1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCreateCertificateAuthority = "CreateCertificateAuthority" 17 18// CreateCertificateAuthorityRequest generates a "aws/request.Request" representing the 19// client's request for the CreateCertificateAuthority operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CreateCertificateAuthority for more information on using the CreateCertificateAuthority 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CreateCertificateAuthorityRequest method. 34// req, resp := client.CreateCertificateAuthorityRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 42func (c *ACMPCA) CreateCertificateAuthorityRequest(input *CreateCertificateAuthorityInput) (req *request.Request, output *CreateCertificateAuthorityOutput) { 43 op := &request.Operation{ 44 Name: opCreateCertificateAuthority, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CreateCertificateAuthorityInput{} 51 } 52 53 output = &CreateCertificateAuthorityOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CreateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 59// 60// Creates a root or subordinate private certificate authority (CA). You must 61// specify the CA configuration, the certificate revocation list (CRL) configuration, 62// the CA type, and an optional idempotency token to avoid accidental creation 63// of multiple CAs. The CA configuration specifies the name of the algorithm 64// and key size to be used to create the CA private key, the type of signing 65// algorithm that the CA uses, and X.500 subject information. The CRL configuration 66// specifies the CRL expiration period in days (the validity period of the CRL), 67// the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the 68// S3 bucket that is included in certificates issued by the CA. If successful, 69// this action returns the Amazon Resource Name (ARN) of the CA. 70// 71// ACM Private CAA assets that are stored in Amazon S3 can be protected with 72// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 73// 74// Both PCA and the IAM principal must have permission to write to the S3 bucket 75// that you specify. If the IAM principal making the call does not have permission 76// to write to the bucket, then an exception is thrown. For more information, 77// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 78// 79// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 80// with awserr.Error's Code and Message methods to get detailed information about 81// the error. 82// 83// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 84// API operation CreateCertificateAuthority for usage and error information. 85// 86// Returned Error Types: 87// * InvalidArgsException 88// One or more of the specified arguments was not valid. 89// 90// * InvalidPolicyException 91// The resource policy is invalid or is missing a required statement. For general 92// information about IAM policy and statement structure, see Overview of JSON 93// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 94// 95// * InvalidTagException 96// The tag associated with the CA is not valid. The invalid argument is contained 97// in the message field. 98// 99// * LimitExceededException 100// An ACM Private CA quota has been exceeded. See the exception message returned 101// to determine the quota that was exceeded. 102// 103// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 104func (c *ACMPCA) CreateCertificateAuthority(input *CreateCertificateAuthorityInput) (*CreateCertificateAuthorityOutput, error) { 105 req, out := c.CreateCertificateAuthorityRequest(input) 106 return out, req.Send() 107} 108 109// CreateCertificateAuthorityWithContext is the same as CreateCertificateAuthority with the addition of 110// the ability to pass a context and additional request options. 111// 112// See CreateCertificateAuthority for details on how to use this API operation. 113// 114// The context must be non-nil and will be used for request cancellation. If 115// the context is nil a panic will occur. In the future the SDK may create 116// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 117// for more information on using Contexts. 118func (c *ACMPCA) CreateCertificateAuthorityWithContext(ctx aws.Context, input *CreateCertificateAuthorityInput, opts ...request.Option) (*CreateCertificateAuthorityOutput, error) { 119 req, out := c.CreateCertificateAuthorityRequest(input) 120 req.SetContext(ctx) 121 req.ApplyOptions(opts...) 122 return out, req.Send() 123} 124 125const opCreateCertificateAuthorityAuditReport = "CreateCertificateAuthorityAuditReport" 126 127// CreateCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 128// client's request for the CreateCertificateAuthorityAuditReport operation. The "output" return 129// value will be populated with the request's response once the request completes 130// successfully. 131// 132// Use "Send" method on the returned Request to send the API call to the service. 133// the "output" return value is not valid until after Send returns without error. 134// 135// See CreateCertificateAuthorityAuditReport for more information on using the CreateCertificateAuthorityAuditReport 136// API call, and error handling. 137// 138// This method is useful when you want to inject custom logic or configuration 139// into the SDK's request lifecycle. Such as custom headers, or retry logic. 140// 141// 142// // Example sending a request using the CreateCertificateAuthorityAuditReportRequest method. 143// req, resp := client.CreateCertificateAuthorityAuditReportRequest(params) 144// 145// err := req.Send() 146// if err == nil { // resp is now filled 147// fmt.Println(resp) 148// } 149// 150// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 151func (c *ACMPCA) CreateCertificateAuthorityAuditReportRequest(input *CreateCertificateAuthorityAuditReportInput) (req *request.Request, output *CreateCertificateAuthorityAuditReportOutput) { 152 op := &request.Operation{ 153 Name: opCreateCertificateAuthorityAuditReport, 154 HTTPMethod: "POST", 155 HTTPPath: "/", 156 } 157 158 if input == nil { 159 input = &CreateCertificateAuthorityAuditReportInput{} 160 } 161 162 output = &CreateCertificateAuthorityAuditReportOutput{} 163 req = c.newRequest(op, input, output) 164 return 165} 166 167// CreateCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 168// 169// Creates an audit report that lists every time that your CA private key is 170// used. The report is saved in the Amazon S3 bucket that you specify on input. 171// The IssueCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 172// and RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 173// actions use the private key. 174// 175// Both PCA and the IAM principal must have permission to write to the S3 bucket 176// that you specify. If the IAM principal making the call does not have permission 177// to write to the bucket, then an exception is thrown. For more information, 178// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 179// 180// ACM Private CAA assets that are stored in Amazon S3 can be protected with 181// encryption. For more information, see Encrypting Your Audit Reports (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption). 182// 183// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 184// with awserr.Error's Code and Message methods to get detailed information about 185// the error. 186// 187// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 188// API operation CreateCertificateAuthorityAuditReport for usage and error information. 189// 190// Returned Error Types: 191// * RequestInProgressException 192// Your request is already in progress. 193// 194// * RequestFailedException 195// The request has failed for an unspecified reason. 196// 197// * ResourceNotFoundException 198// A resource such as a private CA, S3 bucket, certificate, audit report, or 199// policy cannot be found. 200// 201// * InvalidArnException 202// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 203// 204// * InvalidArgsException 205// One or more of the specified arguments was not valid. 206// 207// * InvalidStateException 208// The state of the private CA does not allow this action to occur. 209// 210// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 211func (c *ACMPCA) CreateCertificateAuthorityAuditReport(input *CreateCertificateAuthorityAuditReportInput) (*CreateCertificateAuthorityAuditReportOutput, error) { 212 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 213 return out, req.Send() 214} 215 216// CreateCertificateAuthorityAuditReportWithContext is the same as CreateCertificateAuthorityAuditReport with the addition of 217// the ability to pass a context and additional request options. 218// 219// See CreateCertificateAuthorityAuditReport for details on how to use this API operation. 220// 221// The context must be non-nil and will be used for request cancellation. If 222// the context is nil a panic will occur. In the future the SDK may create 223// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 224// for more information on using Contexts. 225func (c *ACMPCA) CreateCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *CreateCertificateAuthorityAuditReportInput, opts ...request.Option) (*CreateCertificateAuthorityAuditReportOutput, error) { 226 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 227 req.SetContext(ctx) 228 req.ApplyOptions(opts...) 229 return out, req.Send() 230} 231 232const opCreatePermission = "CreatePermission" 233 234// CreatePermissionRequest generates a "aws/request.Request" representing the 235// client's request for the CreatePermission operation. The "output" return 236// value will be populated with the request's response once the request completes 237// successfully. 238// 239// Use "Send" method on the returned Request to send the API call to the service. 240// the "output" return value is not valid until after Send returns without error. 241// 242// See CreatePermission for more information on using the CreatePermission 243// API call, and error handling. 244// 245// This method is useful when you want to inject custom logic or configuration 246// into the SDK's request lifecycle. Such as custom headers, or retry logic. 247// 248// 249// // Example sending a request using the CreatePermissionRequest method. 250// req, resp := client.CreatePermissionRequest(params) 251// 252// err := req.Send() 253// if err == nil { // resp is now filled 254// fmt.Println(resp) 255// } 256// 257// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 258func (c *ACMPCA) CreatePermissionRequest(input *CreatePermissionInput) (req *request.Request, output *CreatePermissionOutput) { 259 op := &request.Operation{ 260 Name: opCreatePermission, 261 HTTPMethod: "POST", 262 HTTPPath: "/", 263 } 264 265 if input == nil { 266 input = &CreatePermissionInput{} 267 } 268 269 output = &CreatePermissionOutput{} 270 req = c.newRequest(op, input, output) 271 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 272 return 273} 274 275// CreatePermission API operation for AWS Certificate Manager Private Certificate Authority. 276// 277// Grants one or more permissions on a private CA to the AWS Certificate Manager 278// (ACM) service principal (acm.amazonaws.com). These permissions allow ACM 279// to issue and renew ACM certificates that reside in the same AWS account as 280// the CA. 281// 282// You can list current permissions with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 283// action and revoke them with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 284// action. 285// 286// About Permissions 287// 288// * If the private CA and the certificates it issues reside in the same 289// account, you can use CreatePermission to grant permissions for ACM to 290// carry out automatic certificate renewals. 291// 292// * For automatic certificate renewal to succeed, the ACM service principal 293// needs permissions to create, retrieve, and list certificates. 294// 295// * If the private CA and the ACM certificates reside in different accounts, 296// then permissions cannot be used to enable automatic renewals. Instead, 297// the ACM certificate owner must set up a resource-based policy to enable 298// cross-account issuance and renewals. For more information, see Using a 299// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 300// 301// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 302// with awserr.Error's Code and Message methods to get detailed information about 303// the error. 304// 305// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 306// API operation CreatePermission for usage and error information. 307// 308// Returned Error Types: 309// * ResourceNotFoundException 310// A resource such as a private CA, S3 bucket, certificate, audit report, or 311// policy cannot be found. 312// 313// * InvalidArnException 314// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 315// 316// * PermissionAlreadyExistsException 317// The designated permission has already been given to the user. 318// 319// * LimitExceededException 320// An ACM Private CA quota has been exceeded. See the exception message returned 321// to determine the quota that was exceeded. 322// 323// * InvalidStateException 324// The state of the private CA does not allow this action to occur. 325// 326// * RequestFailedException 327// The request has failed for an unspecified reason. 328// 329// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 330func (c *ACMPCA) CreatePermission(input *CreatePermissionInput) (*CreatePermissionOutput, error) { 331 req, out := c.CreatePermissionRequest(input) 332 return out, req.Send() 333} 334 335// CreatePermissionWithContext is the same as CreatePermission with the addition of 336// the ability to pass a context and additional request options. 337// 338// See CreatePermission for details on how to use this API operation. 339// 340// The context must be non-nil and will be used for request cancellation. If 341// the context is nil a panic will occur. In the future the SDK may create 342// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 343// for more information on using Contexts. 344func (c *ACMPCA) CreatePermissionWithContext(ctx aws.Context, input *CreatePermissionInput, opts ...request.Option) (*CreatePermissionOutput, error) { 345 req, out := c.CreatePermissionRequest(input) 346 req.SetContext(ctx) 347 req.ApplyOptions(opts...) 348 return out, req.Send() 349} 350 351const opDeleteCertificateAuthority = "DeleteCertificateAuthority" 352 353// DeleteCertificateAuthorityRequest generates a "aws/request.Request" representing the 354// client's request for the DeleteCertificateAuthority operation. The "output" return 355// value will be populated with the request's response once the request completes 356// successfully. 357// 358// Use "Send" method on the returned Request to send the API call to the service. 359// the "output" return value is not valid until after Send returns without error. 360// 361// See DeleteCertificateAuthority for more information on using the DeleteCertificateAuthority 362// API call, and error handling. 363// 364// This method is useful when you want to inject custom logic or configuration 365// into the SDK's request lifecycle. Such as custom headers, or retry logic. 366// 367// 368// // Example sending a request using the DeleteCertificateAuthorityRequest method. 369// req, resp := client.DeleteCertificateAuthorityRequest(params) 370// 371// err := req.Send() 372// if err == nil { // resp is now filled 373// fmt.Println(resp) 374// } 375// 376// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 377func (c *ACMPCA) DeleteCertificateAuthorityRequest(input *DeleteCertificateAuthorityInput) (req *request.Request, output *DeleteCertificateAuthorityOutput) { 378 op := &request.Operation{ 379 Name: opDeleteCertificateAuthority, 380 HTTPMethod: "POST", 381 HTTPPath: "/", 382 } 383 384 if input == nil { 385 input = &DeleteCertificateAuthorityInput{} 386 } 387 388 output = &DeleteCertificateAuthorityOutput{} 389 req = c.newRequest(op, input, output) 390 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 391 return 392} 393 394// DeleteCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 395// 396// Deletes a private certificate authority (CA). You must provide the Amazon 397// Resource Name (ARN) of the private CA that you want to delete. You can find 398// the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 399// action. 400// 401// Deleting a CA will invalidate other CAs and certificates below it in your 402// CA hierarchy. 403// 404// Before you can delete a CA that you have created and activated, you must 405// disable it. To do this, call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 406// action and set the CertificateAuthorityStatus parameter to DISABLED. 407// 408// Additionally, you can delete a CA if you are waiting for it to be created 409// (that is, the status of the CA is CREATING). You can also delete it if the 410// CA has been created but you haven't yet imported the signed certificate into 411// ACM Private CA (that is, the status of the CA is PENDING_CERTIFICATE). 412// 413// When you successfully call DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html), 414// the CA's status changes to DELETED. However, the CA won't be permanently 415// deleted until the restoration period has passed. By default, if you do not 416// set the PermanentDeletionTimeInDays parameter, the CA remains restorable 417// for 30 days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority 418// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 419// action returns the time remaining in the restoration window of a private 420// CA in the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority 421// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html) 422// action. 423// 424// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 425// with awserr.Error's Code and Message methods to get detailed information about 426// the error. 427// 428// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 429// API operation DeleteCertificateAuthority for usage and error information. 430// 431// Returned Error Types: 432// * ConcurrentModificationException 433// A previous update to your private CA is still ongoing. 434// 435// * ResourceNotFoundException 436// A resource such as a private CA, S3 bucket, certificate, audit report, or 437// policy cannot be found. 438// 439// * InvalidArnException 440// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 441// 442// * InvalidStateException 443// The state of the private CA does not allow this action to occur. 444// 445// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 446func (c *ACMPCA) DeleteCertificateAuthority(input *DeleteCertificateAuthorityInput) (*DeleteCertificateAuthorityOutput, error) { 447 req, out := c.DeleteCertificateAuthorityRequest(input) 448 return out, req.Send() 449} 450 451// DeleteCertificateAuthorityWithContext is the same as DeleteCertificateAuthority with the addition of 452// the ability to pass a context and additional request options. 453// 454// See DeleteCertificateAuthority for details on how to use this API operation. 455// 456// The context must be non-nil and will be used for request cancellation. If 457// the context is nil a panic will occur. In the future the SDK may create 458// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 459// for more information on using Contexts. 460func (c *ACMPCA) DeleteCertificateAuthorityWithContext(ctx aws.Context, input *DeleteCertificateAuthorityInput, opts ...request.Option) (*DeleteCertificateAuthorityOutput, error) { 461 req, out := c.DeleteCertificateAuthorityRequest(input) 462 req.SetContext(ctx) 463 req.ApplyOptions(opts...) 464 return out, req.Send() 465} 466 467const opDeletePermission = "DeletePermission" 468 469// DeletePermissionRequest generates a "aws/request.Request" representing the 470// client's request for the DeletePermission operation. The "output" return 471// value will be populated with the request's response once the request completes 472// successfully. 473// 474// Use "Send" method on the returned Request to send the API call to the service. 475// the "output" return value is not valid until after Send returns without error. 476// 477// See DeletePermission for more information on using the DeletePermission 478// API call, and error handling. 479// 480// This method is useful when you want to inject custom logic or configuration 481// into the SDK's request lifecycle. Such as custom headers, or retry logic. 482// 483// 484// // Example sending a request using the DeletePermissionRequest method. 485// req, resp := client.DeletePermissionRequest(params) 486// 487// err := req.Send() 488// if err == nil { // resp is now filled 489// fmt.Println(resp) 490// } 491// 492// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 493func (c *ACMPCA) DeletePermissionRequest(input *DeletePermissionInput) (req *request.Request, output *DeletePermissionOutput) { 494 op := &request.Operation{ 495 Name: opDeletePermission, 496 HTTPMethod: "POST", 497 HTTPPath: "/", 498 } 499 500 if input == nil { 501 input = &DeletePermissionInput{} 502 } 503 504 output = &DeletePermissionOutput{} 505 req = c.newRequest(op, input, output) 506 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 507 return 508} 509 510// DeletePermission API operation for AWS Certificate Manager Private Certificate Authority. 511// 512// Revokes permissions on a private CA granted to the AWS Certificate Manager 513// (ACM) service principal (acm.amazonaws.com). 514// 515// These permissions allow ACM to issue and renew ACM certificates that reside 516// in the same AWS account as the CA. If you revoke these permissions, ACM will 517// no longer renew the affected certificates automatically. 518// 519// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 520// action and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 521// action. 522// 523// About Permissions 524// 525// * If the private CA and the certificates it issues reside in the same 526// account, you can use CreatePermission to grant permissions for ACM to 527// carry out automatic certificate renewals. 528// 529// * For automatic certificate renewal to succeed, the ACM service principal 530// needs permissions to create, retrieve, and list certificates. 531// 532// * If the private CA and the ACM certificates reside in different accounts, 533// then permissions cannot be used to enable automatic renewals. Instead, 534// the ACM certificate owner must set up a resource-based policy to enable 535// cross-account issuance and renewals. For more information, see Using a 536// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 537// 538// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 539// with awserr.Error's Code and Message methods to get detailed information about 540// the error. 541// 542// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 543// API operation DeletePermission for usage and error information. 544// 545// Returned Error Types: 546// * ResourceNotFoundException 547// A resource such as a private CA, S3 bucket, certificate, audit report, or 548// policy cannot be found. 549// 550// * InvalidArnException 551// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 552// 553// * InvalidStateException 554// The state of the private CA does not allow this action to occur. 555// 556// * RequestFailedException 557// The request has failed for an unspecified reason. 558// 559// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 560func (c *ACMPCA) DeletePermission(input *DeletePermissionInput) (*DeletePermissionOutput, error) { 561 req, out := c.DeletePermissionRequest(input) 562 return out, req.Send() 563} 564 565// DeletePermissionWithContext is the same as DeletePermission with the addition of 566// the ability to pass a context and additional request options. 567// 568// See DeletePermission for details on how to use this API operation. 569// 570// The context must be non-nil and will be used for request cancellation. If 571// the context is nil a panic will occur. In the future the SDK may create 572// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 573// for more information on using Contexts. 574func (c *ACMPCA) DeletePermissionWithContext(ctx aws.Context, input *DeletePermissionInput, opts ...request.Option) (*DeletePermissionOutput, error) { 575 req, out := c.DeletePermissionRequest(input) 576 req.SetContext(ctx) 577 req.ApplyOptions(opts...) 578 return out, req.Send() 579} 580 581const opDeletePolicy = "DeletePolicy" 582 583// DeletePolicyRequest generates a "aws/request.Request" representing the 584// client's request for the DeletePolicy operation. The "output" return 585// value will be populated with the request's response once the request completes 586// successfully. 587// 588// Use "Send" method on the returned Request to send the API call to the service. 589// the "output" return value is not valid until after Send returns without error. 590// 591// See DeletePolicy for more information on using the DeletePolicy 592// API call, and error handling. 593// 594// This method is useful when you want to inject custom logic or configuration 595// into the SDK's request lifecycle. Such as custom headers, or retry logic. 596// 597// 598// // Example sending a request using the DeletePolicyRequest method. 599// req, resp := client.DeletePolicyRequest(params) 600// 601// err := req.Send() 602// if err == nil { // resp is now filled 603// fmt.Println(resp) 604// } 605// 606// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 607func (c *ACMPCA) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 608 op := &request.Operation{ 609 Name: opDeletePolicy, 610 HTTPMethod: "POST", 611 HTTPPath: "/", 612 } 613 614 if input == nil { 615 input = &DeletePolicyInput{} 616 } 617 618 output = &DeletePolicyOutput{} 619 req = c.newRequest(op, input, output) 620 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 621 return 622} 623 624// DeletePolicy API operation for AWS Certificate Manager Private Certificate Authority. 625// 626// Deletes the resource-based policy attached to a private CA. Deletion will 627// remove any access that the policy has granted. If there is no policy attached 628// to the private CA, this action will return successful. 629// 630// If you delete a policy that was applied through AWS Resource Access Manager 631// (RAM), the CA will be removed from all shares in which it was included. 632// 633// The AWS Certificate Manager Service Linked Role that the policy supports 634// is not affected when you delete the policy. 635// 636// The current policy can be shown with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 637// and updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html). 638// 639// About Policies 640// 641// * A policy grants access on a private CA to an AWS customer account, to 642// AWS Organizations, or to an AWS Organizations unit. Policies are under 643// the control of a CA administrator. For more information, see Using a Resource 644// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 645// 646// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 647// certificates signed by a CA in another account. 648// 649// * For ACM to manage automatic renewal of these certificates, the ACM user 650// must configure a Service Linked Role (SLR). The SLR allows the ACM service 651// to assume the identity of the user, subject to confirmation against the 652// ACM Private CA policy. For more information, see Using a Service Linked 653// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 654// 655// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 656// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 657// 658// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 659// with awserr.Error's Code and Message methods to get detailed information about 660// the error. 661// 662// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 663// API operation DeletePolicy for usage and error information. 664// 665// Returned Error Types: 666// * ConcurrentModificationException 667// A previous update to your private CA is still ongoing. 668// 669// * InvalidArnException 670// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 671// 672// * InvalidStateException 673// The state of the private CA does not allow this action to occur. 674// 675// * LockoutPreventedException 676// The current action was prevented because it would lock the caller out from 677// performing subsequent actions. Verify that the specified parameters would 678// not result in the caller being denied access to the resource. 679// 680// * RequestFailedException 681// The request has failed for an unspecified reason. 682// 683// * ResourceNotFoundException 684// A resource such as a private CA, S3 bucket, certificate, audit report, or 685// policy cannot be found. 686// 687// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 688func (c *ACMPCA) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 689 req, out := c.DeletePolicyRequest(input) 690 return out, req.Send() 691} 692 693// DeletePolicyWithContext is the same as DeletePolicy with the addition of 694// the ability to pass a context and additional request options. 695// 696// See DeletePolicy for details on how to use this API operation. 697// 698// The context must be non-nil and will be used for request cancellation. If 699// the context is nil a panic will occur. In the future the SDK may create 700// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 701// for more information on using Contexts. 702func (c *ACMPCA) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 703 req, out := c.DeletePolicyRequest(input) 704 req.SetContext(ctx) 705 req.ApplyOptions(opts...) 706 return out, req.Send() 707} 708 709const opDescribeCertificateAuthority = "DescribeCertificateAuthority" 710 711// DescribeCertificateAuthorityRequest generates a "aws/request.Request" representing the 712// client's request for the DescribeCertificateAuthority operation. The "output" return 713// value will be populated with the request's response once the request completes 714// successfully. 715// 716// Use "Send" method on the returned Request to send the API call to the service. 717// the "output" return value is not valid until after Send returns without error. 718// 719// See DescribeCertificateAuthority for more information on using the DescribeCertificateAuthority 720// API call, and error handling. 721// 722// This method is useful when you want to inject custom logic or configuration 723// into the SDK's request lifecycle. Such as custom headers, or retry logic. 724// 725// 726// // Example sending a request using the DescribeCertificateAuthorityRequest method. 727// req, resp := client.DescribeCertificateAuthorityRequest(params) 728// 729// err := req.Send() 730// if err == nil { // resp is now filled 731// fmt.Println(resp) 732// } 733// 734// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 735func (c *ACMPCA) DescribeCertificateAuthorityRequest(input *DescribeCertificateAuthorityInput) (req *request.Request, output *DescribeCertificateAuthorityOutput) { 736 op := &request.Operation{ 737 Name: opDescribeCertificateAuthority, 738 HTTPMethod: "POST", 739 HTTPPath: "/", 740 } 741 742 if input == nil { 743 input = &DescribeCertificateAuthorityInput{} 744 } 745 746 output = &DescribeCertificateAuthorityOutput{} 747 req = c.newRequest(op, input, output) 748 return 749} 750 751// DescribeCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 752// 753// Lists information about your private certificate authority (CA) or one that 754// has been shared with you. You specify the private CA on input by its ARN 755// (Amazon Resource Name). The output contains the status of your CA. This can 756// be any of the following: 757// 758// * CREATING - ACM Private CA is creating your private certificate authority. 759// 760// * PENDING_CERTIFICATE - The certificate is pending. You must use your 761// ACM Private CA-hosted or on-premises root or subordinate CA to sign your 762// private CA CSR and then import it into PCA. 763// 764// * ACTIVE - Your private CA is active. 765// 766// * DISABLED - Your private CA has been disabled. 767// 768// * EXPIRED - Your private CA certificate has expired. 769// 770// * FAILED - Your private CA has failed. Your CA can fail because of problems 771// such a network outage or back-end AWS failure or other errors. A failed 772// CA can never return to the pending state. You must create a new CA. 773// 774// * DELETED - Your private CA is within the restoration period, after which 775// it is permanently deleted. The length of time remaining in the CA's restoration 776// period is also included in this action's output. 777// 778// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 779// with awserr.Error's Code and Message methods to get detailed information about 780// the error. 781// 782// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 783// API operation DescribeCertificateAuthority for usage and error information. 784// 785// Returned Error Types: 786// * ResourceNotFoundException 787// A resource such as a private CA, S3 bucket, certificate, audit report, or 788// policy cannot be found. 789// 790// * InvalidArnException 791// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 792// 793// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 794func (c *ACMPCA) DescribeCertificateAuthority(input *DescribeCertificateAuthorityInput) (*DescribeCertificateAuthorityOutput, error) { 795 req, out := c.DescribeCertificateAuthorityRequest(input) 796 return out, req.Send() 797} 798 799// DescribeCertificateAuthorityWithContext is the same as DescribeCertificateAuthority with the addition of 800// the ability to pass a context and additional request options. 801// 802// See DescribeCertificateAuthority for details on how to use this API operation. 803// 804// The context must be non-nil and will be used for request cancellation. If 805// the context is nil a panic will occur. In the future the SDK may create 806// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 807// for more information on using Contexts. 808func (c *ACMPCA) DescribeCertificateAuthorityWithContext(ctx aws.Context, input *DescribeCertificateAuthorityInput, opts ...request.Option) (*DescribeCertificateAuthorityOutput, error) { 809 req, out := c.DescribeCertificateAuthorityRequest(input) 810 req.SetContext(ctx) 811 req.ApplyOptions(opts...) 812 return out, req.Send() 813} 814 815const opDescribeCertificateAuthorityAuditReport = "DescribeCertificateAuthorityAuditReport" 816 817// DescribeCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 818// client's request for the DescribeCertificateAuthorityAuditReport operation. The "output" return 819// value will be populated with the request's response once the request completes 820// successfully. 821// 822// Use "Send" method on the returned Request to send the API call to the service. 823// the "output" return value is not valid until after Send returns without error. 824// 825// See DescribeCertificateAuthorityAuditReport for more information on using the DescribeCertificateAuthorityAuditReport 826// API call, and error handling. 827// 828// This method is useful when you want to inject custom logic or configuration 829// into the SDK's request lifecycle. Such as custom headers, or retry logic. 830// 831// 832// // Example sending a request using the DescribeCertificateAuthorityAuditReportRequest method. 833// req, resp := client.DescribeCertificateAuthorityAuditReportRequest(params) 834// 835// err := req.Send() 836// if err == nil { // resp is now filled 837// fmt.Println(resp) 838// } 839// 840// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 841func (c *ACMPCA) DescribeCertificateAuthorityAuditReportRequest(input *DescribeCertificateAuthorityAuditReportInput) (req *request.Request, output *DescribeCertificateAuthorityAuditReportOutput) { 842 op := &request.Operation{ 843 Name: opDescribeCertificateAuthorityAuditReport, 844 HTTPMethod: "POST", 845 HTTPPath: "/", 846 } 847 848 if input == nil { 849 input = &DescribeCertificateAuthorityAuditReportInput{} 850 } 851 852 output = &DescribeCertificateAuthorityAuditReportOutput{} 853 req = c.newRequest(op, input, output) 854 return 855} 856 857// DescribeCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 858// 859// Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport 860// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 861// action. Audit information is created every time the certificate authority 862// (CA) private key is used. The private key is used when you call the IssueCertificate 863// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 864// action or the RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 865// action. 866// 867// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 868// with awserr.Error's Code and Message methods to get detailed information about 869// the error. 870// 871// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 872// API operation DescribeCertificateAuthorityAuditReport for usage and error information. 873// 874// Returned Error Types: 875// * ResourceNotFoundException 876// A resource such as a private CA, S3 bucket, certificate, audit report, or 877// policy cannot be found. 878// 879// * InvalidArnException 880// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 881// 882// * InvalidArgsException 883// One or more of the specified arguments was not valid. 