1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCreateCertificateAuthority = "CreateCertificateAuthority" 17 18// CreateCertificateAuthorityRequest generates a "aws/request.Request" representing the 19// client's request for the CreateCertificateAuthority operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CreateCertificateAuthority for more information on using the CreateCertificateAuthority 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CreateCertificateAuthorityRequest method. 34// req, resp := client.CreateCertificateAuthorityRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 42func (c *ACMPCA) CreateCertificateAuthorityRequest(input *CreateCertificateAuthorityInput) (req *request.Request, output *CreateCertificateAuthorityOutput) { 43 op := &request.Operation{ 44 Name: opCreateCertificateAuthority, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CreateCertificateAuthorityInput{} 51 } 52 53 output = &CreateCertificateAuthorityOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CreateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 59// 60// Creates a root or subordinate private certificate authority (CA). You must 61// specify the CA configuration, the certificate revocation list (CRL) configuration, 62// the CA type, and an optional idempotency token to avoid accidental creation 63// of multiple CAs. The CA configuration specifies the name of the algorithm 64// and key size to be used to create the CA private key, the type of signing 65// algorithm that the CA uses, and X.500 subject information. The CRL configuration 66// specifies the CRL expiration period in days (the validity period of the CRL), 67// the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the 68// S3 bucket that is included in certificates issued by the CA. If successful, 69// this action returns the Amazon Resource Name (ARN) of the CA. 70// 71// ACM Private CA assets that are stored in Amazon S3 can be protected with 72// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 73// 74// Both PCA and the IAM principal must have permission to write to the S3 bucket 75// that you specify. If the IAM principal making the call does not have permission 76// to write to the bucket, then an exception is thrown. For more information, 77// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 78// 79// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 80// with awserr.Error's Code and Message methods to get detailed information about 81// the error. 82// 83// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 84// API operation CreateCertificateAuthority for usage and error information. 85// 86// Returned Error Types: 87// * InvalidArgsException 88// One or more of the specified arguments was not valid. 89// 90// * InvalidPolicyException 91// The resource policy is invalid or is missing a required statement. For general 92// information about IAM policy and statement structure, see Overview of JSON 93// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 94// 95// * InvalidTagException 96// The tag associated with the CA is not valid. The invalid argument is contained 97// in the message field. 98// 99// * LimitExceededException 100// An ACM Private CA quota has been exceeded. See the exception message returned 101// to determine the quota that was exceeded. 102// 103// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 104func (c *ACMPCA) CreateCertificateAuthority(input *CreateCertificateAuthorityInput) (*CreateCertificateAuthorityOutput, error) { 105 req, out := c.CreateCertificateAuthorityRequest(input) 106 return out, req.Send() 107} 108 109// CreateCertificateAuthorityWithContext is the same as CreateCertificateAuthority with the addition of 110// the ability to pass a context and additional request options. 111// 112// See CreateCertificateAuthority for details on how to use this API operation. 113// 114// The context must be non-nil and will be used for request cancellation. If 115// the context is nil a panic will occur. In the future the SDK may create 116// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 117// for more information on using Contexts. 118func (c *ACMPCA) CreateCertificateAuthorityWithContext(ctx aws.Context, input *CreateCertificateAuthorityInput, opts ...request.Option) (*CreateCertificateAuthorityOutput, error) { 119 req, out := c.CreateCertificateAuthorityRequest(input) 120 req.SetContext(ctx) 121 req.ApplyOptions(opts...) 122 return out, req.Send() 123} 124 125const opCreateCertificateAuthorityAuditReport = "CreateCertificateAuthorityAuditReport" 126 127// CreateCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 128// client's request for the CreateCertificateAuthorityAuditReport operation. The "output" return 129// value will be populated with the request's response once the request completes 130// successfully. 131// 132// Use "Send" method on the returned Request to send the API call to the service. 133// the "output" return value is not valid until after Send returns without error. 134// 135// See CreateCertificateAuthorityAuditReport for more information on using the CreateCertificateAuthorityAuditReport 136// API call, and error handling. 137// 138// This method is useful when you want to inject custom logic or configuration 139// into the SDK's request lifecycle. Such as custom headers, or retry logic. 140// 141// 142// // Example sending a request using the CreateCertificateAuthorityAuditReportRequest method. 143// req, resp := client.CreateCertificateAuthorityAuditReportRequest(params) 144// 145// err := req.Send() 146// if err == nil { // resp is now filled 147// fmt.Println(resp) 148// } 149// 150// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 151func (c *ACMPCA) CreateCertificateAuthorityAuditReportRequest(input *CreateCertificateAuthorityAuditReportInput) (req *request.Request, output *CreateCertificateAuthorityAuditReportOutput) { 152 op := &request.Operation{ 153 Name: opCreateCertificateAuthorityAuditReport, 154 HTTPMethod: "POST", 155 HTTPPath: "/", 156 } 157 158 if input == nil { 159 input = &CreateCertificateAuthorityAuditReportInput{} 160 } 161 162 output = &CreateCertificateAuthorityAuditReportOutput{} 163 req = c.newRequest(op, input, output) 164 return 165} 166 167// CreateCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 168// 169// Creates an audit report that lists every time that your CA private key is 170// used. The report is saved in the Amazon S3 bucket that you specify on input. 171// The IssueCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 172// and RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 173// actions use the private key. 174// 175// Both PCA and the IAM principal must have permission to write to the S3 bucket 176// that you specify. If the IAM principal making the call does not have permission 177// to write to the bucket, then an exception is thrown. For more information, 178// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 179// 180// ACM Private CA assets that are stored in Amazon S3 can be protected with 181// encryption. For more information, see Encrypting Your Audit Reports (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption). 182// 183// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 184// with awserr.Error's Code and Message methods to get detailed information about 185// the error. 186// 187// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 188// API operation CreateCertificateAuthorityAuditReport for usage and error information. 189// 190// Returned Error Types: 191// * RequestInProgressException 192// Your request is already in progress. 193// 194// * RequestFailedException 195// The request has failed for an unspecified reason. 196// 197// * ResourceNotFoundException 198// A resource such as a private CA, S3 bucket, certificate, audit report, or 199// policy cannot be found. 200// 201// * InvalidArnException 202// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 203// 204// * InvalidArgsException 205// One or more of the specified arguments was not valid. 206// 207// * InvalidStateException 208// The state of the private CA does not allow this action to occur. 209// 210// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 211func (c *ACMPCA) CreateCertificateAuthorityAuditReport(input *CreateCertificateAuthorityAuditReportInput) (*CreateCertificateAuthorityAuditReportOutput, error) { 212 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 213 return out, req.Send() 214} 215 216// CreateCertificateAuthorityAuditReportWithContext is the same as CreateCertificateAuthorityAuditReport with the addition of 217// the ability to pass a context and additional request options. 218// 219// See CreateCertificateAuthorityAuditReport for details on how to use this API operation. 220// 221// The context must be non-nil and will be used for request cancellation. If 222// the context is nil a panic will occur. In the future the SDK may create 223// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 224// for more information on using Contexts. 225func (c *ACMPCA) CreateCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *CreateCertificateAuthorityAuditReportInput, opts ...request.Option) (*CreateCertificateAuthorityAuditReportOutput, error) { 226 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 227 req.SetContext(ctx) 228 req.ApplyOptions(opts...) 229 return out, req.Send() 230} 231 232const opCreatePermission = "CreatePermission" 233 234// CreatePermissionRequest generates a "aws/request.Request" representing the 235// client's request for the CreatePermission operation. The "output" return 236// value will be populated with the request's response once the request completes 237// successfully. 238// 239// Use "Send" method on the returned Request to send the API call to the service. 240// the "output" return value is not valid until after Send returns without error. 241// 242// See CreatePermission for more information on using the CreatePermission 243// API call, and error handling. 244// 245// This method is useful when you want to inject custom logic or configuration 246// into the SDK's request lifecycle. Such as custom headers, or retry logic. 247// 248// 249// // Example sending a request using the CreatePermissionRequest method. 250// req, resp := client.CreatePermissionRequest(params) 251// 252// err := req.Send() 253// if err == nil { // resp is now filled 254// fmt.Println(resp) 255// } 256// 257// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 258func (c *ACMPCA) CreatePermissionRequest(input *CreatePermissionInput) (req *request.Request, output *CreatePermissionOutput) { 259 op := &request.Operation{ 260 Name: opCreatePermission, 261 HTTPMethod: "POST", 262 HTTPPath: "/", 263 } 264 265 if input == nil { 266 input = &CreatePermissionInput{} 267 } 268 269 output = &CreatePermissionOutput{} 270 req = c.newRequest(op, input, output) 271 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 272 return 273} 274 275// CreatePermission API operation for AWS Certificate Manager Private Certificate Authority. 276// 277// Grants one or more permissions on a private CA to the AWS Certificate Manager 278// (ACM) service principal (acm.amazonaws.com). These permissions allow ACM 279// to issue and renew ACM certificates that reside in the same AWS account as 280// the CA. 281// 282// You can list current permissions with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 283// action and revoke them with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 284// action. 285// 286// About Permissions 287// 288// * If the private CA and the certificates it issues reside in the same 289// account, you can use CreatePermission to grant permissions for ACM to 290// carry out automatic certificate renewals. 291// 292// * For automatic certificate renewal to succeed, the ACM service principal 293// needs permissions to create, retrieve, and list certificates. 294// 295// * If the private CA and the ACM certificates reside in different accounts, 296// then permissions cannot be used to enable automatic renewals. Instead, 297// the ACM certificate owner must set up a resource-based policy to enable 298// cross-account issuance and renewals. For more information, see Using a 299// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 300// 301// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 302// with awserr.Error's Code and Message methods to get detailed information about 303// the error. 304// 305// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 306// API operation CreatePermission for usage and error information. 307// 308// Returned Error Types: 309// * ResourceNotFoundException 310// A resource such as a private CA, S3 bucket, certificate, audit report, or 311// policy cannot be found. 312// 313// * InvalidArnException 314// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 315// 316// * PermissionAlreadyExistsException 317// The designated permission has already been given to the user. 318// 319// * LimitExceededException 320// An ACM Private CA quota has been exceeded. See the exception message returned 321// to determine the quota that was exceeded. 322// 323// * InvalidStateException 324// The state of the private CA does not allow this action to occur. 325// 326// * RequestFailedException 327// The request has failed for an unspecified reason. 328// 329// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 330func (c *ACMPCA) CreatePermission(input *CreatePermissionInput) (*CreatePermissionOutput, error) { 331 req, out := c.CreatePermissionRequest(input) 332 return out, req.Send() 333} 334 335// CreatePermissionWithContext is the same as CreatePermission with the addition of 336// the ability to pass a context and additional request options. 