6508func (s Permission) GoString() string { 6509 return s.String() 6510} 6511 6512// SetActions sets the Actions field's value. 6513func (s *Permission) SetActions(v []*string) *Permission { 6514 s.Actions = v 6515 return s 6516} 6517 6518// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6519func (s *Permission) SetCertificateAuthorityArn(v string) *Permission { 6520 s.CertificateAuthorityArn = &v 6521 return s 6522} 6523 6524// SetCreatedAt sets the CreatedAt field's value. 6525func (s *Permission) SetCreatedAt(v time.Time) *Permission { 6526 s.CreatedAt = &v 6527 return s 6528} 6529 6530// SetPolicy sets the Policy field's value. 6531func (s *Permission) SetPolicy(v string) *Permission { 6532 s.Policy = &v 6533 return s 6534} 6535 6536// SetPrincipal sets the Principal field's value. 6537func (s *Permission) SetPrincipal(v string) *Permission { 6538 s.Principal = &v 6539 return s 6540} 6541 6542// SetSourceAccount sets the SourceAccount field's value. 6543func (s *Permission) SetSourceAccount(v string) *Permission { 6544 s.SourceAccount = &v 6545 return s 6546} 6547 6548// The designated permission has already been given to the user. 6549type PermissionAlreadyExistsException struct { 6550 _ struct{} `type:"structure"` 6551 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6552 6553 Message_ *string `locationName:"message" type:"string"` 6554} 6555 6556// String returns the string representation 6557func (s PermissionAlreadyExistsException) String() string { 6558 return awsutil.Prettify(s) 6559} 6560 6561// GoString returns the string representation 6562func (s PermissionAlreadyExistsException) GoString() string { 6563 return s.String() 6564} 6565 6566func newErrorPermissionAlreadyExistsException(v protocol.ResponseMetadata) error { 6567 return &PermissionAlreadyExistsException{ 6568 RespMetadata: v, 6569 } 6570} 6571 6572// Code returns the exception type name. 6573func (s *PermissionAlreadyExistsException) Code() string { 6574 return "PermissionAlreadyExistsException" 6575} 6576 6577// Message returns the exception's message. 6578func (s *PermissionAlreadyExistsException) Message() string { 6579 if s.Message_ != nil { 6580 return *s.Message_ 6581 } 6582 return "" 6583} 6584 6585// OrigErr always returns nil, satisfies awserr.Error interface. 6586func (s *PermissionAlreadyExistsException) OrigErr() error { 6587 return nil 6588} 6589 6590func (s *PermissionAlreadyExistsException) Error() string { 6591 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6592} 6593 6594// Status code returns the HTTP status code for the request's response error. 6595func (s *PermissionAlreadyExistsException) StatusCode() int { 6596 return s.RespMetadata.StatusCode 6597} 6598 6599// RequestID returns the service's response RequestID for request. 6600func (s *PermissionAlreadyExistsException) RequestID() string { 6601 return s.RespMetadata.RequestID 6602} 6603 6604// Defines the X.509 CertificatePolicies extension. 6605type PolicyInformation struct { 6606 _ struct{} `type:"structure"` 6607 6608 // Specifies the object identifier (OID) of the certificate policy under which 6609 // the certificate was issued. For more information, see NIST's definition of 6610 // Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 6611 // 6612 // CertPolicyId is a required field 6613 CertPolicyId *string `type:"string" required:"true"` 6614 6615 // Modifies the given CertPolicyId with a qualifier. ACM Private CA supports 6616 // the certification practice statement (CPS) qualifier. 6617 PolicyQualifiers []*PolicyQualifierInfo `min:"1" type:"list"` 6618} 6619 6620// String returns the string representation 6621func (s PolicyInformation) String() string { 6622 return awsutil.Prettify(s) 6623} 6624 6625// GoString returns the string representation 6626func (s PolicyInformation) GoString() string { 6627 return s.String() 6628} 6629 6630// Validate inspects the fields of the type to determine if they are valid. 6631func (s *PolicyInformation) Validate() error { 6632 invalidParams := request.ErrInvalidParams{Context: "PolicyInformation"} 6633 if s.CertPolicyId == nil { 6634 invalidParams.Add(request.NewErrParamRequired("CertPolicyId")) 6635 } 6636 if s.PolicyQualifiers != nil && len(s.PolicyQualifiers) < 1 { 6637 invalidParams.Add(request.NewErrParamMinLen("PolicyQualifiers", 1)) 6638 } 6639 if s.PolicyQualifiers != nil { 6640 for i, v := range s.PolicyQualifiers { 6641 if v == nil { 6642 continue 6643 } 6644 if err := v.Validate(); err != nil { 6645 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyQualifiers", i), err.(request.ErrInvalidParams)) 6646 } 6647 } 6648 } 6649 6650 if invalidParams.Len() > 0 { 6651 return invalidParams 6652 } 6653 return nil 6654} 6655 6656// SetCertPolicyId sets the CertPolicyId field's value. 6657func (s *PolicyInformation) SetCertPolicyId(v string) *PolicyInformation { 6658 s.CertPolicyId = &v 6659 return s 6660} 6661 6662// SetPolicyQualifiers sets the PolicyQualifiers field's value. 6663func (s *PolicyInformation) SetPolicyQualifiers(v []*PolicyQualifierInfo) *PolicyInformation { 6664 s.PolicyQualifiers = v 6665 return s 6666} 6667 6668// Modifies the CertPolicyId of a PolicyInformation object with a qualifier. 6669// ACM Private CA supports the certification practice statement (CPS) qualifier. 6670type PolicyQualifierInfo struct { 6671 _ struct{} `type:"structure"` 6672 6673 // Identifies the qualifier modifying a CertPolicyId. 6674 // 6675 // PolicyQualifierId is a required field 6676 PolicyQualifierId *string `type:"string" required:"true" enum:"PolicyQualifierId"` 6677 6678 // Defines the qualifier type. ACM Private CA supports the use of a URI for 6679 // a CPS qualifier in this field. 6680 // 6681 // Qualifier is a required field 6682 Qualifier *Qualifier `type:"structure" required:"true"` 6683} 6684 6685// String returns the string representation 6686func (s PolicyQualifierInfo) String() string { 6687 return awsutil.Prettify(s) 6688} 6689 6690// GoString returns the string representation 6691func (s PolicyQualifierInfo) GoString() string { 6692 return s.String() 6693} 6694 6695// Validate inspects the fields of the type to determine if they are valid. 6696func (s *PolicyQualifierInfo) Validate() error { 6697 invalidParams := request.ErrInvalidParams{Context: "PolicyQualifierInfo"} 6698 if s.PolicyQualifierId == nil { 6699 invalidParams.Add(request.NewErrParamRequired("PolicyQualifierId")) 6700 } 6701 if s.Qualifier == nil { 6702 invalidParams.Add(request.NewErrParamRequired("Qualifier")) 6703 } 6704 if s.Qualifier != nil { 6705 if err := s.Qualifier.Validate(); err != nil { 6706 invalidParams.AddNested("Qualifier", err.(request.ErrInvalidParams)) 6707 } 6708 } 6709 6710 if invalidParams.Len() > 0 { 6711 return invalidParams 6712 } 6713 return nil 6714} 6715 6716// SetPolicyQualifierId sets the PolicyQualifierId field's value. 