884// 885// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 886func (c *ACMPCA) DescribeCertificateAuthorityAuditReport(input *DescribeCertificateAuthorityAuditReportInput) (*DescribeCertificateAuthorityAuditReportOutput, error) { 887 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 888 return out, req.Send() 889} 890 891// DescribeCertificateAuthorityAuditReportWithContext is the same as DescribeCertificateAuthorityAuditReport with the addition of 892// the ability to pass a context and additional request options. 893// 894// See DescribeCertificateAuthorityAuditReport for details on how to use this API operation. 895// 896// The context must be non-nil and will be used for request cancellation. If 897// the context is nil a panic will occur. In the future the SDK may create 898// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 899// for more information on using Contexts. 900func (c *ACMPCA) DescribeCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *DescribeCertificateAuthorityAuditReportInput, opts ...request.Option) (*DescribeCertificateAuthorityAuditReportOutput, error) { 901 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 902 req.SetContext(ctx) 903 req.ApplyOptions(opts...) 904 return out, req.Send() 905} 906 907const opGetCertificate = "GetCertificate" 908 909// GetCertificateRequest generates a "aws/request.Request" representing the 910// client's request for the GetCertificate operation. The "output" return 911// value will be populated with the request's response once the request completes 912// successfully. 913// 914// Use "Send" method on the returned Request to send the API call to the service. 915// the "output" return value is not valid until after Send returns without error. 916// 917// See GetCertificate for more information on using the GetCertificate 918// API call, and error handling. 919// 920// This method is useful when you want to inject custom logic or configuration 921// into the SDK's request lifecycle. Such as custom headers, or retry logic. 922// 923// 924// // Example sending a request using the GetCertificateRequest method. 925// req, resp := client.GetCertificateRequest(params) 926// 927// err := req.Send() 928// if err == nil { // resp is now filled 929// fmt.Println(resp) 930// } 931// 932// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 933func (c *ACMPCA) GetCertificateRequest(input *GetCertificateInput) (req *request.Request, output *GetCertificateOutput) { 934 op := &request.Operation{ 935 Name: opGetCertificate, 936 HTTPMethod: "POST", 937 HTTPPath: "/", 938 } 939 940 if input == nil { 941 input = &GetCertificateInput{} 942 } 943 944 output = &GetCertificateOutput{} 945 req = c.newRequest(op, input, output) 946 return 947} 948 949// GetCertificate API operation for AWS Certificate Manager Private Certificate Authority. 950// 951// Retrieves a certificate from your private CA or one that has been shared 952// with you. The ARN of the certificate is returned when you call the IssueCertificate 953// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 954// action. You must specify both the ARN of your private CA and the ARN of the 955// issued certificate when calling the GetCertificate action. You can retrieve 956// the certificate if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport 957// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 958// action to create a report that contains information about all of the certificates 959// issued and revoked by your private CA. 960// 961// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 962// with awserr.Error's Code and Message methods to get detailed information about 963// the error. 964// 965// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 966// API operation GetCertificate for usage and error information. 967// 968// Returned Error Types: 969// * RequestInProgressException 970// Your request is already in progress. 971// 972// * RequestFailedException 973// The request has failed for an unspecified reason. 974// 975// * ResourceNotFoundException 976// A resource such as a private CA, S3 bucket, certificate, audit report, or 977// policy cannot be found. 978// 979// * InvalidArnException 980// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 981// 982// * InvalidStateException 983// The state of the private CA does not allow this action to occur. 984// 985// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 986func (c *ACMPCA) GetCertificate(input *GetCertificateInput) (*GetCertificateOutput, error) { 987 req, out := c.GetCertificateRequest(input) 988 return out, req.Send() 989} 990 991// GetCertificateWithContext is the same as GetCertificate with the addition of 992// the ability to pass a context and additional request options. 993// 994// See GetCertificate for details on how to use this API operation. 995// 996// The context must be non-nil and will be used for request cancellation. If 997// the context is nil a panic will occur. In the future the SDK may create 998// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 999// for more information on using Contexts. 1000func (c *ACMPCA) GetCertificateWithContext(ctx aws.Context, input *GetCertificateInput, opts ...request.Option) (*GetCertificateOutput, error) { 1001 req, out := c.GetCertificateRequest(input) 1002 req.SetContext(ctx) 1003 req.ApplyOptions(opts...) 1004 return out, req.Send() 1005} 1006 1007const opGetCertificateAuthorityCertificate = "GetCertificateAuthorityCertificate" 1008 1009// GetCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1010// client's request for the GetCertificateAuthorityCertificate operation. The "output" return 1011// value will be populated with the request's response once the request completes 1012// successfully. 1013// 1014// Use "Send" method on the returned Request to send the API call to the service. 1015// the "output" return value is not valid until after Send returns without error. 1016// 1017// See GetCertificateAuthorityCertificate for more information on using the GetCertificateAuthorityCertificate 1018// API call, and error handling. 1019// 1020// This method is useful when you want to inject custom logic or configuration 1021// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1022// 1023// 1024// // Example sending a request using the GetCertificateAuthorityCertificateRequest method. 1025// req, resp := client.GetCertificateAuthorityCertificateRequest(params) 1026// 1027// err := req.Send() 1028// if err == nil { // resp is now filled 1029// fmt.Println(resp) 1030// } 1031// 1032// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1033func (c *ACMPCA) GetCertificateAuthorityCertificateRequest(input *GetCertificateAuthorityCertificateInput) (req *request.Request, output *GetCertificateAuthorityCertificateOutput) { 1034 op := &request.Operation{ 1035 Name: opGetCertificateAuthorityCertificate, 1036 HTTPMethod: "POST", 1037 HTTPPath: "/", 1038 } 1039 1040 if input == nil { 1041 input = &GetCertificateAuthorityCertificateInput{} 1042 } 1043 1044 output = &GetCertificateAuthorityCertificateOutput{} 1045 req = c.newRequest(op, input, output) 1046 return 1047} 1048 1049// GetCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1050// 1051// Retrieves the certificate and certificate chain for your private certificate 1052// authority (CA) or one that has been shared with you. Both the certificate 1053// and the chain are base64 PEM-encoded. The chain does not include the CA certificate. 1054// Each certificate in the chain signs the one before it. 1055// 1056// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1057// with awserr.Error's Code and Message methods to get detailed information about 1058// the error. 1059// 1060// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1061// API operation GetCertificateAuthorityCertificate for usage and error information. 1062// 1063// Returned Error Types: 1064// * ResourceNotFoundException 1065// A resource such as a private CA, S3 bucket, certificate, audit report, or 1066// policy cannot be found. 1067// 1068// * InvalidStateException 1069// The state of the private CA does not allow this action to occur. 1070// 1071// * InvalidArnException 1072// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1073// 1074// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1075func (c *ACMPCA) GetCertificateAuthorityCertificate(input *GetCertificateAuthorityCertificateInput) (*GetCertificateAuthorityCertificateOutput, error) { 1076 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1077 return out, req.Send() 1078} 1079 1080// GetCertificateAuthorityCertificateWithContext is the same as GetCertificateAuthorityCertificate with the addition of 1081// the ability to pass a context and additional request options. 1082// 1083// See GetCertificateAuthorityCertificate for details on how to use this API operation. 1084// 1085// The context must be non-nil and will be used for request cancellation. If 1086// the context is nil a panic will occur. In the future the SDK may create 1087// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1088// for more information on using Contexts. 1089func (c *ACMPCA) GetCertificateAuthorityCertificateWithContext(ctx aws.Context, input *GetCertificateAuthorityCertificateInput, opts ...request.Option) (*GetCertificateAuthorityCertificateOutput, error) { 1090 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1091 req.SetContext(ctx) 1092 req.ApplyOptions(opts...) 1093 return out, req.Send() 1094} 1095 1096const opGetCertificateAuthorityCsr = "GetCertificateAuthorityCsr" 1097 1098// GetCertificateAuthorityCsrRequest generates a "aws/request.Request" representing the 1099// client's request for the GetCertificateAuthorityCsr operation. The "output" return 1100// value will be populated with the request's response once the request completes 1101// successfully. 1102// 1103// Use "Send" method on the returned Request to send the API call to the service. 1104// the "output" return value is not valid until after Send returns without error. 1105// 1106// See GetCertificateAuthorityCsr for more information on using the GetCertificateAuthorityCsr 1107// API call, and error handling. 1108// 1109// This method is useful when you want to inject custom logic or configuration 1110// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1111// 1112// 1113// // Example sending a request using the GetCertificateAuthorityCsrRequest method. 1114// req, resp := client.GetCertificateAuthorityCsrRequest(params) 1115// 1116// err := req.Send() 1117// if err == nil { // resp is now filled 1118// fmt.Println(resp) 1119// } 1120// 1121// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1122func (c *ACMPCA) GetCertificateAuthorityCsrRequest(input *GetCertificateAuthorityCsrInput) (req *request.Request, output *GetCertificateAuthorityCsrOutput) { 1123 op := &request.Operation{ 1124 Name: opGetCertificateAuthorityCsr, 1125 HTTPMethod: "POST", 1126 HTTPPath: "/", 1127 } 1128 1129 if input == nil { 1130 input = &GetCertificateAuthorityCsrInput{} 1131 } 1132 1133 output = &GetCertificateAuthorityCsrOutput{} 1134 req = c.newRequest(op, input, output) 1135 return 1136} 1137 1138// GetCertificateAuthorityCsr API operation for AWS Certificate Manager Private Certificate Authority. 1139// 1140// Retrieves the certificate signing request (CSR) for your private certificate 1141// authority (CA). The CSR is created when you call the CreateCertificateAuthority 1142// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1143// action. Sign the CSR with your ACM Private CA-hosted or on-premises root 1144// or subordinate CA. Then import the signed certificate back into ACM Private 1145// CA by calling the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 1146// action. The CSR is returned as a base64 PEM-encoded string. 1147// 1148// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1149// with awserr.Error's Code and Message methods to get detailed information about 1150// the error. 1151// 1152// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1153// API operation GetCertificateAuthorityCsr for usage and error information. 1154// 1155// Returned Error Types: 1156// * RequestInProgressException 1157// Your request is already in progress. 1158// 1159// * RequestFailedException 1160// The request has failed for an unspecified reason. 1161// 1162// * ResourceNotFoundException 1163// A resource such as a private CA, S3 bucket, certificate, audit report, or 1164// policy cannot be found. 1165// 1166// * InvalidArnException 1167// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1168// 1169// * InvalidStateException 1170// The state of the private CA does not allow this action to occur. 1171// 1172// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1173func (c *ACMPCA) GetCertificateAuthorityCsr(input *GetCertificateAuthorityCsrInput) (*GetCertificateAuthorityCsrOutput, error) { 1174 req, out := c.GetCertificateAuthorityCsrRequest(input) 1175 return out, req.Send() 1176} 1177 1178// GetCertificateAuthorityCsrWithContext is the same as GetCertificateAuthorityCsr with the addition of 1179// the ability to pass a context and additional request options. 1180// 1181// See GetCertificateAuthorityCsr for details on how to use this API operation. 1182// 1183// The context must be non-nil and will be used for request cancellation. If 1184// the context is nil a panic will occur. In the future the SDK may create 1185// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1186// for more information on using Contexts. 1187func (c *ACMPCA) GetCertificateAuthorityCsrWithContext(ctx aws.Context, input *GetCertificateAuthorityCsrInput, opts ...request.Option) (*GetCertificateAuthorityCsrOutput, error) { 1188 req, out := c.GetCertificateAuthorityCsrRequest(input) 1189 req.SetContext(ctx) 1190 req.ApplyOptions(opts...) 1191 return out, req.Send() 1192} 1193 1194const opGetPolicy = "GetPolicy" 1195 1196// GetPolicyRequest generates a "aws/request.Request" representing the 1197// client's request for the GetPolicy operation. The "output" return 1198// value will be populated with the request's response once the request completes 1199// successfully. 1200// 1201// Use "Send" method on the returned Request to send the API call to the service. 1202// the "output" return value is not valid until after Send returns without error. 1203// 1204// See GetPolicy for more information on using the GetPolicy 1205// API call, and error handling. 1206// 1207// This method is useful when you want to inject custom logic or configuration 1208// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1209// 1210// 1211// // Example sending a request using the GetPolicyRequest method. 1212// req, resp := client.GetPolicyRequest(params) 1213// 1214// err := req.Send() 1215// if err == nil { // resp is now filled 1216// fmt.Println(resp) 1217// } 1218// 1219// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1220func (c *ACMPCA) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) { 1221 op := &request.Operation{ 1222 Name: opGetPolicy, 1223 HTTPMethod: "POST", 1224 HTTPPath: "/", 1225 } 1226 1227 if input == nil { 1228 input = &GetPolicyInput{} 1229 } 1230 1231 output = &GetPolicyOutput{} 1232 req = c.newRequest(op, input, output) 1233 return 1234} 1235 1236// GetPolicy API operation for AWS Certificate Manager Private Certificate Authority. 1237// 1238// Retrieves the resource-based policy attached to a private CA. If either the 1239// private CA resource or the policy cannot be found, this action returns a 1240// ResourceNotFoundException. 1241// 1242// The policy can be attached or updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html) 1243// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 1244// 1245// About Policies 1246// 1247// * A policy grants access on a private CA to an AWS customer account, to 1248// AWS Organizations, or to an AWS Organizations unit. Policies are under 1249// the control of a CA administrator. For more information, see Using a Resource 1250// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1251// 1252// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 1253// certificates signed by a CA in another account. 1254// 1255// * For ACM to manage automatic renewal of these certificates, the ACM user 1256// must configure a Service Linked Role (SLR). The SLR allows the ACM service 1257// to assume the identity of the user, subject to confirmation against the 1258// ACM Private CA policy. For more information, see Using a Service Linked 1259// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 1260// 1261// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 1262// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 1263// 1264// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1265// with awserr.Error's Code and Message methods to get detailed information about 1266// the error. 1267// 1268// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1269// API operation GetPolicy for usage and error information. 1270// 1271// Returned Error Types: 1272// * InvalidArnException 1273// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1274// 1275// * InvalidStateException 1276// The state of the private CA does not allow this action to occur. 1277// 1278// * RequestFailedException 1279// The request has failed for an unspecified reason. 1280// 1281// * ResourceNotFoundException 1282// A resource such as a private CA, S3 bucket, certificate, audit report, or 1283// policy cannot be found. 1284// 1285// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1286func (c *ACMPCA) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) { 1287 req, out := c.GetPolicyRequest(input) 1288 return out, req.Send() 1289} 1290 1291// GetPolicyWithContext is the same as GetPolicy with the addition of 1292// the ability to pass a context and additional request options. 1293// 1294// See GetPolicy for details on how to use this API operation. 1295// 1296// The context must be non-nil and will be used for request cancellation. If 1297// the context is nil a panic will occur. In the future the SDK may create 1298// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1299// for more information on using Contexts. 1300func (c *ACMPCA) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error) { 1301 req, out := c.GetPolicyRequest(input) 1302 req.SetContext(ctx) 1303 req.ApplyOptions(opts...) 1304 return out, req.Send() 1305} 1306 1307const opImportCertificateAuthorityCertificate = "ImportCertificateAuthorityCertificate" 1308 1309// ImportCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1310// client's request for the ImportCertificateAuthorityCertificate operation. The "output" return 1311// value will be populated with the request's response once the request completes 1312// successfully. 1313// 1314// Use "Send" method on the returned Request to send the API call to the service. 1315// the "output" return value is not valid until after Send returns without error. 1316// 1317// See ImportCertificateAuthorityCertificate for more information on using the ImportCertificateAuthorityCertificate 1318// API call, and error handling. 1319// 1320// This method is useful when you want to inject custom logic or configuration 1321// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1322// 1323// 1324// // Example sending a request using the ImportCertificateAuthorityCertificateRequest method. 1325// req, resp := client.ImportCertificateAuthorityCertificateRequest(params) 1326// 1327// err := req.Send() 1328// if err == nil { // resp is now filled 1329// fmt.Println(resp) 1330// } 1331// 1332// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1333func (c *ACMPCA) ImportCertificateAuthorityCertificateRequest(input *ImportCertificateAuthorityCertificateInput) (req *request.Request, output *ImportCertificateAuthorityCertificateOutput) { 1334 op := &request.Operation{ 1335 Name: opImportCertificateAuthorityCertificate, 1336 HTTPMethod: "POST", 1337 HTTPPath: "/", 1338 } 1339 1340 if input == nil { 1341 input = &ImportCertificateAuthorityCertificateInput{} 1342 } 1343 1344 output = &ImportCertificateAuthorityCertificateOutput{} 1345 req = c.newRequest(op, input, output) 1346 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1347 return 1348} 1349 1350// ImportCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1351// 1352// Imports a signed private CA certificate into ACM Private CA. This action 1353// is used when you are using a chain of trust whose root is located outside 1354// ACM Private CA. Before you can call this action, the following preparations 1355// must in place: 1356// 1357// In ACM Private CA, call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1358// action to create the private CA that you plan to back with the imported certificate. 1359// 1360// Call the GetCertificateAuthorityCsr (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html) 1361// action to generate a certificate signing request (CSR). 1362// 1363// Sign the CSR using a root or intermediate CA hosted by either an on-premises 1364// PKI hierarchy or by a commercial CA. 1365// 1366// Create a certificate chain and copy the signed certificate and the certificate 1367// chain to your working directory. 1368// 1369// ACM Private CA supports three scenarios for installing a CA certificate: 1370// 1371// * Installing a certificate for a root CA hosted by ACM Private CA. 1372// 1373// * Installing a subordinate CA certificate whose parent authority is hosted 1374// by ACM Private CA. 1375// 1376// * Installing a subordinate CA certificate whose parent authority is externally 1377// hosted. 1378// 1379// The following additional requirements apply when you import a CA certificate. 1380// 1381// * Only a self-signed certificate can be imported as a root CA. 1382// 1383// * A self-signed certificate cannot be imported as a subordinate CA. 1384// 1385// * Your certificate chain must not include the private CA certificate that 1386// you are importing. 1387// 1388// * Your root CA must be the last certificate in your chain. The subordinate 1389// certificate, if any, that your root CA signed must be next to last. The 1390// subordinate certificate signed by the preceding subordinate CA must come 1391// next, and so on until your chain is built. 1392// 1393// * The chain must be PEM-encoded. 1394// 1395// * The maximum allowed size of a certificate is 32 KB. 1396// 1397// * The maximum allowed size of a certificate chain is 2 MB. 1398// 1399// Enforcement of Critical Constraints 1400// 1401// ACM Private CA allows the following extensions to be marked critical in the 1402// imported CA certificate or chain. 1403// 1404// * Basic constraints (must be marked critical) 1405// 1406// * Subject alternative names 1407// 1408// * Key usage 1409// 1410// * Extended key usage 1411// 1412// * Authority key identifier 1413// 1414// * Subject key identifier 1415// 1416// * Issuer alternative name 1417// 1418// * Subject directory attributes 1419// 1420// * Subject information access 1421// 1422// * Certificate policies 1423// 1424// * Policy mappings 1425// 1426// * Inhibit anyPolicy 1427// 1428// ACM Private CA rejects the following extensions when they are marked critical 1429// in an imported CA certificate or chain. 1430// 1431// * Name constraints 1432// 1433// * Policy constraints 1434// 1435// * CRL distribution points 1436// 1437// * Authority information access 1438// 1439// * Freshest CRL 1440// 1441// * Any other extension 1442// 1443// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1444// with awserr.Error's Code and Message methods to get detailed information about 1445// the error. 1446// 1447// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1448// API operation ImportCertificateAuthorityCertificate for usage and error information. 1449// 1450// Returned Error Types: 1451// * ConcurrentModificationException 1452// A previous update to your private CA is still ongoing. 1453// 1454// * RequestInProgressException 1455// Your request is already in progress. 1456// 1457// * RequestFailedException 1458// The request has failed for an unspecified reason. 1459// 1460// * ResourceNotFoundException 1461// A resource such as a private CA, S3 bucket, certificate, audit report, or 1462// policy cannot be found. 1463// 1464// * InvalidArnException 1465// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1466// 1467// * InvalidRequestException 1468// The request action cannot be performed or is prohibited. 1469// 1470// * InvalidStateException 1471// The state of the private CA does not allow this action to occur. 1472// 1473// * MalformedCertificateException 1474// One or more fields in the certificate are invalid. 1475// 1476// * CertificateMismatchException 1477// The certificate authority certificate you are importing does not comply with 1478// conditions specified in the certificate that signed it. 1479// 1480// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1481func (c *ACMPCA) ImportCertificateAuthorityCertificate(input *ImportCertificateAuthorityCertificateInput) (*ImportCertificateAuthorityCertificateOutput, error) { 1482 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1483 return out, req.Send() 1484} 1485 1486// ImportCertificateAuthorityCertificateWithContext is the same as ImportCertificateAuthorityCertificate with the addition of 1487// the ability to pass a context and additional request options. 1488// 1489// See ImportCertificateAuthorityCertificate for details on how to use this API operation. 1490// 1491// The context must be non-nil and will be used for request cancellation. If 1492// the context is nil a panic will occur. In the future the SDK may create 1493// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1494// for more information on using Contexts. 1495func (c *ACMPCA) ImportCertificateAuthorityCertificateWithContext(ctx aws.Context, input *ImportCertificateAuthorityCertificateInput, opts ...request.Option) (*ImportCertificateAuthorityCertificateOutput, error) { 1496 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1497 req.SetContext(ctx) 1498 req.ApplyOptions(opts...) 1499 return out, req.Send() 1500} 1501 1502const opIssueCertificate = "IssueCertificate" 1503 1504// IssueCertificateRequest generates a "aws/request.Request" representing the 1505// client's request for the IssueCertificate operation. The "output" return 1506// value will be populated with the request's response once the request completes 1507// successfully. 1508// 1509// Use "Send" method on the returned Request to send the API call to the service. 1510// the "output" return value is not valid until after Send returns without error. 1511// 1512// See IssueCertificate for more information on using the IssueCertificate 1513// API call, and error handling. 1514// 1515// This method is useful when you want to inject custom logic or configuration 1516// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1517// 1518// 1519// // Example sending a request using the IssueCertificateRequest method. 1520// req, resp := client.IssueCertificateRequest(params) 1521// 1522// err := req.Send() 1523// if err == nil { // resp is now filled 1524// fmt.Println(resp) 1525// } 1526// 1527// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1528func (c *ACMPCA) IssueCertificateRequest(input *IssueCertificateInput) (req *request.Request, output *IssueCertificateOutput) { 1529 op := &request.Operation{ 1530 Name: opIssueCertificate, 1531 HTTPMethod: "POST", 1532 HTTPPath: "/", 1533 } 1534 1535 if input == nil { 1536 input = &IssueCertificateInput{} 1537 } 1538 1539 output = &IssueCertificateOutput{} 1540 req = c.newRequest(op, input, output) 1541 return 1542} 1543 1544// IssueCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1545// 1546// Uses your private certificate authority (CA), or one that has been shared 1547// with you, to issue a client certificate. This action returns the Amazon Resource 1548// Name (ARN) of the certificate. You can retrieve the certificate by calling 1549// the GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 1550// action and specifying the ARN. 1551// 1552// You cannot use the ACM ListCertificateAuthorities action to retrieve the 1553// ARNs of the certificates that you issue by using ACM Private CA. 1554// 1555// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1556// with awserr.Error's Code and Message methods to get detailed information about 1557// the error. 1558// 1559// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1560// API operation IssueCertificate for usage and error information. 1561// 1562// Returned Error Types: 1563// * LimitExceededException 1564// An ACM Private CA quota has been exceeded. See the exception message returned 1565// to determine the quota that was exceeded. 1566// 1567// * ResourceNotFoundException 1568// A resource such as a private CA, S3 bucket, certificate, audit report, or 1569// policy cannot be found. 1570// 1571// * InvalidStateException 1572// The state of the private CA does not allow this action to occur. 1573// 1574// * InvalidArnException 1575// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1576// 1577// * InvalidArgsException 1578// One or more of the specified arguments was not valid. 1579// 1580// * MalformedCSRException 1581// The certificate signing request is invalid. 1582// 1583// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1584func (c *ACMPCA) IssueCertificate(input *IssueCertificateInput) (*IssueCertificateOutput, error) { 1585 req, out := c.IssueCertificateRequest(input) 1586 return out, req.Send() 1587} 1588 1589// IssueCertificateWithContext is the same as IssueCertificate with the addition of 1590// the ability to pass a context and additional request options. 1591// 1592// See IssueCertificate for details on how to use this API operation. 1593// 1594// The context must be non-nil and will be used for request cancellation. If 1595// the context is nil a panic will occur. In the future the SDK may create 1596// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1597// for more information on using Contexts. 1598func (c *ACMPCA) IssueCertificateWithContext(ctx aws.Context, input *IssueCertificateInput, opts ...request.Option) (*IssueCertificateOutput, error) { 1599 req, out := c.IssueCertificateRequest(input) 1600 req.SetContext(ctx) 1601 req.ApplyOptions(opts...) 1602 return out, req.Send() 1603} 1604 1605const opListCertificateAuthorities = "ListCertificateAuthorities" 1606 1607// ListCertificateAuthoritiesRequest generates a "aws/request.Request" representing the 1608// client's request for the ListCertificateAuthorities operation. The "output" return 1609// value will be populated with the request's response once the request completes 1610// successfully. 1611// 1612// Use "Send" method on the returned Request to send the API call to the service. 1613// the "output" return value is not valid until after Send returns without error. 1614// 1615// See ListCertificateAuthorities for more information on using the ListCertificateAuthorities 1616// API call, and error handling. 1617// 1618// This method is useful when you want to inject custom logic or configuration 1619// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1620// 1621// 1622// // Example sending a request using the ListCertificateAuthoritiesRequest method. 1623// req, resp := client.ListCertificateAuthoritiesRequest(params) 1624// 1625// err := req.Send() 1626// if err == nil { // resp is now filled 1627// fmt.Println(resp) 1628// } 1629// 1630// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1631func (c *ACMPCA) ListCertificateAuthoritiesRequest(input *ListCertificateAuthoritiesInput) (req *request.Request, output *ListCertificateAuthoritiesOutput) { 1632 op := &request.Operation{ 1633 Name: opListCertificateAuthorities, 1634 HTTPMethod: "POST", 1635 HTTPPath: "/", 1636 Paginator: &request.Paginator{ 1637 InputTokens: []string{"NextToken"}, 1638 OutputTokens: []string{"NextToken"}, 1639 LimitToken: "MaxResults", 1640 TruncationToken: "", 1641 }, 1642 } 1643 1644 if input == nil { 1645 input = &ListCertificateAuthoritiesInput{} 1646 } 1647 1648 output = &ListCertificateAuthoritiesOutput{} 1649 req = c.newRequest(op, input, output) 1650 return 1651} 1652 1653// ListCertificateAuthorities API operation for AWS Certificate Manager Private Certificate Authority. 1654// 1655// Lists the private certificate authorities that you created by using the CreateCertificateAuthority 1656// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1657// action. 1658// 1659// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1660// with awserr.Error's Code and Message methods to get detailed information about 1661// the error. 1662// 1663// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1664// API operation ListCertificateAuthorities for usage and error information. 1665// 1666// Returned Error Types: 1667// * InvalidNextTokenException 1668// The token specified in the NextToken argument is not valid. Use the token 1669// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1670// 1671// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1672func (c *ACMPCA) ListCertificateAuthorities(input *ListCertificateAuthoritiesInput) (*ListCertificateAuthoritiesOutput, error) { 1673 req, out := c.ListCertificateAuthoritiesRequest(input) 1674 return out, req.Send() 1675} 1676 1677// ListCertificateAuthoritiesWithContext is the same as ListCertificateAuthorities with the addition of 1678// the ability to pass a context and additional request options. 1679// 1680// See ListCertificateAuthorities for details on how to use this API operation. 1681// 1682// The context must be non-nil and will be used for request cancellation. If 1683// the context is nil a panic will occur. In the future the SDK may create 1684// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1685// for more information on using Contexts. 1686func (c *ACMPCA) ListCertificateAuthoritiesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, opts ...request.Option) (*ListCertificateAuthoritiesOutput, error) { 1687 req, out := c.ListCertificateAuthoritiesRequest(input) 1688 req.SetContext(ctx) 1689 req.ApplyOptions(opts...) 1690 return out, req.Send() 1691} 1692 1693// ListCertificateAuthoritiesPages iterates over the pages of a ListCertificateAuthorities operation, 1694// calling the "fn" function with the response data for each page. To stop 1695// iterating, return false from the fn function. 1696// 1697// See ListCertificateAuthorities method for more information on how to use this operation. 1698// 1699// Note: This operation can generate multiple requests to a service. 1700// 1701// // Example iterating over at most 3 pages of a ListCertificateAuthorities operation. 1702// pageNum := 0 1703// err := client.ListCertificateAuthoritiesPages(params, 1704// func(page *acmpca.ListCertificateAuthoritiesOutput, lastPage bool) bool { 1705// pageNum++ 1706// fmt.Println(page) 1707// return pageNum <= 3 1708// }) 1709// 1710func (c *ACMPCA) ListCertificateAuthoritiesPages(input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool) error { 1711 return c.ListCertificateAuthoritiesPagesWithContext(aws.BackgroundContext(), input, fn) 1712} 1713 1714// ListCertificateAuthoritiesPagesWithContext same as ListCertificateAuthoritiesPages except 1715// it takes a Context and allows setting request options on the pages. 1716// 1717// The context must be non-nil and will be used for request cancellation. If 1718// the context is nil a panic will occur. In the future the SDK may create 1719// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1720// for more information on using Contexts. 1721func (c *ACMPCA) ListCertificateAuthoritiesPagesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool, opts ...request.Option) error { 1722 p := request.Pagination{ 1723 NewRequest: func() (*request.Request, error) { 1724 var inCpy *ListCertificateAuthoritiesInput 1725 if input != nil { 1726 tmp := *input 1727 inCpy = &tmp 1728 } 1729 req, _ := c.ListCertificateAuthoritiesRequest(inCpy) 1730 req.SetContext(ctx) 1731 req.ApplyOptions(opts...) 1732 return req, nil 1733 }, 1734 } 1735 1736 for p.Next() { 1737 if !fn(p.Page().(*ListCertificateAuthoritiesOutput), !p.HasNextPage()) { 1738 break 1739 } 1740 } 1741 1742 return p.Err() 1743} 1744 1745const opListPermissions = "ListPermissions" 1746 1747// ListPermissionsRequest generates a "aws/request.Request" representing the 1748// client's request for the ListPermissions operation. The "output" return 1749// value will be populated with the request's response once the request completes 1750// successfully. 1751// 1752// Use "Send" method on the returned Request to send the API call to the service. 1753// the "output" return value is not valid until after Send returns without error. 1754// 1755// See ListPermissions for more information on using the ListPermissions 1756// API call, and error handling. 1757// 1758// This method is useful when you want to inject custom logic or configuration 1759// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1760// 1761// 1762// // Example sending a request using the ListPermissionsRequest method. 