337// 338// See CreatePermission for details on how to use this API operation. 339// 340// The context must be non-nil and will be used for request cancellation. If 341// the context is nil a panic will occur. In the future the SDK may create 342// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 343// for more information on using Contexts. 344func (c *ACMPCA) CreatePermissionWithContext(ctx aws.Context, input *CreatePermissionInput, opts ...request.Option) (*CreatePermissionOutput, error) { 345 req, out := c.CreatePermissionRequest(input) 346 req.SetContext(ctx) 347 req.ApplyOptions(opts...) 348 return out, req.Send() 349} 350 351const opDeleteCertificateAuthority = "DeleteCertificateAuthority" 352 353// DeleteCertificateAuthorityRequest generates a "aws/request.Request" representing the 354// client's request for the DeleteCertificateAuthority operation. The "output" return 355// value will be populated with the request's response once the request completes 356// successfully. 357// 358// Use "Send" method on the returned Request to send the API call to the service. 359// the "output" return value is not valid until after Send returns without error. 360// 361// See DeleteCertificateAuthority for more information on using the DeleteCertificateAuthority 362// API call, and error handling. 363// 364// This method is useful when you want to inject custom logic or configuration 365// into the SDK's request lifecycle. Such as custom headers, or retry logic. 366// 367// 368// // Example sending a request using the DeleteCertificateAuthorityRequest method. 369// req, resp := client.DeleteCertificateAuthorityRequest(params) 370// 371// err := req.Send() 372// if err == nil { // resp is now filled 373// fmt.Println(resp) 374// } 375// 376// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 377func (c *ACMPCA) DeleteCertificateAuthorityRequest(input *DeleteCertificateAuthorityInput) (req *request.Request, output *DeleteCertificateAuthorityOutput) { 378 op := &request.Operation{ 379 Name: opDeleteCertificateAuthority, 380 HTTPMethod: "POST", 381 HTTPPath: "/", 382 } 383 384 if input == nil { 385 input = &DeleteCertificateAuthorityInput{} 386 } 387 388 output = &DeleteCertificateAuthorityOutput{} 389 req = c.newRequest(op, input, output) 390 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 391 return 392} 393 394// DeleteCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 395// 396// Deletes a private certificate authority (CA). You must provide the Amazon 397// Resource Name (ARN) of the private CA that you want to delete. You can find 398// the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 399// action. 400// 401// Deleting a CA will invalidate other CAs and certificates below it in your 402// CA hierarchy. 403// 404// Before you can delete a CA that you have created and activated, you must 405// disable it. To do this, call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 406// action and set the CertificateAuthorityStatus parameter to DISABLED. 407// 408// Additionally, you can delete a CA if you are waiting for it to be created 409// (that is, the status of the CA is CREATING). You can also delete it if the 410// CA has been created but you haven't yet imported the signed certificate into 411// ACM Private CA (that is, the status of the CA is PENDING_CERTIFICATE). 412// 413// When you successfully call DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html), 414// the CA's status changes to DELETED. However, the CA won't be permanently 415// deleted until the restoration period has passed. By default, if you do not 416// set the PermanentDeletionTimeInDays parameter, the CA remains restorable 417// for 30 days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority 418// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 419// action returns the time remaining in the restoration window of a private 420// CA in the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority 421// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html) 422// action. 423// 424// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 425// with awserr.Error's Code and Message methods to get detailed information about 426// the error. 427// 428// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 429// API operation DeleteCertificateAuthority for usage and error information. 430// 431// Returned Error Types: 432// * ConcurrentModificationException 433// A previous update to your private CA is still ongoing. 434// 435// * ResourceNotFoundException 436// A resource such as a private CA, S3 bucket, certificate, audit report, or 437// policy cannot be found. 438// 439// * InvalidArnException 440// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 441// 442// * InvalidStateException 443// The state of the private CA does not allow this action to occur. 444// 445// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 446func (c *ACMPCA) DeleteCertificateAuthority(input *DeleteCertificateAuthorityInput) (*DeleteCertificateAuthorityOutput, error) { 447 req, out := c.DeleteCertificateAuthorityRequest(input) 448 return out, req.Send() 449} 450 451// DeleteCertificateAuthorityWithContext is the same as DeleteCertificateAuthority with the addition of 452// the ability to pass a context and additional request options. 453// 454// See DeleteCertificateAuthority for details on how to use this API operation. 455// 456// The context must be non-nil and will be used for request cancellation. If 457// the context is nil a panic will occur. In the future the SDK may create 458// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 459// for more information on using Contexts. 460func (c *ACMPCA) DeleteCertificateAuthorityWithContext(ctx aws.Context, input *DeleteCertificateAuthorityInput, opts ...request.Option) (*DeleteCertificateAuthorityOutput, error) { 461 req, out := c.DeleteCertificateAuthorityRequest(input) 462 req.SetContext(ctx) 463 req.ApplyOptions(opts...) 464 return out, req.Send() 465} 466 467const opDeletePermission = "DeletePermission" 468 469// DeletePermissionRequest generates a "aws/request.Request" representing the 470// client's request for the DeletePermission operation. The "output" return 471// value will be populated with the request's response once the request completes 472// successfully. 473// 474// Use "Send" method on the returned Request to send the API call to the service. 475// the "output" return value is not valid until after Send returns without error. 476// 477// See DeletePermission for more information on using the DeletePermission 478// API call, and error handling. 479// 480// This method is useful when you want to inject custom logic or configuration 481// into the SDK's request lifecycle. Such as custom headers, or retry logic. 482// 483// 484// // Example sending a request using the DeletePermissionRequest method. 485// req, resp := client.DeletePermissionRequest(params) 486// 487// err := req.Send() 488// if err == nil { // resp is now filled 489// fmt.Println(resp) 490// } 491// 492// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 493func (c *ACMPCA) DeletePermissionRequest(input *DeletePermissionInput) (req *request.Request, output *DeletePermissionOutput) { 494 op := &request.Operation{ 495 Name: opDeletePermission, 496 HTTPMethod: "POST", 497 HTTPPath: "/", 498 } 499 500 if input == nil { 501 input = &DeletePermissionInput{} 502 } 503 504 output = &DeletePermissionOutput{} 505 req = c.newRequest(op, input, output) 506 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 507 return 508} 509 510// DeletePermission API operation for AWS Certificate Manager Private Certificate Authority. 511// 512// Revokes permissions on a private CA granted to the AWS Certificate Manager 513// (ACM) service principal (acm.amazonaws.com). 514// 515// These permissions allow ACM to issue and renew ACM certificates that reside 516// in the same AWS account as the CA. If you revoke these permissions, ACM will 517// no longer renew the affected certificates automatically. 518// 519// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 520// action and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 521// action. 522// 523// About Permissions 524// 525// * If the private CA and the certificates it issues reside in the same 526// account, you can use CreatePermission to grant permissions for ACM to 527// carry out automatic certificate renewals. 528// 529// * For automatic certificate renewal to succeed, the ACM service principal 530// needs permissions to create, retrieve, and list certificates. 531// 532// * If the private CA and the ACM certificates reside in different accounts, 533// then permissions cannot be used to enable automatic renewals. Instead, 534// the ACM certificate owner must set up a resource-based policy to enable 535// cross-account issuance and renewals. For more information, see Using a 536// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 537// 538// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 539// with awserr.Error's Code and Message methods to get detailed information about 540// the error. 541// 542// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 543// API operation DeletePermission for usage and error information. 544// 545// Returned Error Types: 546// * ResourceNotFoundException 547// A resource such as a private CA, S3 bucket, certificate, audit report, or 548// policy cannot be found. 549// 550// * InvalidArnException 551// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 552// 553// * InvalidStateException 554// The state of the private CA does not allow this action to occur. 555// 556// * RequestFailedException 557// The request has failed for an unspecified reason. 558// 559// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 560func (c *ACMPCA) DeletePermission(input *DeletePermissionInput) (*DeletePermissionOutput, error) { 561 req, out := c.DeletePermissionRequest(input) 562 return out, req.Send() 563} 564 565// DeletePermissionWithContext is the same as DeletePermission with the addition of 566// the ability to pass a context and additional request options. 567// 568// See DeletePermission for details on how to use this API operation. 569// 570// The context must be non-nil and will be used for request cancellation. If 571// the context is nil a panic will occur. In the future the SDK may create 572// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 573// for more information on using Contexts. 574func (c *ACMPCA) DeletePermissionWithContext(ctx aws.Context, input *DeletePermissionInput, opts ...request.Option) (*DeletePermissionOutput, error) { 575 req, out := c.DeletePermissionRequest(input) 576 req.SetContext(ctx) 577 req.ApplyOptions(opts...) 578 return out, req.Send() 579} 580 581const opDeletePolicy = "DeletePolicy" 582 583// DeletePolicyRequest generates a "aws/request.Request" representing the 584// client's request for the DeletePolicy operation. The "output" return 585// value will be populated with the request's response once the request completes 586// successfully. 587// 588// Use "Send" method on the returned Request to send the API call to the service. 589// the "output" return value is not valid until after Send returns without error. 590// 591// See DeletePolicy for more information on using the DeletePolicy 592// API call, and error handling. 593// 594// This method is useful when you want to inject custom logic or configuration 595// into the SDK's request lifecycle. Such as custom headers, or retry logic. 596// 597// 598// // Example sending a request using the DeletePolicyRequest method. 599// req, resp := client.DeletePolicyRequest(params) 600// 601// err := req.Send() 602// if err == nil { // resp is now filled 603// fmt.Println(resp) 604// } 605// 606// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 607func (c *ACMPCA) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 608 op := &request.Operation{ 609 Name: opDeletePolicy, 610 HTTPMethod: "POST", 611 HTTPPath: "/", 612 } 613 614 if input == nil { 615 input = &DeletePolicyInput{} 616 } 617 618 output = &DeletePolicyOutput{} 619 req = c.newRequest(op, input, output) 620 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 621 return 622} 623 624// DeletePolicy API operation for AWS Certificate Manager Private Certificate Authority. 625// 626// Deletes the resource-based policy attached to a private CA. Deletion will 627// remove any access that the policy has granted. If there is no policy attached 628// to the private CA, this action will return successful. 629// 630// If you delete a policy that was applied through AWS Resource Access Manager 631// (RAM), the CA will be removed from all shares in which it was included. 632// 633// The AWS Certificate Manager Service Linked Role that the policy supports 634// is not affected when you delete the policy. 635// 636// The current policy can be shown with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 637// and updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html). 638// 639// About Policies 640// 641// * A policy grants access on a private CA to an AWS customer account, to 642// AWS Organizations, or to an AWS Organizations unit. Policies are under 643// the control of a CA administrator. For more information, see Using a Resource 644// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 645// 646// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 647// certificates signed by a CA in another account. 