6717func (s *PolicyQualifierInfo) SetPolicyQualifierId(v string) *PolicyQualifierInfo { 6718 s.PolicyQualifierId = &v 6719 return s 6720} 6721 6722// SetQualifier sets the Qualifier field's value. 6723func (s *PolicyQualifierInfo) SetQualifier(v *Qualifier) *PolicyQualifierInfo { 6724 s.Qualifier = v 6725 return s 6726} 6727 6728type PutPolicyInput struct { 6729 _ struct{} `type:"structure"` 6730 6731 // The path and file name of a JSON-formatted IAM policy to attach to the specified 6732 // private CA resource. If this policy does not contain all required statements 6733 // or if it includes any statement that is not allowed, the PutPolicy action 6734 // returns an InvalidPolicyException. For information about IAM policy and statement 6735 // structure, see Overview of JSON Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 6736 // 6737 // Policy is a required field 6738 Policy *string `min:"1" type:"string" required:"true"` 6739 6740 // The Amazon Resource Number (ARN) of the private CA to associate with the 6741 // policy. The ARN of the CA can be found by calling the ListCertificateAuthorities 6742 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6743 // action. 6744 // 6745 // ResourceArn is a required field 6746 ResourceArn *string `min:"5" type:"string" required:"true"` 6747} 6748 6749// String returns the string representation 6750func (s PutPolicyInput) String() string { 6751 return awsutil.Prettify(s) 6752} 6753 6754// GoString returns the string representation 6755func (s PutPolicyInput) GoString() string { 6756 return s.String() 6757} 6758 6759// Validate inspects the fields of the type to determine if they are valid. 6760func (s *PutPolicyInput) Validate() error { 6761 invalidParams := request.ErrInvalidParams{Context: "PutPolicyInput"} 6762 if s.Policy == nil { 6763 invalidParams.Add(request.NewErrParamRequired("Policy")) 6764 } 6765 if s.Policy != nil && len(*s.Policy) < 1 { 6766 invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) 6767 } 6768 if s.ResourceArn == nil { 6769 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 6770 } 6771 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 6772 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 6773 } 6774 6775 if invalidParams.Len() > 0 { 6776 return invalidParams 6777 } 6778 return nil 6779} 6780 6781// SetPolicy sets the Policy field's value. 6782func (s *PutPolicyInput) SetPolicy(v string) *PutPolicyInput { 6783 s.Policy = &v 6784 return s 6785} 6786 6787// SetResourceArn sets the ResourceArn field's value. 6788func (s *PutPolicyInput) SetResourceArn(v string) *PutPolicyInput { 6789 s.ResourceArn = &v 6790 return s 6791} 6792 6793type PutPolicyOutput struct { 6794 _ struct{} `type:"structure"` 6795} 6796 6797// String returns the string representation 6798func (s PutPolicyOutput) String() string { 6799 return awsutil.Prettify(s) 6800} 6801 6802// GoString returns the string representation 6803func (s PutPolicyOutput) GoString() string { 6804 return s.String() 6805} 6806 6807// Defines a PolicyInformation qualifier. ACM Private CA supports the certification 6808// practice statement (CPS) qualifier (https://tools.ietf.org/html/rfc5280#section-4.2.1.4) 6809// defined in RFC 5280. 6810type Qualifier struct { 6811 _ struct{} `type:"structure"` 6812 6813 // Contains a pointer to a certification practice statement (CPS) published 6814 // by the CA. 6815 // 6816 // CpsUri is a required field 6817 CpsUri *string `type:"string" required:"true"` 6818} 6819 6820// String returns the string representation 6821func (s Qualifier) String() string { 6822 return awsutil.Prettify(s) 6823} 6824 6825// GoString returns the string representation 6826func (s Qualifier) GoString() string { 6827 return s.String() 6828} 6829 6830// Validate inspects the fields of the type to determine if they are valid. 6831func (s *Qualifier) Validate() error { 6832 invalidParams := request.ErrInvalidParams{Context: "Qualifier"} 6833 if s.CpsUri == nil { 6834 invalidParams.Add(request.NewErrParamRequired("CpsUri")) 6835 } 6836 6837 if invalidParams.Len() > 0 { 6838 return invalidParams 6839 } 6840 return nil 6841} 6842 6843// SetCpsUri sets the CpsUri field's value. 6844func (s *Qualifier) SetCpsUri(v string) *Qualifier { 6845 s.CpsUri = &v 6846 return s 6847} 6848 6849// Your request has already been completed. 6850type RequestAlreadyProcessedException struct { 6851 _ struct{} `type:"structure"` 6852 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6853 6854 Message_ *string `locationName:"message" type:"string"` 6855} 6856 6857// String returns the string representation 6858func (s RequestAlreadyProcessedException) String() string { 6859 return awsutil.Prettify(s) 6860} 6861 6862// GoString returns the string representation 6863func (s RequestAlreadyProcessedException) GoString() string { 6864 return s.String() 6865} 6866 6867func newErrorRequestAlreadyProcessedException(v protocol.ResponseMetadata) error { 6868 return &RequestAlreadyProcessedException{ 6869 RespMetadata: v, 6870 } 6871} 6872 6873// Code returns the exception type name. 6874func (s *RequestAlreadyProcessedException) Code() string { 6875 return "RequestAlreadyProcessedException" 6876} 6877 6878// Message returns the exception's message. 6879func (s *RequestAlreadyProcessedException) Message() string { 6880 if s.Message_ != nil { 6881 return *s.Message_ 6882 } 6883 return "" 6884} 6885 6886// OrigErr always returns nil, satisfies awserr.Error interface. 6887func (s *RequestAlreadyProcessedException) OrigErr() error { 6888 return nil 6889} 6890 6891func (s *RequestAlreadyProcessedException) Error() string { 6892 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6893} 6894 6895// Status code returns the HTTP status code for the request's response error. 6896func (s *RequestAlreadyProcessedException) StatusCode() int { 6897 return s.RespMetadata.StatusCode 6898} 6899 6900// RequestID returns the service's response RequestID for request. 6901func (s *RequestAlreadyProcessedException) RequestID() string { 6902 return s.RespMetadata.RequestID 6903} 6904 6905// The request has failed for an unspecified reason. 6906type RequestFailedException struct { 6907 _ struct{} `type:"structure"` 6908 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6909 6910 Message_ *string `locationName:"message" type:"string"` 6911} 6912 6913// String returns the string representation 6914func (s RequestFailedException) String() string { 6915 return awsutil.Prettify(s) 6916} 6917 6918// GoString returns the string representation 6919func (s RequestFailedException) GoString() string { 6920 return s.String() 6921} 6922 6923func newErrorRequestFailedException(v protocol.ResponseMetadata) error { 6924 return &RequestFailedException{ 6925 RespMetadata: v, 6926 } 6927} 6928 6929// Code returns the exception type name. 6930func (s *RequestFailedException) Code() string { 6931 return "RequestFailedException" 6932} 6933 6934// Message returns the exception's message. 