1763// req, resp := client.ListPermissionsRequest(params) 1764// 1765// err := req.Send() 1766// if err == nil { // resp is now filled 1767// fmt.Println(resp) 1768// } 1769// 1770// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1771func (c *ACMPCA) ListPermissionsRequest(input *ListPermissionsInput) (req *request.Request, output *ListPermissionsOutput) { 1772 op := &request.Operation{ 1773 Name: opListPermissions, 1774 HTTPMethod: "POST", 1775 HTTPPath: "/", 1776 Paginator: &request.Paginator{ 1777 InputTokens: []string{"NextToken"}, 1778 OutputTokens: []string{"NextToken"}, 1779 LimitToken: "MaxResults", 1780 TruncationToken: "", 1781 }, 1782 } 1783 1784 if input == nil { 1785 input = &ListPermissionsInput{} 1786 } 1787 1788 output = &ListPermissionsOutput{} 1789 req = c.newRequest(op, input, output) 1790 return 1791} 1792 1793// ListPermissions API operation for AWS Certificate Manager Private Certificate Authority. 1794// 1795// List all permissions on a private CA, if any, granted to the AWS Certificate 1796// Manager (ACM) service principal (acm.amazonaws.com). 1797// 1798// These permissions allow ACM to issue and renew ACM certificates that reside 1799// in the same AWS account as the CA. 1800// 1801// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 1802// action and revoked with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 1803// action. 1804// 1805// About Permissions 1806// 1807// * If the private CA and the certificates it issues reside in the same 1808// account, you can use CreatePermission to grant permissions for ACM to 1809// carry out automatic certificate renewals. 1810// 1811// * For automatic certificate renewal to succeed, the ACM service principal 1812// needs permissions to create, retrieve, and list certificates. 1813// 1814// * If the private CA and the ACM certificates reside in different accounts, 1815// then permissions cannot be used to enable automatic renewals. Instead, 1816// the ACM certificate owner must set up a resource-based policy to enable 1817// cross-account issuance and renewals. For more information, see Using a 1818// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1819// 1820// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1821// with awserr.Error's Code and Message methods to get detailed information about 1822// the error. 1823// 1824// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1825// API operation ListPermissions for usage and error information. 1826// 1827// Returned Error Types: 1828// * ResourceNotFoundException 1829// A resource such as a private CA, S3 bucket, certificate, audit report, or 1830// policy cannot be found. 1831// 1832// * InvalidArnException 1833// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1834// 1835// * InvalidNextTokenException 1836// The token specified in the NextToken argument is not valid. Use the token 1837// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1838// 1839// * InvalidStateException 1840// The state of the private CA does not allow this action to occur. 1841// 1842// * RequestFailedException 1843// The request has failed for an unspecified reason. 1844// 1845// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1846func (c *ACMPCA) ListPermissions(input *ListPermissionsInput) (*ListPermissionsOutput, error) { 1847 req, out := c.ListPermissionsRequest(input) 1848 return out, req.Send() 1849} 1850 1851// ListPermissionsWithContext is the same as ListPermissions with the addition of 1852// the ability to pass a context and additional request options. 1853// 1854// See ListPermissions for details on how to use this API operation. 1855// 1856// The context must be non-nil and will be used for request cancellation. If 1857// the context is nil a panic will occur. In the future the SDK may create 1858// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1859// for more information on using Contexts. 1860func (c *ACMPCA) ListPermissionsWithContext(ctx aws.Context, input *ListPermissionsInput, opts ...request.Option) (*ListPermissionsOutput, error) { 1861 req, out := c.ListPermissionsRequest(input) 1862 req.SetContext(ctx) 1863 req.ApplyOptions(opts...) 1864 return out, req.Send() 1865} 1866 1867// ListPermissionsPages iterates over the pages of a ListPermissions operation, 1868// calling the "fn" function with the response data for each page. To stop 1869// iterating, return false from the fn function. 1870// 1871// See ListPermissions method for more information on how to use this operation. 1872// 1873// Note: This operation can generate multiple requests to a service. 1874// 1875// // Example iterating over at most 3 pages of a ListPermissions operation. 1876// pageNum := 0 1877// err := client.ListPermissionsPages(params, 1878// func(page *acmpca.ListPermissionsOutput, lastPage bool) bool { 1879// pageNum++ 1880// fmt.Println(page) 1881// return pageNum <= 3 1882// }) 1883// 1884func (c *ACMPCA) ListPermissionsPages(input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool) error { 1885 return c.ListPermissionsPagesWithContext(aws.BackgroundContext(), input, fn) 1886} 1887 1888// ListPermissionsPagesWithContext same as ListPermissionsPages except 1889// it takes a Context and allows setting request options on the pages. 1890// 1891// The context must be non-nil and will be used for request cancellation. If 1892// the context is nil a panic will occur. In the future the SDK may create 1893// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1894// for more information on using Contexts. 1895func (c *ACMPCA) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool, opts ...request.Option) error { 1896 p := request.Pagination{ 1897 NewRequest: func() (*request.Request, error) { 1898 var inCpy *ListPermissionsInput 1899 if input != nil { 1900 tmp := *input 1901 inCpy = &tmp 1902 } 1903 req, _ := c.ListPermissionsRequest(inCpy) 1904 req.SetContext(ctx) 1905 req.ApplyOptions(opts...) 1906 return req, nil 1907 }, 1908 } 1909 1910 for p.Next() { 1911 if !fn(p.Page().(*ListPermissionsOutput), !p.HasNextPage()) { 1912 break 1913 } 1914 } 1915 1916 return p.Err() 1917} 1918 1919const opListTags = "ListTags" 1920 1921// ListTagsRequest generates a "aws/request.Request" representing the 1922// client's request for the ListTags operation. The "output" return 1923// value will be populated with the request's response once the request completes 1924// successfully. 1925// 1926// Use "Send" method on the returned Request to send the API call to the service. 1927// the "output" return value is not valid until after Send returns without error. 1928// 1929// See ListTags for more information on using the ListTags 1930// API call, and error handling. 1931// 1932// This method is useful when you want to inject custom logic or configuration 1933// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1934// 1935// 1936// // Example sending a request using the ListTagsRequest method. 1937// req, resp := client.ListTagsRequest(params) 1938// 1939// err := req.Send() 1940// if err == nil { // resp is now filled 1941// fmt.Println(resp) 1942// } 1943// 1944// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1945func (c *ACMPCA) ListTagsRequest(input *ListTagsInput) (req *request.Request, output *ListTagsOutput) { 1946 op := &request.Operation{ 1947 Name: opListTags, 1948 HTTPMethod: "POST", 1949 HTTPPath: "/", 1950 Paginator: &request.Paginator{ 1951 InputTokens: []string{"NextToken"}, 1952 OutputTokens: []string{"NextToken"}, 1953 LimitToken: "MaxResults", 1954 TruncationToken: "", 1955 }, 1956 } 1957 1958 if input == nil { 1959 input = &ListTagsInput{} 1960 } 1961 1962 output = &ListTagsOutput{} 1963 req = c.newRequest(op, input, output) 1964 return 1965} 1966 1967// ListTags API operation for AWS Certificate Manager Private Certificate Authority. 1968// 1969// Lists the tags, if any, that are associated with your private CA or one that 1970// has been shared with you. Tags are labels that you can use to identify and 1971// organize your CAs. Each tag consists of a key and an optional value. Call 1972// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 1973// action to add one or more tags to your CA. Call the UntagCertificateAuthority 1974// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 1975// action to remove tags. 1976// 1977// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1978// with awserr.Error's Code and Message methods to get detailed information about 1979// the error. 1980// 1981// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1982// API operation ListTags for usage and error information. 1983// 1984// Returned Error Types: 1985// * ResourceNotFoundException 1986// A resource such as a private CA, S3 bucket, certificate, audit report, or 1987// policy cannot be found. 1988// 1989// * InvalidArnException 1990// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1991// 1992// * InvalidStateException 1993// The state of the private CA does not allow this action to occur. 1994// 1995// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1996func (c *ACMPCA) ListTags(input *ListTagsInput) (*ListTagsOutput, error) { 1997 req, out := c.ListTagsRequest(input) 1998 return out, req.Send() 1999} 2000 2001// ListTagsWithContext is the same as ListTags with the addition of 2002// the ability to pass a context and additional request options. 2003// 2004// See ListTags for details on how to use this API operation. 2005// 2006// The context must be non-nil and will be used for request cancellation. If 2007// the context is nil a panic will occur. In the future the SDK may create 2008// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2009// for more information on using Contexts. 2010func (c *ACMPCA) ListTagsWithContext(ctx aws.Context, input *ListTagsInput, opts ...request.Option) (*ListTagsOutput, error) { 2011 req, out := c.ListTagsRequest(input) 2012 req.SetContext(ctx) 2013 req.ApplyOptions(opts...) 2014 return out, req.Send() 2015} 2016 2017// ListTagsPages iterates over the pages of a ListTags operation, 2018// calling the "fn" function with the response data for each page. To stop 2019// iterating, return false from the fn function. 2020// 2021// See ListTags method for more information on how to use this operation. 2022// 2023// Note: This operation can generate multiple requests to a service. 2024// 2025// // Example iterating over at most 3 pages of a ListTags operation. 2026// pageNum := 0 2027// err := client.ListTagsPages(params, 2028// func(page *acmpca.ListTagsOutput, lastPage bool) bool { 2029// pageNum++ 2030// fmt.Println(page) 2031// return pageNum <= 3 2032// }) 2033// 2034func (c *ACMPCA) ListTagsPages(input *ListTagsInput, fn func(*ListTagsOutput, bool) bool) error { 2035 return c.ListTagsPagesWithContext(aws.BackgroundContext(), input, fn) 2036} 2037 2038// ListTagsPagesWithContext same as ListTagsPages except 2039// it takes a Context and allows setting request options on the pages. 2040// 2041// The context must be non-nil and will be used for request cancellation. If 2042// the context is nil a panic will occur. In the future the SDK may create 2043// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2044// for more information on using Contexts. 2045func (c *ACMPCA) ListTagsPagesWithContext(ctx aws.Context, input *ListTagsInput, fn func(*ListTagsOutput, bool) bool, opts ...request.Option) error { 2046 p := request.Pagination{ 2047 NewRequest: func() (*request.Request, error) { 2048 var inCpy *ListTagsInput 2049 if input != nil { 2050 tmp := *input 2051 inCpy = &tmp 2052 } 2053 req, _ := c.ListTagsRequest(inCpy) 2054 req.SetContext(ctx) 2055 req.ApplyOptions(opts...) 2056 return req, nil 2057 }, 2058 } 2059 2060 for p.Next() { 2061 if !fn(p.Page().(*ListTagsOutput), !p.HasNextPage()) { 2062 break 2063 } 2064 } 2065 2066 return p.Err() 2067} 2068 2069const opPutPolicy = "PutPolicy" 2070 2071// PutPolicyRequest generates a "aws/request.Request" representing the 2072// client's request for the PutPolicy operation. The "output" return 2073// value will be populated with the request's response once the request completes 2074// successfully. 2075// 2076// Use "Send" method on the returned Request to send the API call to the service. 2077// the "output" return value is not valid until after Send returns without error. 2078// 2079// See PutPolicy for more information on using the PutPolicy 2080// API call, and error handling. 2081// 2082// This method is useful when you want to inject custom logic or configuration 2083// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2084// 2085// 2086// // Example sending a request using the PutPolicyRequest method. 2087// req, resp := client.PutPolicyRequest(params) 2088// 2089// err := req.Send() 2090// if err == nil { // resp is now filled 2091// fmt.Println(resp) 2092// } 2093// 2094// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2095func (c *ACMPCA) PutPolicyRequest(input *PutPolicyInput) (req *request.Request, output *PutPolicyOutput) { 2096 op := &request.Operation{ 2097 Name: opPutPolicy, 2098 HTTPMethod: "POST", 2099 HTTPPath: "/", 2100 } 2101 2102 if input == nil { 2103 input = &PutPolicyInput{} 2104 } 2105 2106 output = &PutPolicyOutput{} 2107 req = c.newRequest(op, input, output) 2108 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2109 return 2110} 2111 2112// PutPolicy API operation for AWS Certificate Manager Private Certificate Authority. 2113// 2114// Attaches a resource-based policy to a private CA. 2115// 2116// A policy can also be applied by sharing a private CA through AWS Resource 2117// Access Manager (RAM). For more information, see Attach a Policy for Cross-Account 2118// Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2119// 2120// The policy can be displayed with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 2121// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 2122// 2123// About Policies 2124// 2125// * A policy grants access on a private CA to an AWS customer account, to 2126// AWS Organizations, or to an AWS Organizations unit. Policies are under 2127// the control of a CA administrator. For more information, see Using a Resource 2128// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 2129// 2130// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 2131// certificates signed by a CA in another account. 2132// 2133// * For ACM to manage automatic renewal of these certificates, the ACM user 2134// must configure a Service Linked Role (SLR). The SLR allows the ACM service 2135// to assume the identity of the user, subject to confirmation against the 2136// ACM Private CA policy. For more information, see Using a Service Linked 2137// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 2138// 2139// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 2140// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2141// 2142// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2143// with awserr.Error's Code and Message methods to get detailed information about 2144// the error. 2145// 2146// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2147// API operation PutPolicy for usage and error information. 2148// 2149// Returned Error Types: 2150// * ConcurrentModificationException 2151// A previous update to your private CA is still ongoing. 2152// 2153// * InvalidArnException 2154// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2155// 2156// * InvalidStateException 2157// The state of the private CA does not allow this action to occur. 2158// 2159// * InvalidPolicyException 2160// The resource policy is invalid or is missing a required statement. For general 2161// information about IAM policy and statement structure, see Overview of JSON 2162// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2163// 2164// * LockoutPreventedException 2165// The current action was prevented because it would lock the caller out from 2166// performing subsequent actions. Verify that the specified parameters would 2167// not result in the caller being denied access to the resource. 2168// 2169// * RequestFailedException 2170// The request has failed for an unspecified reason. 2171// 2172// * ResourceNotFoundException 2173// A resource such as a private CA, S3 bucket, certificate, audit report, or 2174// policy cannot be found. 2175// 2176// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2177func (c *ACMPCA) PutPolicy(input *PutPolicyInput) (*PutPolicyOutput, error) { 2178 req, out := c.PutPolicyRequest(input) 2179 return out, req.Send() 2180} 2181 2182// PutPolicyWithContext is the same as PutPolicy with the addition of 2183// the ability to pass a context and additional request options. 2184// 2185// See PutPolicy for details on how to use this API operation. 2186// 2187// The context must be non-nil and will be used for request cancellation. If 2188// the context is nil a panic will occur. In the future the SDK may create 2189// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2190// for more information on using Contexts. 2191func (c *ACMPCA) PutPolicyWithContext(ctx aws.Context, input *PutPolicyInput, opts ...request.Option) (*PutPolicyOutput, error) { 2192 req, out := c.PutPolicyRequest(input) 2193 req.SetContext(ctx) 2194 req.ApplyOptions(opts...) 2195 return out, req.Send() 2196} 2197 2198const opRestoreCertificateAuthority = "RestoreCertificateAuthority" 2199 2200// RestoreCertificateAuthorityRequest generates a "aws/request.Request" representing the 2201// client's request for the RestoreCertificateAuthority operation. The "output" return 2202// value will be populated with the request's response once the request completes 2203// successfully. 2204// 2205// Use "Send" method on the returned Request to send the API call to the service. 2206// the "output" return value is not valid until after Send returns without error. 2207// 2208// See RestoreCertificateAuthority for more information on using the RestoreCertificateAuthority 2209// API call, and error handling. 2210// 2211// This method is useful when you want to inject custom logic or configuration 2212// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2213// 2214// 2215// // Example sending a request using the RestoreCertificateAuthorityRequest method. 2216// req, resp := client.RestoreCertificateAuthorityRequest(params) 2217// 2218// err := req.Send() 2219// if err == nil { // resp is now filled 2220// fmt.Println(resp) 2221// } 2222// 2223// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2224func (c *ACMPCA) RestoreCertificateAuthorityRequest(input *RestoreCertificateAuthorityInput) (req *request.Request, output *RestoreCertificateAuthorityOutput) { 2225 op := &request.Operation{ 2226 Name: opRestoreCertificateAuthority, 2227 HTTPMethod: "POST", 2228 HTTPPath: "/", 2229 } 2230 2231 if input == nil { 2232 input = &RestoreCertificateAuthorityInput{} 2233 } 2234 2235 output = &RestoreCertificateAuthorityOutput{} 2236 req = c.newRequest(op, input, output) 2237 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2238 return 2239} 2240 2241// RestoreCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2242// 2243// Restores a certificate authority (CA) that is in the DELETED state. You can 2244// restore a CA during the period that you defined in the PermanentDeletionTimeInDays 2245// parameter of the DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html) 2246// action. Currently, you can specify 7 to 30 days. If you did not specify a 2247// PermanentDeletionTimeInDays value, by default you can restore the CA at any 2248// time in a 30 day period. You can check the time remaining in the restoration 2249// period of a private CA in the DELETED state by calling the DescribeCertificateAuthority 2250// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 2251// or ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 2252// actions. The status of a restored CA is set to its pre-deletion status when 2253// the RestoreCertificateAuthority action returns. To change its status to ACTIVE, 2254// call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 2255// action. If the private CA was in the PENDING_CERTIFICATE state at deletion, 2256// you must use the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 2257// action to import a certificate authority into the private CA before it can 2258// be activated. You cannot restore a CA after the restoration period has ended. 2259// 2260// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2261// with awserr.Error's Code and Message methods to get detailed information about 2262// the error. 2263// 2264// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2265// API operation RestoreCertificateAuthority for usage and error information. 2266// 2267// Returned Error Types: 2268// * ResourceNotFoundException 2269// A resource such as a private CA, S3 bucket, certificate, audit report, or 2270// policy cannot be found. 2271// 2272// * InvalidStateException 2273// The state of the private CA does not allow this action to occur. 2274// 2275// * InvalidArnException 2276// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2277// 2278// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2279func (c *ACMPCA) RestoreCertificateAuthority(input *RestoreCertificateAuthorityInput) (*RestoreCertificateAuthorityOutput, error) { 2280 req, out := c.RestoreCertificateAuthorityRequest(input) 2281 return out, req.Send() 2282} 2283 2284// RestoreCertificateAuthorityWithContext is the same as RestoreCertificateAuthority with the addition of 2285// the ability to pass a context and additional request options. 2286// 2287// See RestoreCertificateAuthority for details on how to use this API operation. 2288// 2289// The context must be non-nil and will be used for request cancellation. If 2290// the context is nil a panic will occur. In the future the SDK may create 2291// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2292// for more information on using Contexts. 2293func (c *ACMPCA) RestoreCertificateAuthorityWithContext(ctx aws.Context, input *RestoreCertificateAuthorityInput, opts ...request.Option) (*RestoreCertificateAuthorityOutput, error) { 2294 req, out := c.RestoreCertificateAuthorityRequest(input) 2295 req.SetContext(ctx) 2296 req.ApplyOptions(opts...) 2297 return out, req.Send() 2298} 2299 2300const opRevokeCertificate = "RevokeCertificate" 2301 2302// RevokeCertificateRequest generates a "aws/request.Request" representing the 2303// client's request for the RevokeCertificate operation. The "output" return 2304// value will be populated with the request's response once the request completes 2305// successfully. 2306// 2307// Use "Send" method on the returned Request to send the API call to the service. 2308// the "output" return value is not valid until after Send returns without error. 2309// 2310// See RevokeCertificate for more information on using the RevokeCertificate 2311// API call, and error handling. 2312// 2313// This method is useful when you want to inject custom logic or configuration 2314// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2315// 2316// 2317// // Example sending a request using the RevokeCertificateRequest method. 2318// req, resp := client.RevokeCertificateRequest(params) 2319// 2320// err := req.Send() 2321// if err == nil { // resp is now filled 2322// fmt.Println(resp) 2323// } 2324// 2325// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2326func (c *ACMPCA) RevokeCertificateRequest(input *RevokeCertificateInput) (req *request.Request, output *RevokeCertificateOutput) { 2327 op := &request.Operation{ 2328 Name: opRevokeCertificate, 2329 HTTPMethod: "POST", 2330 HTTPPath: "/", 2331 } 2332 2333 if input == nil { 2334 input = &RevokeCertificateInput{} 2335 } 2336 2337 output = &RevokeCertificateOutput{} 2338 req = c.newRequest(op, input, output) 2339 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2340 return 2341} 2342 2343// RevokeCertificate API operation for AWS Certificate Manager Private Certificate Authority. 2344// 2345// Revokes a certificate that was issued inside ACM Private CA. If you enable 2346// a certificate revocation list (CRL) when you create or update your private 2347// CA, information about the revoked certificates will be included in the CRL. 2348// ACM Private CA writes the CRL to an S3 bucket that you specify. A CRL is 2349// typically updated approximately 30 minutes after a certificate is revoked. 2350// If for any reason the CRL update fails, ACM Private CA attempts makes further 2351// attempts every 15 minutes. With Amazon CloudWatch, you can create alarms 2352// for the metrics CRLGenerated and MisconfiguredCRLBucket. For more information, 2353// see Supported CloudWatch Metrics (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html). 2354// 2355// Both PCA and the IAM principal must have permission to write to the S3 bucket 2356// that you specify. If the IAM principal making the call does not have permission 2357// to write to the bucket, then an exception is thrown. For more information, 2358// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2359// 2360// ACM Private CA also writes revocation information to the audit report. For 2361// more information, see CreateCertificateAuthorityAuditReport (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html). 2362// 2363// You cannot revoke a root CA self-signed certificate. 2364// 2365// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2366// with awserr.Error's Code and Message methods to get detailed information about 2367// the error. 2368// 2369// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2370// API operation RevokeCertificate for usage and error information. 2371// 2372// Returned Error Types: 2373// * ConcurrentModificationException 2374// A previous update to your private CA is still ongoing. 2375// 2376// * InvalidArnException 2377// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2378// 2379// * InvalidRequestException 2380// The request action cannot be performed or is prohibited. 2381// 2382// * InvalidStateException 2383// The state of the private CA does not allow this action to occur. 2384// 2385// * LimitExceededException 2386// An ACM Private CA quota has been exceeded. See the exception message returned 2387// to determine the quota that was exceeded. 2388// 2389// * ResourceNotFoundException 2390// A resource such as a private CA, S3 bucket, certificate, audit report, or 2391// policy cannot be found. 2392// 2393// * RequestAlreadyProcessedException 2394// Your request has already been completed. 2395// 2396// * RequestInProgressException 2397// Your request is already in progress. 2398// 2399// * RequestFailedException 2400// The request has failed for an unspecified reason. 2401// 2402// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2403func (c *ACMPCA) RevokeCertificate(input *RevokeCertificateInput) (*RevokeCertificateOutput, error) { 2404 req, out := c.RevokeCertificateRequest(input) 2405 return out, req.Send() 2406} 2407 2408// RevokeCertificateWithContext is the same as RevokeCertificate with the addition of 2409// the ability to pass a context and additional request options. 2410// 2411// See RevokeCertificate for details on how to use this API operation. 2412// 2413// The context must be non-nil and will be used for request cancellation. If 2414// the context is nil a panic will occur. In the future the SDK may create 2415// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2416// for more information on using Contexts. 2417func (c *ACMPCA) RevokeCertificateWithContext(ctx aws.Context, input *RevokeCertificateInput, opts ...request.Option) (*RevokeCertificateOutput, error) { 2418 req, out := c.RevokeCertificateRequest(input) 2419 req.SetContext(ctx) 2420 req.ApplyOptions(opts...) 2421 return out, req.Send() 2422} 2423 2424const opTagCertificateAuthority = "TagCertificateAuthority" 2425 2426// TagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2427// client's request for the TagCertificateAuthority operation. The "output" return 2428// value will be populated with the request's response once the request completes 2429// successfully. 2430// 2431// Use "Send" method on the returned Request to send the API call to the service. 2432// the "output" return value is not valid until after Send returns without error. 2433// 2434// See TagCertificateAuthority for more information on using the TagCertificateAuthority 2435// API call, and error handling. 2436// 2437// This method is useful when you want to inject custom logic or configuration 2438// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2439// 2440// 2441// // Example sending a request using the TagCertificateAuthorityRequest method. 2442// req, resp := client.TagCertificateAuthorityRequest(params) 2443// 2444// err := req.Send() 2445// if err == nil { // resp is now filled 2446// fmt.Println(resp) 2447// } 2448// 2449// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2450func (c *ACMPCA) TagCertificateAuthorityRequest(input *TagCertificateAuthorityInput) (req *request.Request, output *TagCertificateAuthorityOutput) { 2451 op := &request.Operation{ 2452 Name: opTagCertificateAuthority, 2453 HTTPMethod: "POST", 2454 HTTPPath: "/", 2455 } 2456 2457 if input == nil { 2458 input = &TagCertificateAuthorityInput{} 2459 } 2460 2461 output = &TagCertificateAuthorityOutput{} 2462 req = c.newRequest(op, input, output) 2463 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2464 return 2465} 2466 2467// TagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2468// 2469// Adds one or more tags to your private CA. Tags are labels that you can use 2470// to identify and organize your AWS resources. Each tag consists of a key and 2471// an optional value. You specify the private CA on input by its Amazon Resource 2472// Name (ARN). You specify the tag by using a key-value pair. You can apply 2473// a tag to just one private CA if you want to identify a specific characteristic 2474// of that CA, or you can apply the same tag to multiple private CAs if you 2475// want to filter for a common relationship among those CAs. To remove one or 2476// more tags, use the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 2477// action. Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2478// action to see what tags are associated with your CA. 2479// 2480// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2481// with awserr.Error's Code and Message methods to get detailed information about 2482// the error. 2483// 2484// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2485// API operation TagCertificateAuthority for usage and error information. 2486// 2487// Returned Error Types: 2488// * ResourceNotFoundException 2489// A resource such as a private CA, S3 bucket, certificate, audit report, or 2490// policy cannot be found. 2491// 2492// * InvalidArnException 2493// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2494// 2495// * InvalidStateException 2496// The state of the private CA does not allow this action to occur. 2497// 2498// * InvalidTagException 2499// The tag associated with the CA is not valid. The invalid argument is contained 2500// in the message field. 2501// 2502// * TooManyTagsException 2503// You can associate up to 50 tags with a private CA. Exception information 2504// is contained in the exception message field. 2505// 2506// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2507func (c *ACMPCA) TagCertificateAuthority(input *TagCertificateAuthorityInput) (*TagCertificateAuthorityOutput, error) { 2508 req, out := c.TagCertificateAuthorityRequest(input) 2509 return out, req.Send() 2510} 2511 2512// TagCertificateAuthorityWithContext is the same as TagCertificateAuthority with the addition of 2513// the ability to pass a context and additional request options. 2514// 2515// See TagCertificateAuthority for details on how to use this API operation. 2516// 2517// The context must be non-nil and will be used for request cancellation. If 2518// the context is nil a panic will occur. In the future the SDK may create 2519// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2520// for more information on using Contexts. 2521func (c *ACMPCA) TagCertificateAuthorityWithContext(ctx aws.Context, input *TagCertificateAuthorityInput, opts ...request.Option) (*TagCertificateAuthorityOutput, error) { 2522 req, out := c.TagCertificateAuthorityRequest(input) 2523 req.SetContext(ctx) 2524 req.ApplyOptions(opts...) 2525 return out, req.Send() 2526} 2527 2528const opUntagCertificateAuthority = "UntagCertificateAuthority" 2529 2530// UntagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2531// client's request for the UntagCertificateAuthority operation. The "output" return 2532// value will be populated with the request's response once the request completes 2533// successfully. 2534// 2535// Use "Send" method on the returned Request to send the API call to the service. 2536// the "output" return value is not valid until after Send returns without error. 2537// 2538// See UntagCertificateAuthority for more information on using the UntagCertificateAuthority 2539// API call, and error handling. 2540// 2541// This method is useful when you want to inject custom logic or configuration 2542// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2543// 2544// 2545// // Example sending a request using the UntagCertificateAuthorityRequest method. 2546// req, resp := client.UntagCertificateAuthorityRequest(params) 2547// 2548// err := req.Send() 2549// if err == nil { // resp is now filled 2550// fmt.Println(resp) 2551// } 2552// 2553// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2554func (c *ACMPCA) UntagCertificateAuthorityRequest(input *UntagCertificateAuthorityInput) (req *request.Request, output *UntagCertificateAuthorityOutput) { 2555 op := &request.Operation{ 2556 Name: opUntagCertificateAuthority, 2557 HTTPMethod: "POST", 2558 HTTPPath: "/", 2559 } 2560 2561 if input == nil { 2562 input = &UntagCertificateAuthorityInput{} 2563 } 2564 2565 output = &UntagCertificateAuthorityOutput{} 2566 req = c.newRequest(op, input, output) 2567 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2568 return 2569} 2570 2571// UntagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2572// 2573// Remove one or more tags from your private CA. A tag consists of a key-value 2574// pair. If you do not specify the value portion of the tag when calling this 2575// action, the tag will be removed regardless of value. If you specify a value, 2576// the tag is removed only if it is associated with the specified value. To 2577// add tags to a private CA, use the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html). 2578// Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2579// action to see what tags are associated with your CA. 2580// 2581// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2582// with awserr.Error's Code and Message methods to get detailed information about 2583// the error. 2584// 2585// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2586// API operation UntagCertificateAuthority for usage and error information. 2587// 2588// Returned Error Types: 2589// * ResourceNotFoundException 2590// A resource such as a private CA, S3 bucket, certificate, audit report, or 2591// policy cannot be found. 2592// 2593// * InvalidArnException 2594// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2595// 2596// * InvalidStateException 2597// The state of the private CA does not allow this action to occur. 2598// 2599// * InvalidTagException 2600// The tag associated with the CA is not valid. The invalid argument is contained 2601// in the message field. 2602// 2603// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2604func (c *ACMPCA) UntagCertificateAuthority(input *UntagCertificateAuthorityInput) (*UntagCertificateAuthorityOutput, error) { 2605 req, out := c.UntagCertificateAuthorityRequest(input) 2606 return out, req.Send() 2607} 2608 2609// UntagCertificateAuthorityWithContext is the same as UntagCertificateAuthority with the addition of 2610// the ability to pass a context and additional request options. 2611// 2612// See UntagCertificateAuthority for details on how to use this API operation. 2613// 2614// The context must be non-nil and will be used for request cancellation. If 2615// the context is nil a panic will occur. In the future the SDK may create 2616// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2617// for more information on using Contexts. 2618func (c *ACMPCA) UntagCertificateAuthorityWithContext(ctx aws.Context, input *UntagCertificateAuthorityInput, opts ...request.Option) (*UntagCertificateAuthorityOutput, error) { 2619 req, out := c.UntagCertificateAuthorityRequest(input) 2620 req.SetContext(ctx) 2621 req.ApplyOptions(opts...) 2622 return out, req.Send() 2623} 2624 2625const opUpdateCertificateAuthority = "UpdateCertificateAuthority" 2626 2627// UpdateCertificateAuthorityRequest generates a "aws/request.Request" representing the 2628// client's request for the UpdateCertificateAuthority operation. The "output" return 2629// value will be populated with the request's response once the request completes 2630// successfully. 2631// 2632// Use "Send" method on the returned Request to send the API call to the service. 2633// the "output" return value is not valid until after Send returns without error. 2634// 2635// See UpdateCertificateAuthority for more information on using the UpdateCertificateAuthority 2636// API call, and error handling. 2637// 2638// This method is useful when you want to inject custom logic or configuration 2639// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2640// 2641// 2642// // Example sending a request using the UpdateCertificateAuthorityRequest method. 