648// 649// * For ACM to manage automatic renewal of these certificates, the ACM user 650// must configure a Service Linked Role (SLR). The SLR allows the ACM service 651// to assume the identity of the user, subject to confirmation against the 652// ACM Private CA policy. For more information, see Using a Service Linked 653// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 654// 655// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 656// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 657// 658// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 659// with awserr.Error's Code and Message methods to get detailed information about 660// the error. 661// 662// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 663// API operation DeletePolicy for usage and error information. 664// 665// Returned Error Types: 666// * ConcurrentModificationException 667// A previous update to your private CA is still ongoing. 668// 669// * InvalidArnException 670// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 671// 672// * InvalidStateException 673// The state of the private CA does not allow this action to occur. 674// 675// * LockoutPreventedException 676// The current action was prevented because it would lock the caller out from 677// performing subsequent actions. Verify that the specified parameters would 678// not result in the caller being denied access to the resource. 679// 680// * RequestFailedException 681// The request has failed for an unspecified reason. 682// 683// * ResourceNotFoundException 684// A resource such as a private CA, S3 bucket, certificate, audit report, or 685// policy cannot be found. 686// 687// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 688func (c *ACMPCA) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 689 req, out := c.DeletePolicyRequest(input) 690 return out, req.Send() 691} 692 693// DeletePolicyWithContext is the same as DeletePolicy with the addition of 694// the ability to pass a context and additional request options. 695// 696// See DeletePolicy for details on how to use this API operation. 697// 698// The context must be non-nil and will be used for request cancellation. If 699// the context is nil a panic will occur. In the future the SDK may create 700// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 701// for more information on using Contexts. 702func (c *ACMPCA) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 703 req, out := c.DeletePolicyRequest(input) 704 req.SetContext(ctx) 705 req.ApplyOptions(opts...) 706 return out, req.Send() 707} 708 709const opDescribeCertificateAuthority = "DescribeCertificateAuthority" 710 711// DescribeCertificateAuthorityRequest generates a "aws/request.Request" representing the 712// client's request for the DescribeCertificateAuthority operation. The "output" return 713// value will be populated with the request's response once the request completes 714// successfully. 715// 716// Use "Send" method on the returned Request to send the API call to the service. 717// the "output" return value is not valid until after Send returns without error. 718// 719// See DescribeCertificateAuthority for more information on using the DescribeCertificateAuthority 720// API call, and error handling. 721// 722// This method is useful when you want to inject custom logic or configuration 723// into the SDK's request lifecycle. Such as custom headers, or retry logic. 724// 725// 726// // Example sending a request using the DescribeCertificateAuthorityRequest method. 727// req, resp := client.DescribeCertificateAuthorityRequest(params) 728// 729// err := req.Send() 730// if err == nil { // resp is now filled 731// fmt.Println(resp) 732// } 733// 734// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 735func (c *ACMPCA) DescribeCertificateAuthorityRequest(input *DescribeCertificateAuthorityInput) (req *request.Request, output *DescribeCertificateAuthorityOutput) { 736 op := &request.Operation{ 737 Name: opDescribeCertificateAuthority, 738 HTTPMethod: "POST", 739 HTTPPath: "/", 740 } 741 742 if input == nil { 743 input = &DescribeCertificateAuthorityInput{} 744 } 745 746 output = &DescribeCertificateAuthorityOutput{} 747 req = c.newRequest(op, input, output) 748 return 749} 750 751// DescribeCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 752// 753// Lists information about your private certificate authority (CA) or one that 754// has been shared with you. You specify the private CA on input by its ARN 755// (Amazon Resource Name). The output contains the status of your CA. This can 756// be any of the following: 757// 758// * CREATING - ACM Private CA is creating your private certificate authority. 759// 760// * PENDING_CERTIFICATE - The certificate is pending. You must use your 761// ACM Private CA-hosted or on-premises root or subordinate CA to sign your 762// private CA CSR and then import it into PCA. 763// 764// * ACTIVE - Your private CA is active. 765// 766// * DISABLED - Your private CA has been disabled. 767// 768// * EXPIRED - Your private CA certificate has expired. 769// 770// * FAILED - Your private CA has failed. Your CA can fail because of problems 771// such a network outage or back-end AWS failure or other errors. A failed 772// CA can never return to the pending state. You must create a new CA. 773// 774// * DELETED - Your private CA is within the restoration period, after which 775// it is permanently deleted. The length of time remaining in the CA's restoration 776// period is also included in this action's output. 777// 778// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 779// with awserr.Error's Code and Message methods to get detailed information about 780// the error. 781// 782// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 783// API operation DescribeCertificateAuthority for usage and error information. 784// 785// Returned Error Types: 786// * ResourceNotFoundException 787// A resource such as a private CA, S3 bucket, certificate, audit report, or 788// policy cannot be found. 789// 790// * InvalidArnException 791// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 792// 793// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 794func (c *ACMPCA) DescribeCertificateAuthority(input *DescribeCertificateAuthorityInput) (*DescribeCertificateAuthorityOutput, error) { 795 req, out := c.DescribeCertificateAuthorityRequest(input) 796 return out, req.Send() 797} 798 799// DescribeCertificateAuthorityWithContext is the same as DescribeCertificateAuthority with the addition of 800// the ability to pass a context and additional request options. 801// 802// See DescribeCertificateAuthority for details on how to use this API operation. 803// 804// The context must be non-nil and will be used for request cancellation. If 805// the context is nil a panic will occur. In the future the SDK may create 806// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 807// for more information on using Contexts. 808func (c *ACMPCA) DescribeCertificateAuthorityWithContext(ctx aws.Context, input *DescribeCertificateAuthorityInput, opts ...request.Option) (*DescribeCertificateAuthorityOutput, error) { 809 req, out := c.DescribeCertificateAuthorityRequest(input) 810 req.SetContext(ctx) 811 req.ApplyOptions(opts...) 812 return out, req.Send() 813} 814 815const opDescribeCertificateAuthorityAuditReport = "DescribeCertificateAuthorityAuditReport" 816 817// DescribeCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 818// client's request for the DescribeCertificateAuthorityAuditReport operation. The "output" return 819// value will be populated with the request's response once the request completes 820// successfully. 821// 822// Use "Send" method on the returned Request to send the API call to the service. 823// the "output" return value is not valid until after Send returns without error. 824// 825// See DescribeCertificateAuthorityAuditReport for more information on using the DescribeCertificateAuthorityAuditReport 826// API call, and error handling. 827// 828// This method is useful when you want to inject custom logic or configuration 829// into the SDK's request lifecycle. Such as custom headers, or retry logic. 830// 831// 832// // Example sending a request using the DescribeCertificateAuthorityAuditReportRequest method. 833// req, resp := client.DescribeCertificateAuthorityAuditReportRequest(params) 834// 835// err := req.Send() 836// if err == nil { // resp is now filled 837// fmt.Println(resp) 838// } 839// 840// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 841func (c *ACMPCA) DescribeCertificateAuthorityAuditReportRequest(input *DescribeCertificateAuthorityAuditReportInput) (req *request.Request, output *DescribeCertificateAuthorityAuditReportOutput) { 842 op := &request.Operation{ 843 Name: opDescribeCertificateAuthorityAuditReport, 844 HTTPMethod: "POST", 845 HTTPPath: "/", 846 } 847 848 if input == nil { 849 input = &DescribeCertificateAuthorityAuditReportInput{} 850 } 851 852 output = &DescribeCertificateAuthorityAuditReportOutput{} 853 req = c.newRequest(op, input, output) 854 return 855} 856 857// DescribeCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 858// 859// Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport 860// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 861// action. Audit information is created every time the certificate authority 862// (CA) private key is used. The private key is used when you call the IssueCertificate 863// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 864// action or the RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 865// action. 866// 867// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 868// with awserr.Error's Code and Message methods to get detailed information about 869// the error. 870// 871// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 872// API operation DescribeCertificateAuthorityAuditReport for usage and error information. 873// 874// Returned Error Types: 875// * ResourceNotFoundException 876// A resource such as a private CA, S3 bucket, certificate, audit report, or 877// policy cannot be found. 878// 879// * InvalidArnException 880// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 881// 882// * InvalidArgsException 883// One or more of the specified arguments was not valid. 884// 885// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 886func (c *ACMPCA) DescribeCertificateAuthorityAuditReport(input *DescribeCertificateAuthorityAuditReportInput) (*DescribeCertificateAuthorityAuditReportOutput, error) { 887 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 888 return out, req.Send() 889} 890 891// DescribeCertificateAuthorityAuditReportWithContext is the same as DescribeCertificateAuthorityAuditReport with the addition of 892// the ability to pass a context and additional request options. 893// 894// See DescribeCertificateAuthorityAuditReport for details on how to use this API operation. 895// 896// The context must be non-nil and will be used for request cancellation. If 897// the context is nil a panic will occur. In the future the SDK may create 898// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 899// for more information on using Contexts. 900func (c *ACMPCA) DescribeCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *DescribeCertificateAuthorityAuditReportInput, opts ...request.Option) (*DescribeCertificateAuthorityAuditReportOutput, error) { 901 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 902 req.SetContext(ctx) 903 req.ApplyOptions(opts...) 904 return out, req.Send() 905} 906 907const opGetCertificate = "GetCertificate" 908 909// GetCertificateRequest generates a "aws/request.Request" representing the 910// client's request for the GetCertificate operation. The "output" return 911// value will be populated with the request's response once the request completes 912// successfully. 913// 914// Use "Send" method on the returned Request to send the API call to the service. 915// the "output" return value is not valid until after Send returns without error. 916// 917// See GetCertificate for more information on using the GetCertificate 918// API call, and error handling. 919// 920// This method is useful when you want to inject custom logic or configuration 921// into the SDK's request lifecycle. Such as custom headers, or retry logic. 922// 923// 924// // Example sending a request using the GetCertificateRequest method. 925// req, resp := client.GetCertificateRequest(params) 926// 927// err := req.Send() 928// if err == nil { // resp is now filled 929// fmt.Println(resp) 930// } 931// 932// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 933func (c *ACMPCA) GetCertificateRequest(input *GetCertificateInput) (req *request.Request, output *GetCertificateOutput) { 934 op := &request.Operation{ 935 Name: opGetCertificate, 936 HTTPMethod: "POST", 937 HTTPPath: "/", 938 } 939 940 if input == nil { 941 input = &GetCertificateInput{} 942 } 943 944 output = &GetCertificateOutput{} 945 req = c.newRequest(op, input, output) 946 return 947} 948 949// GetCertificate API operation for AWS Certificate Manager Private Certificate Authority. 950// 951// Retrieves a certificate from your private CA or one that has been shared 952// with you. The ARN of the certificate is returned when you call the IssueCertificate 953// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 954// action. You must specify both the ARN of your private CA and the ARN of the 955// issued certificate when calling the GetCertificate action. You can retrieve 956// the certificate if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport 957// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 958// action to create a report that contains information about all of the certificates 959// issued and revoked by your private CA. 960// 961// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 962// with awserr.Error's Code and Message methods to get detailed information about 963// the error. 964// 965// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 966// API operation GetCertificate for usage and error information. 