6935func (s *RequestFailedException) Message() string { 6936 if s.Message_ != nil { 6937 return *s.Message_ 6938 } 6939 return "" 6940} 6941 6942// OrigErr always returns nil, satisfies awserr.Error interface. 6943func (s *RequestFailedException) OrigErr() error { 6944 return nil 6945} 6946 6947func (s *RequestFailedException) Error() string { 6948 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6949} 6950 6951// Status code returns the HTTP status code for the request's response error. 6952func (s *RequestFailedException) StatusCode() int { 6953 return s.RespMetadata.StatusCode 6954} 6955 6956// RequestID returns the service's response RequestID for request. 6957func (s *RequestFailedException) RequestID() string { 6958 return s.RespMetadata.RequestID 6959} 6960 6961// Your request is already in progress. 6962type RequestInProgressException struct { 6963 _ struct{} `type:"structure"` 6964 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6965 6966 Message_ *string `locationName:"message" type:"string"` 6967} 6968 6969// String returns the string representation 6970func (s RequestInProgressException) String() string { 6971 return awsutil.Prettify(s) 6972} 6973 6974// GoString returns the string representation 6975func (s RequestInProgressException) GoString() string { 6976 return s.String() 6977} 6978 6979func newErrorRequestInProgressException(v protocol.ResponseMetadata) error { 6980 return &RequestInProgressException{ 6981 RespMetadata: v, 6982 } 6983} 6984 6985// Code returns the exception type name. 6986func (s *RequestInProgressException) Code() string { 6987 return "RequestInProgressException" 6988} 6989 6990// Message returns the exception's message. 6991func (s *RequestInProgressException) Message() string { 6992 if s.Message_ != nil { 6993 return *s.Message_ 6994 } 6995 return "" 6996} 6997 6998// OrigErr always returns nil, satisfies awserr.Error interface. 6999func (s *RequestInProgressException) OrigErr() error { 7000 return nil 7001} 7002 7003func (s *RequestInProgressException) Error() string { 7004 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7005} 7006 7007// Status code returns the HTTP status code for the request's response error. 7008func (s *RequestInProgressException) StatusCode() int { 7009 return s.RespMetadata.StatusCode 7010} 7011 7012// RequestID returns the service's response RequestID for request. 7013func (s *RequestInProgressException) RequestID() string { 7014 return s.RespMetadata.RequestID 7015} 7016 7017// A resource such as a private CA, S3 bucket, certificate, audit report, or 7018// policy cannot be found. 7019type ResourceNotFoundException struct { 7020 _ struct{} `type:"structure"` 7021 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7022 7023 Message_ *string `locationName:"message" type:"string"` 7024} 7025 7026// String returns the string representation 7027func (s ResourceNotFoundException) String() string { 7028 return awsutil.Prettify(s) 7029} 7030 7031// GoString returns the string representation 7032func (s ResourceNotFoundException) GoString() string { 7033 return s.String() 7034} 7035 7036func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { 7037 return &ResourceNotFoundException{ 7038 RespMetadata: v, 7039 } 7040} 7041 7042// Code returns the exception type name. 7043func (s *ResourceNotFoundException) Code() string { 7044 return "ResourceNotFoundException" 7045} 7046 7047// Message returns the exception's message. 7048func (s *ResourceNotFoundException) Message() string { 7049 if s.Message_ != nil { 7050 return *s.Message_ 7051 } 7052 return "" 7053} 7054 7055// OrigErr always returns nil, satisfies awserr.Error interface. 7056func (s *ResourceNotFoundException) OrigErr() error { 7057 return nil 7058} 7059 7060func (s *ResourceNotFoundException) Error() string { 7061 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7062} 7063 7064// Status code returns the HTTP status code for the request's response error. 7065func (s *ResourceNotFoundException) StatusCode() int { 7066 return s.RespMetadata.StatusCode 7067} 7068 7069// RequestID returns the service's response RequestID for request. 7070func (s *ResourceNotFoundException) RequestID() string { 7071 return s.RespMetadata.RequestID 7072} 7073 7074type RestoreCertificateAuthorityInput struct { 7075 _ struct{} `type:"structure"` 7076 7077 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 7078 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7079 // action. This must be of the form: 7080 // 7081 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7082 // 7083 // CertificateAuthorityArn is a required field 7084 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7085} 7086 7087// String returns the string representation 7088func (s RestoreCertificateAuthorityInput) String() string { 7089 return awsutil.Prettify(s) 7090} 7091 7092// GoString returns the string representation 7093func (s RestoreCertificateAuthorityInput) GoString() string { 7094 return s.String() 7095} 7096 7097// Validate inspects the fields of the type to determine if they are valid. 7098func (s *RestoreCertificateAuthorityInput) Validate() error { 7099 invalidParams := request.ErrInvalidParams{Context: "RestoreCertificateAuthorityInput"} 7100 if s.CertificateAuthorityArn == nil { 7101 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7102 } 7103 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7104 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7105 } 7106 7107 if invalidParams.Len() > 0 { 7108 return invalidParams 7109 } 7110 return nil 7111} 7112 7113// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7114func (s *RestoreCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *RestoreCertificateAuthorityInput { 7115 s.CertificateAuthorityArn = &v 7116 return s 7117} 7118 7119type RestoreCertificateAuthorityOutput struct { 7120 _ struct{} `type:"structure"` 7121} 7122 7123// String returns the string representation 7124func (s RestoreCertificateAuthorityOutput) String() string { 7125 return awsutil.Prettify(s) 7126} 7127 7128// GoString returns the string representation 7129func (s RestoreCertificateAuthorityOutput) GoString() string { 7130 return s.String() 7131} 7132 7133// Certificate revocation information used by the CreateCertificateAuthority 7134// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7135// and UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 7136// actions. Your private certificate authority (CA) can create and maintain 7137// a certificate revocation list (CRL). A CRL contains information about certificates 7138// revoked by your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html). 