2643// req, resp := client.UpdateCertificateAuthorityRequest(params) 2644// 2645// err := req.Send() 2646// if err == nil { // resp is now filled 2647// fmt.Println(resp) 2648// } 2649// 2650// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2651func (c *ACMPCA) UpdateCertificateAuthorityRequest(input *UpdateCertificateAuthorityInput) (req *request.Request, output *UpdateCertificateAuthorityOutput) { 2652 op := &request.Operation{ 2653 Name: opUpdateCertificateAuthority, 2654 HTTPMethod: "POST", 2655 HTTPPath: "/", 2656 } 2657 2658 if input == nil { 2659 input = &UpdateCertificateAuthorityInput{} 2660 } 2661 2662 output = &UpdateCertificateAuthorityOutput{} 2663 req = c.newRequest(op, input, output) 2664 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2665 return 2666} 2667 2668// UpdateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2669// 2670// Updates the status or configuration of a private certificate authority (CA). 2671// Your private CA must be in the ACTIVE or DISABLED state before you can update 2672// it. You can disable a private CA that is in the ACTIVE state or make a CA 2673// that is in the DISABLED state active again. 2674// 2675// Both PCA and the IAM principal must have permission to write to the S3 bucket 2676// that you specify. If the IAM principal making the call does not have permission 2677// to write to the bucket, then an exception is thrown. For more information, 2678// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2679// 2680// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2681// with awserr.Error's Code and Message methods to get detailed information about 2682// the error. 2683// 2684// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2685// API operation UpdateCertificateAuthority for usage and error information. 2686// 2687// Returned Error Types: 2688// * ConcurrentModificationException 2689// A previous update to your private CA is still ongoing. 2690// 2691// * ResourceNotFoundException 2692// A resource such as a private CA, S3 bucket, certificate, audit report, or 2693// policy cannot be found. 2694// 2695// * InvalidArgsException 2696// One or more of the specified arguments was not valid. 2697// 2698// * InvalidArnException 2699// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2700// 2701// * InvalidStateException 2702// The state of the private CA does not allow this action to occur. 2703// 2704// * InvalidPolicyException 2705// The resource policy is invalid or is missing a required statement. For general 2706// information about IAM policy and statement structure, see Overview of JSON 2707// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2708// 2709// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2710func (c *ACMPCA) UpdateCertificateAuthority(input *UpdateCertificateAuthorityInput) (*UpdateCertificateAuthorityOutput, error) { 2711 req, out := c.UpdateCertificateAuthorityRequest(input) 2712 return out, req.Send() 2713} 2714 2715// UpdateCertificateAuthorityWithContext is the same as UpdateCertificateAuthority with the addition of 2716// the ability to pass a context and additional request options. 2717// 2718// See UpdateCertificateAuthority for details on how to use this API operation. 2719// 2720// The context must be non-nil and will be used for request cancellation. If 2721// the context is nil a panic will occur. In the future the SDK may create 2722// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2723// for more information on using Contexts. 2724func (c *ACMPCA) UpdateCertificateAuthorityWithContext(ctx aws.Context, input *UpdateCertificateAuthorityInput, opts ...request.Option) (*UpdateCertificateAuthorityOutput, error) { 2725 req, out := c.UpdateCertificateAuthorityRequest(input) 2726 req.SetContext(ctx) 2727 req.ApplyOptions(opts...) 2728 return out, req.Send() 2729} 2730 2731// Contains information about the certificate subject. The Subject field in 2732// the certificate identifies the entity that owns or controls the public key 2733// in the certificate. The entity can be a user, computer, device, or service. 2734// The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 2735// of relative distinguished names (RDNs). The RDNs are separated by commas 2736// in the certificate. 2737type ASN1Subject struct { 2738 _ struct{} `type:"structure"` 2739 2740 // For CA and end-entity certificates in a private PKI, the common name (CN) 2741 // can be any string within the length limit. 2742 // 2743 // Note: In publicly trusted certificates, the common name must be a fully qualified 2744 // domain name (FQDN) associated with the certificate subject. 2745 CommonName *string `type:"string"` 2746 2747 // Two-digit code that specifies the country in which the certificate subject 2748 // located. 2749 Country *string `min:"2" type:"string"` 2750 2751 // Disambiguating information for the certificate subject. 2752 DistinguishedNameQualifier *string `type:"string"` 2753 2754 // Typically a qualifier appended to the name of an individual. Examples include 2755 // Jr. for junior, Sr. for senior, and III for third. 2756 GenerationQualifier *string `type:"string"` 2757 2758 // First name. 2759 GivenName *string `type:"string"` 2760 2761 // Concatenation that typically contains the first letter of the GivenName, 2762 // the first letter of the middle name if one exists, and the first letter of 2763 // the Surname. 2764 Initials *string `type:"string"` 2765 2766 // The locality (such as a city or town) in which the certificate subject is 2767 // located. 2768 Locality *string `type:"string"` 2769 2770 // Legal name of the organization with which the certificate subject is affiliated. 2771 Organization *string `type:"string"` 2772 2773 // A subdivision or unit of the organization (such as sales or finance) with 2774 // which the certificate subject is affiliated. 2775 OrganizationalUnit *string `type:"string"` 2776 2777 // Typically a shortened version of a longer GivenName. For example, Jonathan 2778 // is often shortened to John. Elizabeth is often shortened to Beth, Liz, or 2779 // Eliza. 2780 Pseudonym *string `type:"string"` 2781 2782 // The certificate serial number. 2783 SerialNumber *string `type:"string"` 2784 2785 // State in which the subject of the certificate is located. 2786 State *string `type:"string"` 2787 2788 // Family name. In the US and the UK, for example, the surname of an individual 2789 // is ordered last. In Asian cultures the surname is typically ordered first. 2790 Surname *string `type:"string"` 2791 2792 // A title such as Mr. or Ms., which is pre-pended to the name to refer formally 2793 // to the certificate subject. 2794 Title *string `type:"string"` 2795} 2796 2797// String returns the string representation 2798func (s ASN1Subject) String() string { 2799 return awsutil.Prettify(s) 2800} 2801 2802// GoString returns the string representation 2803func (s ASN1Subject) GoString() string { 2804 return s.String() 2805} 2806 2807// Validate inspects the fields of the type to determine if they are valid. 2808func (s *ASN1Subject) Validate() error { 2809 invalidParams := request.ErrInvalidParams{Context: "ASN1Subject"} 2810 if s.Country != nil && len(*s.Country) < 2 { 2811 invalidParams.Add(request.NewErrParamMinLen("Country", 2)) 2812 } 2813 2814 if invalidParams.Len() > 0 { 2815 return invalidParams 2816 } 2817 return nil 2818} 2819 2820// SetCommonName sets the CommonName field's value. 2821func (s *ASN1Subject) SetCommonName(v string) *ASN1Subject { 2822 s.CommonName = &v 2823 return s 2824} 2825 2826// SetCountry sets the Country field's value. 2827func (s *ASN1Subject) SetCountry(v string) *ASN1Subject { 2828 s.Country = &v 2829 return s 2830} 2831 2832// SetDistinguishedNameQualifier sets the DistinguishedNameQualifier field's value. 2833func (s *ASN1Subject) SetDistinguishedNameQualifier(v string) *ASN1Subject { 2834 s.DistinguishedNameQualifier = &v 2835 return s 2836} 2837 2838// SetGenerationQualifier sets the GenerationQualifier field's value. 2839func (s *ASN1Subject) SetGenerationQualifier(v string) *ASN1Subject { 2840 s.GenerationQualifier = &v 2841 return s 2842} 2843 2844// SetGivenName sets the GivenName field's value. 2845func (s *ASN1Subject) SetGivenName(v string) *ASN1Subject { 2846 s.GivenName = &v 2847 return s 2848} 2849 2850// SetInitials sets the Initials field's value. 2851func (s *ASN1Subject) SetInitials(v string) *ASN1Subject { 2852 s.Initials = &v 2853 return s 2854} 2855 2856// SetLocality sets the Locality field's value. 2857func (s *ASN1Subject) SetLocality(v string) *ASN1Subject { 2858 s.Locality = &v 2859 return s 2860} 2861 2862// SetOrganization sets the Organization field's value. 2863func (s *ASN1Subject) SetOrganization(v string) *ASN1Subject { 2864 s.Organization = &v 2865 return s 2866} 2867 2868// SetOrganizationalUnit sets the OrganizationalUnit field's value. 2869func (s *ASN1Subject) SetOrganizationalUnit(v string) *ASN1Subject { 2870 s.OrganizationalUnit = &v 2871 return s 2872} 2873 2874// SetPseudonym sets the Pseudonym field's value. 2875func (s *ASN1Subject) SetPseudonym(v string) *ASN1Subject { 2876 s.Pseudonym = &v 2877 return s 2878} 2879 2880// SetSerialNumber sets the SerialNumber field's value. 2881func (s *ASN1Subject) SetSerialNumber(v string) *ASN1Subject { 2882 s.SerialNumber = &v 2883 return s 2884} 2885 2886// SetState sets the State field's value. 2887func (s *ASN1Subject) SetState(v string) *ASN1Subject { 2888 s.State = &v 2889 return s 2890} 2891 2892// SetSurname sets the Surname field's value. 2893func (s *ASN1Subject) SetSurname(v string) *ASN1Subject { 2894 s.Surname = &v 2895 return s 2896} 2897 2898// SetTitle sets the Title field's value. 2899func (s *ASN1Subject) SetTitle(v string) *ASN1Subject { 2900 s.Title = &v 2901 return s 2902} 2903 2904// Provides access information used by the authorityInfoAccess and subjectInfoAccess 2905// extensions described in RFC 5280 (https://tools.ietf.org/html/rfc5280). 2906type AccessDescription struct { 2907 _ struct{} `type:"structure"` 2908 2909 // The location of AccessDescription information. 2910 // 2911 // AccessLocation is a required field 2912 AccessLocation *GeneralName `type:"structure" required:"true"` 2913 2914 // The type and format of AccessDescription information. 2915 // 2916 // AccessMethod is a required field 2917 AccessMethod *AccessMethod `type:"structure" required:"true"` 2918} 2919 2920// String returns the string representation 2921func (s AccessDescription) String() string { 2922 return awsutil.Prettify(s) 2923} 2924 2925// GoString returns the string representation 2926func (s AccessDescription) GoString() string { 2927 return s.String() 2928} 2929 2930// Validate inspects the fields of the type to determine if they are valid. 2931func (s *AccessDescription) Validate() error { 2932 invalidParams := request.ErrInvalidParams{Context: "AccessDescription"} 2933 if s.AccessLocation == nil { 2934 invalidParams.Add(request.NewErrParamRequired("AccessLocation")) 2935 } 2936 if s.AccessMethod == nil { 2937 invalidParams.Add(request.NewErrParamRequired("AccessMethod")) 2938 } 2939 if s.AccessLocation != nil { 2940 if err := s.AccessLocation.Validate(); err != nil { 2941 invalidParams.AddNested("AccessLocation", err.(request.ErrInvalidParams)) 2942 } 2943 } 2944 2945 if invalidParams.Len() > 0 { 2946 return invalidParams 2947 } 2948 return nil 2949} 2950 2951// SetAccessLocation sets the AccessLocation field's value. 2952func (s *AccessDescription) SetAccessLocation(v *GeneralName) *AccessDescription { 2953 s.AccessLocation = v 2954 return s 2955} 2956 2957// SetAccessMethod sets the AccessMethod field's value. 2958func (s *AccessDescription) SetAccessMethod(v *AccessMethod) *AccessDescription { 2959 s.AccessMethod = v 2960 return s 2961} 2962 2963// Describes the type and format of extension access. Only one of CustomObjectIdentifier 2964// or AccessMethodType may be provided. Providing both results in InvalidArgsException. 2965type AccessMethod struct { 2966 _ struct{} `type:"structure"` 2967 2968 // Specifies the AccessMethod. 2969 AccessMethodType *string `type:"string" enum:"AccessMethodType"` 2970 2971 // An object identifier (OID) specifying the AccessMethod. The OID must satisfy 2972 // the regular expression shown below. For more information, see NIST's definition 2973 // of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 2974 CustomObjectIdentifier *string `type:"string"` 2975} 2976 2977// String returns the string representation 2978func (s AccessMethod) String() string { 2979 return awsutil.Prettify(s) 2980} 2981 2982// GoString returns the string representation 2983func (s AccessMethod) GoString() string { 2984 return s.String() 2985} 2986 2987// SetAccessMethodType sets the AccessMethodType field's value. 2988func (s *AccessMethod) SetAccessMethodType(v string) *AccessMethod { 2989 s.AccessMethodType = &v 2990 return s 2991} 2992 2993// SetCustomObjectIdentifier sets the CustomObjectIdentifier field's value. 2994func (s *AccessMethod) SetCustomObjectIdentifier(v string) *AccessMethod { 2995 s.CustomObjectIdentifier = &v 2996 return s 2997} 2998 2999// Contains X.509 certificate information to be placed in an issued certificate. 3000// An APIPassthrough or APICSRPassthrough template variant must be selected, 3001// or else this parameter is ignored. 3002// 3003// If conflicting or duplicate certificate information is supplied from other 3004// sources, ACM Private CA applies order of operation rules (xxxxx) to determine 3005// what information is used. 3006type ApiPassthrough struct { 3007 _ struct{} `type:"structure"` 3008 3009 // Specifies X.509 extension information for a certificate. 3010 Extensions *Extensions `type:"structure"` 3011 3012 // Contains information about the certificate subject. The Subject field in 3013 // the certificate identifies the entity that owns or controls the public key 3014 // in the certificate. The entity can be a user, computer, device, or service. 3015 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 3016 // of relative distinguished names (RDNs). The RDNs are separated by commas 3017 // in the certificate. 3018 Subject *ASN1Subject `type:"structure"` 3019} 3020 3021// String returns the string representation 3022func (s ApiPassthrough) String() string { 3023 return awsutil.Prettify(s) 3024} 3025 3026// GoString returns the string representation 3027func (s ApiPassthrough) GoString() string { 3028 return s.String() 3029} 3030 3031// Validate inspects the fields of the type to determine if they are valid. 3032func (s *ApiPassthrough) Validate() error { 3033 invalidParams := request.ErrInvalidParams{Context: "ApiPassthrough"} 3034 if s.Extensions != nil { 3035 if err := s.Extensions.Validate(); err != nil { 3036 invalidParams.AddNested("Extensions", err.(request.ErrInvalidParams)) 3037 } 3038 } 3039 if s.Subject != nil { 3040 if err := s.Subject.Validate(); err != nil { 3041 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3042 } 3043 } 3044 3045 if invalidParams.Len() > 0 { 3046 return invalidParams 3047 } 3048 return nil 3049} 3050 3051// SetExtensions sets the Extensions field's value. 3052func (s *ApiPassthrough) SetExtensions(v *Extensions) *ApiPassthrough { 3053 s.Extensions = v 3054 return s 3055} 3056 3057// SetSubject sets the Subject field's value. 3058func (s *ApiPassthrough) SetSubject(v *ASN1Subject) *ApiPassthrough { 3059 s.Subject = v 3060 return s 3061} 3062 3063// Contains information about your private certificate authority (CA). Your 3064// private CA can issue and revoke X.509 digital certificates. Digital certificates 3065// verify that the entity named in the certificate Subject field owns or controls 3066// the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority 3067// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3068// action to create your private CA. You must then call the GetCertificateAuthorityCertificate 3069// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) 3070// action to retrieve a private CA certificate signing request (CSR). Sign the 3071// CSR with your ACM Private CA-hosted or on-premises root or subordinate CA 3072// certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 3073// action to import the signed certificate into AWS Certificate Manager (ACM). 3074type CertificateAuthority struct { 3075 _ struct{} `type:"structure"` 3076 3077 // Amazon Resource Name (ARN) for your private certificate authority (CA). The 3078 // format is 12345678-1234-1234-1234-123456789012 . 3079 Arn *string `min:"5" type:"string"` 3080 3081 // Your private CA configuration. 3082 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure"` 3083 3084 // Date and time at which your private CA was created. 3085 CreatedAt *time.Time `type:"timestamp"` 3086 3087 // Reason the request to create your private CA failed. 3088 FailureReason *string `type:"string" enum:"FailureReason"` 3089 3090 // Date and time at which your private CA was last updated. 3091 LastStateChangeAt *time.Time `type:"timestamp"` 3092 3093 // Date and time after which your private CA certificate is not valid. 3094 NotAfter *time.Time `type:"timestamp"` 3095 3096 // Date and time before which your private CA certificate is not valid. 3097 NotBefore *time.Time `type:"timestamp"` 3098 3099 // The AWS account ID that owns the certificate authority. 3100 OwnerAccount *string `min:"12" type:"string"` 3101 3102 // The period during which a deleted CA can be restored. For more information, 3103 // see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest 3104 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html) 3105 // action. 3106 RestorableUntil *time.Time `type:"timestamp"` 3107 3108 // Information about the certificate revocation list (CRL) created and maintained 3109 // by your private CA. 3110 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3111 3112 // Serial number of your private CA. 3113 Serial *string `type:"string"` 3114 3115 // Status of your private CA. 3116 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 3117 3118 // Type of your private CA. 3119 Type *string `type:"string" enum:"CertificateAuthorityType"` 3120} 3121 3122// String returns the string representation 3123func (s CertificateAuthority) String() string { 3124 return awsutil.Prettify(s) 3125} 3126 3127// GoString returns the string representation 3128func (s CertificateAuthority) GoString() string { 3129 return s.String() 3130} 3131 3132// SetArn sets the Arn field's value. 3133func (s *CertificateAuthority) SetArn(v string) *CertificateAuthority { 3134 s.Arn = &v 3135 return s 3136} 3137 3138// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3139func (s *CertificateAuthority) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CertificateAuthority { 3140 s.CertificateAuthorityConfiguration = v 3141 return s 3142} 3143 3144// SetCreatedAt sets the CreatedAt field's value. 3145func (s *CertificateAuthority) SetCreatedAt(v time.Time) *CertificateAuthority { 3146 s.CreatedAt = &v 3147 return s 3148} 3149 3150// SetFailureReason sets the FailureReason field's value. 3151func (s *CertificateAuthority) SetFailureReason(v string) *CertificateAuthority { 3152 s.FailureReason = &v 3153 return s 3154} 3155 3156// SetLastStateChangeAt sets the LastStateChangeAt field's value. 3157func (s *CertificateAuthority) SetLastStateChangeAt(v time.Time) *CertificateAuthority { 3158 s.LastStateChangeAt = &v 3159 return s 3160} 3161 3162// SetNotAfter sets the NotAfter field's value. 3163func (s *CertificateAuthority) SetNotAfter(v time.Time) *CertificateAuthority { 3164 s.NotAfter = &v 3165 return s 3166} 3167 3168// SetNotBefore sets the NotBefore field's value. 3169func (s *CertificateAuthority) SetNotBefore(v time.Time) *CertificateAuthority { 3170 s.NotBefore = &v 3171 return s 3172} 3173 3174// SetOwnerAccount sets the OwnerAccount field's value. 3175func (s *CertificateAuthority) SetOwnerAccount(v string) *CertificateAuthority { 3176 s.OwnerAccount = &v 3177 return s 3178} 3179 3180// SetRestorableUntil sets the RestorableUntil field's value. 3181func (s *CertificateAuthority) SetRestorableUntil(v time.Time) *CertificateAuthority { 3182 s.RestorableUntil = &v 3183 return s 3184} 3185 3186// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3187func (s *CertificateAuthority) SetRevocationConfiguration(v *RevocationConfiguration) *CertificateAuthority { 3188 s.RevocationConfiguration = v 3189 return s 3190} 3191 3192// SetSerial sets the Serial field's value. 3193func (s *CertificateAuthority) SetSerial(v string) *CertificateAuthority { 3194 s.Serial = &v 3195 return s 3196} 3197 3198// SetStatus sets the Status field's value. 3199func (s *CertificateAuthority) SetStatus(v string) *CertificateAuthority { 3200 s.Status = &v 3201 return s 3202} 3203 3204// SetType sets the Type field's value. 3205func (s *CertificateAuthority) SetType(v string) *CertificateAuthority { 3206 s.Type = &v 3207 return s 3208} 3209 3210// Contains configuration information for your private certificate authority 3211// (CA). This includes information about the class of public key algorithm and 3212// the key pair that your private CA creates when it issues a certificate. It 3213// also includes the signature algorithm that it uses when issuing certificates, 3214// and its X.500 distinguished name. You must specify this information when 3215// you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3216// action. 3217type CertificateAuthorityConfiguration struct { 3218 _ struct{} `type:"structure"` 3219 3220 // Specifies information to be added to the extension section of the certificate 3221 // signing request (CSR). 3222 CsrExtensions *CsrExtensions `type:"structure"` 3223 3224 // Type of the public key algorithm and size, in bits, of the key pair that 3225 // your CA creates when it issues a certificate. When you create a subordinate 3226 // CA, you must use a key algorithm supported by the parent CA. 3227 // 3228 // KeyAlgorithm is a required field 3229 KeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` 3230 3231 // Name of the algorithm your private CA uses to sign certificate requests. 3232 // 3233 // This parameter should not be confused with the SigningAlgorithm parameter 3234 // used to sign certificates when they are issued. 3235 // 3236 // SigningAlgorithm is a required field 3237 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 3238 3239 // Structure that contains X.500 distinguished name information for your private 3240 // CA. 3241 // 3242 // Subject is a required field 3243 Subject *ASN1Subject `type:"structure" required:"true"` 3244} 3245 3246// String returns the string representation 3247func (s CertificateAuthorityConfiguration) String() string { 3248 return awsutil.Prettify(s) 3249} 3250 3251// GoString returns the string representation 3252func (s CertificateAuthorityConfiguration) GoString() string { 3253 return s.String() 3254} 3255 3256// Validate inspects the fields of the type to determine if they are valid. 3257func (s *CertificateAuthorityConfiguration) Validate() error { 3258 invalidParams := request.ErrInvalidParams{Context: "CertificateAuthorityConfiguration"} 3259 if s.KeyAlgorithm == nil { 3260 invalidParams.Add(request.NewErrParamRequired("KeyAlgorithm")) 3261 } 3262 if s.SigningAlgorithm == nil { 3263 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 3264 } 3265 if s.Subject == nil { 3266 invalidParams.Add(request.NewErrParamRequired("Subject")) 3267 } 3268 if s.CsrExtensions != nil { 3269 if err := s.CsrExtensions.Validate(); err != nil { 3270 invalidParams.AddNested("CsrExtensions", err.(request.ErrInvalidParams)) 3271 } 3272 } 3273 if s.Subject != nil { 3274 if err := s.Subject.Validate(); err != nil { 3275 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3276 } 3277 } 3278 3279 if invalidParams.Len() > 0 { 3280 return invalidParams 3281 } 3282 return nil 3283} 3284 3285// SetCsrExtensions sets the CsrExtensions field's value. 3286func (s *CertificateAuthorityConfiguration) SetCsrExtensions(v *CsrExtensions) *CertificateAuthorityConfiguration { 3287 s.CsrExtensions = v 3288 return s 3289} 3290 3291// SetKeyAlgorithm sets the KeyAlgorithm field's value. 3292func (s *CertificateAuthorityConfiguration) SetKeyAlgorithm(v string) *CertificateAuthorityConfiguration { 3293 s.KeyAlgorithm = &v 3294 return s 3295} 3296 3297// SetSigningAlgorithm sets the SigningAlgorithm field's value. 3298func (s *CertificateAuthorityConfiguration) SetSigningAlgorithm(v string) *CertificateAuthorityConfiguration { 3299 s.SigningAlgorithm = &v 3300 return s 3301} 3302 3303// SetSubject sets the Subject field's value. 3304func (s *CertificateAuthorityConfiguration) SetSubject(v *ASN1Subject) *CertificateAuthorityConfiguration { 3305 s.Subject = v 3306 return s 3307} 3308 3309// The certificate authority certificate you are importing does not comply with 3310// conditions specified in the certificate that signed it. 3311type CertificateMismatchException struct { 3312 _ struct{} `type:"structure"` 3313 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3314 3315 Message_ *string `locationName:"message" type:"string"` 3316} 3317 3318// String returns the string representation 3319func (s CertificateMismatchException) String() string { 3320 return awsutil.Prettify(s) 3321} 3322 3323// GoString returns the string representation 3324func (s CertificateMismatchException) GoString() string { 3325 return s.String() 3326} 3327 3328func newErrorCertificateMismatchException(v protocol.ResponseMetadata) error { 3329 return &CertificateMismatchException{ 3330 RespMetadata: v, 3331 } 3332} 3333 3334// Code returns the exception type name. 3335func (s *CertificateMismatchException) Code() string { 3336 return "CertificateMismatchException" 3337} 3338 3339// Message returns the exception's message. 3340func (s *CertificateMismatchException) Message() string { 3341 if s.Message_ != nil { 3342 return *s.Message_ 3343 } 3344 return "" 3345} 3346 3347// OrigErr always returns nil, satisfies awserr.Error interface. 3348func (s *CertificateMismatchException) OrigErr() error { 3349 return nil 3350} 3351 3352func (s *CertificateMismatchException) Error() string { 3353 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3354} 3355 3356// Status code returns the HTTP status code for the request's response error. 3357func (s *CertificateMismatchException) StatusCode() int { 3358 return s.RespMetadata.StatusCode 3359} 3360 3361// RequestID returns the service's response RequestID for request. 3362func (s *CertificateMismatchException) RequestID() string { 3363 return s.RespMetadata.RequestID 3364} 3365 3366// A previous update to your private CA is still ongoing. 3367type ConcurrentModificationException struct { 3368 _ struct{} `type:"structure"` 3369 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3370 3371 Message_ *string `locationName:"message" type:"string"` 3372} 3373 3374// String returns the string representation 3375func (s ConcurrentModificationException) String() string { 3376 return awsutil.Prettify(s) 3377} 3378 3379// GoString returns the string representation 3380func (s ConcurrentModificationException) GoString() string { 3381 return s.String() 3382} 3383 3384func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error { 3385 return &ConcurrentModificationException{ 3386 RespMetadata: v, 3387 } 3388} 3389 3390// Code returns the exception type name. 3391func (s *ConcurrentModificationException) Code() string { 3392 return "ConcurrentModificationException" 3393} 3394 3395// Message returns the exception's message. 3396func (s *ConcurrentModificationException) Message() string { 3397 if s.Message_ != nil { 3398 return *s.Message_ 3399 } 3400 return "" 3401} 3402 3403// OrigErr always returns nil, satisfies awserr.Error interface. 3404func (s *ConcurrentModificationException) OrigErr() error { 3405 return nil 3406} 3407 3408func (s *ConcurrentModificationException) Error() string { 3409 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3410} 3411 3412// Status code returns the HTTP status code for the request's response error. 3413func (s *ConcurrentModificationException) StatusCode() int { 3414 return s.RespMetadata.StatusCode 3415} 3416 3417// RequestID returns the service's response RequestID for request. 3418func (s *ConcurrentModificationException) RequestID() string { 3419 return s.RespMetadata.RequestID 3420} 3421 3422type CreateCertificateAuthorityAuditReportInput struct { 3423 _ struct{} `type:"structure"` 3424 3425 // The format in which to create the report. This can be either JSON or CSV. 3426 // 3427 // AuditReportResponseFormat is a required field 3428 AuditReportResponseFormat *string `type:"string" required:"true" enum:"AuditReportResponseFormat"` 3429 3430 // The Amazon Resource Name (ARN) of the CA to be audited. This is of the form: 3431 // 3432 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3433 // 3434 // CertificateAuthorityArn is a required field 3435 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3436 3437 // The name of the S3 bucket that will contain the audit report. 3438 // 3439 // S3BucketName is a required field 3440 S3BucketName *string `min:"3" type:"string" required:"true"` 3441} 3442 3443// String returns the string representation 3444func (s CreateCertificateAuthorityAuditReportInput) String() string { 3445 return awsutil.Prettify(s) 3446} 3447 3448// GoString returns the string representation 3449func (s CreateCertificateAuthorityAuditReportInput) GoString() string { 3450 return s.String() 3451} 3452 3453// Validate inspects the fields of the type to determine if they are valid. 3454func (s *CreateCertificateAuthorityAuditReportInput) Validate() error { 3455 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityAuditReportInput"} 3456 if s.AuditReportResponseFormat == nil { 3457 invalidParams.Add(request.NewErrParamRequired("AuditReportResponseFormat")) 3458 } 3459 if s.CertificateAuthorityArn == nil { 3460 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3461 } 3462 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3463 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3464 } 3465 if s.S3BucketName == nil { 3466 invalidParams.Add(request.NewErrParamRequired("S3BucketName")) 3467 } 3468 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 3469 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 3470 } 3471 3472 if invalidParams.Len() > 0 { 3473 return invalidParams 3474 } 3475 return nil 3476} 3477 3478// SetAuditReportResponseFormat sets the AuditReportResponseFormat field's value. 3479func (s *CreateCertificateAuthorityAuditReportInput) SetAuditReportResponseFormat(v string) *CreateCertificateAuthorityAuditReportInput { 3480 s.AuditReportResponseFormat = &v 3481 return s 3482} 3483 3484// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3485func (s *CreateCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityAuditReportInput { 3486 s.CertificateAuthorityArn = &v 3487 return s 3488} 3489 3490// SetS3BucketName sets the S3BucketName field's value. 3491func (s *CreateCertificateAuthorityAuditReportInput) SetS3BucketName(v string) *CreateCertificateAuthorityAuditReportInput { 3492 s.S3BucketName = &v 3493 return s 3494} 3495 3496type CreateCertificateAuthorityAuditReportOutput struct { 3497 _ struct{} `type:"structure"` 3498 3499 // An alphanumeric string that contains a report identifier. 3500 AuditReportId *string `min:"36" type:"string"` 3501 3502 // The key that uniquely identifies the report file in your S3 bucket. 3503 S3Key *string `type:"string"` 3504} 3505 3506// String returns the string representation 3507func (s CreateCertificateAuthorityAuditReportOutput) String() string { 3508 return awsutil.Prettify(s) 3509} 3510 3511// GoString returns the string representation 3512func (s CreateCertificateAuthorityAuditReportOutput) GoString() string { 3513 return s.String() 3514} 3515 3516// SetAuditReportId sets the AuditReportId field's value. 3517func (s *CreateCertificateAuthorityAuditReportOutput) SetAuditReportId(v string) *CreateCertificateAuthorityAuditReportOutput { 3518 s.AuditReportId = &v 3519 return s 3520} 3521 3522// SetS3Key sets the S3Key field's value. 3523func (s *CreateCertificateAuthorityAuditReportOutput) SetS3Key(v string) *CreateCertificateAuthorityAuditReportOutput { 3524 s.S3Key = &v 3525 return s 3526} 3527 3528type CreateCertificateAuthorityInput struct { 3529 _ struct{} `type:"structure"` 3530 3531 // Name and bit size of the private key algorithm, the name of the signing algorithm, 3532 // and X.500 certificate subject information. 3533 // 3534 // CertificateAuthorityConfiguration is a required field 3535 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure" required:"true"` 3536 3537 // The type of the certificate authority. 3538 // 3539 // CertificateAuthorityType is a required field 3540 CertificateAuthorityType *string `type:"string" required:"true" enum:"CertificateAuthorityType"` 3541 3542 // Custom string that can be used to distinguish between calls to the CreateCertificateAuthority 3543 // action. Idempotency tokens for CreateCertificateAuthority time out after 3544 // five minutes. Therefore, if you call CreateCertificateAuthority multiple 3545 // times with the same idempotency token within five minutes, ACM Private CA 3546 // recognizes that you are requesting only certificate authority and will issue 3547 // only one. If you change the idempotency token for each call, PCA recognizes 3548 // that you are requesting multiple certificate authorities. 3549 IdempotencyToken *string `min:"1" type:"string"` 3550 3551 // Contains a Boolean value that you can use to enable a certification revocation 3552 // list (CRL) for the CA, the name of the S3 bucket to which ACM Private CA 3553 // will write the CRL, and an optional CNAME alias that you can use to hide 3554 // the name of your bucket in the CRL Distribution Points extension of your 3555 // CA certificate. For more information, see the CrlConfiguration (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html) 3556 // structure. 3557 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3558 3559 // Key-value pairs that will be attached to the new private CA. You can associate 3560 // up to 50 tags with a private CA. For information using tags with IAM to manage 3561 // permissions, see Controlling Access Using IAM Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html). 3562 Tags []*Tag `min:"1" type:"list"` 3563} 3564 3565// String returns the string representation 3566func (s CreateCertificateAuthorityInput) String() string { 3567 return awsutil.Prettify(s) 3568} 3569 3570// GoString returns the string representation 3571func (s CreateCertificateAuthorityInput) GoString() string { 3572 return s.String() 3573} 3574 3575// Validate inspects the fields of the type to determine if they are valid. 3576func (s *CreateCertificateAuthorityInput) Validate() error { 3577 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityInput"} 3578 if s.CertificateAuthorityConfiguration == nil { 3579 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityConfiguration")) 3580 } 3581 if s.CertificateAuthorityType == nil { 3582 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityType")) 3583 } 3584 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 3585 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 3586 } 3587 if s.Tags != nil && len(s.Tags) < 1 { 3588 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 3589 } 3590 if s.CertificateAuthorityConfiguration != nil { 3591 if err := s.CertificateAuthorityConfiguration.Validate(); err != nil { 3592 invalidParams.AddNested("CertificateAuthorityConfiguration", err.(request.ErrInvalidParams)) 3593 } 3594 } 3595 if s.RevocationConfiguration != nil { 3596 if err := s.RevocationConfiguration.Validate(); err != nil { 3597 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 3598 } 3599 } 3600 if s.Tags != nil { 3601 for i, v := range s.Tags { 3602 if v == nil { 3603 continue 3604 } 3605 if err := v.Validate(); err != nil { 3606 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 3607 } 3608 } 3609 } 3610 3611 if invalidParams.Len() > 0 { 3612 return invalidParams 3613 } 3614 return nil 3615} 3616 3617// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3618func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CreateCertificateAuthorityInput { 3619 s.CertificateAuthorityConfiguration = v 3620 return s 3621} 3622 3623// SetCertificateAuthorityType sets the CertificateAuthorityType field's value. 3624func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityType(v string) *CreateCertificateAuthorityInput { 3625 s.CertificateAuthorityType = &v 3626 return s 3627} 3628 3629// SetIdempotencyToken sets the IdempotencyToken field's value. 3630func (s *CreateCertificateAuthorityInput) SetIdempotencyToken(v string) *CreateCertificateAuthorityInput { 3631 s.IdempotencyToken = &v 3632 return s 3633} 3634 3635// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3636func (s *CreateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *CreateCertificateAuthorityInput { 3637 s.RevocationConfiguration = v 3638 return s 3639} 3640 3641// SetTags sets the Tags field's value. 