967// 968// Returned Error Types: 969// * RequestInProgressException 970// Your request is already in progress. 971// 972// * RequestFailedException 973// The request has failed for an unspecified reason. 974// 975// * ResourceNotFoundException 976// A resource such as a private CA, S3 bucket, certificate, audit report, or 977// policy cannot be found. 978// 979// * InvalidArnException 980// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 981// 982// * InvalidStateException 983// The state of the private CA does not allow this action to occur. 984// 985// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 986func (c *ACMPCA) GetCertificate(input *GetCertificateInput) (*GetCertificateOutput, error) { 987 req, out := c.GetCertificateRequest(input) 988 return out, req.Send() 989} 990 991// GetCertificateWithContext is the same as GetCertificate with the addition of 992// the ability to pass a context and additional request options. 993// 994// See GetCertificate for details on how to use this API operation. 995// 996// The context must be non-nil and will be used for request cancellation. If 997// the context is nil a panic will occur. In the future the SDK may create 998// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 999// for more information on using Contexts. 1000func (c *ACMPCA) GetCertificateWithContext(ctx aws.Context, input *GetCertificateInput, opts ...request.Option) (*GetCertificateOutput, error) { 1001 req, out := c.GetCertificateRequest(input) 1002 req.SetContext(ctx) 1003 req.ApplyOptions(opts...) 1004 return out, req.Send() 1005} 1006 1007const opGetCertificateAuthorityCertificate = "GetCertificateAuthorityCertificate" 1008 1009// GetCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1010// client's request for the GetCertificateAuthorityCertificate operation. The "output" return 1011// value will be populated with the request's response once the request completes 1012// successfully. 1013// 1014// Use "Send" method on the returned Request to send the API call to the service. 1015// the "output" return value is not valid until after Send returns without error. 1016// 1017// See GetCertificateAuthorityCertificate for more information on using the GetCertificateAuthorityCertificate 1018// API call, and error handling. 1019// 1020// This method is useful when you want to inject custom logic or configuration 1021// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1022// 1023// 1024// // Example sending a request using the GetCertificateAuthorityCertificateRequest method. 1025// req, resp := client.GetCertificateAuthorityCertificateRequest(params) 1026// 1027// err := req.Send() 1028// if err == nil { // resp is now filled 1029// fmt.Println(resp) 1030// } 1031// 1032// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1033func (c *ACMPCA) GetCertificateAuthorityCertificateRequest(input *GetCertificateAuthorityCertificateInput) (req *request.Request, output *GetCertificateAuthorityCertificateOutput) { 1034 op := &request.Operation{ 1035 Name: opGetCertificateAuthorityCertificate, 1036 HTTPMethod: "POST", 1037 HTTPPath: "/", 1038 } 1039 1040 if input == nil { 1041 input = &GetCertificateAuthorityCertificateInput{} 1042 } 1043 1044 output = &GetCertificateAuthorityCertificateOutput{} 1045 req = c.newRequest(op, input, output) 1046 return 1047} 1048 1049// GetCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1050// 1051// Retrieves the certificate and certificate chain for your private certificate 1052// authority (CA) or one that has been shared with you. Both the certificate 1053// and the chain are base64 PEM-encoded. The chain does not include the CA certificate. 1054// Each certificate in the chain signs the one before it. 1055// 1056// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1057// with awserr.Error's Code and Message methods to get detailed information about 1058// the error. 1059// 1060// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1061// API operation GetCertificateAuthorityCertificate for usage and error information. 1062// 1063// Returned Error Types: 1064// * ResourceNotFoundException 1065// A resource such as a private CA, S3 bucket, certificate, audit report, or 1066// policy cannot be found. 1067// 1068// * InvalidStateException 1069// The state of the private CA does not allow this action to occur. 1070// 1071// * InvalidArnException 1072// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1073// 1074// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1075func (c *ACMPCA) GetCertificateAuthorityCertificate(input *GetCertificateAuthorityCertificateInput) (*GetCertificateAuthorityCertificateOutput, error) { 1076 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1077 return out, req.Send() 1078} 1079 1080// GetCertificateAuthorityCertificateWithContext is the same as GetCertificateAuthorityCertificate with the addition of 1081// the ability to pass a context and additional request options. 1082// 1083// See GetCertificateAuthorityCertificate for details on how to use this API operation. 1084// 1085// The context must be non-nil and will be used for request cancellation. If 1086// the context is nil a panic will occur. In the future the SDK may create 1087// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1088// for more information on using Contexts. 1089func (c *ACMPCA) GetCertificateAuthorityCertificateWithContext(ctx aws.Context, input *GetCertificateAuthorityCertificateInput, opts ...request.Option) (*GetCertificateAuthorityCertificateOutput, error) { 1090 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1091 req.SetContext(ctx) 1092 req.ApplyOptions(opts...) 1093 return out, req.Send() 1094} 1095 1096const opGetCertificateAuthorityCsr = "GetCertificateAuthorityCsr" 1097 1098// GetCertificateAuthorityCsrRequest generates a "aws/request.Request" representing the 1099// client's request for the GetCertificateAuthorityCsr operation. The "output" return 1100// value will be populated with the request's response once the request completes 1101// successfully. 1102// 1103// Use "Send" method on the returned Request to send the API call to the service. 1104// the "output" return value is not valid until after Send returns without error. 1105// 1106// See GetCertificateAuthorityCsr for more information on using the GetCertificateAuthorityCsr 1107// API call, and error handling. 1108// 1109// This method is useful when you want to inject custom logic or configuration 1110// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1111// 1112// 1113// // Example sending a request using the GetCertificateAuthorityCsrRequest method. 1114// req, resp := client.GetCertificateAuthorityCsrRequest(params) 1115// 1116// err := req.Send() 1117// if err == nil { // resp is now filled 1118// fmt.Println(resp) 1119// } 1120// 1121// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1122func (c *ACMPCA) GetCertificateAuthorityCsrRequest(input *GetCertificateAuthorityCsrInput) (req *request.Request, output *GetCertificateAuthorityCsrOutput) { 1123 op := &request.Operation{ 1124 Name: opGetCertificateAuthorityCsr, 1125 HTTPMethod: "POST", 1126 HTTPPath: "/", 1127 } 1128 1129 if input == nil { 1130 input = &GetCertificateAuthorityCsrInput{} 1131 } 1132 1133 output = &GetCertificateAuthorityCsrOutput{} 1134 req = c.newRequest(op, input, output) 1135 return 1136} 1137 1138// GetCertificateAuthorityCsr API operation for AWS Certificate Manager Private Certificate Authority. 1139// 1140// Retrieves the certificate signing request (CSR) for your private certificate 1141// authority (CA). The CSR is created when you call the CreateCertificateAuthority 1142// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1143// action. Sign the CSR with your ACM Private CA-hosted or on-premises root 1144// or subordinate CA. Then import the signed certificate back into ACM Private 1145// CA by calling the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 1146// action. The CSR is returned as a base64 PEM-encoded string. 1147// 1148// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1149// with awserr.Error's Code and Message methods to get detailed information about 1150// the error. 1151// 1152// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1153// API operation GetCertificateAuthorityCsr for usage and error information. 1154// 1155// Returned Error Types: 1156// * RequestInProgressException 1157// Your request is already in progress. 1158// 1159// * RequestFailedException 1160// The request has failed for an unspecified reason. 1161// 1162// * ResourceNotFoundException 1163// A resource such as a private CA, S3 bucket, certificate, audit report, or 1164// policy cannot be found. 1165// 1166// * InvalidArnException 1167// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1168// 1169// * InvalidStateException 1170// The state of the private CA does not allow this action to occur. 1171// 1172// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1173func (c *ACMPCA) GetCertificateAuthorityCsr(input *GetCertificateAuthorityCsrInput) (*GetCertificateAuthorityCsrOutput, error) { 1174 req, out := c.GetCertificateAuthorityCsrRequest(input) 1175 return out, req.Send() 1176} 1177 1178// GetCertificateAuthorityCsrWithContext is the same as GetCertificateAuthorityCsr with the addition of 1179// the ability to pass a context and additional request options. 1180// 1181// See GetCertificateAuthorityCsr for details on how to use this API operation. 1182// 1183// The context must be non-nil and will be used for request cancellation. If 1184// the context is nil a panic will occur. In the future the SDK may create 1185// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1186// for more information on using Contexts. 1187func (c *ACMPCA) GetCertificateAuthorityCsrWithContext(ctx aws.Context, input *GetCertificateAuthorityCsrInput, opts ...request.Option) (*GetCertificateAuthorityCsrOutput, error) { 1188 req, out := c.GetCertificateAuthorityCsrRequest(input) 1189 req.SetContext(ctx) 1190 req.ApplyOptions(opts...) 1191 return out, req.Send() 1192} 1193 1194const opGetPolicy = "GetPolicy" 1195 1196// GetPolicyRequest generates a "aws/request.Request" representing the 1197// client's request for the GetPolicy operation. The "output" return 1198// value will be populated with the request's response once the request completes 1199// successfully. 1200// 1201// Use "Send" method on the returned Request to send the API call to the service. 1202// the "output" return value is not valid until after Send returns without error. 1203// 1204// See GetPolicy for more information on using the GetPolicy 1205// API call, and error handling. 1206// 1207// This method is useful when you want to inject custom logic or configuration 1208// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1209// 1210// 1211// // Example sending a request using the GetPolicyRequest method. 1212// req, resp := client.GetPolicyRequest(params) 1213// 1214// err := req.Send() 1215// if err == nil { // resp is now filled 1216// fmt.Println(resp) 1217// } 1218// 1219// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1220func (c *ACMPCA) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) { 1221 op := &request.Operation{ 1222 Name: opGetPolicy, 1223 HTTPMethod: "POST", 1224 HTTPPath: "/", 1225 } 1226 1227 if input == nil { 1228 input = &GetPolicyInput{} 1229 } 1230 1231 output = &GetPolicyOutput{} 1232 req = c.newRequest(op, input, output) 1233 return 1234} 1235 1236// GetPolicy API operation for AWS Certificate Manager Private Certificate Authority. 1237// 1238// Retrieves the resource-based policy attached to a private CA. If either the 1239// private CA resource or the policy cannot be found, this action returns a 1240// ResourceNotFoundException. 1241// 1242// The policy can be attached or updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html) 1243// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 1244// 1245// About Policies 1246// 1247// * A policy grants access on a private CA to an AWS customer account, to 1248// AWS Organizations, or to an AWS Organizations unit. Policies are under 1249// the control of a CA administrator. For more information, see Using a Resource 1250// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1251// 1252// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 1253// certificates signed by a CA in another account. 1254// 1255// * For ACM to manage automatic renewal of these certificates, the ACM user 1256// must configure a Service Linked Role (SLR). The SLR allows the ACM service 1257// to assume the identity of the user, subject to confirmation against the 1258// ACM Private CA policy. For more information, see Using a Service Linked 1259// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 1260// 1261// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 1262// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 1263// 1264// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1265// with awserr.Error's Code and Message methods to get detailed information about 1266// the error. 1267// 1268// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1269// API operation GetPolicy for usage and error information. 1270// 1271// Returned Error Types: 1272// * InvalidArnException 1273// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1274// 1275// * InvalidStateException 1276// The state of the private CA does not allow this action to occur. 1277// 1278// * RequestFailedException 1279// The request has failed for an unspecified reason. 1280// 1281// * ResourceNotFoundException 1282// A resource such as a private CA, S3 bucket, certificate, audit report, or 1283// policy cannot be found. 