7139type RevocationConfiguration struct { 7140 _ struct{} `type:"structure"` 7141 7142 // Configuration of the certificate revocation list (CRL), if any, maintained 7143 // by your private CA. 7144 CrlConfiguration *CrlConfiguration `type:"structure"` 7145} 7146 7147// String returns the string representation 7148func (s RevocationConfiguration) String() string { 7149 return awsutil.Prettify(s) 7150} 7151 7152// GoString returns the string representation 7153func (s RevocationConfiguration) GoString() string { 7154 return s.String() 7155} 7156 7157// Validate inspects the fields of the type to determine if they are valid. 7158func (s *RevocationConfiguration) Validate() error { 7159 invalidParams := request.ErrInvalidParams{Context: "RevocationConfiguration"} 7160 if s.CrlConfiguration != nil { 7161 if err := s.CrlConfiguration.Validate(); err != nil { 7162 invalidParams.AddNested("CrlConfiguration", err.(request.ErrInvalidParams)) 7163 } 7164 } 7165 7166 if invalidParams.Len() > 0 { 7167 return invalidParams 7168 } 7169 return nil 7170} 7171 7172// SetCrlConfiguration sets the CrlConfiguration field's value. 7173func (s *RevocationConfiguration) SetCrlConfiguration(v *CrlConfiguration) *RevocationConfiguration { 7174 s.CrlConfiguration = v 7175 return s 7176} 7177 7178type RevokeCertificateInput struct { 7179 _ struct{} `type:"structure"` 7180 7181 // Amazon Resource Name (ARN) of the private CA that issued the certificate 7182 // to be revoked. This must be of the form: 7183 // 7184 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7185 // 7186 // CertificateAuthorityArn is a required field 7187 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7188 7189 // Serial number of the certificate to be revoked. This must be in hexadecimal 7190 // format. You can retrieve the serial number by calling GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 7191 // with the Amazon Resource Name (ARN) of the certificate you want and the ARN 7192 // of your private CA. The GetCertificate action retrieves the certificate in 7193 // the PEM format. You can use the following OpenSSL command to list the certificate 7194 // in text format and copy the hexadecimal serial number. 7195 // 7196 // openssl x509 -in file_path -text -noout 7197 // 7198 // You can also copy the serial number from the console or use the DescribeCertificate 7199 // (https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) 7200 // action in the AWS Certificate Manager API Reference. 7201 // 7202 // CertificateSerial is a required field 7203 CertificateSerial *string `type:"string" required:"true"` 7204 7205 // Specifies why you revoked the certificate. 7206 // 7207 // RevocationReason is a required field 7208 RevocationReason *string `type:"string" required:"true" enum:"RevocationReason"` 7209} 7210 7211// String returns the string representation 7212func (s RevokeCertificateInput) String() string { 7213 return awsutil.Prettify(s) 7214} 7215 7216// GoString returns the string representation 7217func (s RevokeCertificateInput) GoString() string { 7218 return s.String() 7219} 7220 7221// Validate inspects the fields of the type to determine if they are valid. 7222func (s *RevokeCertificateInput) Validate() error { 7223 invalidParams := request.ErrInvalidParams{Context: "RevokeCertificateInput"} 7224 if s.CertificateAuthorityArn == nil { 7225 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7226 } 7227 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7228 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7229 } 7230 if s.CertificateSerial == nil { 7231 invalidParams.Add(request.NewErrParamRequired("CertificateSerial")) 7232 } 7233 if s.RevocationReason == nil { 7234 invalidParams.Add(request.NewErrParamRequired("RevocationReason")) 7235 } 7236 7237 if invalidParams.Len() > 0 { 7238 return invalidParams 7239 } 7240 return nil 7241} 7242 7243// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7244func (s *RevokeCertificateInput) SetCertificateAuthorityArn(v string) *RevokeCertificateInput { 7245 s.CertificateAuthorityArn = &v 7246 return s 7247} 7248 7249// SetCertificateSerial sets the CertificateSerial field's value. 7250func (s *RevokeCertificateInput) SetCertificateSerial(v string) *RevokeCertificateInput { 7251 s.CertificateSerial = &v 7252 return s 7253} 7254 7255// SetRevocationReason sets the RevocationReason field's value. 7256func (s *RevokeCertificateInput) SetRevocationReason(v string) *RevokeCertificateInput { 7257 s.RevocationReason = &v 7258 return s 7259} 7260 7261type RevokeCertificateOutput struct { 7262 _ struct{} `type:"structure"` 7263} 7264 7265// String returns the string representation 7266func (s RevokeCertificateOutput) String() string { 7267 return awsutil.Prettify(s) 7268} 7269 7270// GoString returns the string representation 7271func (s RevokeCertificateOutput) GoString() string { 7272 return s.String() 7273} 7274 7275// Tags are labels that you can use to identify and organize your private CAs. 7276// Each tag consists of a key and an optional value. You can associate up to 7277// 50 tags with a private CA. To add one or more tags to a private CA, call 7278// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 7279// action. To remove a tag, call the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 7280// action. 7281type Tag struct { 7282 _ struct{} `type:"structure"` 7283 7284 // Key (name) of the tag. 7285 // 7286 // Key is a required field 7287 Key *string `min:"1" type:"string" required:"true"` 7288 7289 // Value of the tag. 7290 Value *string `type:"string"` 7291} 7292 7293// String returns the string representation 7294func (s Tag) String() string { 7295 return awsutil.Prettify(s) 7296} 7297 7298// GoString returns the string representation 7299func (s Tag) GoString() string { 7300 return s.String() 7301} 7302 7303// Validate inspects the fields of the type to determine if they are valid. 7304func (s *Tag) Validate() error { 7305 invalidParams := request.ErrInvalidParams{Context: "Tag"} 7306 if s.Key == nil { 7307 invalidParams.Add(request.NewErrParamRequired("Key")) 7308 } 7309 if s.Key != nil && len(*s.Key) < 1 { 7310 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 7311 } 7312 7313 if invalidParams.Len() > 0 { 7314 return invalidParams 7315 } 7316 return nil 7317} 7318 7319// SetKey sets the Key field's value. 7320func (s *Tag) SetKey(v string) *Tag { 7321 s.Key = &v 7322 return s 7323} 7324 7325// SetValue sets the Value field's value. 