3642func (s *CreateCertificateAuthorityInput) SetTags(v []*Tag) *CreateCertificateAuthorityInput { 3643 s.Tags = v 3644 return s 3645} 3646 3647type CreateCertificateAuthorityOutput struct { 3648 _ struct{} `type:"structure"` 3649 3650 // If successful, the Amazon Resource Name (ARN) of the certificate authority 3651 // (CA). This is of the form: 3652 // 3653 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3654 CertificateAuthorityArn *string `min:"5" type:"string"` 3655} 3656 3657// String returns the string representation 3658func (s CreateCertificateAuthorityOutput) String() string { 3659 return awsutil.Prettify(s) 3660} 3661 3662// GoString returns the string representation 3663func (s CreateCertificateAuthorityOutput) GoString() string { 3664 return s.String() 3665} 3666 3667// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3668func (s *CreateCertificateAuthorityOutput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityOutput { 3669 s.CertificateAuthorityArn = &v 3670 return s 3671} 3672 3673type CreatePermissionInput struct { 3674 _ struct{} `type:"structure"` 3675 3676 // The actions that the specified AWS service principal can use. These include 3677 // IssueCertificate, GetCertificate, and ListPermissions. 3678 // 3679 // Actions is a required field 3680 Actions []*string `min:"1" type:"list" required:"true"` 3681 3682 // The Amazon Resource Name (ARN) of the CA that grants the permissions. You 3683 // can find the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 3684 // action. This must have the following form: 3685 // 3686 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3687 // 3688 // CertificateAuthorityArn is a required field 3689 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3690 3691 // The AWS service or identity that receives the permission. At this time, the 3692 // only valid principal is acm.amazonaws.com. 3693 // 3694 // Principal is a required field 3695 Principal *string `type:"string" required:"true"` 3696 3697 // The ID of the calling account. 3698 SourceAccount *string `min:"12" type:"string"` 3699} 3700 3701// String returns the string representation 3702func (s CreatePermissionInput) String() string { 3703 return awsutil.Prettify(s) 3704} 3705 3706// GoString returns the string representation 3707func (s CreatePermissionInput) GoString() string { 3708 return s.String() 3709} 3710 3711// Validate inspects the fields of the type to determine if they are valid. 3712func (s *CreatePermissionInput) Validate() error { 3713 invalidParams := request.ErrInvalidParams{Context: "CreatePermissionInput"} 3714 if s.Actions == nil { 3715 invalidParams.Add(request.NewErrParamRequired("Actions")) 3716 } 3717 if s.Actions != nil && len(s.Actions) < 1 { 3718 invalidParams.Add(request.NewErrParamMinLen("Actions", 1)) 3719 } 3720 if s.CertificateAuthorityArn == nil { 3721 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3722 } 3723 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3724 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3725 } 3726 if s.Principal == nil { 3727 invalidParams.Add(request.NewErrParamRequired("Principal")) 3728 } 3729 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 3730 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 3731 } 3732 3733 if invalidParams.Len() > 0 { 3734 return invalidParams 3735 } 3736 return nil 3737} 3738 3739// SetActions sets the Actions field's value. 3740func (s *CreatePermissionInput) SetActions(v []*string) *CreatePermissionInput { 3741 s.Actions = v 3742 return s 3743} 3744 3745// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3746func (s *CreatePermissionInput) SetCertificateAuthorityArn(v string) *CreatePermissionInput { 3747 s.CertificateAuthorityArn = &v 3748 return s 3749} 3750 3751// SetPrincipal sets the Principal field's value. 3752func (s *CreatePermissionInput) SetPrincipal(v string) *CreatePermissionInput { 3753 s.Principal = &v 3754 return s 3755} 3756 3757// SetSourceAccount sets the SourceAccount field's value. 3758func (s *CreatePermissionInput) SetSourceAccount(v string) *CreatePermissionInput { 3759 s.SourceAccount = &v 3760 return s 3761} 3762 3763type CreatePermissionOutput struct { 3764 _ struct{} `type:"structure"` 3765} 3766 3767// String returns the string representation 3768func (s CreatePermissionOutput) String() string { 3769 return awsutil.Prettify(s) 3770} 3771 3772// GoString returns the string representation 3773func (s CreatePermissionOutput) GoString() string { 3774 return s.String() 3775} 3776 3777// Contains configuration information for a certificate revocation list (CRL). 3778// Your private certificate authority (CA) creates base CRLs. Delta CRLs are 3779// not supported. You can enable CRLs for your new or an existing private CA 3780// by setting the Enabled parameter to true. Your private CA writes CRLs to 3781// an S3 bucket that you specify in the S3BucketName parameter. You can hide 3782// the name of your bucket by specifying a value for the CustomCname parameter. 3783// Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution 3784// Points extension of each certificate it issues. Your S3 bucket policy must 3785// give write permission to ACM Private CA. 3786// 3787// ACM Private CAA assets that are stored in Amazon S3 can be protected with 3788// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 3789// 3790// Your private CA uses the value in the ExpirationInDays parameter to calculate 3791// the nextUpdate field in the CRL. The CRL is refreshed at 1/2 the age of next 3792// update or when a certificate is revoked. When a certificate is revoked, it 3793// is recorded in the next CRL that is generated and in the next audit report. 3794// Only time valid certificates are listed in the CRL. Expired certificates 3795// are not included. 3796// 3797// CRLs contain the following fields: 3798// 3799// * Version: The current version number defined in RFC 5280 is V2. The integer 3800// value is 0x1. 3801// 3802// * Signature Algorithm: The name of the algorithm used to sign the CRL. 3803// 3804// * Issuer: The X.500 distinguished name of your private CA that issued 3805// the CRL. 3806// 3807// * Last Update: The issue date and time of this CRL. 3808// 3809// * Next Update: The day and time by which the next CRL will be issued. 3810// 3811// * Revoked Certificates: List of revoked certificates. Each list item contains 3812// the following information. Serial Number: The serial number, in hexadecimal 3813// format, of the revoked certificate. Revocation Date: Date and time the 3814// certificate was revoked. CRL Entry Extensions: Optional extensions for 3815// the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked. 3816// 3817// * CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key 3818// Identifier: Identifies the public key associated with the private key 3819// used to sign the certificate. X509v3 CRL Number:: Decimal sequence number 3820// for the CRL. 3821// 3822// * Signature Algorithm: Algorithm used by your private CA to sign the CRL. 3823// 3824// * Signature Value: Signature computed over the CRL. 3825// 3826// Certificate revocation lists created by ACM Private CA are DER-encoded. You 3827// can use the following OpenSSL command to list a CRL. 3828// 3829// openssl crl -inform DER -text -in crl_path -noout 3830type CrlConfiguration struct { 3831 _ struct{} `type:"structure"` 3832 3833 // Name inserted into the certificate CRL Distribution Points extension that 3834 // enables the use of an alias for the CRL distribution point. Use this value 3835 // if you don't want the name of your S3 bucket to be public. 3836 CustomCname *string `type:"string"` 3837 3838 // Boolean value that specifies whether certificate revocation lists (CRLs) 3839 // are enabled. You can use this value to enable certificate revocation for 3840 // a new CA when you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3841 // action or for an existing CA when you call the UpdateCertificateAuthority 3842 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 3843 // action. 3844 // 3845 // Enabled is a required field 3846 Enabled *bool `type:"boolean" required:"true"` 3847 3848 // Validity period of the CRL in days. 3849 ExpirationInDays *int64 `min:"1" type:"integer"` 3850 3851 // Name of the S3 bucket that contains the CRL. If you do not provide a value 3852 // for the CustomCname argument, the name of your S3 bucket is placed into the 3853 // CRL Distribution Points extension of the issued certificate. You can change 3854 // the name of your bucket by calling the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 3855 // action. You must specify a bucket policy that allows ACM Private CA to write 3856 // the CRL to your bucket. 3857 S3BucketName *string `min:"3" type:"string"` 3858} 3859 3860// String returns the string representation 3861func (s CrlConfiguration) String() string { 3862 return awsutil.Prettify(s) 3863} 3864 3865// GoString returns the string representation 3866func (s CrlConfiguration) GoString() string { 3867 return s.String() 3868} 3869 3870// Validate inspects the fields of the type to determine if they are valid. 3871func (s *CrlConfiguration) Validate() error { 3872 invalidParams := request.ErrInvalidParams{Context: "CrlConfiguration"} 3873 if s.Enabled == nil { 3874 invalidParams.Add(request.NewErrParamRequired("Enabled")) 3875 } 3876 if s.ExpirationInDays != nil && *s.ExpirationInDays < 1 { 3877 invalidParams.Add(request.NewErrParamMinValue("ExpirationInDays", 1)) 3878 } 3879 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 3880 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 3881 } 3882 3883 if invalidParams.Len() > 0 { 3884 return invalidParams 3885 } 3886 return nil 3887} 3888 3889// SetCustomCname sets the CustomCname field's value. 3890func (s *CrlConfiguration) SetCustomCname(v string) *CrlConfiguration { 3891 s.CustomCname = &v 3892 return s 3893} 3894 3895// SetEnabled sets the Enabled field's value. 3896func (s *CrlConfiguration) SetEnabled(v bool) *CrlConfiguration { 3897 s.Enabled = &v 3898 return s 3899} 3900 3901// SetExpirationInDays sets the ExpirationInDays field's value. 3902func (s *CrlConfiguration) SetExpirationInDays(v int64) *CrlConfiguration { 3903 s.ExpirationInDays = &v 3904 return s 3905} 3906 3907// SetS3BucketName sets the S3BucketName field's value. 3908func (s *CrlConfiguration) SetS3BucketName(v string) *CrlConfiguration { 3909 s.S3BucketName = &v 3910 return s 3911} 3912 3913// Describes the certificate extensions to be added to the certificate signing 3914// request (CSR). 3915type CsrExtensions struct { 3916 _ struct{} `type:"structure"` 3917 3918 // Indicates the purpose of the certificate and of the key contained in the 3919 // certificate. 3920 KeyUsage *KeyUsage `type:"structure"` 3921 3922 // For CA certificates, provides a path to additional information pertaining 3923 // to the CA, such as revocation and policy. For more information, see Subject 3924 // Information Access (https://tools.ietf.org/html/rfc5280#section-4.2.2.2) 3925 // in RFC 5280. 3926 SubjectInformationAccess []*AccessDescription `type:"list"` 3927} 3928 3929// String returns the string representation 3930func (s CsrExtensions) String() string { 3931 return awsutil.Prettify(s) 3932} 3933 3934// GoString returns the string representation 3935func (s CsrExtensions) GoString() string { 3936 return s.String() 3937} 3938 3939// Validate inspects the fields of the type to determine if they are valid. 3940func (s *CsrExtensions) Validate() error { 3941 invalidParams := request.ErrInvalidParams{Context: "CsrExtensions"} 3942 if s.SubjectInformationAccess != nil { 3943 for i, v := range s.SubjectInformationAccess { 3944 if v == nil { 3945 continue 3946 } 3947 if err := v.Validate(); err != nil { 3948 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectInformationAccess", i), err.(request.ErrInvalidParams)) 3949 } 3950 } 3951 } 3952 3953 if invalidParams.Len() > 0 { 3954 return invalidParams 3955 } 3956 return nil 3957} 3958 3959// SetKeyUsage sets the KeyUsage field's value. 3960func (s *CsrExtensions) SetKeyUsage(v *KeyUsage) *CsrExtensions { 3961 s.KeyUsage = v 3962 return s 3963} 3964 3965// SetSubjectInformationAccess sets the SubjectInformationAccess field's value. 3966func (s *CsrExtensions) SetSubjectInformationAccess(v []*AccessDescription) *CsrExtensions { 3967 s.SubjectInformationAccess = v 3968 return s 3969} 3970 3971type DeleteCertificateAuthorityInput struct { 3972 _ struct{} `type:"structure"` 3973 3974 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 3975 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 3976 // This must have the following form: 3977 // 3978 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3979 // 3980 // CertificateAuthorityArn is a required field 3981 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3982 3983 // The number of days to make a CA restorable after it has been deleted. This 3984 // can be anywhere from 7 to 30 days, with 30 being the default. 3985 PermanentDeletionTimeInDays *int64 `min:"7" type:"integer"` 3986} 3987 3988// String returns the string representation 3989func (s DeleteCertificateAuthorityInput) String() string { 3990 return awsutil.Prettify(s) 3991} 3992 3993// GoString returns the string representation 3994func (s DeleteCertificateAuthorityInput) GoString() string { 3995 return s.String() 3996} 3997 3998// Validate inspects the fields of the type to determine if they are valid. 3999func (s *DeleteCertificateAuthorityInput) Validate() error { 4000 invalidParams := request.ErrInvalidParams{Context: "DeleteCertificateAuthorityInput"} 4001 if s.CertificateAuthorityArn == nil { 4002 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4003 } 4004 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4005 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4006 } 4007 if s.PermanentDeletionTimeInDays != nil && *s.PermanentDeletionTimeInDays < 7 { 4008 invalidParams.Add(request.NewErrParamMinValue("PermanentDeletionTimeInDays", 7)) 4009 } 4010 4011 if invalidParams.Len() > 0 { 4012 return invalidParams 4013 } 4014 return nil 4015} 4016 4017// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4018func (s *DeleteCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DeleteCertificateAuthorityInput { 4019 s.CertificateAuthorityArn = &v 4020 return s 4021} 4022 4023// SetPermanentDeletionTimeInDays sets the PermanentDeletionTimeInDays field's value. 4024func (s *DeleteCertificateAuthorityInput) SetPermanentDeletionTimeInDays(v int64) *DeleteCertificateAuthorityInput { 4025 s.PermanentDeletionTimeInDays = &v 4026 return s 4027} 4028 4029type DeleteCertificateAuthorityOutput struct { 4030 _ struct{} `type:"structure"` 4031} 4032 4033// String returns the string representation 4034func (s DeleteCertificateAuthorityOutput) String() string { 4035 return awsutil.Prettify(s) 4036} 4037 4038// GoString returns the string representation 4039func (s DeleteCertificateAuthorityOutput) GoString() string { 4040 return s.String() 4041} 4042 4043type DeletePermissionInput struct { 4044 _ struct{} `type:"structure"` 4045 4046 // The Amazon Resource Number (ARN) of the private CA that issued the permissions. 4047 // You can find the CA's ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4048 // action. This must have the following form: 4049 // 4050 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4051 // 4052 // CertificateAuthorityArn is a required field 4053 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4054 4055 // The AWS service or identity that will have its CA permissions revoked. At 4056 // this time, the only valid service principal is acm.amazonaws.com 4057 // 4058 // Principal is a required field 4059 Principal *string `type:"string" required:"true"` 4060 4061 // The AWS account that calls this action. 4062 SourceAccount *string `min:"12" type:"string"` 4063} 4064 4065// String returns the string representation 4066func (s DeletePermissionInput) String() string { 4067 return awsutil.Prettify(s) 4068} 4069 4070// GoString returns the string representation 4071func (s DeletePermissionInput) GoString() string { 4072 return s.String() 4073} 4074 4075// Validate inspects the fields of the type to determine if they are valid. 4076func (s *DeletePermissionInput) Validate() error { 4077 invalidParams := request.ErrInvalidParams{Context: "DeletePermissionInput"} 4078 if s.CertificateAuthorityArn == nil { 4079 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4080 } 4081 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4082 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4083 } 4084 if s.Principal == nil { 4085 invalidParams.Add(request.NewErrParamRequired("Principal")) 4086 } 4087 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 4088 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 4089 } 4090 4091 if invalidParams.Len() > 0 { 4092 return invalidParams 4093 } 4094 return nil 4095} 4096 4097// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4098func (s *DeletePermissionInput) SetCertificateAuthorityArn(v string) *DeletePermissionInput { 4099 s.CertificateAuthorityArn = &v 4100 return s 4101} 4102 4103// SetPrincipal sets the Principal field's value. 4104func (s *DeletePermissionInput) SetPrincipal(v string) *DeletePermissionInput { 4105 s.Principal = &v 4106 return s 4107} 4108 4109// SetSourceAccount sets the SourceAccount field's value. 4110func (s *DeletePermissionInput) SetSourceAccount(v string) *DeletePermissionInput { 4111 s.SourceAccount = &v 4112 return s 4113} 4114 4115type DeletePermissionOutput struct { 4116 _ struct{} `type:"structure"` 4117} 4118 4119// String returns the string representation 4120func (s DeletePermissionOutput) String() string { 4121 return awsutil.Prettify(s) 4122} 4123 4124// GoString returns the string representation 4125func (s DeletePermissionOutput) GoString() string { 4126 return s.String() 4127} 4128 4129type DeletePolicyInput struct { 4130 _ struct{} `type:"structure"` 4131 4132 // The Amazon Resource Number (ARN) of the private CA that will have its policy 4133 // deleted. You can find the CA's ARN by calling the ListCertificateAuthorities 4134 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4135 // action. The ARN value must have the form arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab. 4136 // 4137 // ResourceArn is a required field 4138 ResourceArn *string `min:"5" type:"string" required:"true"` 4139} 4140 4141// String returns the string representation 4142func (s DeletePolicyInput) String() string { 4143 return awsutil.Prettify(s) 4144} 4145 4146// GoString returns the string representation 4147func (s DeletePolicyInput) GoString() string { 4148 return s.String() 4149} 4150 4151// Validate inspects the fields of the type to determine if they are valid. 4152func (s *DeletePolicyInput) Validate() error { 4153 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 4154 if s.ResourceArn == nil { 4155 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 4156 } 4157 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 4158 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 4159 } 4160 4161 if invalidParams.Len() > 0 { 4162 return invalidParams 4163 } 4164 return nil 4165} 4166 4167// SetResourceArn sets the ResourceArn field's value. 4168func (s *DeletePolicyInput) SetResourceArn(v string) *DeletePolicyInput { 4169 s.ResourceArn = &v 4170 return s 4171} 4172 4173type DeletePolicyOutput struct { 4174 _ struct{} `type:"structure"` 4175} 4176 4177// String returns the string representation 4178func (s DeletePolicyOutput) String() string { 4179 return awsutil.Prettify(s) 4180} 4181 4182// GoString returns the string representation 4183func (s DeletePolicyOutput) GoString() string { 4184 return s.String() 4185} 4186 4187type DescribeCertificateAuthorityAuditReportInput struct { 4188 _ struct{} `type:"structure"` 4189 4190 // The report ID returned by calling the CreateCertificateAuthorityAuditReport 4191 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 4192 // action. 4193 // 4194 // AuditReportId is a required field 4195 AuditReportId *string `min:"36" type:"string" required:"true"` 4196 4197 // The Amazon Resource Name (ARN) of the private CA. This must be of the form: 4198 // 4199 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4200 // 4201 // CertificateAuthorityArn is a required field 4202 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4203} 4204 4205// String returns the string representation 4206func (s DescribeCertificateAuthorityAuditReportInput) String() string { 4207 return awsutil.Prettify(s) 4208} 4209 4210// GoString returns the string representation 4211func (s DescribeCertificateAuthorityAuditReportInput) GoString() string { 4212 return s.String() 4213} 4214 4215// Validate inspects the fields of the type to determine if they are valid. 4216func (s *DescribeCertificateAuthorityAuditReportInput) Validate() error { 4217 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityAuditReportInput"} 4218 if s.AuditReportId == nil { 4219 invalidParams.Add(request.NewErrParamRequired("AuditReportId")) 4220 } 4221 if s.AuditReportId != nil && len(*s.AuditReportId) < 36 { 4222 invalidParams.Add(request.NewErrParamMinLen("AuditReportId", 36)) 4223 } 4224 if s.CertificateAuthorityArn == nil { 4225 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4226 } 4227 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4228 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4229 } 4230 4231 if invalidParams.Len() > 0 { 4232 return invalidParams 4233 } 4234 return nil 4235} 4236 4237// SetAuditReportId sets the AuditReportId field's value. 4238func (s *DescribeCertificateAuthorityAuditReportInput) SetAuditReportId(v string) *DescribeCertificateAuthorityAuditReportInput { 4239 s.AuditReportId = &v 4240 return s 4241} 4242 4243// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4244func (s *DescribeCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityAuditReportInput { 4245 s.CertificateAuthorityArn = &v 4246 return s 4247} 4248 4249type DescribeCertificateAuthorityAuditReportOutput struct { 4250 _ struct{} `type:"structure"` 4251 4252 // Specifies whether report creation is in progress, has succeeded, or has failed. 4253 AuditReportStatus *string `type:"string" enum:"AuditReportStatus"` 4254 4255 // The date and time at which the report was created. 4256 CreatedAt *time.Time `type:"timestamp"` 4257 4258 // Name of the S3 bucket that contains the report. 4259 S3BucketName *string `min:"3" type:"string"` 4260 4261 // S3 key that uniquely identifies the report file in your S3 bucket. 4262 S3Key *string `type:"string"` 4263} 4264 4265// String returns the string representation 4266func (s DescribeCertificateAuthorityAuditReportOutput) String() string { 4267 return awsutil.Prettify(s) 4268} 4269 4270// GoString returns the string representation 4271func (s DescribeCertificateAuthorityAuditReportOutput) GoString() string { 4272 return s.String() 4273} 4274 4275// SetAuditReportStatus sets the AuditReportStatus field's value. 4276func (s *DescribeCertificateAuthorityAuditReportOutput) SetAuditReportStatus(v string) *DescribeCertificateAuthorityAuditReportOutput { 4277 s.AuditReportStatus = &v 4278 return s 4279} 4280 4281// SetCreatedAt sets the CreatedAt field's value. 4282func (s *DescribeCertificateAuthorityAuditReportOutput) SetCreatedAt(v time.Time) *DescribeCertificateAuthorityAuditReportOutput { 4283 s.CreatedAt = &v 4284 return s 4285} 4286 4287// SetS3BucketName sets the S3BucketName field's value. 4288func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3BucketName(v string) *DescribeCertificateAuthorityAuditReportOutput { 4289 s.S3BucketName = &v 4290 return s 4291} 4292 4293// SetS3Key sets the S3Key field's value. 4294func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3Key(v string) *DescribeCertificateAuthorityAuditReportOutput { 4295 s.S3Key = &v 4296 return s 4297} 4298 4299type DescribeCertificateAuthorityInput struct { 4300 _ struct{} `type:"structure"` 4301 4302 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4303 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4304 // This must be of the form: 4305 // 4306 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4307 // 4308 // CertificateAuthorityArn is a required field 4309 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4310} 4311 4312// String returns the string representation 4313func (s DescribeCertificateAuthorityInput) String() string { 4314 return awsutil.Prettify(s) 4315} 4316 4317// GoString returns the string representation 4318func (s DescribeCertificateAuthorityInput) GoString() string { 4319 return s.String() 4320} 4321 4322// Validate inspects the fields of the type to determine if they are valid. 4323func (s *DescribeCertificateAuthorityInput) Validate() error { 4324 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityInput"} 4325 if s.CertificateAuthorityArn == nil { 4326 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4327 } 4328 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4329 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4330 } 4331 4332 if invalidParams.Len() > 0 { 4333 return invalidParams 4334 } 4335 return nil 4336} 4337 4338// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4339func (s *DescribeCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityInput { 4340 s.CertificateAuthorityArn = &v 4341 return s 4342} 4343 4344type DescribeCertificateAuthorityOutput struct { 4345 _ struct{} `type:"structure"` 4346 4347 // A CertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html) 4348 // structure that contains information about your private CA. 4349 CertificateAuthority *CertificateAuthority `type:"structure"` 4350} 4351 4352// String returns the string representation 4353func (s DescribeCertificateAuthorityOutput) String() string { 4354 return awsutil.Prettify(s) 4355} 4356 4357// GoString returns the string representation 4358func (s DescribeCertificateAuthorityOutput) GoString() string { 4359 return s.String() 4360} 4361 4362// SetCertificateAuthority sets the CertificateAuthority field's value. 4363func (s *DescribeCertificateAuthorityOutput) SetCertificateAuthority(v *CertificateAuthority) *DescribeCertificateAuthorityOutput { 4364 s.CertificateAuthority = v 4365 return s 4366} 4367 4368// Describes an Electronic Data Interchange (EDI) entity as described in as 4369// defined in Subject Alternative Name (https://tools.ietf.org/html/rfc5280) 4370// in RFC 5280. 4371type EdiPartyName struct { 4372 _ struct{} `type:"structure"` 4373 4374 // Specifies the name assigner. 4375 NameAssigner *string `type:"string"` 4376 4377 // Specifies the party name. 4378 // 4379 // PartyName is a required field 4380 PartyName *string `type:"string" required:"true"` 4381} 4382 4383// String returns the string representation 4384func (s EdiPartyName) String() string { 4385 return awsutil.Prettify(s) 4386} 4387 4388// GoString returns the string representation 4389func (s EdiPartyName) GoString() string { 4390 return s.String() 4391} 4392 4393// Validate inspects the fields of the type to determine if they are valid. 4394func (s *EdiPartyName) Validate() error { 4395 invalidParams := request.ErrInvalidParams{Context: "EdiPartyName"} 4396 if s.PartyName == nil { 4397 invalidParams.Add(request.NewErrParamRequired("PartyName")) 4398 } 4399 4400 if invalidParams.Len() > 0 { 4401 return invalidParams 4402 } 4403 return nil 4404} 4405 4406// SetNameAssigner sets the NameAssigner field's value. 4407func (s *EdiPartyName) SetNameAssigner(v string) *EdiPartyName { 4408 s.NameAssigner = &v 4409 return s 4410} 4411 4412// SetPartyName sets the PartyName field's value. 4413func (s *EdiPartyName) SetPartyName(v string) *EdiPartyName { 4414 s.PartyName = &v 4415 return s 4416} 4417 4418// Specifies additional purposes for which the certified public key may be used 4419// other than basic purposes indicated in the KeyUsage extension. 4420type ExtendedKeyUsage struct { 4421 _ struct{} `type:"structure"` 4422 4423 // Specifies a custom ExtendedKeyUsage with an object identifier (OID). 4424 ExtendedKeyUsageObjectIdentifier *string `type:"string"` 4425 4426 // Specifies a standard ExtendedKeyUsage as defined as in RFC 5280 (https://tools.ietf.org/html/rfc5280#section-4.2.1.12). 4427 ExtendedKeyUsageType *string `type:"string" enum:"ExtendedKeyUsageType"` 4428} 4429 4430// String returns the string representation 4431func (s ExtendedKeyUsage) String() string { 4432 return awsutil.Prettify(s) 4433} 4434 4435// GoString returns the string representation 4436func (s ExtendedKeyUsage) GoString() string { 4437 return s.String() 4438} 4439 4440// SetExtendedKeyUsageObjectIdentifier sets the ExtendedKeyUsageObjectIdentifier field's value. 4441func (s *ExtendedKeyUsage) SetExtendedKeyUsageObjectIdentifier(v string) *ExtendedKeyUsage { 4442 s.ExtendedKeyUsageObjectIdentifier = &v 4443 return s 4444} 4445 4446// SetExtendedKeyUsageType sets the ExtendedKeyUsageType field's value. 4447func (s *ExtendedKeyUsage) SetExtendedKeyUsageType(v string) *ExtendedKeyUsage { 4448 s.ExtendedKeyUsageType = &v 4449 return s 4450} 4451 4452// Contains X.509 extension information for a certificate. 4453type Extensions struct { 4454 _ struct{} `type:"structure"` 4455 4456 // Contains a sequence of one or more policy information terms, each of which 4457 // consists of an object identifier (OID) and optional qualifiers. For more 4458 // information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 4459 // 4460 // In an end-entity certificate, these terms indicate the policy under which 4461 // the certificate was issued and the purposes for which it may be used. In 4462 // a CA certificate, these terms limit the set of policies for certification 4463 // paths that include this certificate. 4464 CertificatePolicies []*PolicyInformation `min:"1" type:"list"` 4465 4466 // Specifies additional purposes for which the certified public key may be used 4467 // other than basic purposes indicated in the KeyUsage extension. 4468 ExtendedKeyUsage []*ExtendedKeyUsage `min:"1" type:"list"` 4469 4470 // Defines one or more purposes for which the key contained in the certificate 4471 // can be used. Default value for each option is false. 4472 KeyUsage *KeyUsage `type:"structure"` 4473 4474 // The subject alternative name extension allows identities to be bound to the 4475 // subject of the certificate. These identities may be included in addition 4476 // to or in place of the identity in the subject field of the certificate. 4477 SubjectAlternativeNames []*GeneralName `min:"1" type:"list"` 4478} 4479 4480// String returns the string representation 4481func (s Extensions) String() string { 4482 return awsutil.Prettify(s) 4483} 4484 4485// GoString returns the string representation 4486func (s Extensions) GoString() string { 4487 return s.String() 4488} 4489 4490// Validate inspects the fields of the type to determine if they are valid. 4491func (s *Extensions) Validate() error { 4492 invalidParams := request.ErrInvalidParams{Context: "Extensions"} 4493 if s.CertificatePolicies != nil && len(s.CertificatePolicies) < 1 { 4494 invalidParams.Add(request.NewErrParamMinLen("CertificatePolicies", 1)) 4495 } 4496 if s.ExtendedKeyUsage != nil && len(s.ExtendedKeyUsage) < 1 { 4497 invalidParams.Add(request.NewErrParamMinLen("ExtendedKeyUsage", 1)) 4498 } 4499 if s.SubjectAlternativeNames != nil && len(s.SubjectAlternativeNames) < 1 { 4500 invalidParams.Add(request.NewErrParamMinLen("SubjectAlternativeNames", 1)) 4501 } 4502 if s.CertificatePolicies != nil { 4503 for i, v := range s.CertificatePolicies { 4504 if v == nil { 4505 continue 4506 } 4507 if err := v.Validate(); err != nil { 4508 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CertificatePolicies", i), err.(request.ErrInvalidParams)) 4509 } 4510 } 4511 } 4512 if s.SubjectAlternativeNames != nil { 4513 for i, v := range s.SubjectAlternativeNames { 4514 if v == nil { 4515 continue 4516 } 4517 if err := v.Validate(); err != nil { 4518 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectAlternativeNames", i), err.(request.ErrInvalidParams)) 4519 } 4520 } 4521 } 4522 4523 if invalidParams.Len() > 0 { 4524 return invalidParams 4525 } 4526 return nil 4527} 4528 4529// SetCertificatePolicies sets the CertificatePolicies field's value. 4530func (s *Extensions) SetCertificatePolicies(v []*PolicyInformation) *Extensions { 4531 s.CertificatePolicies = v 4532 return s 4533} 4534 4535// SetExtendedKeyUsage sets the ExtendedKeyUsage field's value. 4536func (s *Extensions) SetExtendedKeyUsage(v []*ExtendedKeyUsage) *Extensions { 4537 s.ExtendedKeyUsage = v 4538 return s 4539} 4540 4541// SetKeyUsage sets the KeyUsage field's value. 4542func (s *Extensions) SetKeyUsage(v *KeyUsage) *Extensions { 4543 s.KeyUsage = v 4544 return s 4545} 4546 4547// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. 4548func (s *Extensions) SetSubjectAlternativeNames(v []*GeneralName) *Extensions { 4549 s.SubjectAlternativeNames = v 4550 return s 4551} 4552 4553// Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). 4554// Only one of the following naming options should be provided. Providing more 4555// than one option results in an InvalidArgsException error. 4556type GeneralName struct { 4557 _ struct{} `type:"structure"` 4558 4559 // Contains information about the certificate subject. The Subject field in 4560 // the certificate identifies the entity that owns or controls the public key 4561 // in the certificate. The entity can be a user, computer, device, or service. 4562 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 4563 // of relative distinguished names (RDNs). The RDNs are separated by commas 4564 // in the certificate. 4565 DirectoryName *ASN1Subject `type:"structure"` 4566 4567 // Represents GeneralName as a DNS name. 4568 DnsName *string `type:"string"` 4569 4570 // Represents GeneralName as an EdiPartyName object. 4571 EdiPartyName *EdiPartyName `type:"structure"` 4572 4573 // Represents GeneralName as an IPv4 or IPv6 address. 4574 IpAddress *string `type:"string"` 4575 4576 // Represents GeneralName using an OtherName object. 4577 OtherName *OtherName `type:"structure"` 4578 4579 // Represents GeneralName as an object identifier (OID). 4580 RegisteredId *string `type:"string"` 4581 4582 // Represents GeneralName as an RFC 822 (https://tools.ietf.org/html/rfc822) 4583 // email address. 4584 Rfc822Name *string `type:"string"` 4585 4586 // Represents GeneralName as a URI. 4587 UniformResourceIdentifier *string `type:"string"` 4588} 4589 4590// String returns the string representation 4591func (s GeneralName) String() string { 4592 return awsutil.Prettify(s) 4593} 4594 4595// GoString returns the string representation 4596func (s GeneralName) GoString() string { 4597 return s.String() 4598} 4599 4600// Validate inspects the fields of the type to determine if they are valid. 4601func (s *GeneralName) Validate() error { 4602 invalidParams := request.ErrInvalidParams{Context: "GeneralName"} 4603 if s.DirectoryName != nil { 4604 if err := s.DirectoryName.Validate(); err != nil { 4605 invalidParams.AddNested("DirectoryName", err.(request.ErrInvalidParams)) 4606 } 4607 } 4608 if s.EdiPartyName != nil { 4609 if err := s.EdiPartyName.Validate(); err != nil { 4610 invalidParams.AddNested("EdiPartyName", err.(request.ErrInvalidParams)) 4611 } 4612 } 4613 if s.OtherName != nil { 4614 if err := s.OtherName.Validate(); err != nil { 4615 invalidParams.AddNested("OtherName", err.(request.ErrInvalidParams)) 4616 } 4617 } 4618 4619 if invalidParams.Len() > 0 { 4620 return invalidParams 4621 } 4622 return nil 4623} 4624 4625// SetDirectoryName sets the DirectoryName field's value. 4626func (s *GeneralName) SetDirectoryName(v *ASN1Subject) *GeneralName { 4627 s.DirectoryName = v 4628 return s 4629} 4630 4631// SetDnsName sets the DnsName field's value. 4632func (s *GeneralName) SetDnsName(v string) *GeneralName { 4633 s.DnsName = &v 4634 return s 4635} 4636 4637// SetEdiPartyName sets the EdiPartyName field's value. 4638func (s *GeneralName) SetEdiPartyName(v *EdiPartyName) *GeneralName { 4639 s.EdiPartyName = v 4640 return s 4641} 4642 4643// SetIpAddress sets the IpAddress field's value. 4644func (s *GeneralName) SetIpAddress(v string) *GeneralName { 4645 s.IpAddress = &v 4646 return s 4647} 4648 4649// SetOtherName sets the OtherName field's value. 4650func (s *GeneralName) SetOtherName(v *OtherName) *GeneralName { 4651 s.OtherName = v 4652 return s 4653} 4654 4655// SetRegisteredId sets the RegisteredId field's value. 4656func (s *GeneralName) SetRegisteredId(v string) *GeneralName { 4657 s.RegisteredId = &v 4658 return s 4659} 4660 4661// SetRfc822Name sets the Rfc822Name field's value. 4662func (s *GeneralName) SetRfc822Name(v string) *GeneralName { 4663 s.Rfc822Name = &v 4664 return s 4665} 4666 4667// SetUniformResourceIdentifier sets the UniformResourceIdentifier field's value. 4668func (s *GeneralName) SetUniformResourceIdentifier(v string) *GeneralName { 4669 s.UniformResourceIdentifier = &v 4670 return s 4671} 4672 4673type GetCertificateAuthorityCertificateInput struct { 4674 _ struct{} `type:"structure"` 4675 4676 // The Amazon Resource Name (ARN) of your private CA. This is of the form: 4677 // 4678 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4679 // 4680 // CertificateAuthorityArn is a required field 4681 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4682} 4683 4684// String returns the string representation 4685func (s GetCertificateAuthorityCertificateInput) String() string { 4686 return awsutil.Prettify(s) 4687} 4688 4689// GoString returns the string representation 4690func (s GetCertificateAuthorityCertificateInput) GoString() string { 4691 return s.String() 4692} 4693 4694// Validate inspects the fields of the type to determine if they are valid. 