1284// 1285// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1286func (c *ACMPCA) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) { 1287 req, out := c.GetPolicyRequest(input) 1288 return out, req.Send() 1289} 1290 1291// GetPolicyWithContext is the same as GetPolicy with the addition of 1292// the ability to pass a context and additional request options. 1293// 1294// See GetPolicy for details on how to use this API operation. 1295// 1296// The context must be non-nil and will be used for request cancellation. If 1297// the context is nil a panic will occur. In the future the SDK may create 1298// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1299// for more information on using Contexts. 1300func (c *ACMPCA) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error) { 1301 req, out := c.GetPolicyRequest(input) 1302 req.SetContext(ctx) 1303 req.ApplyOptions(opts...) 1304 return out, req.Send() 1305} 1306 1307const opImportCertificateAuthorityCertificate = "ImportCertificateAuthorityCertificate" 1308 1309// ImportCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1310// client's request for the ImportCertificateAuthorityCertificate operation. The "output" return 1311// value will be populated with the request's response once the request completes 1312// successfully. 1313// 1314// Use "Send" method on the returned Request to send the API call to the service. 1315// the "output" return value is not valid until after Send returns without error. 1316// 1317// See ImportCertificateAuthorityCertificate for more information on using the ImportCertificateAuthorityCertificate 1318// API call, and error handling. 1319// 1320// This method is useful when you want to inject custom logic or configuration 1321// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1322// 1323// 1324// // Example sending a request using the ImportCertificateAuthorityCertificateRequest method. 1325// req, resp := client.ImportCertificateAuthorityCertificateRequest(params) 1326// 1327// err := req.Send() 1328// if err == nil { // resp is now filled 1329// fmt.Println(resp) 1330// } 1331// 1332// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1333func (c *ACMPCA) ImportCertificateAuthorityCertificateRequest(input *ImportCertificateAuthorityCertificateInput) (req *request.Request, output *ImportCertificateAuthorityCertificateOutput) { 1334 op := &request.Operation{ 1335 Name: opImportCertificateAuthorityCertificate, 1336 HTTPMethod: "POST", 1337 HTTPPath: "/", 1338 } 1339 1340 if input == nil { 1341 input = &ImportCertificateAuthorityCertificateInput{} 1342 } 1343 1344 output = &ImportCertificateAuthorityCertificateOutput{} 1345 req = c.newRequest(op, input, output) 1346 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1347 return 1348} 1349 1350// ImportCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1351// 1352// Imports a signed private CA certificate into ACM Private CA. This action 1353// is used when you are using a chain of trust whose root is located outside 1354// ACM Private CA. Before you can call this action, the following preparations 1355// must in place: 1356// 1357// In ACM Private CA, call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1358// action to create the private CA that you plan to back with the imported certificate. 1359// 1360// Call the GetCertificateAuthorityCsr (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html) 1361// action to generate a certificate signing request (CSR). 1362// 1363// Sign the CSR using a root or intermediate CA hosted by either an on-premises 1364// PKI hierarchy or by a commercial CA. 1365// 1366// Create a certificate chain and copy the signed certificate and the certificate 1367// chain to your working directory. 1368// 1369// ACM Private CA supports three scenarios for installing a CA certificate: 1370// 1371// * Installing a certificate for a root CA hosted by ACM Private CA. 1372// 1373// * Installing a subordinate CA certificate whose parent authority is hosted 1374// by ACM Private CA. 1375// 1376// * Installing a subordinate CA certificate whose parent authority is externally 1377// hosted. 1378// 1379// The following additional requirements apply when you import a CA certificate. 1380// 1381// * Only a self-signed certificate can be imported as a root CA. 1382// 1383// * A self-signed certificate cannot be imported as a subordinate CA. 1384// 1385// * Your certificate chain must not include the private CA certificate that 1386// you are importing. 1387// 1388// * Your root CA must be the last certificate in your chain. The subordinate 1389// certificate, if any, that your root CA signed must be next to last. The 1390// subordinate certificate signed by the preceding subordinate CA must come 1391// next, and so on until your chain is built. 1392// 1393// * The chain must be PEM-encoded. 1394// 1395// * The maximum allowed size of a certificate is 32 KB. 1396// 1397// * The maximum allowed size of a certificate chain is 2 MB. 1398// 1399// Enforcement of Critical Constraints 1400// 1401// ACM Private CA allows the following extensions to be marked critical in the 1402// imported CA certificate or chain. 1403// 1404// * Basic constraints (must be marked critical) 1405// 1406// * Subject alternative names 1407// 1408// * Key usage 1409// 1410// * Extended key usage 1411// 1412// * Authority key identifier 1413// 1414// * Subject key identifier 1415// 1416// * Issuer alternative name 1417// 1418// * Subject directory attributes 1419// 1420// * Subject information access 1421// 1422// * Certificate policies 1423// 1424// * Policy mappings 1425// 1426// * Inhibit anyPolicy 1427// 1428// ACM Private CA rejects the following extensions when they are marked critical 1429// in an imported CA certificate or chain. 1430// 1431// * Name constraints 1432// 1433// * Policy constraints 1434// 1435// * CRL distribution points 1436// 1437// * Authority information access 1438// 1439// * Freshest CRL 1440// 1441// * Any other extension 1442// 1443// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1444// with awserr.Error's Code and Message methods to get detailed information about 1445// the error. 1446// 1447// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1448// API operation ImportCertificateAuthorityCertificate for usage and error information. 1449// 1450// Returned Error Types: 1451// * ConcurrentModificationException 1452// A previous update to your private CA is still ongoing. 1453// 1454// * RequestInProgressException 1455// Your request is already in progress. 1456// 1457// * RequestFailedException 1458// The request has failed for an unspecified reason. 1459// 1460// * ResourceNotFoundException 1461// A resource such as a private CA, S3 bucket, certificate, audit report, or 1462// policy cannot be found. 1463// 1464// * InvalidArnException 1465// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1466// 1467// * InvalidRequestException 1468// The request action cannot be performed or is prohibited. 1469// 1470// * InvalidStateException 1471// The state of the private CA does not allow this action to occur. 1472// 1473// * MalformedCertificateException 1474// One or more fields in the certificate are invalid. 1475// 1476// * CertificateMismatchException 1477// The certificate authority certificate you are importing does not comply with 1478// conditions specified in the certificate that signed it. 1479// 1480// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1481func (c *ACMPCA) ImportCertificateAuthorityCertificate(input *ImportCertificateAuthorityCertificateInput) (*ImportCertificateAuthorityCertificateOutput, error) { 1482 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1483 return out, req.Send() 1484} 1485 1486// ImportCertificateAuthorityCertificateWithContext is the same as ImportCertificateAuthorityCertificate with the addition of 1487// the ability to pass a context and additional request options. 1488// 1489// See ImportCertificateAuthorityCertificate for details on how to use this API operation. 1490// 1491// The context must be non-nil and will be used for request cancellation. If 1492// the context is nil a panic will occur. In the future the SDK may create 1493// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1494// for more information on using Contexts. 1495func (c *ACMPCA) ImportCertificateAuthorityCertificateWithContext(ctx aws.Context, input *ImportCertificateAuthorityCertificateInput, opts ...request.Option) (*ImportCertificateAuthorityCertificateOutput, error) { 1496 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1497 req.SetContext(ctx) 1498 req.ApplyOptions(opts...) 1499 return out, req.Send() 1500} 1501 1502const opIssueCertificate = "IssueCertificate" 1503 1504// IssueCertificateRequest generates a "aws/request.Request" representing the 1505// client's request for the IssueCertificate operation. The "output" return 1506// value will be populated with the request's response once the request completes 1507// successfully. 1508// 1509// Use "Send" method on the returned Request to send the API call to the service. 1510// the "output" return value is not valid until after Send returns without error. 1511// 1512// See IssueCertificate for more information on using the IssueCertificate 1513// API call, and error handling. 1514// 1515// This method is useful when you want to inject custom logic or configuration 1516// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1517// 1518// 1519// // Example sending a request using the IssueCertificateRequest method. 1520// req, resp := client.IssueCertificateRequest(params) 1521// 1522// err := req.Send() 1523// if err == nil { // resp is now filled 1524// fmt.Println(resp) 1525// } 1526// 1527// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1528func (c *ACMPCA) IssueCertificateRequest(input *IssueCertificateInput) (req *request.Request, output *IssueCertificateOutput) { 1529 op := &request.Operation{ 1530 Name: opIssueCertificate, 1531 HTTPMethod: "POST", 1532 HTTPPath: "/", 1533 } 1534 1535 if input == nil { 1536 input = &IssueCertificateInput{} 1537 } 1538 1539 output = &IssueCertificateOutput{} 1540 req = c.newRequest(op, input, output) 1541 return 1542} 1543 1544// IssueCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1545// 1546// Uses your private certificate authority (CA), or one that has been shared 1547// with you, to issue a client certificate. This action returns the Amazon Resource 1548// Name (ARN) of the certificate. You can retrieve the certificate by calling 1549// the GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 1550// action and specifying the ARN. 1551// 1552// You cannot use the ACM ListCertificateAuthorities action to retrieve the 1553// ARNs of the certificates that you issue by using ACM Private CA. 1554// 1555// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1556// with awserr.Error's Code and Message methods to get detailed information about 1557// the error. 1558// 1559// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1560// API operation IssueCertificate for usage and error information. 1561// 1562// Returned Error Types: 1563// * LimitExceededException 1564// An ACM Private CA quota has been exceeded. See the exception message returned 1565// to determine the quota that was exceeded. 1566// 1567// * ResourceNotFoundException 1568// A resource such as a private CA, S3 bucket, certificate, audit report, or 1569// policy cannot be found. 1570// 1571// * InvalidStateException 1572// The state of the private CA does not allow this action to occur. 1573// 1574// * InvalidArnException 1575// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1576// 1577// * InvalidArgsException 1578// One or more of the specified arguments was not valid. 1579// 1580// * MalformedCSRException 1581// The certificate signing request is invalid. 1582// 1583// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1584func (c *ACMPCA) IssueCertificate(input *IssueCertificateInput) (*IssueCertificateOutput, error) { 1585 req, out := c.IssueCertificateRequest(input) 1586 return out, req.Send() 1587} 1588 1589// IssueCertificateWithContext is the same as IssueCertificate with the addition of 1590// the ability to pass a context and additional request options. 1591// 1592// See IssueCertificate for details on how to use this API operation. 1593// 1594// The context must be non-nil and will be used for request cancellation. If 1595// the context is nil a panic will occur. In the future the SDK may create 1596// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1597// for more information on using Contexts. 1598func (c *ACMPCA) IssueCertificateWithContext(ctx aws.Context, input *IssueCertificateInput, opts ...request.Option) (*IssueCertificateOutput, error) { 1599 req, out := c.IssueCertificateRequest(input) 1600 req.SetContext(ctx) 1601 req.ApplyOptions(opts...) 1602 return out, req.Send() 1603} 1604 1605const opListCertificateAuthorities = "ListCertificateAuthorities" 1606 1607// ListCertificateAuthoritiesRequest generates a "aws/request.Request" representing the 1608// client's request for the ListCertificateAuthorities operation. The "output" return 1609// value will be populated with the request's response once the request completes 1610// successfully. 1611// 1612// Use "Send" method on the returned Request to send the API call to the service. 1613// the "output" return value is not valid until after Send returns without error. 1614// 1615// See ListCertificateAuthorities for more information on using the ListCertificateAuthorities 1616// API call, and error handling. 1617// 1618// This method is useful when you want to inject custom logic or configuration 1619// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1620// 1621// 1622// // Example sending a request using the ListCertificateAuthoritiesRequest method. 