7326func (s *Tag) SetValue(v string) *Tag { 7327 s.Value = &v 7328 return s 7329} 7330 7331type TagCertificateAuthorityInput struct { 7332 _ struct{} `type:"structure"` 7333 7334 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 7335 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 7336 // This must be of the form: 7337 // 7338 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7339 // 7340 // CertificateAuthorityArn is a required field 7341 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7342 7343 // List of tags to be associated with the CA. 7344 // 7345 // Tags is a required field 7346 Tags []*Tag `min:"1" type:"list" required:"true"` 7347} 7348 7349// String returns the string representation 7350func (s TagCertificateAuthorityInput) String() string { 7351 return awsutil.Prettify(s) 7352} 7353 7354// GoString returns the string representation 7355func (s TagCertificateAuthorityInput) GoString() string { 7356 return s.String() 7357} 7358 7359// Validate inspects the fields of the type to determine if they are valid. 7360func (s *TagCertificateAuthorityInput) Validate() error { 7361 invalidParams := request.ErrInvalidParams{Context: "TagCertificateAuthorityInput"} 7362 if s.CertificateAuthorityArn == nil { 7363 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7364 } 7365 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7366 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7367 } 7368 if s.Tags == nil { 7369 invalidParams.Add(request.NewErrParamRequired("Tags")) 7370 } 7371 if s.Tags != nil && len(s.Tags) < 1 { 7372 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 7373 } 7374 if s.Tags != nil { 7375 for i, v := range s.Tags { 7376 if v == nil { 7377 continue 7378 } 7379 if err := v.Validate(); err != nil { 7380 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 7381 } 7382 } 7383 } 7384 7385 if invalidParams.Len() > 0 { 7386 return invalidParams 7387 } 7388 return nil 7389} 7390 7391// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7392func (s *TagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *TagCertificateAuthorityInput { 7393 s.CertificateAuthorityArn = &v 7394 return s 7395} 7396 7397// SetTags sets the Tags field's value. 7398func (s *TagCertificateAuthorityInput) SetTags(v []*Tag) *TagCertificateAuthorityInput { 7399 s.Tags = v 7400 return s 7401} 7402 7403type TagCertificateAuthorityOutput struct { 7404 _ struct{} `type:"structure"` 7405} 7406 7407// String returns the string representation 7408func (s TagCertificateAuthorityOutput) String() string { 7409 return awsutil.Prettify(s) 7410} 7411 7412// GoString returns the string representation 7413func (s TagCertificateAuthorityOutput) GoString() string { 7414 return s.String() 7415} 7416 7417// You can associate up to 50 tags with a private CA. Exception information 7418// is contained in the exception message field. 7419type TooManyTagsException struct { 7420 _ struct{} `type:"structure"` 7421 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7422 7423 Message_ *string `locationName:"message" type:"string"` 7424} 7425 7426// String returns the string representation 7427func (s TooManyTagsException) String() string { 7428 return awsutil.Prettify(s) 7429} 7430 7431// GoString returns the string representation 7432func (s TooManyTagsException) GoString() string { 7433 return s.String() 7434} 7435 7436func newErrorTooManyTagsException(v protocol.ResponseMetadata) error { 7437 return &TooManyTagsException{ 7438 RespMetadata: v, 7439 } 7440} 7441 7442// Code returns the exception type name. 7443func (s *TooManyTagsException) Code() string { 7444 return "TooManyTagsException" 7445} 7446 7447// Message returns the exception's message. 7448func (s *TooManyTagsException) Message() string { 7449 if s.Message_ != nil { 7450 return *s.Message_ 7451 } 7452 return "" 7453} 7454 7455// OrigErr always returns nil, satisfies awserr.Error interface. 7456func (s *TooManyTagsException) OrigErr() error { 7457 return nil 7458} 7459 7460func (s *TooManyTagsException) Error() string { 7461 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7462} 7463 7464// Status code returns the HTTP status code for the request's response error. 7465func (s *TooManyTagsException) StatusCode() int { 7466 return s.RespMetadata.StatusCode 7467} 7468 7469// RequestID returns the service's response RequestID for request. 7470func (s *TooManyTagsException) RequestID() string { 7471 return s.RespMetadata.RequestID 7472} 7473 7474type UntagCertificateAuthorityInput struct { 7475 _ struct{} `type:"structure"` 7476 7477 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 7478 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 7479 // This must be of the form: 7480 // 7481 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7482 // 7483 // CertificateAuthorityArn is a required field 7484 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7485 7486 // List of tags to be removed from the CA. 7487 // 7488 // Tags is a required field 7489 Tags []*Tag `min:"1" type:"list" required:"true"` 7490} 7491 7492// String returns the string representation 7493func (s UntagCertificateAuthorityInput) String() string { 7494 return awsutil.Prettify(s) 7495} 7496 7497// GoString returns the string representation 7498func (s UntagCertificateAuthorityInput) GoString() string { 7499 return s.String() 7500} 7501 7502// Validate inspects the fields of the type to determine if they are valid. 7503func (s *UntagCertificateAuthorityInput) Validate() error { 7504 invalidParams := request.ErrInvalidParams{Context: "UntagCertificateAuthorityInput"} 7505 if s.CertificateAuthorityArn == nil { 7506 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7507 } 7508 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7509 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7510 } 7511 if s.Tags == nil { 7512 invalidParams.Add(request.NewErrParamRequired("Tags")) 7513 } 7514 if s.Tags != nil && len(s.Tags) < 1 { 7515 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 7516 } 7517 if s.Tags != nil { 7518 for i, v := range s.Tags { 7519 if v == nil { 7520 continue 7521 } 7522 if err := v.Validate(); err != nil { 7523 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 7524 } 7525 } 7526 } 7527 7528 if invalidParams.Len() > 0 { 7529 return invalidParams 7530 } 7531 return nil 7532} 7533 7534// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7535func (s *UntagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UntagCertificateAuthorityInput { 7536 s.CertificateAuthorityArn = &v 7537 return s 7538} 7539 7540// SetTags sets the Tags field's value. 