4695func (s *GetCertificateAuthorityCertificateInput) Validate() error { 4696 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCertificateInput"} 4697 if s.CertificateAuthorityArn == nil { 4698 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4699 } 4700 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4701 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4702 } 4703 4704 if invalidParams.Len() > 0 { 4705 return invalidParams 4706 } 4707 return nil 4708} 4709 4710// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4711func (s *GetCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCertificateInput { 4712 s.CertificateAuthorityArn = &v 4713 return s 4714} 4715 4716type GetCertificateAuthorityCertificateOutput struct { 4717 _ struct{} `type:"structure"` 4718 4719 // Base64-encoded certificate authority (CA) certificate. 4720 Certificate *string `type:"string"` 4721 4722 // Base64-encoded certificate chain that includes any intermediate certificates 4723 // and chains up to root certificate that you used to sign your private CA certificate. 4724 // The chain does not include your private CA certificate. If this is a root 4725 // CA, the value will be null. 4726 CertificateChain *string `type:"string"` 4727} 4728 4729// String returns the string representation 4730func (s GetCertificateAuthorityCertificateOutput) String() string { 4731 return awsutil.Prettify(s) 4732} 4733 4734// GoString returns the string representation 4735func (s GetCertificateAuthorityCertificateOutput) GoString() string { 4736 return s.String() 4737} 4738 4739// SetCertificate sets the Certificate field's value. 4740func (s *GetCertificateAuthorityCertificateOutput) SetCertificate(v string) *GetCertificateAuthorityCertificateOutput { 4741 s.Certificate = &v 4742 return s 4743} 4744 4745// SetCertificateChain sets the CertificateChain field's value. 4746func (s *GetCertificateAuthorityCertificateOutput) SetCertificateChain(v string) *GetCertificateAuthorityCertificateOutput { 4747 s.CertificateChain = &v 4748 return s 4749} 4750 4751type GetCertificateAuthorityCsrInput struct { 4752 _ struct{} `type:"structure"` 4753 4754 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 4755 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 4756 // action. This must be of the form: 4757 // 4758 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 4759 // 4760 // CertificateAuthorityArn is a required field 4761 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4762} 4763 4764// String returns the string representation 4765func (s GetCertificateAuthorityCsrInput) String() string { 4766 return awsutil.Prettify(s) 4767} 4768 4769// GoString returns the string representation 4770func (s GetCertificateAuthorityCsrInput) GoString() string { 4771 return s.String() 4772} 4773 4774// Validate inspects the fields of the type to determine if they are valid. 4775func (s *GetCertificateAuthorityCsrInput) Validate() error { 4776 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCsrInput"} 4777 if s.CertificateAuthorityArn == nil { 4778 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4779 } 4780 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4781 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4782 } 4783 4784 if invalidParams.Len() > 0 { 4785 return invalidParams 4786 } 4787 return nil 4788} 4789 4790// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4791func (s *GetCertificateAuthorityCsrInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCsrInput { 4792 s.CertificateAuthorityArn = &v 4793 return s 4794} 4795 4796type GetCertificateAuthorityCsrOutput struct { 4797 _ struct{} `type:"structure"` 4798 4799 // The base64 PEM-encoded certificate signing request (CSR) for your private 4800 // CA certificate. 4801 Csr *string `type:"string"` 4802} 4803 4804// String returns the string representation 4805func (s GetCertificateAuthorityCsrOutput) String() string { 4806 return awsutil.Prettify(s) 4807} 4808 4809// GoString returns the string representation 4810func (s GetCertificateAuthorityCsrOutput) GoString() string { 4811 return s.String() 4812} 4813 4814// SetCsr sets the Csr field's value. 4815func (s *GetCertificateAuthorityCsrOutput) SetCsr(v string) *GetCertificateAuthorityCsrOutput { 4816 s.Csr = &v 4817 return s 4818} 4819 4820type GetCertificateInput struct { 4821 _ struct{} `type:"structure"` 4822 4823 // The ARN of the issued certificate. The ARN contains the certificate serial 4824 // number and must be in the following form: 4825 // 4826 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 4827 // 4828 // CertificateArn is a required field 4829 CertificateArn *string `min:"5" type:"string" required:"true"` 4830 4831 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4832 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4833 // This must be of the form: 4834 // 4835 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4836 // 4837 // CertificateAuthorityArn is a required field 4838 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4839} 4840 4841// String returns the string representation 4842func (s GetCertificateInput) String() string { 4843 return awsutil.Prettify(s) 4844} 4845 4846// GoString returns the string representation 4847func (s GetCertificateInput) GoString() string { 4848 return s.String() 4849} 4850 4851// Validate inspects the fields of the type to determine if they are valid. 4852func (s *GetCertificateInput) Validate() error { 4853 invalidParams := request.ErrInvalidParams{Context: "GetCertificateInput"} 4854 if s.CertificateArn == nil { 4855 invalidParams.Add(request.NewErrParamRequired("CertificateArn")) 4856 } 4857 if s.CertificateArn != nil && len(*s.CertificateArn) < 5 { 4858 invalidParams.Add(request.NewErrParamMinLen("CertificateArn", 5)) 4859 } 4860 if s.CertificateAuthorityArn == nil { 4861 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4862 } 4863 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4864 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4865 } 4866 4867 if invalidParams.Len() > 0 { 4868 return invalidParams 4869 } 4870 return nil 4871} 4872 4873// SetCertificateArn sets the CertificateArn field's value. 4874func (s *GetCertificateInput) SetCertificateArn(v string) *GetCertificateInput { 4875 s.CertificateArn = &v 4876 return s 4877} 4878 4879// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4880func (s *GetCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateInput { 4881 s.CertificateAuthorityArn = &v 4882 return s 4883} 4884 4885type GetCertificateOutput struct { 4886 _ struct{} `type:"structure"` 4887 4888 // The base64 PEM-encoded certificate specified by the CertificateArn parameter. 4889 Certificate *string `type:"string"` 4890 4891 // The base64 PEM-encoded certificate chain that chains up to the root CA certificate 4892 // that you used to sign your private CA certificate. 4893 CertificateChain *string `type:"string"` 4894} 4895 4896// String returns the string representation 4897func (s GetCertificateOutput) String() string { 4898 return awsutil.Prettify(s) 4899} 4900 4901// GoString returns the string representation 4902func (s GetCertificateOutput) GoString() string { 4903 return s.String() 4904} 4905 4906// SetCertificate sets the Certificate field's value. 4907func (s *GetCertificateOutput) SetCertificate(v string) *GetCertificateOutput { 4908 s.Certificate = &v 4909 return s 4910} 4911 4912// SetCertificateChain sets the CertificateChain field's value. 4913func (s *GetCertificateOutput) SetCertificateChain(v string) *GetCertificateOutput { 4914 s.CertificateChain = &v 4915 return s 4916} 4917 4918type GetPolicyInput struct { 4919 _ struct{} `type:"structure"` 4920 4921 // The Amazon Resource Number (ARN) of the private CA that will have its policy 4922 // retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities 4923 // action. 4924 // 4925 // ResourceArn is a required field 4926 ResourceArn *string `min:"5" type:"string" required:"true"` 4927} 4928 4929// String returns the string representation 4930func (s GetPolicyInput) String() string { 4931 return awsutil.Prettify(s) 4932} 4933 4934// GoString returns the string representation 4935func (s GetPolicyInput) GoString() string { 4936 return s.String() 4937} 4938 4939// Validate inspects the fields of the type to determine if they are valid. 4940func (s *GetPolicyInput) Validate() error { 4941 invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"} 4942 if s.ResourceArn == nil { 4943 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 4944 } 4945 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 4946 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 4947 } 4948 4949 if invalidParams.Len() > 0 { 4950 return invalidParams 4951 } 4952 return nil 4953} 4954 4955// SetResourceArn sets the ResourceArn field's value. 4956func (s *GetPolicyInput) SetResourceArn(v string) *GetPolicyInput { 4957 s.ResourceArn = &v 4958 return s 4959} 4960 4961type GetPolicyOutput struct { 4962 _ struct{} `type:"structure"` 4963 4964 // The policy attached to the private CA as a JSON document. 4965 Policy *string `min:"1" type:"string"` 4966} 4967 4968// String returns the string representation 4969func (s GetPolicyOutput) String() string { 4970 return awsutil.Prettify(s) 4971} 4972 4973// GoString returns the string representation 4974func (s GetPolicyOutput) GoString() string { 4975 return s.String() 4976} 4977 4978// SetPolicy sets the Policy field's value. 4979func (s *GetPolicyOutput) SetPolicy(v string) *GetPolicyOutput { 4980 s.Policy = &v 4981 return s 4982} 4983 4984type ImportCertificateAuthorityCertificateInput struct { 4985 _ struct{} `type:"structure"` 4986 4987 // The PEM-encoded certificate for a private CA. This may be a self-signed certificate 4988 // in the case of a root CA, or it may be signed by another CA that you control. 4989 // 4990 // Certificate is automatically base64 encoded/decoded by the SDK. 4991 // 4992 // Certificate is a required field 4993 Certificate []byte `min:"1" type:"blob" required:"true"` 4994 4995 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4996 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4997 // This must be of the form: 4998 // 4999 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5000 // 5001 // CertificateAuthorityArn is a required field 5002 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5003 5004 // A PEM-encoded file that contains all of your certificates, other than the 5005 // certificate you're importing, chaining up to your root CA. Your ACM Private 5006 // CA-hosted or on-premises root certificate is the last in the chain, and each 5007 // certificate in the chain signs the one preceding. 5008 // 5009 // This parameter must be supplied when you import a subordinate CA. When you 5010 // import a root CA, there is no chain. 5011 // 5012 // CertificateChain is automatically base64 encoded/decoded by the SDK. 5013 CertificateChain []byte `type:"blob"` 5014} 5015 5016// String returns the string representation 5017func (s ImportCertificateAuthorityCertificateInput) String() string { 5018 return awsutil.Prettify(s) 5019} 5020 5021// GoString returns the string representation 5022func (s ImportCertificateAuthorityCertificateInput) GoString() string { 5023 return s.String() 5024} 5025 5026// Validate inspects the fields of the type to determine if they are valid. 5027func (s *ImportCertificateAuthorityCertificateInput) Validate() error { 5028 invalidParams := request.ErrInvalidParams{Context: "ImportCertificateAuthorityCertificateInput"} 5029 if s.Certificate == nil { 5030 invalidParams.Add(request.NewErrParamRequired("Certificate")) 5031 } 5032 if s.Certificate != nil && len(s.Certificate) < 1 { 5033 invalidParams.Add(request.NewErrParamMinLen("Certificate", 1)) 5034 } 5035 if s.CertificateAuthorityArn == nil { 5036 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5037 } 5038 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5039 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5040 } 5041 5042 if invalidParams.Len() > 0 { 5043 return invalidParams 5044 } 5045 return nil 5046} 5047 5048// SetCertificate sets the Certificate field's value. 5049func (s *ImportCertificateAuthorityCertificateInput) SetCertificate(v []byte) *ImportCertificateAuthorityCertificateInput { 5050 s.Certificate = v 5051 return s 5052} 5053 5054// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5055func (s *ImportCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *ImportCertificateAuthorityCertificateInput { 5056 s.CertificateAuthorityArn = &v 5057 return s 5058} 5059 5060// SetCertificateChain sets the CertificateChain field's value. 5061func (s *ImportCertificateAuthorityCertificateInput) SetCertificateChain(v []byte) *ImportCertificateAuthorityCertificateInput { 5062 s.CertificateChain = v 5063 return s 5064} 5065 5066type ImportCertificateAuthorityCertificateOutput struct { 5067 _ struct{} `type:"structure"` 5068} 5069 5070// String returns the string representation 5071func (s ImportCertificateAuthorityCertificateOutput) String() string { 5072 return awsutil.Prettify(s) 5073} 5074 5075// GoString returns the string representation 5076func (s ImportCertificateAuthorityCertificateOutput) GoString() string { 5077 return s.String() 5078} 5079 5080// One or more of the specified arguments was not valid. 5081type InvalidArgsException struct { 5082 _ struct{} `type:"structure"` 5083 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5084 5085 Message_ *string `locationName:"message" type:"string"` 5086} 5087 5088// String returns the string representation 5089func (s InvalidArgsException) String() string { 5090 return awsutil.Prettify(s) 5091} 5092 5093// GoString returns the string representation 5094func (s InvalidArgsException) GoString() string { 5095 return s.String() 5096} 5097 5098func newErrorInvalidArgsException(v protocol.ResponseMetadata) error { 5099 return &InvalidArgsException{ 5100 RespMetadata: v, 5101 } 5102} 5103 5104// Code returns the exception type name. 5105func (s *InvalidArgsException) Code() string { 5106 return "InvalidArgsException" 5107} 5108 5109// Message returns the exception's message. 5110func (s *InvalidArgsException) Message() string { 5111 if s.Message_ != nil { 5112 return *s.Message_ 5113 } 5114 return "" 5115} 5116 5117// OrigErr always returns nil, satisfies awserr.Error interface. 5118func (s *InvalidArgsException) OrigErr() error { 5119 return nil 5120} 5121 5122func (s *InvalidArgsException) Error() string { 5123 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5124} 5125 5126// Status code returns the HTTP status code for the request's response error. 5127func (s *InvalidArgsException) StatusCode() int { 5128 return s.RespMetadata.StatusCode 5129} 5130 5131// RequestID returns the service's response RequestID for request. 5132func (s *InvalidArgsException) RequestID() string { 5133 return s.RespMetadata.RequestID 5134} 5135 5136// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 5137type InvalidArnException struct { 5138 _ struct{} `type:"structure"` 5139 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5140 5141 Message_ *string `locationName:"message" type:"string"` 5142} 5143 5144// String returns the string representation 5145func (s InvalidArnException) String() string { 5146 return awsutil.Prettify(s) 5147} 5148 5149// GoString returns the string representation 5150func (s InvalidArnException) GoString() string { 5151 return s.String() 5152} 5153 5154func newErrorInvalidArnException(v protocol.ResponseMetadata) error { 5155 return &InvalidArnException{ 5156 RespMetadata: v, 5157 } 5158} 5159 5160// Code returns the exception type name. 5161func (s *InvalidArnException) Code() string { 5162 return "InvalidArnException" 5163} 5164 5165// Message returns the exception's message. 5166func (s *InvalidArnException) Message() string { 5167 if s.Message_ != nil { 5168 return *s.Message_ 5169 } 5170 return "" 5171} 5172 5173// OrigErr always returns nil, satisfies awserr.Error interface. 5174func (s *InvalidArnException) OrigErr() error { 5175 return nil 5176} 5177 5178func (s *InvalidArnException) Error() string { 5179 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5180} 5181 5182// Status code returns the HTTP status code for the request's response error. 5183func (s *InvalidArnException) StatusCode() int { 5184 return s.RespMetadata.StatusCode 5185} 5186 5187// RequestID returns the service's response RequestID for request. 5188func (s *InvalidArnException) RequestID() string { 5189 return s.RespMetadata.RequestID 5190} 5191 5192// The token specified in the NextToken argument is not valid. Use the token 5193// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 5194type InvalidNextTokenException struct { 5195 _ struct{} `type:"structure"` 5196 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5197 5198 Message_ *string `locationName:"message" type:"string"` 5199} 5200 5201// String returns the string representation 5202func (s InvalidNextTokenException) String() string { 5203 return awsutil.Prettify(s) 5204} 5205 5206// GoString returns the string representation 5207func (s InvalidNextTokenException) GoString() string { 5208 return s.String() 5209} 5210 5211func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { 5212 return &InvalidNextTokenException{ 5213 RespMetadata: v, 5214 } 5215} 5216 5217// Code returns the exception type name. 5218func (s *InvalidNextTokenException) Code() string { 5219 return "InvalidNextTokenException" 5220} 5221 5222// Message returns the exception's message. 5223func (s *InvalidNextTokenException) Message() string { 5224 if s.Message_ != nil { 5225 return *s.Message_ 5226 } 5227 return "" 5228} 5229 5230// OrigErr always returns nil, satisfies awserr.Error interface. 5231func (s *InvalidNextTokenException) OrigErr() error { 5232 return nil 5233} 5234 5235func (s *InvalidNextTokenException) Error() string { 5236 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5237} 5238 5239// Status code returns the HTTP status code for the request's response error. 5240func (s *InvalidNextTokenException) StatusCode() int { 5241 return s.RespMetadata.StatusCode 5242} 5243 5244// RequestID returns the service's response RequestID for request. 5245func (s *InvalidNextTokenException) RequestID() string { 5246 return s.RespMetadata.RequestID 5247} 5248 5249// The resource policy is invalid or is missing a required statement. For general 5250// information about IAM policy and statement structure, see Overview of JSON 5251// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 5252type InvalidPolicyException struct { 5253 _ struct{} `type:"structure"` 5254 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5255 5256 Message_ *string `locationName:"message" type:"string"` 5257} 5258 5259// String returns the string representation 5260func (s InvalidPolicyException) String() string { 5261 return awsutil.Prettify(s) 5262} 5263 5264// GoString returns the string representation 5265func (s InvalidPolicyException) GoString() string { 5266 return s.String() 5267} 5268 5269func newErrorInvalidPolicyException(v protocol.ResponseMetadata) error { 5270 return &InvalidPolicyException{ 5271 RespMetadata: v, 5272 } 5273} 5274 5275// Code returns the exception type name. 5276func (s *InvalidPolicyException) Code() string { 5277 return "InvalidPolicyException" 5278} 5279 5280// Message returns the exception's message. 5281func (s *InvalidPolicyException) Message() string { 5282 if s.Message_ != nil { 5283 return *s.Message_ 5284 } 5285 return "" 5286} 5287 5288// OrigErr always returns nil, satisfies awserr.Error interface. 5289func (s *InvalidPolicyException) OrigErr() error { 5290 return nil 5291} 5292 5293func (s *InvalidPolicyException) Error() string { 5294 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5295} 5296 5297// Status code returns the HTTP status code for the request's response error. 5298func (s *InvalidPolicyException) StatusCode() int { 5299 return s.RespMetadata.StatusCode 5300} 5301 5302// RequestID returns the service's response RequestID for request. 5303func (s *InvalidPolicyException) RequestID() string { 5304 return s.RespMetadata.RequestID 5305} 5306 5307// The request action cannot be performed or is prohibited. 5308type InvalidRequestException struct { 5309 _ struct{} `type:"structure"` 5310 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5311 5312 Message_ *string `locationName:"message" type:"string"` 5313} 5314 5315// String returns the string representation 5316func (s InvalidRequestException) String() string { 5317 return awsutil.Prettify(s) 5318} 5319 5320// GoString returns the string representation 5321func (s InvalidRequestException) GoString() string { 5322 return s.String() 5323} 5324 5325func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { 5326 return &InvalidRequestException{ 5327 RespMetadata: v, 5328 } 5329} 5330 5331// Code returns the exception type name. 5332func (s *InvalidRequestException) Code() string { 5333 return "InvalidRequestException" 5334} 5335 5336// Message returns the exception's message. 5337func (s *InvalidRequestException) Message() string { 5338 if s.Message_ != nil { 5339 return *s.Message_ 5340 } 5341 return "" 5342} 5343 5344// OrigErr always returns nil, satisfies awserr.Error interface. 5345func (s *InvalidRequestException) OrigErr() error { 5346 return nil 5347} 5348 5349func (s *InvalidRequestException) Error() string { 5350 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5351} 5352 5353// Status code returns the HTTP status code for the request's response error. 5354func (s *InvalidRequestException) StatusCode() int { 5355 return s.RespMetadata.StatusCode 5356} 5357 5358// RequestID returns the service's response RequestID for request. 5359func (s *InvalidRequestException) RequestID() string { 5360 return s.RespMetadata.RequestID 5361} 5362 5363// The state of the private CA does not allow this action to occur. 5364type InvalidStateException struct { 5365 _ struct{} `type:"structure"` 5366 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5367 5368 Message_ *string `locationName:"message" type:"string"` 5369} 5370 5371// String returns the string representation 5372func (s InvalidStateException) String() string { 5373 return awsutil.Prettify(s) 5374} 5375 5376// GoString returns the string representation 5377func (s InvalidStateException) GoString() string { 5378 return s.String() 5379} 5380 5381func newErrorInvalidStateException(v protocol.ResponseMetadata) error { 5382 return &InvalidStateException{ 5383 RespMetadata: v, 5384 } 5385} 5386 5387// Code returns the exception type name. 5388func (s *InvalidStateException) Code() string { 5389 return "InvalidStateException" 5390} 5391 5392// Message returns the exception's message. 5393func (s *InvalidStateException) Message() string { 5394 if s.Message_ != nil { 5395 return *s.Message_ 5396 } 5397 return "" 5398} 5399 5400// OrigErr always returns nil, satisfies awserr.Error interface. 5401func (s *InvalidStateException) OrigErr() error { 5402 return nil 5403} 5404 5405func (s *InvalidStateException) Error() string { 5406 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5407} 5408 5409// Status code returns the HTTP status code for the request's response error. 5410func (s *InvalidStateException) StatusCode() int { 5411 return s.RespMetadata.StatusCode 5412} 5413 5414// RequestID returns the service's response RequestID for request. 5415func (s *InvalidStateException) RequestID() string { 5416 return s.RespMetadata.RequestID 5417} 5418 5419// The tag associated with the CA is not valid. The invalid argument is contained 5420// in the message field. 5421type InvalidTagException struct { 5422 _ struct{} `type:"structure"` 5423 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5424 5425 Message_ *string `locationName:"message" type:"string"` 5426} 5427 5428// String returns the string representation 5429func (s InvalidTagException) String() string { 5430 return awsutil.Prettify(s) 5431} 5432 5433// GoString returns the string representation 5434func (s InvalidTagException) GoString() string { 5435 return s.String() 5436} 5437 5438func newErrorInvalidTagException(v protocol.ResponseMetadata) error { 5439 return &InvalidTagException{ 5440 RespMetadata: v, 5441 } 5442} 5443 5444// Code returns the exception type name. 5445func (s *InvalidTagException) Code() string { 5446 return "InvalidTagException" 5447} 5448 5449// Message returns the exception's message. 5450func (s *InvalidTagException) Message() string { 5451 if s.Message_ != nil { 5452 return *s.Message_ 5453 } 5454 return "" 5455} 5456 5457// OrigErr always returns nil, satisfies awserr.Error interface. 5458func (s *InvalidTagException) OrigErr() error { 5459 return nil 5460} 5461 5462func (s *InvalidTagException) Error() string { 5463 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5464} 5465 5466// Status code returns the HTTP status code for the request's response error. 5467func (s *InvalidTagException) StatusCode() int { 5468 return s.RespMetadata.StatusCode 5469} 5470 5471// RequestID returns the service's response RequestID for request. 5472func (s *InvalidTagException) RequestID() string { 5473 return s.RespMetadata.RequestID 5474} 5475 5476type IssueCertificateInput struct { 5477 _ struct{} `type:"structure"` 5478 5479 // Specifies X.509 certificate information to be included in the issued certificate. 5480 // An APIPassthrough or APICSRPassthrough template variant must be selected, 5481 // or else this parameter is ignored. For more information about using these 5482 // templates, see Understanding Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5483 // 5484 // If conflicting or duplicate certificate information is supplied during certificate 5485 // issuance, ACM Private CA applies order of operation rules (xxxxx) to determine 5486 // what information is used. 5487 ApiPassthrough *ApiPassthrough `type:"structure"` 5488 5489 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5490 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5491 // This must be of the form: 5492 // 5493 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5494 // 5495 // CertificateAuthorityArn is a required field 5496 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5497 5498 // The certificate signing request (CSR) for the certificate you want to issue. 5499 // As an example, you can use the following OpenSSL command to create the CSR 5500 // and a 2048 bit RSA private key. 5501 // 5502 // openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem 5503 // -out csr/test_cert_.csr 5504 // 5505 // If you have a configuration file, you can then use the following OpenSSL 5506 // command. The usr_cert block in the configuration file contains your X509 5507 // version 3 extensions. 5508 // 5509 // openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 5510 // -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr 5511 // 5512 // Note: A CSR must provide either a subject name or a subject alternative name 5513 // or the request will be rejected. 5514 // 5515 // Csr is automatically base64 encoded/decoded by the SDK. 5516 // 5517 // Csr is a required field 5518 Csr []byte `min:"1" type:"blob" required:"true"` 5519 5520 // Alphanumeric string that can be used to distinguish between calls to the 5521 // IssueCertificate action. Idempotency tokens for IssueCertificate time out 5522 // after one minute. Therefore, if you call IssueCertificate multiple times 5523 // with the same idempotency token within one minute, ACM Private CA recognizes 5524 // that you are requesting only one certificate and will issue only one. If 5525 // you change the idempotency token for each call, PCA recognizes that you are 5526 // requesting multiple certificates. 5527 IdempotencyToken *string `min:"1" type:"string"` 5528 5529 // The name of the algorithm that will be used to sign the certificate to be 5530 // issued. 5531 // 5532 // This parameter should not be confused with the SigningAlgorithm parameter 5533 // used to sign a CSR in the CreateCertificateAuthority action. 5534 // 5535 // SigningAlgorithm is a required field 5536 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 5537 5538 // Specifies a custom configuration template to use when issuing a certificate. 5539 // If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1 5540 // template. For CA certificates, you should choose the shortest path length 5541 // that meets your needs. The path length is indicated by the PathLenN portion 5542 // of the ARN, where N is the CA depth (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth). 5543 // 5544 // Note: The CA depth configured on a subordinate CA certificate must not exceed 5545 // the limit set by its parents in the CA hierarchy. 5546 // 5547 // For a list of TemplateArn values supported by ACM Private CA, see Understanding 5548 // Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5549 TemplateArn *string `min:"5" type:"string"` 5550 5551 // Information describing the end of the validity period of the certificate. 5552 // This parameter sets the “Not After” date for the certificate. 5553 // 5554 // Certificate validity is the period of time during which a certificate is 5555 // valid. Validity can be expressed as an explicit date and time when the certificate 5556 // expires, or as a span of time after issuance, stated in days, months, or 5557 // years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 5558 // in RFC 5280. 5559 // 5560 // This value is unaffected when ValidityNotBefore is also specified. For example, 5561 // if Validity is set to 20 days in the future, the certificate will expire 5562 // 20 days from issuance time regardless of the ValidityNotBefore value. 5563 // 5564 // The end of the validity period configured on a certificate must not exceed 5565 // the limit set on its parents in the CA hierarchy. 5566 // 5567 // Validity is a required field 5568 Validity *Validity `type:"structure" required:"true"` 5569 5570 // Information describing the start of the validity period of the certificate. 5571 // This parameter sets the “Not Before" date for the certificate. 5572 // 5573 // By default, when issuing a certificate, ACM Private CA sets the "Not Before" 5574 // date to the issuance time minus 60 minutes. This compensates for clock inconsistencies 5575 // across computer systems. The ValidityNotBefore parameter can be used to customize 5576 // the “Not Before” value. 5577 // 5578 // Unlike the Validity parameter, the ValidityNotBefore parameter is optional. 5579 // 5580 // The ValidityNotBefore value is expressed as an explicit date and time, using 5581 // the Validity type value ABSOLUTE. For more information, see Validity (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html) 5582 // in this API reference and Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 5583 // in RFC 5280. 5584 ValidityNotBefore *Validity `type:"structure"` 5585} 5586 5587// String returns the string representation 5588func (s IssueCertificateInput) String() string { 5589 return awsutil.Prettify(s) 5590} 5591 5592// GoString returns the string representation 5593func (s IssueCertificateInput) GoString() string { 5594 return s.String() 5595} 5596 5597// Validate inspects the fields of the type to determine if they are valid. 5598func (s *IssueCertificateInput) Validate() error { 5599 invalidParams := request.ErrInvalidParams{Context: "IssueCertificateInput"} 5600 if s.CertificateAuthorityArn == nil { 5601 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5602 } 5603 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5604 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5605 } 5606 if s.Csr == nil { 5607 invalidParams.Add(request.NewErrParamRequired("Csr")) 5608 } 5609 if s.Csr != nil && len(s.Csr) < 1 { 5610 invalidParams.Add(request.NewErrParamMinLen("Csr", 1)) 5611 } 5612 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 5613 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 5614 } 5615 if s.SigningAlgorithm == nil { 5616 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 5617 } 5618 if s.TemplateArn != nil && len(*s.TemplateArn) < 5 { 5619 invalidParams.Add(request.NewErrParamMinLen("TemplateArn", 5)) 5620 } 5621 if s.Validity == nil { 5622 invalidParams.Add(request.NewErrParamRequired("Validity")) 5623 } 5624 if s.ApiPassthrough != nil { 5625 if err := s.ApiPassthrough.Validate(); err != nil { 5626 invalidParams.AddNested("ApiPassthrough", err.(request.ErrInvalidParams)) 5627 } 5628 } 5629 if s.Validity != nil { 5630 if err := s.Validity.Validate(); err != nil { 5631 invalidParams.AddNested("Validity", err.(request.ErrInvalidParams)) 5632 } 5633 } 5634 if s.ValidityNotBefore != nil { 5635 if err := s.ValidityNotBefore.Validate(); err != nil { 5636 invalidParams.AddNested("ValidityNotBefore", err.(request.ErrInvalidParams)) 5637 } 5638 } 5639 5640 if invalidParams.Len() > 0 { 5641 return invalidParams 5642 } 5643 return nil 5644} 5645 5646// SetApiPassthrough sets the ApiPassthrough field's value. 5647func (s *IssueCertificateInput) SetApiPassthrough(v *ApiPassthrough) *IssueCertificateInput { 5648 s.ApiPassthrough = v 5649 return s 5650} 5651 5652// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5653func (s *IssueCertificateInput) SetCertificateAuthorityArn(v string) *IssueCertificateInput { 5654 s.CertificateAuthorityArn = &v 5655 return s 5656} 5657 5658// SetCsr sets the Csr field's value. 5659func (s *IssueCertificateInput) SetCsr(v []byte) *IssueCertificateInput { 5660 s.Csr = v 5661 return s 5662} 5663 5664// SetIdempotencyToken sets the IdempotencyToken field's value. 5665func (s *IssueCertificateInput) SetIdempotencyToken(v string) *IssueCertificateInput { 5666 s.IdempotencyToken = &v 5667 return s 5668} 5669 5670// SetSigningAlgorithm sets the SigningAlgorithm field's value. 5671func (s *IssueCertificateInput) SetSigningAlgorithm(v string) *IssueCertificateInput { 5672 s.SigningAlgorithm = &v 5673 return s 5674} 5675 5676// SetTemplateArn sets the TemplateArn field's value. 5677func (s *IssueCertificateInput) SetTemplateArn(v string) *IssueCertificateInput { 5678 s.TemplateArn = &v 5679 return s 5680} 5681 5682// SetValidity sets the Validity field's value. 5683func (s *IssueCertificateInput) SetValidity(v *Validity) *IssueCertificateInput { 5684 s.Validity = v 5685 return s 5686} 5687 5688// SetValidityNotBefore sets the ValidityNotBefore field's value. 5689func (s *IssueCertificateInput) SetValidityNotBefore(v *Validity) *IssueCertificateInput { 5690 s.ValidityNotBefore = v 5691 return s 5692} 5693 5694type IssueCertificateOutput struct { 5695 _ struct{} `type:"structure"` 5696 5697 // The Amazon Resource Name (ARN) of the issued certificate and the certificate 5698 // serial number. This is of the form: 5699 // 5700 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 5701 CertificateArn *string `min:"5" type:"string"` 5702} 5703 5704// String returns the string representation 5705func (s IssueCertificateOutput) String() string { 5706 return awsutil.Prettify(s) 5707} 5708 5709// GoString returns the string representation 5710func (s IssueCertificateOutput) GoString() string { 5711 return s.String() 5712} 5713 5714// SetCertificateArn sets the CertificateArn field's value. 5715func (s *IssueCertificateOutput) SetCertificateArn(v string) *IssueCertificateOutput { 5716 s.CertificateArn = &v 5717 return s 5718} 5719 5720// Defines one or more purposes for which the key contained in the certificate 5721// can be used. Default value for each option is false. 5722type KeyUsage struct { 5723 _ struct{} `type:"structure"` 5724 5725 // Key can be used to sign CRLs. 5726 CRLSign *bool `type:"boolean"` 5727 5728 // Key can be used to decipher data. 5729 DataEncipherment *bool `type:"boolean"` 5730 5731 // Key can be used only to decipher data. 5732 DecipherOnly *bool `type:"boolean"` 5733 5734 // Key can be used for digital signing. 5735 DigitalSignature *bool `type:"boolean"` 5736 5737 // Key can be used only to encipher data. 5738 EncipherOnly *bool `type:"boolean"` 5739 5740 // Key can be used in a key-agreement protocol. 5741 KeyAgreement *bool `type:"boolean"` 5742 5743 // Key can be used to sign certificates. 5744 KeyCertSign *bool `type:"boolean"` 5745 5746 // Key can be used to encipher data. 5747 KeyEncipherment *bool `type:"boolean"` 5748 5749 // Key can be used for non-repudiation. 5750 NonRepudiation *bool `type:"boolean"` 5751} 5752 5753// String returns the string representation 5754func (s KeyUsage) String() string { 5755 return awsutil.Prettify(s) 5756} 5757 5758// GoString returns the string representation 5759func (s KeyUsage) GoString() string { 5760 return s.String() 5761} 5762 5763// SetCRLSign sets the CRLSign field's value. 5764func (s *KeyUsage) SetCRLSign(v bool) *KeyUsage { 5765 s.CRLSign = &v 5766 return s 5767} 5768 5769// SetDataEncipherment sets the DataEncipherment field's value. 5770func (s *KeyUsage) SetDataEncipherment(v bool) *KeyUsage { 5771 s.DataEncipherment = &v 5772 return s 5773} 5774 5775// SetDecipherOnly sets the DecipherOnly field's value. 5776func (s *KeyUsage) SetDecipherOnly(v bool) *KeyUsage { 5777 s.DecipherOnly = &v 5778 return s 5779} 5780 5781// SetDigitalSignature sets the DigitalSignature field's value. 5782func (s *KeyUsage) SetDigitalSignature(v bool) *KeyUsage { 5783 s.DigitalSignature = &v 5784 return s 5785} 5786 5787// SetEncipherOnly sets the EncipherOnly field's value. 5788func (s *KeyUsage) SetEncipherOnly(v bool) *KeyUsage { 5789 s.EncipherOnly = &v 5790 return s 5791} 5792 5793// SetKeyAgreement sets the KeyAgreement field's value. 5794func (s *KeyUsage) SetKeyAgreement(v bool) *KeyUsage { 5795 s.KeyAgreement = &v 5796 return s 5797} 5798 5799// SetKeyCertSign sets the KeyCertSign field's value. 