1623// req, resp := client.ListCertificateAuthoritiesRequest(params) 1624// 1625// err := req.Send() 1626// if err == nil { // resp is now filled 1627// fmt.Println(resp) 1628// } 1629// 1630// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1631func (c *ACMPCA) ListCertificateAuthoritiesRequest(input *ListCertificateAuthoritiesInput) (req *request.Request, output *ListCertificateAuthoritiesOutput) { 1632 op := &request.Operation{ 1633 Name: opListCertificateAuthorities, 1634 HTTPMethod: "POST", 1635 HTTPPath: "/", 1636 Paginator: &request.Paginator{ 1637 InputTokens: []string{"NextToken"}, 1638 OutputTokens: []string{"NextToken"}, 1639 LimitToken: "MaxResults", 1640 TruncationToken: "", 1641 }, 1642 } 1643 1644 if input == nil { 1645 input = &ListCertificateAuthoritiesInput{} 1646 } 1647 1648 output = &ListCertificateAuthoritiesOutput{} 1649 req = c.newRequest(op, input, output) 1650 return 1651} 1652 1653// ListCertificateAuthorities API operation for AWS Certificate Manager Private Certificate Authority. 1654// 1655// Lists the private certificate authorities that you created by using the CreateCertificateAuthority 1656// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1657// action. 1658// 1659// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1660// with awserr.Error's Code and Message methods to get detailed information about 1661// the error. 1662// 1663// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1664// API operation ListCertificateAuthorities for usage and error information. 1665// 1666// Returned Error Types: 1667// * InvalidNextTokenException 1668// The token specified in the NextToken argument is not valid. Use the token 1669// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1670// 1671// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1672func (c *ACMPCA) ListCertificateAuthorities(input *ListCertificateAuthoritiesInput) (*ListCertificateAuthoritiesOutput, error) { 1673 req, out := c.ListCertificateAuthoritiesRequest(input) 1674 return out, req.Send() 1675} 1676 1677// ListCertificateAuthoritiesWithContext is the same as ListCertificateAuthorities with the addition of 1678// the ability to pass a context and additional request options. 1679// 1680// See ListCertificateAuthorities for details on how to use this API operation. 1681// 1682// The context must be non-nil and will be used for request cancellation. If 1683// the context is nil a panic will occur. In the future the SDK may create 1684// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1685// for more information on using Contexts. 1686func (c *ACMPCA) ListCertificateAuthoritiesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, opts ...request.Option) (*ListCertificateAuthoritiesOutput, error) { 1687 req, out := c.ListCertificateAuthoritiesRequest(input) 1688 req.SetContext(ctx) 1689 req.ApplyOptions(opts...) 1690 return out, req.Send() 1691} 1692 1693// ListCertificateAuthoritiesPages iterates over the pages of a ListCertificateAuthorities operation, 1694// calling the "fn" function with the response data for each page. To stop 1695// iterating, return false from the fn function. 1696// 1697// See ListCertificateAuthorities method for more information on how to use this operation. 1698// 1699// Note: This operation can generate multiple requests to a service. 1700// 1701// // Example iterating over at most 3 pages of a ListCertificateAuthorities operation. 1702// pageNum := 0 1703// err := client.ListCertificateAuthoritiesPages(params, 1704// func(page *acmpca.ListCertificateAuthoritiesOutput, lastPage bool) bool { 1705// pageNum++ 1706// fmt.Println(page) 1707// return pageNum <= 3 1708// }) 1709// 1710func (c *ACMPCA) ListCertificateAuthoritiesPages(input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool) error { 1711 return c.ListCertificateAuthoritiesPagesWithContext(aws.BackgroundContext(), input, fn) 1712} 1713 1714// ListCertificateAuthoritiesPagesWithContext same as ListCertificateAuthoritiesPages except 1715// it takes a Context and allows setting request options on the pages. 1716// 1717// The context must be non-nil and will be used for request cancellation. If 1718// the context is nil a panic will occur. In the future the SDK may create 1719// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1720// for more information on using Contexts. 1721func (c *ACMPCA) ListCertificateAuthoritiesPagesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool, opts ...request.Option) error { 1722 p := request.Pagination{ 1723 NewRequest: func() (*request.Request, error) { 1724 var inCpy *ListCertificateAuthoritiesInput 1725 if input != nil { 1726 tmp := *input 1727 inCpy = &tmp 1728 } 1729 req, _ := c.ListCertificateAuthoritiesRequest(inCpy) 1730 req.SetContext(ctx) 1731 req.ApplyOptions(opts...) 1732 return req, nil 1733 }, 1734 } 1735 1736 for p.Next() { 1737 if !fn(p.Page().(*ListCertificateAuthoritiesOutput), !p.HasNextPage()) { 1738 break 1739 } 1740 } 1741 1742 return p.Err() 1743} 1744 1745const opListPermissions = "ListPermissions" 1746 1747// ListPermissionsRequest generates a "aws/request.Request" representing the 1748// client's request for the ListPermissions operation. The "output" return 1749// value will be populated with the request's response once the request completes 1750// successfully. 1751// 1752// Use "Send" method on the returned Request to send the API call to the service. 1753// the "output" return value is not valid until after Send returns without error. 1754// 1755// See ListPermissions for more information on using the ListPermissions 1756// API call, and error handling. 1757// 1758// This method is useful when you want to inject custom logic or configuration 1759// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1760// 1761// 1762// // Example sending a request using the ListPermissionsRequest method. 1763// req, resp := client.ListPermissionsRequest(params) 1764// 1765// err := req.Send() 1766// if err == nil { // resp is now filled 1767// fmt.Println(resp) 1768// } 1769// 1770// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1771func (c *ACMPCA) ListPermissionsRequest(input *ListPermissionsInput) (req *request.Request, output *ListPermissionsOutput) { 1772 op := &request.Operation{ 1773 Name: opListPermissions, 1774 HTTPMethod: "POST", 1775 HTTPPath: "/", 1776 Paginator: &request.Paginator{ 1777 InputTokens: []string{"NextToken"}, 1778 OutputTokens: []string{"NextToken"}, 1779 LimitToken: "MaxResults", 1780 TruncationToken: "", 1781 }, 1782 } 1783 1784 if input == nil { 1785 input = &ListPermissionsInput{} 1786 } 1787 1788 output = &ListPermissionsOutput{} 1789 req = c.newRequest(op, input, output) 1790 return 1791} 1792 1793// ListPermissions API operation for AWS Certificate Manager Private Certificate Authority. 1794// 1795// List all permissions on a private CA, if any, granted to the AWS Certificate 1796// Manager (ACM) service principal (acm.amazonaws.com). 1797// 1798// These permissions allow ACM to issue and renew ACM certificates that reside 1799// in the same AWS account as the CA. 1800// 1801// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 1802// action and revoked with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 1803// action. 1804// 1805// About Permissions 1806// 1807// * If the private CA and the certificates it issues reside in the same 1808// account, you can use CreatePermission to grant permissions for ACM to 1809// carry out automatic certificate renewals. 1810// 1811// * For automatic certificate renewal to succeed, the ACM service principal 1812// needs permissions to create, retrieve, and list certificates. 1813// 1814// * If the private CA and the ACM certificates reside in different accounts, 1815// then permissions cannot be used to enable automatic renewals. Instead, 1816// the ACM certificate owner must set up a resource-based policy to enable 1817// cross-account issuance and renewals. For more information, see Using a 1818// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1819// 1820// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1821// with awserr.Error's Code and Message methods to get detailed information about 1822// the error. 1823// 1824// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1825// API operation ListPermissions for usage and error information. 1826// 1827// Returned Error Types: 1828// * ResourceNotFoundException 1829// A resource such as a private CA, S3 bucket, certificate, audit report, or 1830// policy cannot be found. 1831// 1832// * InvalidArnException 1833// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1834// 1835// * InvalidNextTokenException 1836// The token specified in the NextToken argument is not valid. Use the token 1837// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1838// 1839// * InvalidStateException 1840// The state of the private CA does not allow this action to occur. 1841// 1842// * RequestFailedException 1843// The request has failed for an unspecified reason. 1844// 1845// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1846func (c *ACMPCA) ListPermissions(input *ListPermissionsInput) (*ListPermissionsOutput, error) { 1847 req, out := c.ListPermissionsRequest(input) 1848 return out, req.Send() 1849} 1850 1851// ListPermissionsWithContext is the same as ListPermissions with the addition of 1852// the ability to pass a context and additional request options. 1853// 1854// See ListPermissions for details on how to use this API operation. 1855// 1856// The context must be non-nil and will be used for request cancellation. If 1857// the context is nil a panic will occur. In the future the SDK may create 1858// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1859// for more information on using Contexts. 1860func (c *ACMPCA) ListPermissionsWithContext(ctx aws.Context, input *ListPermissionsInput, opts ...request.Option) (*ListPermissionsOutput, error) { 1861 req, out := c.ListPermissionsRequest(input) 1862 req.SetContext(ctx) 1863 req.ApplyOptions(opts...) 1864 return out, req.Send() 1865} 1866 1867// ListPermissionsPages iterates over the pages of a ListPermissions operation, 1868// calling the "fn" function with the response data for each page. To stop 1869// iterating, return false from the fn function. 1870// 1871// See ListPermissions method for more information on how to use this operation. 1872// 1873// Note: This operation can generate multiple requests to a service. 1874// 1875// // Example iterating over at most 3 pages of a ListPermissions operation. 1876// pageNum := 0 1877// err := client.ListPermissionsPages(params, 1878// func(page *acmpca.ListPermissionsOutput, lastPage bool) bool { 1879// pageNum++ 1880// fmt.Println(page) 1881// return pageNum <= 3 1882// }) 1883// 1884func (c *ACMPCA) ListPermissionsPages(input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool) error { 1885 return c.ListPermissionsPagesWithContext(aws.BackgroundContext(), input, fn) 1886} 1887 1888// ListPermissionsPagesWithContext same as ListPermissionsPages except 1889// it takes a Context and allows setting request options on the pages. 1890// 1891// The context must be non-nil and will be used for request cancellation. If 1892// the context is nil a panic will occur. In the future the SDK may create 1893// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1894// for more information on using Contexts. 1895func (c *ACMPCA) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool, opts ...request.Option) error { 1896 p := request.Pagination{ 1897 NewRequest: func() (*request.Request, error) { 1898 var inCpy *ListPermissionsInput 1899 if input != nil { 1900 tmp := *input 1901 inCpy = &tmp 1902 } 1903 req, _ := c.ListPermissionsRequest(inCpy) 1904 req.SetContext(ctx) 1905 req.ApplyOptions(opts...) 1906 return req, nil 1907 }, 1908 } 1909 1910 for p.Next() { 1911 if !fn(p.Page().(*ListPermissionsOutput), !p.HasNextPage()) { 1912 break 1913 } 1914 } 1915 1916 return p.Err() 1917} 1918 1919const opListTags = "ListTags" 1920 1921// ListTagsRequest generates a "aws/request.Request" representing the 1922// client's request for the ListTags operation. The "output" return 1923// value will be populated with the request's response once the request completes 1924// successfully. 1925// 1926// Use "Send" method on the returned Request to send the API call to the service. 1927// the "output" return value is not valid until after Send returns without error. 1928// 1929// See ListTags for more information on using the ListTags 1930// API call, and error handling. 1931// 1932// This method is useful when you want to inject custom logic or configuration 1933// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1934// 1935// 1936// // Example sending a request using the ListTagsRequest method. 1937// req, resp := client.ListTagsRequest(params) 1938// 1939// err := req.Send() 1940// if err == nil { // resp is now filled 1941// fmt.Println(resp) 1942// } 1943// 1944// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1945func (c *ACMPCA) ListTagsRequest(input *ListTagsInput) (req *request.Request, output *ListTagsOutput) { 1946 op := &request.Operation{ 1947 Name: opListTags, 1948 HTTPMethod: "POST", 1949 HTTPPath: "/", 1950 Paginator: &request.Paginator{ 1951 InputTokens: []string{"NextToken"}, 1952 OutputTokens: []string{"NextToken"}, 1953 LimitToken: "MaxResults", 1954 TruncationToken: "", 1955 }, 1956 } 1957 1958 if input == nil { 1959 input = &ListTagsInput{} 1960 } 1961 1962 output = &ListTagsOutput{} 1963 req = c.newRequest(op, input, output) 1964 return 1965} 1966 1967// ListTags API operation for AWS Certificate Manager Private Certificate Authority. 