7541func (s *UntagCertificateAuthorityInput) SetTags(v []*Tag) *UntagCertificateAuthorityInput { 7542 s.Tags = v 7543 return s 7544} 7545 7546type UntagCertificateAuthorityOutput struct { 7547 _ struct{} `type:"structure"` 7548} 7549 7550// String returns the string representation 7551func (s UntagCertificateAuthorityOutput) String() string { 7552 return awsutil.Prettify(s) 7553} 7554 7555// GoString returns the string representation 7556func (s UntagCertificateAuthorityOutput) GoString() string { 7557 return s.String() 7558} 7559 7560type UpdateCertificateAuthorityInput struct { 7561 _ struct{} `type:"structure"` 7562 7563 // Amazon Resource Name (ARN) of the private CA that issued the certificate 7564 // to be revoked. This must be of the form: 7565 // 7566 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7567 // 7568 // CertificateAuthorityArn is a required field 7569 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7570 7571 // Revocation information for your private CA. 7572 RevocationConfiguration *RevocationConfiguration `type:"structure"` 7573 7574 // Status of your private CA. 7575 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 7576} 7577 7578// String returns the string representation 7579func (s UpdateCertificateAuthorityInput) String() string { 7580 return awsutil.Prettify(s) 7581} 7582 7583// GoString returns the string representation 7584func (s UpdateCertificateAuthorityInput) GoString() string { 7585 return s.String() 7586} 7587 7588// Validate inspects the fields of the type to determine if they are valid. 7589func (s *UpdateCertificateAuthorityInput) Validate() error { 7590 invalidParams := request.ErrInvalidParams{Context: "UpdateCertificateAuthorityInput"} 7591 if s.CertificateAuthorityArn == nil { 7592 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7593 } 7594 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7595 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7596 } 7597 if s.RevocationConfiguration != nil { 7598 if err := s.RevocationConfiguration.Validate(); err != nil { 7599 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 7600 } 7601 } 7602 7603 if invalidParams.Len() > 0 { 7604 return invalidParams 7605 } 7606 return nil 7607} 7608 7609// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7610func (s *UpdateCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UpdateCertificateAuthorityInput { 7611 s.CertificateAuthorityArn = &v 7612 return s 7613} 7614 7615// SetRevocationConfiguration sets the RevocationConfiguration field's value. 7616func (s *UpdateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *UpdateCertificateAuthorityInput { 7617 s.RevocationConfiguration = v 7618 return s 7619} 7620 7621// SetStatus sets the Status field's value. 7622func (s *UpdateCertificateAuthorityInput) SetStatus(v string) *UpdateCertificateAuthorityInput { 7623 s.Status = &v 7624 return s 7625} 7626 7627type UpdateCertificateAuthorityOutput struct { 7628 _ struct{} `type:"structure"` 7629} 7630 7631// String returns the string representation 7632func (s UpdateCertificateAuthorityOutput) String() string { 7633 return awsutil.Prettify(s) 7634} 7635 7636// GoString returns the string representation 7637func (s UpdateCertificateAuthorityOutput) GoString() string { 7638 return s.String() 7639} 7640 7641// Validity specifies the period of time during which a certificate is valid. 7642// Validity can be expressed as an explicit date and time when the validity 7643// of a certificate starts or expires, or as a span of time after issuance, 7644// stated in days, months, or years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 7645// in RFC 5280. 7646// 7647// ACM Private CA API consumes the Validity data type differently in two distinct 7648// parameters of the IssueCertificate action. The required parameter IssueCertificate:Validity 7649// specifies the end of a certificate's validity period. The optional parameter 7650// IssueCertificate:ValidityNotBefore specifies a customized starting time for 7651// the validity period. 7652type Validity struct { 7653 _ struct{} `type:"structure"` 7654 7655 // Determines how ACM Private CA interprets the Value parameter, an integer. 7656 // Supported validity types include those listed below. Type definitions with 7657 // values include a sample input value and the resulting output. 7658 // 7659 // END_DATE: The specific date and time when the certificate will expire, expressed 7660 // using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS) format. 7661 // When UTCTime is used, if the year field (YY) is greater than or equal to 7662 // 50, the year is interpreted as 19YY. If the year field is less than 50, the 7663 // year is interpreted as 20YY. 7664 // 7665 // * Sample input value: 491231235959 (UTCTime format) 7666 // 7667 // * Output expiration date/time: 12/31/2049 23:59:59 7668 // 7669 // ABSOLUTE: The specific date and time when the validity of a certificate will 7670 // start or expire, expressed in seconds since the Unix Epoch. 7671 // 7672 // * Sample input value: 2524608000 7673 // 7674 // * Output expiration date/time: 01/01/2050 00:00:00 7675 // 7676 // DAYS, MONTHS, YEARS: The relative time from the moment of issuance until 7677 // the certificate will expire, expressed in days, months, or years. 7678 // 7679 // Example if DAYS, issued on 10/12/2020 at 12:34:54 UTC: 7680 // 7681 // * Sample input value: 90 7682 // 7683 // * Output expiration date: 01/10/2020 12:34:54 UTC 7684 // 7685 // The minimum validity duration for a certificate using relative time (DAYS) 7686 // is one day. The minimum validity for a certificate using absolute time (ABSOLUTE 7687 // or END_DATE) is one second. 7688 // 7689 // Type is a required field 7690 Type *string `type:"string" required:"true" enum:"ValidityPeriodType"` 7691 7692 // A long integer interpreted according to the value of Type, below. 7693 // 7694 // Value is a required field 7695 Value *int64 `min:"1" type:"long" required:"true"` 7696} 7697 7698// String returns the string representation 7699func (s Validity) String() string { 7700 return awsutil.Prettify(s) 7701} 7702 7703// GoString returns the string representation 7704func (s Validity) GoString() string { 7705 return s.String() 7706} 7707 7708// Validate inspects the fields of the type to determine if they are valid. 7709func (s *Validity) Validate() error { 7710 invalidParams := request.ErrInvalidParams{Context: "Validity"} 7711 if s.Type == nil { 7712 invalidParams.Add(request.NewErrParamRequired("Type")) 7713 } 7714 if s.Value == nil { 7715 invalidParams.Add(request.NewErrParamRequired("Value")) 7716 } 7717 if s.Value != nil && *s.Value < 1 { 7718 invalidParams.Add(request.NewErrParamMinValue("Value", 1)) 7719 } 7720 7721 if invalidParams.Len() > 0 { 7722 return invalidParams 7723 } 7724 return nil 7725} 7726 7727// SetType sets the Type field's value. 7728func (s *Validity) SetType(v string) *Validity { 7729 s.Type = &v 7730 return s 7731} 7732 7733// SetValue sets the Value field's value. 