5800func (s *KeyUsage) SetKeyCertSign(v bool) *KeyUsage { 5801 s.KeyCertSign = &v 5802 return s 5803} 5804 5805// SetKeyEncipherment sets the KeyEncipherment field's value. 5806func (s *KeyUsage) SetKeyEncipherment(v bool) *KeyUsage { 5807 s.KeyEncipherment = &v 5808 return s 5809} 5810 5811// SetNonRepudiation sets the NonRepudiation field's value. 5812func (s *KeyUsage) SetNonRepudiation(v bool) *KeyUsage { 5813 s.NonRepudiation = &v 5814 return s 5815} 5816 5817// An ACM Private CA quota has been exceeded. See the exception message returned 5818// to determine the quota that was exceeded. 5819type LimitExceededException struct { 5820 _ struct{} `type:"structure"` 5821 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5822 5823 Message_ *string `locationName:"message" type:"string"` 5824} 5825 5826// String returns the string representation 5827func (s LimitExceededException) String() string { 5828 return awsutil.Prettify(s) 5829} 5830 5831// GoString returns the string representation 5832func (s LimitExceededException) GoString() string { 5833 return s.String() 5834} 5835 5836func newErrorLimitExceededException(v protocol.ResponseMetadata) error { 5837 return &LimitExceededException{ 5838 RespMetadata: v, 5839 } 5840} 5841 5842// Code returns the exception type name. 5843func (s *LimitExceededException) Code() string { 5844 return "LimitExceededException" 5845} 5846 5847// Message returns the exception's message. 5848func (s *LimitExceededException) Message() string { 5849 if s.Message_ != nil { 5850 return *s.Message_ 5851 } 5852 return "" 5853} 5854 5855// OrigErr always returns nil, satisfies awserr.Error interface. 5856func (s *LimitExceededException) OrigErr() error { 5857 return nil 5858} 5859 5860func (s *LimitExceededException) Error() string { 5861 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5862} 5863 5864// Status code returns the HTTP status code for the request's response error. 5865func (s *LimitExceededException) StatusCode() int { 5866 return s.RespMetadata.StatusCode 5867} 5868 5869// RequestID returns the service's response RequestID for request. 5870func (s *LimitExceededException) RequestID() string { 5871 return s.RespMetadata.RequestID 5872} 5873 5874type ListCertificateAuthoritiesInput struct { 5875 _ struct{} `type:"structure"` 5876 5877 // Use this parameter when paginating results to specify the maximum number 5878 // of items to return in the response on each page. If additional items exist 5879 // beyond the number you specify, the NextToken element is sent in the response. 5880 // Use this NextToken value in a subsequent request to retrieve additional items. 5881 MaxResults *int64 `min:"1" type:"integer"` 5882 5883 // Use this parameter when paginating results in a subsequent request after 5884 // you receive a response with truncated results. Set it to the value of the 5885 // NextToken parameter from the response you just received. 5886 NextToken *string `min:"1" type:"string"` 5887 5888 // Use this parameter to filter the returned set of certificate authorities 5889 // based on their owner. The default is SELF. 5890 ResourceOwner *string `type:"string" enum:"ResourceOwner"` 5891} 5892 5893// String returns the string representation 5894func (s ListCertificateAuthoritiesInput) String() string { 5895 return awsutil.Prettify(s) 5896} 5897 5898// GoString returns the string representation 5899func (s ListCertificateAuthoritiesInput) GoString() string { 5900 return s.String() 5901} 5902 5903// Validate inspects the fields of the type to determine if they are valid. 5904func (s *ListCertificateAuthoritiesInput) Validate() error { 5905 invalidParams := request.ErrInvalidParams{Context: "ListCertificateAuthoritiesInput"} 5906 if s.MaxResults != nil && *s.MaxResults < 1 { 5907 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 5908 } 5909 if s.NextToken != nil && len(*s.NextToken) < 1 { 5910 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 5911 } 5912 5913 if invalidParams.Len() > 0 { 5914 return invalidParams 5915 } 5916 return nil 5917} 5918 5919// SetMaxResults sets the MaxResults field's value. 5920func (s *ListCertificateAuthoritiesInput) SetMaxResults(v int64) *ListCertificateAuthoritiesInput { 5921 s.MaxResults = &v 5922 return s 5923} 5924 5925// SetNextToken sets the NextToken field's value. 5926func (s *ListCertificateAuthoritiesInput) SetNextToken(v string) *ListCertificateAuthoritiesInput { 5927 s.NextToken = &v 5928 return s 5929} 5930 5931// SetResourceOwner sets the ResourceOwner field's value. 5932func (s *ListCertificateAuthoritiesInput) SetResourceOwner(v string) *ListCertificateAuthoritiesInput { 5933 s.ResourceOwner = &v 5934 return s 5935} 5936 5937type ListCertificateAuthoritiesOutput struct { 5938 _ struct{} `type:"structure"` 5939 5940 // Summary information about each certificate authority you have created. 5941 CertificateAuthorities []*CertificateAuthority `type:"list"` 5942 5943 // When the list is truncated, this value is present and should be used for 5944 // the NextToken parameter in a subsequent pagination request. 5945 NextToken *string `min:"1" type:"string"` 5946} 5947 5948// String returns the string representation 5949func (s ListCertificateAuthoritiesOutput) String() string { 5950 return awsutil.Prettify(s) 5951} 5952 5953// GoString returns the string representation 5954func (s ListCertificateAuthoritiesOutput) GoString() string { 5955 return s.String() 5956} 5957 5958// SetCertificateAuthorities sets the CertificateAuthorities field's value. 5959func (s *ListCertificateAuthoritiesOutput) SetCertificateAuthorities(v []*CertificateAuthority) *ListCertificateAuthoritiesOutput { 5960 s.CertificateAuthorities = v 5961 return s 5962} 5963 5964// SetNextToken sets the NextToken field's value. 5965func (s *ListCertificateAuthoritiesOutput) SetNextToken(v string) *ListCertificateAuthoritiesOutput { 5966 s.NextToken = &v 5967 return s 5968} 5969 5970type ListPermissionsInput struct { 5971 _ struct{} `type:"structure"` 5972 5973 // The Amazon Resource Number (ARN) of the private CA to inspect. You can find 5974 // the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 5975 // action. This must be of the form: arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5976 // You can get a private CA's ARN by running the ListCertificateAuthorities 5977 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 5978 // action. 5979 // 5980 // CertificateAuthorityArn is a required field 5981 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5982 5983 // When paginating results, use this parameter to specify the maximum number 5984 // of items to return in the response. If additional items exist beyond the 5985 // number you specify, the NextToken element is sent in the response. Use this 5986 // NextToken value in a subsequent request to retrieve additional items. 5987 MaxResults *int64 `min:"1" type:"integer"` 5988 5989 // When paginating results, use this parameter in a subsequent request after 5990 // you receive a response with truncated results. Set it to the value of NextToken 5991 // from the response you just received. 5992 NextToken *string `min:"1" type:"string"` 5993} 5994 5995// String returns the string representation 5996func (s ListPermissionsInput) String() string { 5997 return awsutil.Prettify(s) 5998} 5999 6000// GoString returns the string representation 6001func (s ListPermissionsInput) GoString() string { 6002 return s.String() 6003} 6004 6005// Validate inspects the fields of the type to determine if they are valid. 6006func (s *ListPermissionsInput) Validate() error { 6007 invalidParams := request.ErrInvalidParams{Context: "ListPermissionsInput"} 6008 if s.CertificateAuthorityArn == nil { 6009 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6010 } 6011 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6012 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6013 } 6014 if s.MaxResults != nil && *s.MaxResults < 1 { 6015 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6016 } 6017 if s.NextToken != nil && len(*s.NextToken) < 1 { 6018 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6019 } 6020 6021 if invalidParams.Len() > 0 { 6022 return invalidParams 6023 } 6024 return nil 6025} 6026 6027// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6028func (s *ListPermissionsInput) SetCertificateAuthorityArn(v string) *ListPermissionsInput { 6029 s.CertificateAuthorityArn = &v 6030 return s 6031} 6032 6033// SetMaxResults sets the MaxResults field's value. 6034func (s *ListPermissionsInput) SetMaxResults(v int64) *ListPermissionsInput { 6035 s.MaxResults = &v 6036 return s 6037} 6038 6039// SetNextToken sets the NextToken field's value. 6040func (s *ListPermissionsInput) SetNextToken(v string) *ListPermissionsInput { 6041 s.NextToken = &v 6042 return s 6043} 6044 6045type ListPermissionsOutput struct { 6046 _ struct{} `type:"structure"` 6047 6048 // When the list is truncated, this value is present and should be used for 6049 // the NextToken parameter in a subsequent pagination request. 6050 NextToken *string `min:"1" type:"string"` 6051 6052 // Summary information about each permission assigned by the specified private 6053 // CA, including the action enabled, the policy provided, and the time of creation. 6054 Permissions []*Permission `type:"list"` 6055} 6056 6057// String returns the string representation 6058func (s ListPermissionsOutput) String() string { 6059 return awsutil.Prettify(s) 6060} 6061 6062// GoString returns the string representation 6063func (s ListPermissionsOutput) GoString() string { 6064 return s.String() 6065} 6066 6067// SetNextToken sets the NextToken field's value. 6068func (s *ListPermissionsOutput) SetNextToken(v string) *ListPermissionsOutput { 6069 s.NextToken = &v 6070 return s 6071} 6072 6073// SetPermissions sets the Permissions field's value. 6074func (s *ListPermissionsOutput) SetPermissions(v []*Permission) *ListPermissionsOutput { 6075 s.Permissions = v 6076 return s 6077} 6078 6079type ListTagsInput struct { 6080 _ struct{} `type:"structure"` 6081 6082 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 6083 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 6084 // action. This must be of the form: 6085 // 6086 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 6087 // 6088 // CertificateAuthorityArn is a required field 6089 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 6090 6091 // Use this parameter when paginating results to specify the maximum number 6092 // of items to return in the response. If additional items exist beyond the 6093 // number you specify, the NextToken element is sent in the response. Use this 6094 // NextToken value in a subsequent request to retrieve additional items. 6095 MaxResults *int64 `min:"1" type:"integer"` 6096 6097 // Use this parameter when paginating results in a subsequent request after 6098 // you receive a response with truncated results. Set it to the value of NextToken 6099 // from the response you just received. 6100 NextToken *string `min:"1" type:"string"` 6101} 6102 6103// String returns the string representation 6104func (s ListTagsInput) String() string { 6105 return awsutil.Prettify(s) 6106} 6107 6108// GoString returns the string representation 6109func (s ListTagsInput) GoString() string { 6110 return s.String() 6111} 6112 6113// Validate inspects the fields of the type to determine if they are valid. 6114func (s *ListTagsInput) Validate() error { 6115 invalidParams := request.ErrInvalidParams{Context: "ListTagsInput"} 6116 if s.CertificateAuthorityArn == nil { 6117 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6118 } 6119 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6120 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6121 } 6122 if s.MaxResults != nil && *s.MaxResults < 1 { 6123 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6124 } 6125 if s.NextToken != nil && len(*s.NextToken) < 1 { 6126 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6127 } 6128 6129 if invalidParams.Len() > 0 { 6130 return invalidParams 6131 } 6132 return nil 6133} 6134 6135// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6136func (s *ListTagsInput) SetCertificateAuthorityArn(v string) *ListTagsInput { 6137 s.CertificateAuthorityArn = &v 6138 return s 6139} 6140 6141// SetMaxResults sets the MaxResults field's value. 6142func (s *ListTagsInput) SetMaxResults(v int64) *ListTagsInput { 6143 s.MaxResults = &v 6144 return s 6145} 6146 6147// SetNextToken sets the NextToken field's value. 6148func (s *ListTagsInput) SetNextToken(v string) *ListTagsInput { 6149 s.NextToken = &v 6150 return s 6151} 6152 6153type ListTagsOutput struct { 6154 _ struct{} `type:"structure"` 6155 6156 // When the list is truncated, this value is present and should be used for 6157 // the NextToken parameter in a subsequent pagination request. 6158 NextToken *string `min:"1" type:"string"` 6159 6160 // The tags associated with your private CA. 6161 Tags []*Tag `min:"1" type:"list"` 6162} 6163 6164// String returns the string representation 6165func (s ListTagsOutput) String() string { 6166 return awsutil.Prettify(s) 6167} 6168 6169// GoString returns the string representation 6170func (s ListTagsOutput) GoString() string { 6171 return s.String() 6172} 6173 6174// SetNextToken sets the NextToken field's value. 6175func (s *ListTagsOutput) SetNextToken(v string) *ListTagsOutput { 6176 s.NextToken = &v 6177 return s 6178} 6179 6180// SetTags sets the Tags field's value. 6181func (s *ListTagsOutput) SetTags(v []*Tag) *ListTagsOutput { 6182 s.Tags = v 6183 return s 6184} 6185 6186// The current action was prevented because it would lock the caller out from 6187// performing subsequent actions. Verify that the specified parameters would 6188// not result in the caller being denied access to the resource. 6189type LockoutPreventedException struct { 6190 _ struct{} `type:"structure"` 6191 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6192 6193 Message_ *string `locationName:"message" type:"string"` 6194} 6195 6196// String returns the string representation 6197func (s LockoutPreventedException) String() string { 6198 return awsutil.Prettify(s) 6199} 6200 6201// GoString returns the string representation 6202func (s LockoutPreventedException) GoString() string { 6203 return s.String() 6204} 6205 6206func newErrorLockoutPreventedException(v protocol.ResponseMetadata) error { 6207 return &LockoutPreventedException{ 6208 RespMetadata: v, 6209 } 6210} 6211 6212// Code returns the exception type name. 6213func (s *LockoutPreventedException) Code() string { 6214 return "LockoutPreventedException" 6215} 6216 6217// Message returns the exception's message. 6218func (s *LockoutPreventedException) Message() string { 6219 if s.Message_ != nil { 6220 return *s.Message_ 6221 } 6222 return "" 6223} 6224 6225// OrigErr always returns nil, satisfies awserr.Error interface. 6226func (s *LockoutPreventedException) OrigErr() error { 6227 return nil 6228} 6229 6230func (s *LockoutPreventedException) Error() string { 6231 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6232} 6233 6234// Status code returns the HTTP status code for the request's response error. 6235func (s *LockoutPreventedException) StatusCode() int { 6236 return s.RespMetadata.StatusCode 6237} 6238 6239// RequestID returns the service's response RequestID for request. 6240func (s *LockoutPreventedException) RequestID() string { 6241 return s.RespMetadata.RequestID 6242} 6243 6244// The certificate signing request is invalid. 6245type MalformedCSRException struct { 6246 _ struct{} `type:"structure"` 6247 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6248 6249 Message_ *string `locationName:"message" type:"string"` 6250} 6251 6252// String returns the string representation 6253func (s MalformedCSRException) String() string { 6254 return awsutil.Prettify(s) 6255} 6256 6257// GoString returns the string representation 6258func (s MalformedCSRException) GoString() string { 6259 return s.String() 6260} 6261 6262func newErrorMalformedCSRException(v protocol.ResponseMetadata) error { 6263 return &MalformedCSRException{ 6264 RespMetadata: v, 6265 } 6266} 6267 6268// Code returns the exception type name. 6269func (s *MalformedCSRException) Code() string { 6270 return "MalformedCSRException" 6271} 6272 6273// Message returns the exception's message. 6274func (s *MalformedCSRException) Message() string { 6275 if s.Message_ != nil { 6276 return *s.Message_ 6277 } 6278 return "" 6279} 6280 6281// OrigErr always returns nil, satisfies awserr.Error interface. 6282func (s *MalformedCSRException) OrigErr() error { 6283 return nil 6284} 6285 6286func (s *MalformedCSRException) Error() string { 6287 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6288} 6289 6290// Status code returns the HTTP status code for the request's response error. 6291func (s *MalformedCSRException) StatusCode() int { 6292 return s.RespMetadata.StatusCode 6293} 6294 6295// RequestID returns the service's response RequestID for request. 6296func (s *MalformedCSRException) RequestID() string { 6297 return s.RespMetadata.RequestID 6298} 6299 6300// One or more fields in the certificate are invalid. 6301type MalformedCertificateException struct { 6302 _ struct{} `type:"structure"` 6303 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6304 6305 Message_ *string `locationName:"message" type:"string"` 6306} 6307 6308// String returns the string representation 6309func (s MalformedCertificateException) String() string { 6310 return awsutil.Prettify(s) 6311} 6312 6313// GoString returns the string representation 6314func (s MalformedCertificateException) GoString() string { 6315 return s.String() 6316} 6317 6318func newErrorMalformedCertificateException(v protocol.ResponseMetadata) error { 6319 return &MalformedCertificateException{ 6320 RespMetadata: v, 6321 } 6322} 6323 6324// Code returns the exception type name. 6325func (s *MalformedCertificateException) Code() string { 6326 return "MalformedCertificateException" 6327} 6328 6329// Message returns the exception's message. 6330func (s *MalformedCertificateException) Message() string { 6331 if s.Message_ != nil { 6332 return *s.Message_ 6333 } 6334 return "" 6335} 6336 6337// OrigErr always returns nil, satisfies awserr.Error interface. 6338func (s *MalformedCertificateException) OrigErr() error { 6339 return nil 6340} 6341 6342func (s *MalformedCertificateException) Error() string { 6343 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6344} 6345 6346// Status code returns the HTTP status code for the request's response error. 6347func (s *MalformedCertificateException) StatusCode() int { 6348 return s.RespMetadata.StatusCode 6349} 6350 6351// RequestID returns the service's response RequestID for request. 6352func (s *MalformedCertificateException) RequestID() string { 6353 return s.RespMetadata.RequestID 6354} 6355 6356// Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) 6357// and value. The OID must satisfy the regular expression shown below. For more 6358// information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 6359type OtherName struct { 6360 _ struct{} `type:"structure"` 6361 6362 // Specifies an OID. 6363 // 6364 // TypeId is a required field 6365 TypeId *string `type:"string" required:"true"` 6366 6367 // Specifies an OID value. 6368 // 6369 // Value is a required field 6370 Value *string `type:"string" required:"true"` 6371} 6372 6373// String returns the string representation 6374func (s OtherName) String() string { 6375 return awsutil.Prettify(s) 6376} 6377 6378// GoString returns the string representation 6379func (s OtherName) GoString() string { 6380 return s.String() 6381} 6382 6383// Validate inspects the fields of the type to determine if they are valid. 6384func (s *OtherName) Validate() error { 6385 invalidParams := request.ErrInvalidParams{Context: "OtherName"} 6386 if s.TypeId == nil { 6387 invalidParams.Add(request.NewErrParamRequired("TypeId")) 6388 } 6389 if s.Value == nil { 6390 invalidParams.Add(request.NewErrParamRequired("Value")) 6391 } 6392 6393 if invalidParams.Len() > 0 { 6394 return invalidParams 6395 } 6396 return nil 6397} 6398 6399// SetTypeId sets the TypeId field's value. 6400func (s *OtherName) SetTypeId(v string) *OtherName { 6401 s.TypeId = &v 6402 return s 6403} 6404 6405// SetValue sets the Value field's value. 6406func (s *OtherName) SetValue(v string) *OtherName { 6407 s.Value = &v 6408 return s 6409} 6410 6411// Permissions designate which private CA actions can be performed by an AWS 6412// service or entity. In order for ACM to automatically renew private certificates, 6413// you must give the ACM service principal all available permissions (IssueCertificate, 6414// GetCertificate, and ListPermissions). Permissions can be assigned with the 6415// CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 6416// action, removed with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 6417// action, and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 6418// action. 6419type Permission struct { 6420 _ struct{} `type:"structure"` 6421 6422 // The private CA actions that can be performed by the designated AWS service. 6423 Actions []*string `min:"1" type:"list"` 6424 6425 // The Amazon Resource Number (ARN) of the private CA from which the permission 6426 // was issued. 6427 CertificateAuthorityArn *string `min:"5" type:"string"` 6428 6429 // The time at which the permission was created. 6430 CreatedAt *time.Time `type:"timestamp"` 6431 6432 // The name of the policy that is associated with the permission. 6433 Policy *string `min:"1" type:"string"` 6434 6435 // The AWS service or entity that holds the permission. At this time, the only 6436 // valid principal is acm.amazonaws.com. 6437 Principal *string `type:"string"` 6438 6439 // The ID of the account that assigned the permission. 6440 SourceAccount *string `min:"12" type:"string"` 6441} 6442 6443// String returns the string representation 6444func (s Permission) String() string { 6445 return awsutil.Prettify(s) 6446} 6447 6448// GoString returns the string representation 6449func (s Permission) GoString() string { 6450 return s.String() 6451} 6452 6453// SetActions sets the Actions field's value. 6454func (s *Permission) SetActions(v []*string) *Permission { 6455 s.Actions = v 6456 return s 6457} 6458 6459// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6460func (s *Permission) SetCertificateAuthorityArn(v string) *Permission { 6461 s.CertificateAuthorityArn = &v 6462 return s 6463} 6464 6465// SetCreatedAt sets the CreatedAt field's value. 6466func (s *Permission) SetCreatedAt(v time.Time) *Permission { 6467 s.CreatedAt = &v 6468 return s 6469} 6470 6471// SetPolicy sets the Policy field's value. 6472func (s *Permission) SetPolicy(v string) *Permission { 6473 s.Policy = &v 6474 return s 6475} 6476 6477// SetPrincipal sets the Principal field's value. 6478func (s *Permission) SetPrincipal(v string) *Permission { 6479 s.Principal = &v 6480 return s 6481} 6482 6483// SetSourceAccount sets the SourceAccount field's value. 6484func (s *Permission) SetSourceAccount(v string) *Permission { 6485 s.SourceAccount = &v 6486 return s 6487} 6488 6489// The designated permission has already been given to the user. 6490type PermissionAlreadyExistsException struct { 6491 _ struct{} `type:"structure"` 6492 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6493 6494 Message_ *string `locationName:"message" type:"string"` 6495} 6496 6497// String returns the string representation 6498func (s PermissionAlreadyExistsException) String() string { 6499 return awsutil.Prettify(s) 6500} 6501 6502// GoString returns the string representation 6503func (s PermissionAlreadyExistsException) GoString() string { 6504 return s.String() 6505} 6506 6507func newErrorPermissionAlreadyExistsException(v protocol.ResponseMetadata) error { 6508 return &PermissionAlreadyExistsException{ 6509 RespMetadata: v, 6510 } 6511} 6512 6513// Code returns the exception type name. 6514func (s *PermissionAlreadyExistsException) Code() string { 6515 return "PermissionAlreadyExistsException" 6516} 6517 6518// Message returns the exception's message. 6519func (s *PermissionAlreadyExistsException) Message() string { 6520 if s.Message_ != nil { 6521 return *s.Message_ 6522 } 6523 return "" 6524} 6525 6526// OrigErr always returns nil, satisfies awserr.Error interface. 6527func (s *PermissionAlreadyExistsException) OrigErr() error { 6528 return nil 6529} 6530 6531func (s *PermissionAlreadyExistsException) Error() string { 6532 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6533} 6534 6535// Status code returns the HTTP status code for the request's response error. 6536func (s *PermissionAlreadyExistsException) StatusCode() int { 6537 return s.RespMetadata.StatusCode 6538} 6539 6540// RequestID returns the service's response RequestID for request. 6541func (s *PermissionAlreadyExistsException) RequestID() string { 6542 return s.RespMetadata.RequestID 6543} 6544 6545// Defines the X.509 CertificatePolicies extension. 6546type PolicyInformation struct { 6547 _ struct{} `type:"structure"` 6548 6549 // Specifies the object identifier (OID) of the certificate policy under which 6550 // the certificate was issued. For more information, see NIST's definition of 6551 // Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 6552 // 6553 // CertPolicyId is a required field 6554 CertPolicyId *string `type:"string" required:"true"` 6555 6556 // Modifies the given CertPolicyId with a qualifier. ACM Private CA supports 6557 // the certification practice statement (CPS) qualifier. 6558 PolicyQualifiers []*PolicyQualifierInfo `min:"1" type:"list"` 6559} 6560 6561// String returns the string representation 6562func (s PolicyInformation) String() string { 6563 return awsutil.Prettify(s) 6564} 6565 6566// GoString returns the string representation 6567func (s PolicyInformation) GoString() string { 6568 return s.String() 6569} 6570 6571// Validate inspects the fields of the type to determine if they are valid. 6572func (s *PolicyInformation) Validate() error { 6573 invalidParams := request.ErrInvalidParams{Context: "PolicyInformation"} 6574 if s.CertPolicyId == nil { 6575 invalidParams.Add(request.NewErrParamRequired("CertPolicyId")) 6576 } 6577 if s.PolicyQualifiers != nil && len(s.PolicyQualifiers) < 1 { 6578 invalidParams.Add(request.NewErrParamMinLen("PolicyQualifiers", 1)) 6579 } 6580 if s.PolicyQualifiers != nil { 6581 for i, v := range s.PolicyQualifiers { 6582 if v == nil { 6583 continue 6584 } 6585 if err := v.Validate(); err != nil { 6586 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyQualifiers", i), err.(request.ErrInvalidParams)) 6587 } 6588 } 6589 } 6590 6591 if invalidParams.Len() > 0 { 6592 return invalidParams 6593 } 6594 return nil 6595} 6596 6597// SetCertPolicyId sets the CertPolicyId field's value. 6598func (s *PolicyInformation) SetCertPolicyId(v string) *PolicyInformation { 6599 s.CertPolicyId = &v 6600 return s 6601} 6602 6603// SetPolicyQualifiers sets the PolicyQualifiers field's value. 6604func (s *PolicyInformation) SetPolicyQualifiers(v []*PolicyQualifierInfo) *PolicyInformation { 6605 s.PolicyQualifiers = v 6606 return s 6607} 6608 6609// Modifies the CertPolicyId of a PolicyInformation object with a qualifier. 6610// ACM Private CA supports the certification practice statement (CPS) qualifier. 6611type PolicyQualifierInfo struct { 6612 _ struct{} `type:"structure"` 6613 6614 // Identifies the qualifier modifying a CertPolicyId. 6615 // 6616 // PolicyQualifierId is a required field 6617 PolicyQualifierId *string `type:"string" required:"true" enum:"PolicyQualifierId"` 6618 6619 // Defines the qualifier type. ACM Private CA supports the use of a URI for 6620 // a CPS qualifier in this field. 6621 // 6622 // Qualifier is a required field 6623 Qualifier *Qualifier `type:"structure" required:"true"` 6624} 6625 6626// String returns the string representation 6627func (s PolicyQualifierInfo) String() string { 6628 return awsutil.Prettify(s) 6629} 6630 6631// GoString returns the string representation 6632func (s PolicyQualifierInfo) GoString() string { 6633 return s.String() 6634} 6635 6636// Validate inspects the fields of the type to determine if they are valid. 6637func (s *PolicyQualifierInfo) Validate() error { 6638 invalidParams := request.ErrInvalidParams{Context: "PolicyQualifierInfo"} 6639 if s.PolicyQualifierId == nil { 6640 invalidParams.Add(request.NewErrParamRequired("PolicyQualifierId")) 6641 } 6642 if s.Qualifier == nil { 6643 invalidParams.Add(request.NewErrParamRequired("Qualifier")) 6644 } 6645 if s.Qualifier != nil { 6646 if err := s.Qualifier.Validate(); err != nil { 6647 invalidParams.AddNested("Qualifier", err.(request.ErrInvalidParams)) 6648 } 6649 } 6650 6651 if invalidParams.Len() > 0 { 6652 return invalidParams 6653 } 6654 return nil 6655} 6656 6657// SetPolicyQualifierId sets the PolicyQualifierId field's value. 6658func (s *PolicyQualifierInfo) SetPolicyQualifierId(v string) *PolicyQualifierInfo { 6659 s.PolicyQualifierId = &v 6660 return s 6661} 6662 6663// SetQualifier sets the Qualifier field's value. 6664func (s *PolicyQualifierInfo) SetQualifier(v *Qualifier) *PolicyQualifierInfo { 6665 s.Qualifier = v 6666 return s 6667} 6668 6669type PutPolicyInput struct { 6670 _ struct{} `type:"structure"` 6671 6672 // The path and file name of a JSON-formatted IAM policy to attach to the specified 6673 // private CA resource. If this policy does not contain all required statements 6674 // or if it includes any statement that is not allowed, the PutPolicy action 6675 // returns an InvalidPolicyException. For information about IAM policy and statement 6676 // structure, see Overview of JSON Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 6677 // 6678 // Policy is a required field 6679 Policy *string `min:"1" type:"string" required:"true"` 6680 6681 // The Amazon Resource Number (ARN) of the private CA to associate with the 6682 // policy. The ARN of the CA can be found by calling the ListCertificateAuthorities 6683 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6684 // action. 6685 // 6686 // ResourceArn is a required field 6687 ResourceArn *string `min:"5" type:"string" required:"true"` 6688} 6689 6690// String returns the string representation 6691func (s PutPolicyInput) String() string { 6692 return awsutil.Prettify(s) 6693} 6694 6695// GoString returns the string representation 6696func (s PutPolicyInput) GoString() string { 6697 return s.String() 6698} 6699 6700// Validate inspects the fields of the type to determine if they are valid. 6701func (s *PutPolicyInput) Validate() error { 6702 invalidParams := request.ErrInvalidParams{Context: "PutPolicyInput"} 6703 if s.Policy == nil { 6704 invalidParams.Add(request.NewErrParamRequired("Policy")) 6705 } 6706 if s.Policy != nil && len(*s.Policy) < 1 { 6707 invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) 6708 } 6709 if s.ResourceArn == nil { 6710 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 6711 } 6712 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 6713 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 6714 } 6715 6716 if invalidParams.Len() > 0 { 6717 return invalidParams 6718 } 6719 return nil 6720} 6721 6722// SetPolicy sets the Policy field's value. 6723func (s *PutPolicyInput) SetPolicy(v string) *PutPolicyInput { 6724 s.Policy = &v 6725 return s 6726} 6727 6728// SetResourceArn sets the ResourceArn field's value. 6729func (s *PutPolicyInput) SetResourceArn(v string) *PutPolicyInput { 6730 s.ResourceArn = &v 6731 return s 6732} 6733 6734type PutPolicyOutput struct { 6735 _ struct{} `type:"structure"` 6736} 6737 6738// String returns the string representation 6739func (s PutPolicyOutput) String() string { 6740 return awsutil.Prettify(s) 6741} 6742 6743// GoString returns the string representation 6744func (s PutPolicyOutput) GoString() string { 6745 return s.String() 6746} 6747 6748// Defines a PolicyInformation qualifier. ACM Private CA supports the certification 6749// practice statement (CPS) qualifier (https://tools.ietf.org/html/rfc5280#section-4.2.1.4) 6750// defined in RFC 5280. 6751type Qualifier struct { 6752 _ struct{} `type:"structure"` 6753 6754 // Contains a pointer to a certification practice statement (CPS) published 6755 // by the CA. 6756 // 6757 // CpsUri is a required field 6758 CpsUri *string `type:"string" required:"true"` 6759} 6760 6761// String returns the string representation 6762func (s Qualifier) String() string { 6763 return awsutil.Prettify(s) 6764} 6765 6766// GoString returns the string representation 6767func (s Qualifier) GoString() string { 6768 return s.String() 6769} 6770 6771// Validate inspects the fields of the type to determine if they are valid. 6772func (s *Qualifier) Validate() error { 6773 invalidParams := request.ErrInvalidParams{Context: "Qualifier"} 6774 if s.CpsUri == nil { 6775 invalidParams.Add(request.NewErrParamRequired("CpsUri")) 6776 } 6777 6778 if invalidParams.Len() > 0 { 6779 return invalidParams 6780 } 6781 return nil 6782} 6783 6784// SetCpsUri sets the CpsUri field's value. 6785func (s *Qualifier) SetCpsUri(v string) *Qualifier { 6786 s.CpsUri = &v 6787 return s 6788} 6789 6790// Your request has already been completed. 6791type RequestAlreadyProcessedException struct { 6792 _ struct{} `type:"structure"` 6793 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6794 6795 Message_ *string `locationName:"message" type:"string"` 6796} 6797 6798// String returns the string representation 6799func (s RequestAlreadyProcessedException) String() string { 6800 return awsutil.Prettify(s) 6801} 6802 6803// GoString returns the string representation 6804func (s RequestAlreadyProcessedException) GoString() string { 6805 return s.String() 6806} 6807 6808func newErrorRequestAlreadyProcessedException(v protocol.ResponseMetadata) error { 6809 return &RequestAlreadyProcessedException{ 6810 RespMetadata: v, 6811 } 6812} 6813 6814// Code returns the exception type name. 6815func (s *RequestAlreadyProcessedException) Code() string { 6816 return "RequestAlreadyProcessedException" 6817} 6818 6819// Message returns the exception's message. 6820func (s *RequestAlreadyProcessedException) Message() string { 6821 if s.Message_ != nil { 6822 return *s.Message_ 6823 } 6824 return "" 6825} 6826 6827// OrigErr always returns nil, satisfies awserr.Error interface. 6828func (s *RequestAlreadyProcessedException) OrigErr() error { 6829 return nil 6830} 6831 6832func (s *RequestAlreadyProcessedException) Error() string { 6833 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6834} 6835 6836// Status code returns the HTTP status code for the request's response error. 6837func (s *RequestAlreadyProcessedException) StatusCode() int { 6838 return s.RespMetadata.StatusCode 6839} 6840 6841// RequestID returns the service's response RequestID for request. 6842func (s *RequestAlreadyProcessedException) RequestID() string { 6843 return s.RespMetadata.RequestID 6844} 6845 6846// The request has failed for an unspecified reason. 6847type RequestFailedException struct { 6848 _ struct{} `type:"structure"` 6849 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6850 6851 Message_ *string `locationName:"message" type:"string"` 6852} 6853 6854// String returns the string representation 6855func (s RequestFailedException) String() string { 6856 return awsutil.Prettify(s) 6857} 6858 6859// GoString returns the string representation 6860func (s RequestFailedException) GoString() string { 6861 return s.String() 6862} 6863 6864func newErrorRequestFailedException(v protocol.ResponseMetadata) error { 6865 return &RequestFailedException{ 6866 RespMetadata: v, 6867 } 6868} 6869 6870// Code returns the exception type name. 6871func (s *RequestFailedException) Code() string { 6872 return "RequestFailedException" 6873} 6874 6875// Message returns the exception's message. 6876func (s *RequestFailedException) Message() string { 6877 if s.Message_ != nil { 6878 return *s.Message_ 6879 } 6880 return "" 6881} 6882 6883// OrigErr always returns nil, satisfies awserr.Error interface. 6884func (s *RequestFailedException) OrigErr() error { 6885 return nil 6886} 6887 6888func (s *RequestFailedException) Error() string { 6889 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6890} 6891 6892// Status code returns the HTTP status code for the request's response error. 6893func (s *RequestFailedException) StatusCode() int { 6894 return s.RespMetadata.StatusCode 6895} 6896 6897// RequestID returns the service's response RequestID for request. 6898func (s *RequestFailedException) RequestID() string { 6899 return s.RespMetadata.RequestID 6900} 6901 6902// Your request is already in progress. 6903type RequestInProgressException struct { 6904 _ struct{} `type:"structure"` 6905 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6906 6907 Message_ *string `locationName:"message" type:"string"` 6908} 6909 6910// String returns the string representation 6911func (s RequestInProgressException) String() string { 6912 return awsutil.Prettify(s) 6913} 6914 6915// GoString returns the string representation 6916func (s RequestInProgressException) GoString() string { 6917 return s.String() 6918} 6919 6920func newErrorRequestInProgressException(v protocol.ResponseMetadata) error { 6921 return &RequestInProgressException{ 6922 RespMetadata: v, 6923 } 6924} 6925 6926// Code returns the exception type name. 6927func (s *RequestInProgressException) Code() string { 6928 return "RequestInProgressException" 6929} 6930 6931// Message returns the exception's message. 