1968// 1969// Lists the tags, if any, that are associated with your private CA or one that 1970// has been shared with you. Tags are labels that you can use to identify and 1971// organize your CAs. Each tag consists of a key and an optional value. Call 1972// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 1973// action to add one or more tags to your CA. Call the UntagCertificateAuthority 1974// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 1975// action to remove tags. 1976// 1977// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1978// with awserr.Error's Code and Message methods to get detailed information about 1979// the error. 1980// 1981// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1982// API operation ListTags for usage and error information. 1983// 1984// Returned Error Types: 1985// * ResourceNotFoundException 1986// A resource such as a private CA, S3 bucket, certificate, audit report, or 1987// policy cannot be found. 1988// 1989// * InvalidArnException 1990// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1991// 1992// * InvalidStateException 1993// The state of the private CA does not allow this action to occur. 1994// 1995// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1996func (c *ACMPCA) ListTags(input *ListTagsInput) (*ListTagsOutput, error) { 1997 req, out := c.ListTagsRequest(input) 1998 return out, req.Send() 1999} 2000 2001// ListTagsWithContext is the same as ListTags with the addition of 2002// the ability to pass a context and additional request options. 2003// 2004// See ListTags for details on how to use this API operation. 2005// 2006// The context must be non-nil and will be used for request cancellation. If 2007// the context is nil a panic will occur. In the future the SDK may create 2008// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2009// for more information on using Contexts. 2010func (c *ACMPCA) ListTagsWithContext(ctx aws.Context, input *ListTagsInput, opts ...request.Option) (*ListTagsOutput, error) { 2011 req, out := c.ListTagsRequest(input) 2012 req.SetContext(ctx) 2013 req.ApplyOptions(opts...) 2014 return out, req.Send() 2015} 2016 2017// ListTagsPages iterates over the pages of a ListTags operation, 2018// calling the "fn" function with the response data for each page. To stop 2019// iterating, return false from the fn function. 2020// 2021// See ListTags method for more information on how to use this operation. 2022// 2023// Note: This operation can generate multiple requests to a service. 2024// 2025// // Example iterating over at most 3 pages of a ListTags operation. 2026// pageNum := 0 2027// err := client.ListTagsPages(params, 2028// func(page *acmpca.ListTagsOutput, lastPage bool) bool { 2029// pageNum++ 2030// fmt.Println(page) 2031// return pageNum <= 3 2032// }) 2033// 2034func (c *ACMPCA) ListTagsPages(input *ListTagsInput, fn func(*ListTagsOutput, bool) bool) error { 2035 return c.ListTagsPagesWithContext(aws.BackgroundContext(), input, fn) 2036} 2037 2038// ListTagsPagesWithContext same as ListTagsPages except 2039// it takes a Context and allows setting request options on the pages. 2040// 2041// The context must be non-nil and will be used for request cancellation. If 2042// the context is nil a panic will occur. In the future the SDK may create 2043// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2044// for more information on using Contexts. 2045func (c *ACMPCA) ListTagsPagesWithContext(ctx aws.Context, input *ListTagsInput, fn func(*ListTagsOutput, bool) bool, opts ...request.Option) error { 2046 p := request.Pagination{ 2047 NewRequest: func() (*request.Request, error) { 2048 var inCpy *ListTagsInput 2049 if input != nil { 2050 tmp := *input 2051 inCpy = &tmp 2052 } 2053 req, _ := c.ListTagsRequest(inCpy) 2054 req.SetContext(ctx) 2055 req.ApplyOptions(opts...) 2056 return req, nil 2057 }, 2058 } 2059 2060 for p.Next() { 2061 if !fn(p.Page().(*ListTagsOutput), !p.HasNextPage()) { 2062 break 2063 } 2064 } 2065 2066 return p.Err() 2067} 2068 2069const opPutPolicy = "PutPolicy" 2070 2071// PutPolicyRequest generates a "aws/request.Request" representing the 2072// client's request for the PutPolicy operation. The "output" return 2073// value will be populated with the request's response once the request completes 2074// successfully. 2075// 2076// Use "Send" method on the returned Request to send the API call to the service. 2077// the "output" return value is not valid until after Send returns without error. 2078// 2079// See PutPolicy for more information on using the PutPolicy 2080// API call, and error handling. 2081// 2082// This method is useful when you want to inject custom logic or configuration 2083// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2084// 2085// 2086// // Example sending a request using the PutPolicyRequest method. 2087// req, resp := client.PutPolicyRequest(params) 2088// 2089// err := req.Send() 2090// if err == nil { // resp is now filled 2091// fmt.Println(resp) 2092// } 2093// 2094// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2095func (c *ACMPCA) PutPolicyRequest(input *PutPolicyInput) (req *request.Request, output *PutPolicyOutput) { 2096 op := &request.Operation{ 2097 Name: opPutPolicy, 2098 HTTPMethod: "POST", 2099 HTTPPath: "/", 2100 } 2101 2102 if input == nil { 2103 input = &PutPolicyInput{} 2104 } 2105 2106 output = &PutPolicyOutput{} 2107 req = c.newRequest(op, input, output) 2108 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2109 return 2110} 2111 2112// PutPolicy API operation for AWS Certificate Manager Private Certificate Authority. 2113// 2114// Attaches a resource-based policy to a private CA. 2115// 2116// A policy can also be applied by sharing a private CA through AWS Resource 2117// Access Manager (RAM). For more information, see Attach a Policy for Cross-Account 2118// Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2119// 2120// The policy can be displayed with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 2121// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 2122// 2123// About Policies 2124// 2125// * A policy grants access on a private CA to an AWS customer account, to 2126// AWS Organizations, or to an AWS Organizations unit. Policies are under 2127// the control of a CA administrator. For more information, see Using a Resource 2128// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 2129// 2130// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 2131// certificates signed by a CA in another account. 2132// 2133// * For ACM to manage automatic renewal of these certificates, the ACM user 2134// must configure a Service Linked Role (SLR). The SLR allows the ACM service 2135// to assume the identity of the user, subject to confirmation against the 2136// ACM Private CA policy. For more information, see Using a Service Linked 2137// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 2138// 2139// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 2140// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2141// 2142// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2143// with awserr.Error's Code and Message methods to get detailed information about 2144// the error. 2145// 2146// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2147// API operation PutPolicy for usage and error information. 2148// 2149// Returned Error Types: 2150// * ConcurrentModificationException 2151// A previous update to your private CA is still ongoing. 2152// 2153// * InvalidArnException 2154// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2155// 2156// * InvalidStateException 2157// The state of the private CA does not allow this action to occur. 2158// 2159// * InvalidPolicyException 2160// The resource policy is invalid or is missing a required statement. For general 2161// information about IAM policy and statement structure, see Overview of JSON 2162// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2163// 2164// * LockoutPreventedException 2165// The current action was prevented because it would lock the caller out from 2166// performing subsequent actions. Verify that the specified parameters would 2167// not result in the caller being denied access to the resource. 2168// 2169// * RequestFailedException 2170// The request has failed for an unspecified reason. 2171// 2172// * ResourceNotFoundException 2173// A resource such as a private CA, S3 bucket, certificate, audit report, or 2174// policy cannot be found. 2175// 2176// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2177func (c *ACMPCA) PutPolicy(input *PutPolicyInput) (*PutPolicyOutput, error) { 2178 req, out := c.PutPolicyRequest(input) 2179 return out, req.Send() 2180} 2181 2182// PutPolicyWithContext is the same as PutPolicy with the addition of 2183// the ability to pass a context and additional request options. 2184// 2185// See PutPolicy for details on how to use this API operation. 2186// 2187// The context must be non-nil and will be used for request cancellation. If 2188// the context is nil a panic will occur. In the future the SDK may create 2189// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2190// for more information on using Contexts. 2191func (c *ACMPCA) PutPolicyWithContext(ctx aws.Context, input *PutPolicyInput, opts ...request.Option) (*PutPolicyOutput, error) { 2192 req, out := c.PutPolicyRequest(input) 2193 req.SetContext(ctx) 2194 req.ApplyOptions(opts...) 2195 return out, req.Send() 2196} 2197 2198const opRestoreCertificateAuthority = "RestoreCertificateAuthority" 2199 2200// RestoreCertificateAuthorityRequest generates a "aws/request.Request" representing the 2201// client's request for the RestoreCertificateAuthority operation. The "output" return 2202// value will be populated with the request's response once the request completes 2203// successfully. 2204// 2205// Use "Send" method on the returned Request to send the API call to the service. 2206// the "output" return value is not valid until after Send returns without error. 2207// 2208// See RestoreCertificateAuthority for more information on using the RestoreCertificateAuthority 2209// API call, and error handling. 2210// 2211// This method is useful when you want to inject custom logic or configuration 2212// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2213// 2214// 2215// // Example sending a request using the RestoreCertificateAuthorityRequest method. 2216// req, resp := client.RestoreCertificateAuthorityRequest(params) 2217// 2218// err := req.Send() 2219// if err == nil { // resp is now filled 2220// fmt.Println(resp) 2221// } 2222// 2223// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2224func (c *ACMPCA) RestoreCertificateAuthorityRequest(input *RestoreCertificateAuthorityInput) (req *request.Request, output *RestoreCertificateAuthorityOutput) { 2225 op := &request.Operation{ 2226 Name: opRestoreCertificateAuthority, 2227 HTTPMethod: "POST", 2228 HTTPPath: "/", 2229 } 2230 2231 if input == nil { 2232 input = &RestoreCertificateAuthorityInput{} 2233 } 2234 2235 output = &RestoreCertificateAuthorityOutput{} 2236 req = c.newRequest(op, input, output) 2237 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2238 return 2239} 2240 2241// RestoreCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2242// 2243// Restores a certificate authority (CA) that is in the DELETED state. You can 2244// restore a CA during the period that you defined in the PermanentDeletionTimeInDays 2245// parameter of the DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html) 2246// action. Currently, you can specify 7 to 30 days. If you did not specify a 2247// PermanentDeletionTimeInDays value, by default you can restore the CA at any 2248// time in a 30 day period. You can check the time remaining in the restoration 2249// period of a private CA in the DELETED state by calling the DescribeCertificateAuthority 2250// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 2251// or ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 2252// actions. The status of a restored CA is set to its pre-deletion status when 2253// the RestoreCertificateAuthority action returns. To change its status to ACTIVE, 2254// call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 2255// action. If the private CA was in the PENDING_CERTIFICATE state at deletion, 2256// you must use the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 2257// action to import a certificate authority into the private CA before it can 2258// be activated. You cannot restore a CA after the restoration period has ended. 2259// 2260// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2261// with awserr.Error's Code and Message methods to get detailed information about 2262// the error. 2263// 2264// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2265// API operation RestoreCertificateAuthority for usage and error information. 2266// 2267// Returned Error Types: 2268// * ResourceNotFoundException 2269// A resource such as a private CA, S3 bucket, certificate, audit report, or 2270// policy cannot be found. 2271// 2272// * InvalidStateException 2273// The state of the private CA does not allow this action to occur. 2274// 2275// * InvalidArnException 2276// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2277// 2278// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2279func (c *ACMPCA) RestoreCertificateAuthority(input *RestoreCertificateAuthorityInput) (*RestoreCertificateAuthorityOutput, error) { 2280 req, out := c.RestoreCertificateAuthorityRequest(input) 2281 return out, req.Send() 2282} 2283 2284// RestoreCertificateAuthorityWithContext is the same as RestoreCertificateAuthority with the addition of 2285// the ability to pass a context and additional request options. 2286// 2287// See RestoreCertificateAuthority for details on how to use this API operation. 