7734func (s *Validity) SetValue(v int64) *Validity { 7735 s.Value = &v 7736 return s 7737} 7738 7739const ( 7740 // AccessMethodTypeCaRepository is a AccessMethodType enum value 7741 AccessMethodTypeCaRepository = "CA_REPOSITORY" 7742 7743 // AccessMethodTypeResourcePkiManifest is a AccessMethodType enum value 7744 AccessMethodTypeResourcePkiManifest = "RESOURCE_PKI_MANIFEST" 7745 7746 // AccessMethodTypeResourcePkiNotify is a AccessMethodType enum value 7747 AccessMethodTypeResourcePkiNotify = "RESOURCE_PKI_NOTIFY" 7748) 7749 7750// AccessMethodType_Values returns all elements of the AccessMethodType enum 7751func AccessMethodType_Values() []string { 7752 return []string{ 7753 AccessMethodTypeCaRepository, 7754 AccessMethodTypeResourcePkiManifest, 7755 AccessMethodTypeResourcePkiNotify, 7756 } 7757} 7758 7759const ( 7760 // ActionTypeIssueCertificate is a ActionType enum value 7761 ActionTypeIssueCertificate = "IssueCertificate" 7762 7763 // ActionTypeGetCertificate is a ActionType enum value 7764 ActionTypeGetCertificate = "GetCertificate" 7765 7766 // ActionTypeListPermissions is a ActionType enum value 7767 ActionTypeListPermissions = "ListPermissions" 7768) 7769 7770// ActionType_Values returns all elements of the ActionType enum 7771func ActionType_Values() []string { 7772 return []string{ 7773 ActionTypeIssueCertificate, 7774 ActionTypeGetCertificate, 7775 ActionTypeListPermissions, 7776 } 7777} 7778 7779const ( 7780 // AuditReportResponseFormatJson is a AuditReportResponseFormat enum value 7781 AuditReportResponseFormatJson = "JSON" 7782 7783 // AuditReportResponseFormatCsv is a AuditReportResponseFormat enum value 7784 AuditReportResponseFormatCsv = "CSV" 7785) 7786 7787// AuditReportResponseFormat_Values returns all elements of the AuditReportResponseFormat enum 7788func AuditReportResponseFormat_Values() []string { 7789 return []string{ 7790 AuditReportResponseFormatJson, 7791 AuditReportResponseFormatCsv, 7792 } 7793} 7794 7795const ( 7796 // AuditReportStatusCreating is a AuditReportStatus enum value 7797 AuditReportStatusCreating = "CREATING" 7798 7799 // AuditReportStatusSuccess is a AuditReportStatus enum value 7800 AuditReportStatusSuccess = "SUCCESS" 7801 7802 // AuditReportStatusFailed is a AuditReportStatus enum value 7803 AuditReportStatusFailed = "FAILED" 7804) 7805 7806// AuditReportStatus_Values returns all elements of the AuditReportStatus enum 7807func AuditReportStatus_Values() []string { 7808 return []string{ 7809 AuditReportStatusCreating, 7810 AuditReportStatusSuccess, 7811 AuditReportStatusFailed, 7812 } 7813} 7814 7815const ( 7816 // CertificateAuthorityStatusCreating is a CertificateAuthorityStatus enum value 7817 CertificateAuthorityStatusCreating = "CREATING" 7818 7819 // CertificateAuthorityStatusPendingCertificate is a CertificateAuthorityStatus enum value 7820 CertificateAuthorityStatusPendingCertificate = "PENDING_CERTIFICATE" 7821 7822 // CertificateAuthorityStatusActive is a CertificateAuthorityStatus enum value 7823 CertificateAuthorityStatusActive = "ACTIVE" 7824 7825 // CertificateAuthorityStatusDeleted is a CertificateAuthorityStatus enum value 7826 CertificateAuthorityStatusDeleted = "DELETED" 7827 7828 // CertificateAuthorityStatusDisabled is a CertificateAuthorityStatus enum value 7829 CertificateAuthorityStatusDisabled = "DISABLED" 7830 7831 // CertificateAuthorityStatusExpired is a CertificateAuthorityStatus enum value 7832 CertificateAuthorityStatusExpired = "EXPIRED" 7833 7834 // CertificateAuthorityStatusFailed is a CertificateAuthorityStatus enum value 7835 CertificateAuthorityStatusFailed = "FAILED" 7836) 7837 7838// CertificateAuthorityStatus_Values returns all elements of the CertificateAuthorityStatus enum 7839func CertificateAuthorityStatus_Values() []string { 7840 return []string{ 7841 CertificateAuthorityStatusCreating, 7842 CertificateAuthorityStatusPendingCertificate, 7843 CertificateAuthorityStatusActive, 7844 CertificateAuthorityStatusDeleted, 7845 CertificateAuthorityStatusDisabled, 7846 CertificateAuthorityStatusExpired, 7847 CertificateAuthorityStatusFailed, 7848 } 7849} 7850 7851const ( 7852 // CertificateAuthorityTypeRoot is a CertificateAuthorityType enum value 7853 CertificateAuthorityTypeRoot = "ROOT" 7854 7855 // CertificateAuthorityTypeSubordinate is a CertificateAuthorityType enum value 7856 CertificateAuthorityTypeSubordinate = "SUBORDINATE" 7857) 7858 7859// CertificateAuthorityType_Values returns all elements of the CertificateAuthorityType enum 7860func CertificateAuthorityType_Values() []string { 7861 return []string{ 7862 CertificateAuthorityTypeRoot, 7863 CertificateAuthorityTypeSubordinate, 7864 } 7865} 7866 7867const ( 7868 // ExtendedKeyUsageTypeServerAuth is a ExtendedKeyUsageType enum value 7869 ExtendedKeyUsageTypeServerAuth = "SERVER_AUTH" 7870 7871 // ExtendedKeyUsageTypeClientAuth is a ExtendedKeyUsageType enum value 7872 ExtendedKeyUsageTypeClientAuth = "CLIENT_AUTH" 7873 7874 // ExtendedKeyUsageTypeCodeSigning is a ExtendedKeyUsageType enum value 7875 ExtendedKeyUsageTypeCodeSigning = "CODE_SIGNING" 7876 7877 // ExtendedKeyUsageTypeEmailProtection is a ExtendedKeyUsageType enum value 7878 ExtendedKeyUsageTypeEmailProtection = "EMAIL_PROTECTION" 7879 7880 // ExtendedKeyUsageTypeTimeStamping is a ExtendedKeyUsageType enum value 7881 ExtendedKeyUsageTypeTimeStamping = "TIME_STAMPING" 7882 7883 // ExtendedKeyUsageTypeOcspSigning is a ExtendedKeyUsageType enum value 7884 ExtendedKeyUsageTypeOcspSigning = "OCSP_SIGNING" 7885 7886 // ExtendedKeyUsageTypeSmartCardLogin is a ExtendedKeyUsageType enum value 7887 ExtendedKeyUsageTypeSmartCardLogin = "SMART_CARD_LOGIN" 7888 7889 // ExtendedKeyUsageTypeDocumentSigning is a ExtendedKeyUsageType enum value 7890 ExtendedKeyUsageTypeDocumentSigning = "DOCUMENT_SIGNING" 7891 7892 // ExtendedKeyUsageTypeCertificateTransparency is a ExtendedKeyUsageType enum value 7893 ExtendedKeyUsageTypeCertificateTransparency = "CERTIFICATE_TRANSPARENCY" 7894) 7895 7896// ExtendedKeyUsageType_Values returns all elements of the ExtendedKeyUsageType enum 7897func ExtendedKeyUsageType_Values() []string { 7898 return []string{ 7899 ExtendedKeyUsageTypeServerAuth, 7900 ExtendedKeyUsageTypeClientAuth, 7901 ExtendedKeyUsageTypeCodeSigning, 7902 ExtendedKeyUsageTypeEmailProtection, 7903 ExtendedKeyUsageTypeTimeStamping, 7904 ExtendedKeyUsageTypeOcspSigning, 7905 ExtendedKeyUsageTypeSmartCardLogin, 7906 ExtendedKeyUsageTypeDocumentSigning, 7907 ExtendedKeyUsageTypeCertificateTransparency, 7908 } 7909} 7910 7911const ( 7912 // FailureReasonRequestTimedOut is a FailureReason enum value 7913 FailureReasonRequestTimedOut = "REQUEST_TIMED_OUT" 7914 7915 // FailureReasonUnsupportedAlgorithm is a FailureReason enum value 7916 FailureReasonUnsupportedAlgorithm = "UNSUPPORTED_ALGORITHM" 7917 