6932func (s *RequestInProgressException) Message() string { 6933 if s.Message_ != nil { 6934 return *s.Message_ 6935 } 6936 return "" 6937} 6938 6939// OrigErr always returns nil, satisfies awserr.Error interface. 6940func (s *RequestInProgressException) OrigErr() error { 6941 return nil 6942} 6943 6944func (s *RequestInProgressException) Error() string { 6945 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6946} 6947 6948// Status code returns the HTTP status code for the request's response error. 6949func (s *RequestInProgressException) StatusCode() int { 6950 return s.RespMetadata.StatusCode 6951} 6952 6953// RequestID returns the service's response RequestID for request. 6954func (s *RequestInProgressException) RequestID() string { 6955 return s.RespMetadata.RequestID 6956} 6957 6958// A resource such as a private CA, S3 bucket, certificate, audit report, or 6959// policy cannot be found. 6960type ResourceNotFoundException struct { 6961 _ struct{} `type:"structure"` 6962 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6963 6964 Message_ *string `locationName:"message" type:"string"` 6965} 6966 6967// String returns the string representation 6968func (s ResourceNotFoundException) String() string { 6969 return awsutil.Prettify(s) 6970} 6971 6972// GoString returns the string representation 6973func (s ResourceNotFoundException) GoString() string { 6974 return s.String() 6975} 6976 6977func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { 6978 return &ResourceNotFoundException{ 6979 RespMetadata: v, 6980 } 6981} 6982 6983// Code returns the exception type name. 6984func (s *ResourceNotFoundException) Code() string { 6985 return "ResourceNotFoundException" 6986} 6987 6988// Message returns the exception's message. 6989func (s *ResourceNotFoundException) Message() string { 6990 if s.Message_ != nil { 6991 return *s.Message_ 6992 } 6993 return "" 6994} 6995 6996// OrigErr always returns nil, satisfies awserr.Error interface. 6997func (s *ResourceNotFoundException) OrigErr() error { 6998 return nil 6999} 7000 7001func (s *ResourceNotFoundException) Error() string { 7002 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7003} 7004 7005// Status code returns the HTTP status code for the request's response error. 7006func (s *ResourceNotFoundException) StatusCode() int { 7007 return s.RespMetadata.StatusCode 7008} 7009 7010// RequestID returns the service's response RequestID for request. 7011func (s *ResourceNotFoundException) RequestID() string { 7012 return s.RespMetadata.RequestID 7013} 7014 7015type RestoreCertificateAuthorityInput struct { 7016 _ struct{} `type:"structure"` 7017 7018 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 7019 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7020 // action. This must be of the form: 7021 // 7022 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7023 // 7024 // CertificateAuthorityArn is a required field 7025 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7026} 7027 7028// String returns the string representation 7029func (s RestoreCertificateAuthorityInput) String() string { 7030 return awsutil.Prettify(s) 7031} 7032 7033// GoString returns the string representation 7034func (s RestoreCertificateAuthorityInput) GoString() string { 7035 return s.String() 7036} 7037 7038// Validate inspects the fields of the type to determine if they are valid. 7039func (s *RestoreCertificateAuthorityInput) Validate() error { 7040 invalidParams := request.ErrInvalidParams{Context: "RestoreCertificateAuthorityInput"} 7041 if s.CertificateAuthorityArn == nil { 7042 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7043 } 7044 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7045 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7046 } 7047 7048 if invalidParams.Len() > 0 { 7049 return invalidParams 7050 } 7051 return nil 7052} 7053 7054// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7055func (s *RestoreCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *RestoreCertificateAuthorityInput { 7056 s.CertificateAuthorityArn = &v 7057 return s 7058} 7059 7060type RestoreCertificateAuthorityOutput struct { 7061 _ struct{} `type:"structure"` 7062} 7063 7064// String returns the string representation 7065func (s RestoreCertificateAuthorityOutput) String() string { 7066 return awsutil.Prettify(s) 7067} 7068 7069// GoString returns the string representation 7070func (s RestoreCertificateAuthorityOutput) GoString() string { 7071 return s.String() 7072} 7073 7074// Certificate revocation information used by the CreateCertificateAuthority 7075// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7076// and UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 7077// actions. Your private certificate authority (CA) can create and maintain 7078// a certificate revocation list (CRL). A CRL contains information about certificates 7079// revoked by your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html). 7080type RevocationConfiguration struct { 7081 _ struct{} `type:"structure"` 7082 7083 // Configuration of the certificate revocation list (CRL), if any, maintained 7084 // by your private CA. 7085 CrlConfiguration *CrlConfiguration `type:"structure"` 7086} 7087 7088// String returns the string representation 7089func (s RevocationConfiguration) String() string { 7090 return awsutil.Prettify(s) 7091} 7092 7093// GoString returns the string representation 7094func (s RevocationConfiguration) GoString() string { 7095 return s.String() 7096} 7097 7098// Validate inspects the fields of the type to determine if they are valid. 7099func (s *RevocationConfiguration) Validate() error { 7100 invalidParams := request.ErrInvalidParams{Context: "RevocationConfiguration"} 7101 if s.CrlConfiguration != nil { 7102 if err := s.CrlConfiguration.Validate(); err != nil { 7103 invalidParams.AddNested("CrlConfiguration", err.(request.ErrInvalidParams)) 7104 } 7105 } 7106 7107 if invalidParams.Len() > 0 { 7108 return invalidParams 7109 } 7110 return nil 7111} 7112 7113// SetCrlConfiguration sets the CrlConfiguration field's value. 7114func (s *RevocationConfiguration) SetCrlConfiguration(v *CrlConfiguration) *RevocationConfiguration { 7115 s.CrlConfiguration = v 7116 return s 7117} 7118 7119type RevokeCertificateInput struct { 7120 _ struct{} `type:"structure"` 7121 7122 // Amazon Resource Name (ARN) of the private CA that issued the certificate 7123 // to be revoked. This must be of the form: 7124 // 7125 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7126 // 7127 // CertificateAuthorityArn is a required field 7128 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7129 7130 // Serial number of the certificate to be revoked. This must be in hexadecimal 7131 // format. You can retrieve the serial number by calling GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 7132 // with the Amazon Resource Name (ARN) of the certificate you want and the ARN 7133 // of your private CA. The GetCertificate action retrieves the certificate in 7134 // the PEM format. You can use the following OpenSSL command to list the certificate 7135 // in text format and copy the hexadecimal serial number. 7136 // 7137 // openssl x509 -in file_path -text -noout 7138 // 7139 // You can also copy the serial number from the console or use the DescribeCertificate 7140 // (https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) 7141 // action in the AWS Certificate Manager API Reference. 7142 // 7143 // CertificateSerial is a required field 7144 CertificateSerial *string `type:"string" required:"true"` 7145 7146 // Specifies why you revoked the certificate. 7147 // 7148 // RevocationReason is a required field 7149 RevocationReason *string `type:"string" required:"true" enum:"RevocationReason"` 7150} 7151 7152// String returns the string representation 7153func (s RevokeCertificateInput) String() string { 7154 return awsutil.Prettify(s) 7155} 7156 7157// GoString returns the string representation 7158func (s RevokeCertificateInput) GoString() string { 7159 return s.String() 7160} 7161 7162// Validate inspects the fields of the type to determine if they are valid. 7163func (s *RevokeCertificateInput) Validate() error { 7164 invalidParams := request.ErrInvalidParams{Context: "RevokeCertificateInput"} 7165 if s.CertificateAuthorityArn == nil { 7166 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7167 } 7168 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7169 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7170 } 7171 if s.CertificateSerial == nil { 7172 invalidParams.Add(request.NewErrParamRequired("CertificateSerial")) 7173 } 7174 if s.RevocationReason == nil { 7175 invalidParams.Add(request.NewErrParamRequired("RevocationReason")) 7176 } 7177 7178 if invalidParams.Len() > 0 { 7179 return invalidParams 7180 } 7181 return nil 7182} 7183 7184// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7185func (s *RevokeCertificateInput) SetCertificateAuthorityArn(v string) *RevokeCertificateInput { 7186 s.CertificateAuthorityArn = &v 7187 return s 7188} 7189 7190// SetCertificateSerial sets the CertificateSerial field's value. 7191func (s *RevokeCertificateInput) SetCertificateSerial(v string) *RevokeCertificateInput { 7192 s.CertificateSerial = &v 7193 return s 7194} 7195 7196// SetRevocationReason sets the RevocationReason field's value. 7197func (s *RevokeCertificateInput) SetRevocationReason(v string) *RevokeCertificateInput { 7198 s.RevocationReason = &v 7199 return s 7200} 7201 7202type RevokeCertificateOutput struct { 7203 _ struct{} `type:"structure"` 7204} 7205 7206// String returns the string representation 7207func (s RevokeCertificateOutput) String() string { 7208 return awsutil.Prettify(s) 7209} 7210 7211// GoString returns the string representation 7212func (s RevokeCertificateOutput) GoString() string { 7213 return s.String() 7214} 7215 7216// Tags are labels that you can use to identify and organize your private CAs. 7217// Each tag consists of a key and an optional value. You can associate up to 7218// 50 tags with a private CA. To add one or more tags to a private CA, call 7219// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 7220// action. To remove a tag, call the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 7221// action. 7222type Tag struct { 7223 _ struct{} `type:"structure"` 7224 7225 // Key (name) of the tag. 7226 // 7227 // Key is a required field 7228 Key *string `min:"1" type:"string" required:"true"` 7229 7230 // Value of the tag. 7231 Value *string `type:"string"` 7232} 7233 7234// String returns the string representation 7235func (s Tag) String() string { 7236 return awsutil.Prettify(s) 7237} 7238 7239// GoString returns the string representation 7240func (s Tag) GoString() string { 7241 return s.String() 7242} 7243 7244// Validate inspects the fields of the type to determine if they are valid. 7245func (s *Tag) Validate() error { 7246 invalidParams := request.ErrInvalidParams{Context: "Tag"} 7247 if s.Key == nil { 7248 invalidParams.Add(request.NewErrParamRequired("Key")) 7249 } 7250 if s.Key != nil && len(*s.Key) < 1 { 7251 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 7252 } 7253 7254 if invalidParams.Len() > 0 { 7255 return invalidParams 7256 } 7257 return nil 7258} 7259 7260// SetKey sets the Key field's value. 7261func (s *Tag) SetKey(v string) *Tag { 7262 s.Key = &v 7263 return s 7264} 7265 7266// SetValue sets the Value field's value. 7267func (s *Tag) SetValue(v string) *Tag { 7268 s.Value = &v 7269 return s 7270} 7271 7272type TagCertificateAuthorityInput struct { 7273 _ struct{} `type:"structure"` 7274 7275 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 7276 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 7277 // This must be of the form: 7278 // 7279 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7280 // 7281 // CertificateAuthorityArn is a required field 7282 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7283 7284 // List of tags to be associated with the CA. 7285 // 7286 // Tags is a required field 7287 Tags []*Tag `min:"1" type:"list" required:"true"` 7288} 7289 7290// String returns the string representation 7291func (s TagCertificateAuthorityInput) String() string { 7292 return awsutil.Prettify(s) 7293} 7294 7295// GoString returns the string representation 7296func (s TagCertificateAuthorityInput) GoString() string { 7297 return s.String() 7298} 7299 7300// Validate inspects the fields of the type to determine if they are valid. 7301func (s *TagCertificateAuthorityInput) Validate() error { 7302 invalidParams := request.ErrInvalidParams{Context: "TagCertificateAuthorityInput"} 7303 if s.CertificateAuthorityArn == nil { 7304 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7305 } 7306 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7307 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7308 } 7309 if s.Tags == nil { 7310 invalidParams.Add(request.NewErrParamRequired("Tags")) 7311 } 7312 if s.Tags != nil && len(s.Tags) < 1 { 7313 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 7314 } 7315 if s.Tags != nil { 7316 for i, v := range s.Tags { 7317 if v == nil { 7318 continue 7319 } 7320 if err := v.Validate(); err != nil { 7321 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 7322 } 7323 } 7324 } 7325 7326 if invalidParams.Len() > 0 { 7327 return invalidParams 7328 } 7329 return nil 7330} 7331 7332// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7333func (s *TagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *TagCertificateAuthorityInput { 7334 s.CertificateAuthorityArn = &v 7335 return s 7336} 7337 7338// SetTags sets the Tags field's value. 7339func (s *TagCertificateAuthorityInput) SetTags(v []*Tag) *TagCertificateAuthorityInput { 7340 s.Tags = v 7341 return s 7342} 7343 7344type TagCertificateAuthorityOutput struct { 7345 _ struct{} `type:"structure"` 7346} 7347 7348// String returns the string representation 7349func (s TagCertificateAuthorityOutput) String() string { 7350 return awsutil.Prettify(s) 7351} 7352 7353// GoString returns the string representation 7354func (s TagCertificateAuthorityOutput) GoString() string { 7355 return s.String() 7356} 7357 7358// You can associate up to 50 tags with a private CA. Exception information 7359// is contained in the exception message field. 7360type TooManyTagsException struct { 7361 _ struct{} `type:"structure"` 7362 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7363 7364 Message_ *string `locationName:"message" type:"string"` 7365} 7366 7367// String returns the string representation 7368func (s TooManyTagsException) String() string { 7369 return awsutil.Prettify(s) 7370} 7371 7372// GoString returns the string representation 7373func (s TooManyTagsException) GoString() string { 7374 return s.String() 7375} 7376 7377func newErrorTooManyTagsException(v protocol.ResponseMetadata) error { 7378 return &TooManyTagsException{ 7379 RespMetadata: v, 7380 } 7381} 7382 7383// Code returns the exception type name. 7384func (s *TooManyTagsException) Code() string { 7385 return "TooManyTagsException" 7386} 7387 7388// Message returns the exception's message. 7389func (s *TooManyTagsException) Message() string { 7390 if s.Message_ != nil { 7391 return *s.Message_ 7392 } 7393 return "" 7394} 7395 7396// OrigErr always returns nil, satisfies awserr.Error interface. 7397func (s *TooManyTagsException) OrigErr() error { 7398 return nil 7399} 7400 7401func (s *TooManyTagsException) Error() string { 7402 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7403} 7404 7405// Status code returns the HTTP status code for the request's response error. 7406func (s *TooManyTagsException) StatusCode() int { 7407 return s.RespMetadata.StatusCode 7408} 7409 7410// RequestID returns the service's response RequestID for request. 7411func (s *TooManyTagsException) RequestID() string { 7412 return s.RespMetadata.RequestID 7413} 7414 7415type UntagCertificateAuthorityInput struct { 7416 _ struct{} `type:"structure"` 7417 7418 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 7419 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 7420 // This must be of the form: 7421 // 7422 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7423 // 7424 // CertificateAuthorityArn is a required field 7425 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7426 7427 // List of tags to be removed from the CA. 7428 // 7429 // Tags is a required field 7430 Tags []*Tag `min:"1" type:"list" required:"true"` 7431} 7432 7433// String returns the string representation 7434func (s UntagCertificateAuthorityInput) String() string { 7435 return awsutil.Prettify(s) 7436} 7437 7438// GoString returns the string representation 7439func (s UntagCertificateAuthorityInput) GoString() string { 7440 return s.String() 7441} 7442 7443// Validate inspects the fields of the type to determine if they are valid. 7444func (s *UntagCertificateAuthorityInput) Validate() error { 7445 invalidParams := request.ErrInvalidParams{Context: "UntagCertificateAuthorityInput"} 7446 if s.CertificateAuthorityArn == nil { 7447 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7448 } 7449 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7450 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7451 } 7452 if s.Tags == nil { 7453 invalidParams.Add(request.NewErrParamRequired("Tags")) 7454 } 7455 if s.Tags != nil && len(s.Tags) < 1 { 7456 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 7457 } 7458 if s.Tags != nil { 7459 for i, v := range s.Tags { 7460 if v == nil { 7461 continue 7462 } 7463 if err := v.Validate(); err != nil { 7464 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 7465 } 7466 } 7467 } 7468 7469 if invalidParams.Len() > 0 { 7470 return invalidParams 7471 } 7472 return nil 7473} 7474 7475// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7476func (s *UntagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UntagCertificateAuthorityInput { 7477 s.CertificateAuthorityArn = &v 7478 return s 7479} 7480 7481// SetTags sets the Tags field's value. 7482func (s *UntagCertificateAuthorityInput) SetTags(v []*Tag) *UntagCertificateAuthorityInput { 7483 s.Tags = v 7484 return s 7485} 7486 7487type UntagCertificateAuthorityOutput struct { 7488 _ struct{} `type:"structure"` 7489} 7490 7491// String returns the string representation 7492func (s UntagCertificateAuthorityOutput) String() string { 7493 return awsutil.Prettify(s) 7494} 7495 7496// GoString returns the string representation 7497func (s UntagCertificateAuthorityOutput) GoString() string { 7498 return s.String() 7499} 7500 7501type UpdateCertificateAuthorityInput struct { 7502 _ struct{} `type:"structure"` 7503 7504 // Amazon Resource Name (ARN) of the private CA that issued the certificate 7505 // to be revoked. This must be of the form: 7506 // 7507 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7508 // 7509 // CertificateAuthorityArn is a required field 7510 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7511 7512 // Revocation information for your private CA. 7513 RevocationConfiguration *RevocationConfiguration `type:"structure"` 7514 7515 // Status of your private CA. 7516 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 7517} 7518 7519// String returns the string representation 7520func (s UpdateCertificateAuthorityInput) String() string { 7521 return awsutil.Prettify(s) 7522} 7523 7524// GoString returns the string representation 7525func (s UpdateCertificateAuthorityInput) GoString() string { 7526 return s.String() 7527} 7528 7529// Validate inspects the fields of the type to determine if they are valid. 7530func (s *UpdateCertificateAuthorityInput) Validate() error { 7531 invalidParams := request.ErrInvalidParams{Context: "UpdateCertificateAuthorityInput"} 7532 if s.CertificateAuthorityArn == nil { 7533 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7534 } 7535 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7536 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7537 } 7538 if s.RevocationConfiguration != nil { 7539 if err := s.RevocationConfiguration.Validate(); err != nil { 7540 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 7541 } 7542 } 7543 7544 if invalidParams.Len() > 0 { 7545 return invalidParams 7546 } 7547 return nil 7548} 7549 7550// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7551func (s *UpdateCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UpdateCertificateAuthorityInput { 7552 s.CertificateAuthorityArn = &v 7553 return s 7554} 7555 7556// SetRevocationConfiguration sets the RevocationConfiguration field's value. 7557func (s *UpdateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *UpdateCertificateAuthorityInput { 7558 s.RevocationConfiguration = v 7559 return s 7560} 7561 7562// SetStatus sets the Status field's value. 7563func (s *UpdateCertificateAuthorityInput) SetStatus(v string) *UpdateCertificateAuthorityInput { 7564 s.Status = &v 7565 return s 7566} 7567 7568type UpdateCertificateAuthorityOutput struct { 7569 _ struct{} `type:"structure"` 7570} 7571 7572// String returns the string representation 7573func (s UpdateCertificateAuthorityOutput) String() string { 7574 return awsutil.Prettify(s) 7575} 7576 7577// GoString returns the string representation 7578func (s UpdateCertificateAuthorityOutput) GoString() string { 7579 return s.String() 7580} 7581 7582// Validity specifies the period of time during which a certificate is valid. 7583// Validity can be expressed as an explicit date and time when the validity 7584// of a certificate starts or expires, or as a span of time after issuance, 7585// stated in days, months, or years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 7586// in RFC 5280. 7587// 7588// ACM Private CA API consumes the Validity data type differently in two distinct 7589// parameters of the IssueCertificate action. The required parameter IssueCertificate:Validity 7590// specifies the end of a certificate's validity period. The optional parameter 7591// IssueCertificate:ValidityNotBefore specifies a customized starting time for 7592// the validity period. 7593type Validity struct { 7594 _ struct{} `type:"structure"` 7595 7596 // Determines how ACM Private CA interprets the Value parameter, an integer. 7597 // Supported validity types include those listed below. Type definitions with 7598 // values include a sample input value and the resulting output. 7599 // 7600 // END_DATE: The specific date and time when the certificate will expire, expressed 7601 // using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS) format. 7602 // When UTCTime is used, if the year field (YY) is greater than or equal to 7603 // 50, the year is interpreted as 19YY. If the year field is less than 50, the 7604 // year is interpreted as 20YY. 7605 // 7606 // * Sample input value: 491231235959 (UTCTime format) 7607 // 7608 // * Output expiration date/time: 12/31/2049 23:59:59 7609 // 7610 // ABSOLUTE: The specific date and time when the validity of a certificate will 7611 // start or expire, expressed in seconds since the Unix Epoch. 7612 // 7613 // * Sample input value: 2524608000 7614 // 7615 // * Output expiration date/time: 01/01/2050 00:00:00 7616 // 7617 // DAYS, MONTHS, YEARS: The relative time from the moment of issuance until 7618 // the certificate will expire, expressed in days, months, or years. 7619 // 7620 // Example if DAYS, issued on 10/12/2020 at 12:34:54 UTC: 7621 // 7622 // * Sample input value: 90 7623 // 7624 // * Output expiration date: 01/10/2020 12:34:54 UTC 7625 // 7626 // The minimum validity duration for a certificate using relative time (DAYS) 7627 // is one day. The minimum validity for a certificate using absolute time (ABSOLUTE 7628 // or END_DATE) is one second. 7629 // 7630 // Type is a required field 7631 Type *string `type:"string" required:"true" enum:"ValidityPeriodType"` 7632 7633 // A long integer interpreted according to the value of Type, below. 7634 // 7635 // Value is a required field 7636 Value *int64 `min:"1" type:"long" required:"true"` 7637} 7638 7639// String returns the string representation 7640func (s Validity) String() string { 7641 return awsutil.Prettify(s) 7642} 7643 7644// GoString returns the string representation 7645func (s Validity) GoString() string { 7646 return s.String() 7647} 7648 7649// Validate inspects the fields of the type to determine if they are valid. 7650func (s *Validity) Validate() error { 7651 invalidParams := request.ErrInvalidParams{Context: "Validity"} 7652 if s.Type == nil { 7653 invalidParams.Add(request.NewErrParamRequired("Type")) 7654 } 7655 if s.Value == nil { 7656 invalidParams.Add(request.NewErrParamRequired("Value")) 7657 } 7658 if s.Value != nil && *s.Value < 1 { 7659 invalidParams.Add(request.NewErrParamMinValue("Value", 1)) 7660 } 7661 7662 if invalidParams.Len() > 0 { 7663 return invalidParams 7664 } 7665 return nil 7666} 7667 7668// SetType sets the Type field's value. 7669func (s *Validity) SetType(v string) *Validity { 7670 s.Type = &v 7671 return s 7672} 7673 7674// SetValue sets the Value field's value. 7675func (s *Validity) SetValue(v int64) *Validity { 7676 s.Value = &v 7677 return s 7678} 7679 7680const ( 7681 // AccessMethodTypeCaRepository is a AccessMethodType enum value 7682 AccessMethodTypeCaRepository = "CA_REPOSITORY" 7683 7684 // AccessMethodTypeResourcePkiManifest is a AccessMethodType enum value 7685 AccessMethodTypeResourcePkiManifest = "RESOURCE_PKI_MANIFEST" 7686 7687 // AccessMethodTypeResourcePkiNotify is a AccessMethodType enum value 7688 AccessMethodTypeResourcePkiNotify = "RESOURCE_PKI_NOTIFY" 7689) 7690 7691// AccessMethodType_Values returns all elements of the AccessMethodType enum 7692func AccessMethodType_Values() []string { 7693 return []string{ 7694 AccessMethodTypeCaRepository, 7695 AccessMethodTypeResourcePkiManifest, 7696 AccessMethodTypeResourcePkiNotify, 7697 } 7698} 7699 7700const ( 7701 // ActionTypeIssueCertificate is a ActionType enum value 7702 ActionTypeIssueCertificate = "IssueCertificate" 7703 7704 // ActionTypeGetCertificate is a ActionType enum value 7705 ActionTypeGetCertificate = "GetCertificate" 7706 7707 // ActionTypeListPermissions is a ActionType enum value 7708 ActionTypeListPermissions = "ListPermissions" 7709) 7710 7711// ActionType_Values returns all elements of the ActionType enum 7712func ActionType_Values() []string { 7713 return []string{ 7714 ActionTypeIssueCertificate, 7715 ActionTypeGetCertificate, 7716 ActionTypeListPermissions, 7717 } 7718} 7719 7720const ( 7721 // AuditReportResponseFormatJson is a AuditReportResponseFormat enum value 7722 AuditReportResponseFormatJson = "JSON" 7723 7724 // AuditReportResponseFormatCsv is a AuditReportResponseFormat enum value 7725 AuditReportResponseFormatCsv = "CSV" 7726) 7727 7728// AuditReportResponseFormat_Values returns all elements of the AuditReportResponseFormat enum 7729func AuditReportResponseFormat_Values() []string { 7730 return []string{ 7731 AuditReportResponseFormatJson, 7732 AuditReportResponseFormatCsv, 7733 } 7734} 7735 7736const ( 7737 // AuditReportStatusCreating is a AuditReportStatus enum value 7738 AuditReportStatusCreating = "CREATING" 7739 7740 // AuditReportStatusSuccess is a AuditReportStatus enum value 7741 AuditReportStatusSuccess = "SUCCESS" 7742 7743 // AuditReportStatusFailed is a AuditReportStatus enum value 7744 AuditReportStatusFailed = "FAILED" 7745) 7746 7747// AuditReportStatus_Values returns all elements of the AuditReportStatus enum 7748func AuditReportStatus_Values() []string { 7749 return []string{ 7750 AuditReportStatusCreating, 7751 AuditReportStatusSuccess, 7752 AuditReportStatusFailed, 7753 } 7754} 7755 7756const ( 7757 // CertificateAuthorityStatusCreating is a CertificateAuthorityStatus enum value 7758 CertificateAuthorityStatusCreating = "CREATING" 7759 7760 // CertificateAuthorityStatusPendingCertificate is a CertificateAuthorityStatus enum value 7761 CertificateAuthorityStatusPendingCertificate = "PENDING_CERTIFICATE" 7762 7763 // CertificateAuthorityStatusActive is a CertificateAuthorityStatus enum value 7764 CertificateAuthorityStatusActive = "ACTIVE" 7765 7766 // CertificateAuthorityStatusDeleted is a CertificateAuthorityStatus enum value 7767 CertificateAuthorityStatusDeleted = "DELETED" 7768 7769 // CertificateAuthorityStatusDisabled is a CertificateAuthorityStatus enum value 7770 CertificateAuthorityStatusDisabled = "DISABLED" 7771 7772 // CertificateAuthorityStatusExpired is a CertificateAuthorityStatus enum value 7773 CertificateAuthorityStatusExpired = "EXPIRED" 7774 7775 // CertificateAuthorityStatusFailed is a CertificateAuthorityStatus enum value 7776 CertificateAuthorityStatusFailed = "FAILED" 7777) 7778 7779// CertificateAuthorityStatus_Values returns all elements of the CertificateAuthorityStatus enum 7780func CertificateAuthorityStatus_Values() []string { 7781 return []string{ 7782 CertificateAuthorityStatusCreating, 7783 CertificateAuthorityStatusPendingCertificate, 7784 CertificateAuthorityStatusActive, 7785 CertificateAuthorityStatusDeleted, 7786 CertificateAuthorityStatusDisabled, 7787 CertificateAuthorityStatusExpired, 7788 CertificateAuthorityStatusFailed, 7789 } 7790} 7791 7792const ( 7793 // CertificateAuthorityTypeRoot is a CertificateAuthorityType enum value 7794 CertificateAuthorityTypeRoot = "ROOT" 7795 7796 // CertificateAuthorityTypeSubordinate is a CertificateAuthorityType enum value 7797 CertificateAuthorityTypeSubordinate = "SUBORDINATE" 7798) 7799 7800// CertificateAuthorityType_Values returns all elements of the CertificateAuthorityType enum 7801func CertificateAuthorityType_Values() []string { 7802 return []string{ 7803 CertificateAuthorityTypeRoot, 7804 CertificateAuthorityTypeSubordinate, 7805 } 7806} 7807 7808const ( 7809 // ExtendedKeyUsageTypeServerAuth is a ExtendedKeyUsageType enum value 7810 ExtendedKeyUsageTypeServerAuth = "SERVER_AUTH" 7811 7812 // ExtendedKeyUsageTypeClientAuth is a ExtendedKeyUsageType enum value 7813 ExtendedKeyUsageTypeClientAuth = "CLIENT_AUTH" 7814 7815 // ExtendedKeyUsageTypeCodeSigning is a ExtendedKeyUsageType enum value 7816 ExtendedKeyUsageTypeCodeSigning = "CODE_SIGNING" 7817 7818 // ExtendedKeyUsageTypeEmailProtection is a ExtendedKeyUsageType enum value 7819 ExtendedKeyUsageTypeEmailProtection = "EMAIL_PROTECTION" 7820 7821 // ExtendedKeyUsageTypeTimeStamping is a ExtendedKeyUsageType enum value 7822 ExtendedKeyUsageTypeTimeStamping = "TIME_STAMPING" 7823 7824 // ExtendedKeyUsageTypeOcspSigning is a ExtendedKeyUsageType enum value 7825 ExtendedKeyUsageTypeOcspSigning = "OCSP_SIGNING" 7826 7827 // ExtendedKeyUsageTypeSmartCardLogin is a ExtendedKeyUsageType enum value 7828 ExtendedKeyUsageTypeSmartCardLogin = "SMART_CARD_LOGIN" 7829 7830 // ExtendedKeyUsageTypeDocumentSigning is a ExtendedKeyUsageType enum value 7831 ExtendedKeyUsageTypeDocumentSigning = "DOCUMENT_SIGNING" 7832 7833 // ExtendedKeyUsageTypeCertificateTransparency is a ExtendedKeyUsageType enum value 7834 ExtendedKeyUsageTypeCertificateTransparency = "CERTIFICATE_TRANSPARENCY" 7835) 7836 7837// ExtendedKeyUsageType_Values returns all elements of the ExtendedKeyUsageType enum 7838func ExtendedKeyUsageType_Values() []string { 7839 return []string{ 7840 ExtendedKeyUsageTypeServerAuth, 7841 ExtendedKeyUsageTypeClientAuth, 7842 ExtendedKeyUsageTypeCodeSigning, 7843 ExtendedKeyUsageTypeEmailProtection, 7844 ExtendedKeyUsageTypeTimeStamping, 7845 ExtendedKeyUsageTypeOcspSigning, 7846 ExtendedKeyUsageTypeSmartCardLogin, 7847 ExtendedKeyUsageTypeDocumentSigning, 7848 ExtendedKeyUsageTypeCertificateTransparency, 7849 } 7850} 7851 7852const ( 7853 // FailureReasonRequestTimedOut is a FailureReason enum value 7854 FailureReasonRequestTimedOut = "REQUEST_TIMED_OUT" 7855 7856 // FailureReasonUnsupportedAlgorithm is a FailureReason enum value 7857 FailureReasonUnsupportedAlgorithm = "UNSUPPORTED_ALGORITHM" 7858 7859 // FailureReasonOther is a FailureReason enum value 7860 FailureReasonOther = "OTHER" 7861) 7862 7863// FailureReason_Values returns all elements of the FailureReason enum 7864func FailureReason_Values() []string { 7865 return []string{ 7866 FailureReasonRequestTimedOut, 7867 FailureReasonUnsupportedAlgorithm, 7868 FailureReasonOther, 7869 } 7870} 7871 7872const ( 7873 // KeyAlgorithmRsa2048 is a KeyAlgorithm enum value 7874 KeyAlgorithmRsa2048 = "RSA_2048" 7875 7876 // KeyAlgorithmRsa4096 is a KeyAlgorithm enum value 7877 KeyAlgorithmRsa4096 = "RSA_4096" 7878 7879 // KeyAlgorithmEcPrime256v1 is a KeyAlgorithm enum value 7880 KeyAlgorithmEcPrime256v1 = "EC_prime256v1" 7881 7882 // KeyAlgorithmEcSecp384r1 is a KeyAlgorithm enum value 7883 KeyAlgorithmEcSecp384r1 = "EC_secp384r1" 7884) 7885 7886// KeyAlgorithm_Values returns all elements of the KeyAlgorithm enum 7887func KeyAlgorithm_Values() []string { 7888 return []string{ 7889 KeyAlgorithmRsa2048, 7890 KeyAlgorithmRsa4096, 7891 KeyAlgorithmEcPrime256v1, 7892 KeyAlgorithmEcSecp384r1, 7893 } 7894} 7895 7896const ( 7897 // PolicyQualifierIdCps is a PolicyQualifierId enum value 7898 PolicyQualifierIdCps = "CPS" 7899) 7900 7901// PolicyQualifierId_Values returns all elements of the PolicyQualifierId enum 7902func PolicyQualifierId_Values() []string { 7903 return []string{ 7904 PolicyQualifierIdCps, 7905 } 7906} 7907 7908const ( 7909 // ResourceOwnerSelf is a ResourceOwner enum value 7910 ResourceOwnerSelf = "SELF" 7911 7912 // ResourceOwnerOtherAccounts is a ResourceOwner enum value 7913 ResourceOwnerOtherAccounts = "OTHER_ACCOUNTS" 7914) 7915 7916// ResourceOwner_Values returns all elements of the ResourceOwner enum 7917func ResourceOwner_Values() []string { 7918 return []string{ 7919 ResourceOwnerSelf, 7920 ResourceOwnerOtherAccounts, 7921 } 7922} 7923 7924const ( 7925 // RevocationReasonUnspecified is a RevocationReason enum value 7926 RevocationReasonUnspecified = "UNSPECIFIED" 7927 7928 // RevocationReasonKeyCompromise is a RevocationReason enum value 7929 RevocationReasonKeyCompromise = "KEY_COMPROMISE" 7930 7931 // RevocationReasonCertificateAuthorityCompromise is a RevocationReason enum value 7932 RevocationReasonCertificateAuthorityCompromise = "CERTIFICATE_AUTHORITY_COMPROMISE" 7933 7934 // RevocationReasonAffiliationChanged is a RevocationReason enum value 7935 RevocationReasonAffiliationChanged = "AFFILIATION_CHANGED" 7936 7937 // RevocationReasonSuperseded is a RevocationReason enum value 7938 RevocationReasonSuperseded = "SUPERSEDED" 7939 7940 // RevocationReasonCessationOfOperation is a RevocationReason enum value 7941 RevocationReasonCessationOfOperation = "CESSATION_OF_OPERATION" 7942 7943 // RevocationReasonPrivilegeWithdrawn is a RevocationReason enum value 7944 RevocationReasonPrivilegeWithdrawn = "PRIVILEGE_WITHDRAWN" 7945 7946 // RevocationReasonAACompromise is a RevocationReason enum value 7947 RevocationReasonAACompromise = "A_A_COMPROMISE" 7948) 7949 7950// RevocationReason_Values returns all elements of the RevocationReason enum 7951func RevocationReason_Values() []string { 7952 return []string{ 7953 RevocationReasonUnspecified, 7954 RevocationReasonKeyCompromise, 7955 RevocationReasonCertificateAuthorityCompromise, 7956 RevocationReasonAffiliationChanged, 7957 RevocationReasonSuperseded, 7958 RevocationReasonCessationOfOperation, 7959 RevocationReasonPrivilegeWithdrawn, 7960 RevocationReasonAACompromise, 7961 } 7962} 7963 7964const ( 7965 // SigningAlgorithmSha256withecdsa is a SigningAlgorithm enum value 7966 SigningAlgorithmSha256withecdsa = "SHA256WITHECDSA" 7967 7968 // SigningAlgorithmSha384withecdsa is a SigningAlgorithm enum value 7969 SigningAlgorithmSha384withecdsa = "SHA384WITHECDSA" 7970 7971 // SigningAlgorithmSha512withecdsa is a SigningAlgorithm enum value 7972 SigningAlgorithmSha512withecdsa = "SHA512WITHECDSA" 7973 7974 // SigningAlgorithmSha256withrsa is a SigningAlgorithm enum value 7975 SigningAlgorithmSha256withrsa = "SHA256WITHRSA" 7976 7977 // SigningAlgorithmSha384withrsa is a SigningAlgorithm enum value 7978 SigningAlgorithmSha384withrsa = "SHA384WITHRSA" 7979 7980 // SigningAlgorithmSha512withrsa is a SigningAlgorithm enum value 7981 SigningAlgorithmSha512withrsa = "SHA512WITHRSA" 7982) 7983 7984// SigningAlgorithm_Values returns all elements of the SigningAlgorithm enum 7985func SigningAlgorithm_Values() []string { 7986 return []string{ 7987 SigningAlgorithmSha256withecdsa, 7988 SigningAlgorithmSha384withecdsa, 7989 SigningAlgorithmSha512withecdsa, 7990 SigningAlgorithmSha256withrsa, 7991 SigningAlgorithmSha384withrsa, 7992 SigningAlgorithmSha512withrsa, 7993 } 7994} 7995 7996const ( 7997 // ValidityPeriodTypeEndDate is a ValidityPeriodType enum value 7998 ValidityPeriodTypeEndDate = "END_DATE" 7999 8000 // ValidityPeriodTypeAbsolute is a ValidityPeriodType enum value 8001 ValidityPeriodTypeAbsolute = "ABSOLUTE" 8002 8003 // ValidityPeriodTypeDays is a ValidityPeriodType enum value 8004 ValidityPeriodTypeDays = "DAYS" 8005 8006 // ValidityPeriodTypeMonths is a ValidityPeriodType enum value 8007 ValidityPeriodTypeMonths = "MONTHS" 8008 8009 // ValidityPeriodTypeYears is a ValidityPeriodType enum value 8010 ValidityPeriodTypeYears = "YEARS" 8011) 8012 8013// ValidityPeriodType_Values returns all elements of the ValidityPeriodType enum 8014func ValidityPeriodType_Values() []string { 8015 return []string{ 8016 ValidityPeriodTypeEndDate, 8017 ValidityPeriodTypeAbsolute, 8018 ValidityPeriodTypeDays, 8019 ValidityPeriodTypeMonths, 8020 ValidityPeriodTypeYears, 8021 } 8022} 8023