7918 // FailureReasonOther is a FailureReason enum value 7919 FailureReasonOther = "OTHER" 7920) 7921 7922// FailureReason_Values returns all elements of the FailureReason enum 7923func FailureReason_Values() []string { 7924 return []string{ 7925 FailureReasonRequestTimedOut, 7926 FailureReasonUnsupportedAlgorithm, 7927 FailureReasonOther, 7928 } 7929} 7930 7931const ( 7932 // KeyAlgorithmRsa2048 is a KeyAlgorithm enum value 7933 KeyAlgorithmRsa2048 = "RSA_2048" 7934 7935 // KeyAlgorithmRsa4096 is a KeyAlgorithm enum value 7936 KeyAlgorithmRsa4096 = "RSA_4096" 7937 7938 // KeyAlgorithmEcPrime256v1 is a KeyAlgorithm enum value 7939 KeyAlgorithmEcPrime256v1 = "EC_prime256v1" 7940 7941 // KeyAlgorithmEcSecp384r1 is a KeyAlgorithm enum value 7942 KeyAlgorithmEcSecp384r1 = "EC_secp384r1" 7943) 7944 7945// KeyAlgorithm_Values returns all elements of the KeyAlgorithm enum 7946func KeyAlgorithm_Values() []string { 7947 return []string{ 7948 KeyAlgorithmRsa2048, 7949 KeyAlgorithmRsa4096, 7950 KeyAlgorithmEcPrime256v1, 7951 KeyAlgorithmEcSecp384r1, 7952 } 7953} 7954 7955const ( 7956 // KeyStorageSecurityStandardFips1402Level2OrHigher is a KeyStorageSecurityStandard enum value 7957 KeyStorageSecurityStandardFips1402Level2OrHigher = "FIPS_140_2_LEVEL_2_OR_HIGHER" 7958 7959 // KeyStorageSecurityStandardFips1402Level3OrHigher is a KeyStorageSecurityStandard enum value 7960 KeyStorageSecurityStandardFips1402Level3OrHigher = "FIPS_140_2_LEVEL_3_OR_HIGHER" 7961) 7962 7963// KeyStorageSecurityStandard_Values returns all elements of the KeyStorageSecurityStandard enum 7964func KeyStorageSecurityStandard_Values() []string { 7965 return []string{ 7966 KeyStorageSecurityStandardFips1402Level2OrHigher, 7967 KeyStorageSecurityStandardFips1402Level3OrHigher, 7968 } 7969} 7970 7971const ( 7972 // PolicyQualifierIdCps is a PolicyQualifierId enum value 7973 PolicyQualifierIdCps = "CPS" 7974) 7975 7976// PolicyQualifierId_Values returns all elements of the PolicyQualifierId enum 7977func PolicyQualifierId_Values() []string { 7978 return []string{ 7979 PolicyQualifierIdCps, 7980 } 7981} 7982 7983const ( 7984 // ResourceOwnerSelf is a ResourceOwner enum value 7985 ResourceOwnerSelf = "SELF" 7986 7987 // ResourceOwnerOtherAccounts is a ResourceOwner enum value 7988 ResourceOwnerOtherAccounts = "OTHER_ACCOUNTS" 7989) 7990 7991// ResourceOwner_Values returns all elements of the ResourceOwner enum 7992func ResourceOwner_Values() []string { 7993 return []string{ 7994 ResourceOwnerSelf, 7995 ResourceOwnerOtherAccounts, 7996 } 7997} 7998 7999const ( 8000 // RevocationReasonUnspecified is a RevocationReason enum value 8001 RevocationReasonUnspecified = "UNSPECIFIED" 8002 8003 // RevocationReasonKeyCompromise is a RevocationReason enum value 8004 RevocationReasonKeyCompromise = "KEY_COMPROMISE" 8005 8006 // RevocationReasonCertificateAuthorityCompromise is a RevocationReason enum value 8007 RevocationReasonCertificateAuthorityCompromise = "CERTIFICATE_AUTHORITY_COMPROMISE" 8008 8009 // RevocationReasonAffiliationChanged is a RevocationReason enum value 8010 RevocationReasonAffiliationChanged = "AFFILIATION_CHANGED" 8011 8012 // RevocationReasonSuperseded is a RevocationReason enum value 8013 RevocationReasonSuperseded = "SUPERSEDED" 8014 8015 // RevocationReasonCessationOfOperation is a RevocationReason enum value 8016 RevocationReasonCessationOfOperation = "CESSATION_OF_OPERATION" 8017 8018 // RevocationReasonPrivilegeWithdrawn is a RevocationReason enum value 8019 RevocationReasonPrivilegeWithdrawn = "PRIVILEGE_WITHDRAWN" 8020 8021 // RevocationReasonAACompromise is a RevocationReason enum value 8022 RevocationReasonAACompromise = "A_A_COMPROMISE" 8023) 8024 8025// RevocationReason_Values returns all elements of the RevocationReason enum 8026func RevocationReason_Values() []string { 8027 return []string{ 8028 RevocationReasonUnspecified, 8029 RevocationReasonKeyCompromise, 8030 RevocationReasonCertificateAuthorityCompromise, 8031 RevocationReasonAffiliationChanged, 8032 RevocationReasonSuperseded, 8033 RevocationReasonCessationOfOperation, 8034 RevocationReasonPrivilegeWithdrawn, 8035 RevocationReasonAACompromise, 8036 } 8037} 8038 8039const ( 8040 // S3ObjectAclPublicRead is a S3ObjectAcl enum value 8041 S3ObjectAclPublicRead = "PUBLIC_READ" 8042 8043 // S3ObjectAclBucketOwnerFullControl is a S3ObjectAcl enum value 8044 S3ObjectAclBucketOwnerFullControl = "BUCKET_OWNER_FULL_CONTROL" 8045) 8046 8047// S3ObjectAcl_Values returns all elements of the S3ObjectAcl enum 8048func S3ObjectAcl_Values() []string { 8049 return []string{ 8050 S3ObjectAclPublicRead, 8051 S3ObjectAclBucketOwnerFullControl, 8052 } 8053} 8054 8055const ( 8056 // SigningAlgorithmSha256withecdsa is a SigningAlgorithm enum value 8057 SigningAlgorithmSha256withecdsa = "SHA256WITHECDSA" 8058 8059 // SigningAlgorithmSha384withecdsa is a SigningAlgorithm enum value 8060 SigningAlgorithmSha384withecdsa = "SHA384WITHECDSA" 8061 8062 // SigningAlgorithmSha512withecdsa is a SigningAlgorithm enum value 8063 SigningAlgorithmSha512withecdsa = "SHA512WITHECDSA" 8064 8065 // SigningAlgorithmSha256withrsa is a SigningAlgorithm enum value 8066 SigningAlgorithmSha256withrsa = "SHA256WITHRSA" 8067 8068 // SigningAlgorithmSha384withrsa is a SigningAlgorithm enum value 8069 SigningAlgorithmSha384withrsa = "SHA384WITHRSA" 8070 8071 // SigningAlgorithmSha512withrsa is a SigningAlgorithm enum value 8072 SigningAlgorithmSha512withrsa = "SHA512WITHRSA" 8073) 8074 8075// SigningAlgorithm_Values returns all elements of the SigningAlgorithm enum 8076func SigningAlgorithm_Values() []string { 8077 return []string{ 8078 SigningAlgorithmSha256withecdsa, 8079 SigningAlgorithmSha384withecdsa, 8080 SigningAlgorithmSha512withecdsa, 8081 SigningAlgorithmSha256withrsa, 8082 SigningAlgorithmSha384withrsa, 8083 SigningAlgorithmSha512withrsa, 8084 } 8085} 8086 8087const ( 8088 // ValidityPeriodTypeEndDate is a ValidityPeriodType enum value 8089 ValidityPeriodTypeEndDate = "END_DATE" 8090 8091 // ValidityPeriodTypeAbsolute is a ValidityPeriodType enum value 8092 ValidityPeriodTypeAbsolute = "ABSOLUTE" 8093 8094 // ValidityPeriodTypeDays is a ValidityPeriodType enum value 8095 ValidityPeriodTypeDays = "DAYS" 8096 8097 // ValidityPeriodTypeMonths is a ValidityPeriodType enum value 8098 ValidityPeriodTypeMonths = "MONTHS" 8099 8100 // ValidityPeriodTypeYears is a ValidityPeriodType enum value 8101 ValidityPeriodTypeYears = "YEARS" 8102) 8103 8104// ValidityPeriodType_Values returns all elements of the ValidityPeriodType enum 8105func ValidityPeriodType_Values() []string { 8106 return []string{ 8107 ValidityPeriodTypeEndDate, 8108 ValidityPeriodTypeAbsolute, 8109 ValidityPeriodTypeDays, 8110 ValidityPeriodTypeMonths, 8111 ValidityPeriodTypeYears, 8112 } 8113} 8114