2288// 2289// The context must be non-nil and will be used for request cancellation. If 2290// the context is nil a panic will occur. In the future the SDK may create 2291// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2292// for more information on using Contexts. 2293func (c *ACMPCA) RestoreCertificateAuthorityWithContext(ctx aws.Context, input *RestoreCertificateAuthorityInput, opts ...request.Option) (*RestoreCertificateAuthorityOutput, error) { 2294 req, out := c.RestoreCertificateAuthorityRequest(input) 2295 req.SetContext(ctx) 2296 req.ApplyOptions(opts...) 2297 return out, req.Send() 2298} 2299 2300const opRevokeCertificate = "RevokeCertificate" 2301 2302// RevokeCertificateRequest generates a "aws/request.Request" representing the 2303// client's request for the RevokeCertificate operation. The "output" return 2304// value will be populated with the request's response once the request completes 2305// successfully. 2306// 2307// Use "Send" method on the returned Request to send the API call to the service. 2308// the "output" return value is not valid until after Send returns without error. 2309// 2310// See RevokeCertificate for more information on using the RevokeCertificate 2311// API call, and error handling. 2312// 2313// This method is useful when you want to inject custom logic or configuration 2314// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2315// 2316// 2317// // Example sending a request using the RevokeCertificateRequest method. 2318// req, resp := client.RevokeCertificateRequest(params) 2319// 2320// err := req.Send() 2321// if err == nil { // resp is now filled 2322// fmt.Println(resp) 2323// } 2324// 2325// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2326func (c *ACMPCA) RevokeCertificateRequest(input *RevokeCertificateInput) (req *request.Request, output *RevokeCertificateOutput) { 2327 op := &request.Operation{ 2328 Name: opRevokeCertificate, 2329 HTTPMethod: "POST", 2330 HTTPPath: "/", 2331 } 2332 2333 if input == nil { 2334 input = &RevokeCertificateInput{} 2335 } 2336 2337 output = &RevokeCertificateOutput{} 2338 req = c.newRequest(op, input, output) 2339 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2340 return 2341} 2342 2343// RevokeCertificate API operation for AWS Certificate Manager Private Certificate Authority. 2344// 2345// Revokes a certificate that was issued inside ACM Private CA. If you enable 2346// a certificate revocation list (CRL) when you create or update your private 2347// CA, information about the revoked certificates will be included in the CRL. 2348// ACM Private CA writes the CRL to an S3 bucket that you specify. A CRL is 2349// typically updated approximately 30 minutes after a certificate is revoked. 2350// If for any reason the CRL update fails, ACM Private CA attempts makes further 2351// attempts every 15 minutes. With Amazon CloudWatch, you can create alarms 2352// for the metrics CRLGenerated and MisconfiguredCRLBucket. For more information, 2353// see Supported CloudWatch Metrics (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html). 2354// 2355// Both PCA and the IAM principal must have permission to write to the S3 bucket 2356// that you specify. If the IAM principal making the call does not have permission 2357// to write to the bucket, then an exception is thrown. For more information, 2358// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2359// 2360// ACM Private CA also writes revocation information to the audit report. For 2361// more information, see CreateCertificateAuthorityAuditReport (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html). 2362// 2363// You cannot revoke a root CA self-signed certificate. 2364// 2365// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2366// with awserr.Error's Code and Message methods to get detailed information about 2367// the error. 2368// 2369// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2370// API operation RevokeCertificate for usage and error information. 2371// 2372// Returned Error Types: 2373// * ConcurrentModificationException 2374// A previous update to your private CA is still ongoing. 2375// 2376// * InvalidArnException 2377// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2378// 2379// * InvalidRequestException 2380// The request action cannot be performed or is prohibited. 2381// 2382// * InvalidStateException 2383// The state of the private CA does not allow this action to occur. 2384// 2385// * LimitExceededException 2386// An ACM Private CA quota has been exceeded. See the exception message returned 2387// to determine the quota that was exceeded. 2388// 2389// * ResourceNotFoundException 2390// A resource such as a private CA, S3 bucket, certificate, audit report, or 2391// policy cannot be found. 2392// 2393// * RequestAlreadyProcessedException 2394// Your request has already been completed. 2395// 2396// * RequestInProgressException 2397// Your request is already in progress. 2398// 2399// * RequestFailedException 2400// The request has failed for an unspecified reason. 2401// 2402// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2403func (c *ACMPCA) RevokeCertificate(input *RevokeCertificateInput) (*RevokeCertificateOutput, error) { 2404 req, out := c.RevokeCertificateRequest(input) 2405 return out, req.Send() 2406} 2407 2408// RevokeCertificateWithContext is the same as RevokeCertificate with the addition of 2409// the ability to pass a context and additional request options. 2410// 2411// See RevokeCertificate for details on how to use this API operation. 2412// 2413// The context must be non-nil and will be used for request cancellation. If 2414// the context is nil a panic will occur. In the future the SDK may create 2415// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2416// for more information on using Contexts. 2417func (c *ACMPCA) RevokeCertificateWithContext(ctx aws.Context, input *RevokeCertificateInput, opts ...request.Option) (*RevokeCertificateOutput, error) { 2418 req, out := c.RevokeCertificateRequest(input) 2419 req.SetContext(ctx) 2420 req.ApplyOptions(opts...) 2421 return out, req.Send() 2422} 2423 2424const opTagCertificateAuthority = "TagCertificateAuthority" 2425 2426// TagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2427// client's request for the TagCertificateAuthority operation. The "output" return 2428// value will be populated with the request's response once the request completes 2429// successfully. 2430// 2431// Use "Send" method on the returned Request to send the API call to the service. 2432// the "output" return value is not valid until after Send returns without error. 2433// 2434// See TagCertificateAuthority for more information on using the TagCertificateAuthority 2435// API call, and error handling. 2436// 2437// This method is useful when you want to inject custom logic or configuration 2438// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2439// 2440// 2441// // Example sending a request using the TagCertificateAuthorityRequest method. 2442// req, resp := client.TagCertificateAuthorityRequest(params) 2443// 2444// err := req.Send() 2445// if err == nil { // resp is now filled 2446// fmt.Println(resp) 2447// } 2448// 2449// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2450func (c *ACMPCA) TagCertificateAuthorityRequest(input *TagCertificateAuthorityInput) (req *request.Request, output *TagCertificateAuthorityOutput) { 2451 op := &request.Operation{ 2452 Name: opTagCertificateAuthority, 2453 HTTPMethod: "POST", 2454 HTTPPath: "/", 2455 } 2456 2457 if input == nil { 2458 input = &TagCertificateAuthorityInput{} 2459 } 2460 2461 output = &TagCertificateAuthorityOutput{} 2462 req = c.newRequest(op, input, output) 2463 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2464 return 2465} 2466 2467// TagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2468// 2469// Adds one or more tags to your private CA. Tags are labels that you can use 2470// to identify and organize your AWS resources. Each tag consists of a key and 2471// an optional value. You specify the private CA on input by its Amazon Resource 2472// Name (ARN). You specify the tag by using a key-value pair. You can apply 2473// a tag to just one private CA if you want to identify a specific characteristic 2474// of that CA, or you can apply the same tag to multiple private CAs if you 2475// want to filter for a common relationship among those CAs. To remove one or 2476// more tags, use the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 2477// action. Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2478// action to see what tags are associated with your CA. 2479// 2480// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2481// with awserr.Error's Code and Message methods to get detailed information about 2482// the error. 2483// 2484// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2485// API operation TagCertificateAuthority for usage and error information. 2486// 2487// Returned Error Types: 2488// * ResourceNotFoundException 2489// A resource such as a private CA, S3 bucket, certificate, audit report, or 2490// policy cannot be found. 2491// 2492// * InvalidArnException 2493// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2494// 2495// * InvalidStateException 2496// The state of the private CA does not allow this action to occur. 2497// 2498// * InvalidTagException 2499// The tag associated with the CA is not valid. The invalid argument is contained 2500// in the message field. 2501// 2502// * TooManyTagsException 2503// You can associate up to 50 tags with a private CA. Exception information 2504// is contained in the exception message field. 2505// 2506// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2507func (c *ACMPCA) TagCertificateAuthority(input *TagCertificateAuthorityInput) (*TagCertificateAuthorityOutput, error) { 2508 req, out := c.TagCertificateAuthorityRequest(input) 2509 return out, req.Send() 2510} 2511 2512// TagCertificateAuthorityWithContext is the same as TagCertificateAuthority with the addition of 2513// the ability to pass a context and additional request options. 2514// 2515// See TagCertificateAuthority for details on how to use this API operation. 2516// 2517// The context must be non-nil and will be used for request cancellation. If 2518// the context is nil a panic will occur. In the future the SDK may create 2519// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2520// for more information on using Contexts. 2521func (c *ACMPCA) TagCertificateAuthorityWithContext(ctx aws.Context, input *TagCertificateAuthorityInput, opts ...request.Option) (*TagCertificateAuthorityOutput, error) { 2522 req, out := c.TagCertificateAuthorityRequest(input) 2523 req.SetContext(ctx) 2524 req.ApplyOptions(opts...) 2525 return out, req.Send() 2526} 2527 2528const opUntagCertificateAuthority = "UntagCertificateAuthority" 2529 2530// UntagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2531// client's request for the UntagCertificateAuthority operation. The "output" return 2532// value will be populated with the request's response once the request completes 2533// successfully. 2534// 2535// Use "Send" method on the returned Request to send the API call to the service. 2536// the "output" return value is not valid until after Send returns without error. 2537// 2538// See UntagCertificateAuthority for more information on using the UntagCertificateAuthority 2539// API call, and error handling. 2540// 2541// This method is useful when you want to inject custom logic or configuration 2542// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2543// 2544// 2545// // Example sending a request using the UntagCertificateAuthorityRequest method. 2546// req, resp := client.UntagCertificateAuthorityRequest(params) 2547// 2548// err := req.Send() 2549// if err == nil { // resp is now filled 2550// fmt.Println(resp) 2551// } 2552// 2553// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2554func (c *ACMPCA) UntagCertificateAuthorityRequest(input *UntagCertificateAuthorityInput) (req *request.Request, output *UntagCertificateAuthorityOutput) { 2555 op := &request.Operation{ 2556 Name: opUntagCertificateAuthority, 2557 HTTPMethod: "POST", 2558 HTTPPath: "/", 2559 } 2560 2561 if input == nil { 2562 input = &UntagCertificateAuthorityInput{} 2563 } 2564 2565 output = &UntagCertificateAuthorityOutput{} 2566 req = c.newRequest(op, input, output) 2567 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2568 return 2569} 2570 2571// UntagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2572// 2573// Remove one or more tags from your private CA. A tag consists of a key-value 2574// pair. If you do not specify the value portion of the tag when calling this 2575// action, the tag will be removed regardless of value. If you specify a value, 2576// the tag is removed only if it is associated with the specified value. To 2577// add tags to a private CA, use the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html). 2578// Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2579// action to see what tags are associated with your CA. 2580// 2581// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2582// with awserr.Error's Code and Message methods to get detailed information about 2583// the error. 2584// 2585// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2586// API operation UntagCertificateAuthority for usage and error information. 2587// 2588// Returned Error Types: 2589// * ResourceNotFoundException 2590// A resource such as a private CA, S3 bucket, certificate, audit report, or 2591// policy cannot be found. 2592// 2593// * InvalidArnException 2594// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2595// 2596// * InvalidStateException 2597// The state of the private CA does not allow this action to occur. 2598// 2599// * InvalidTagException 2600// The tag associated with the CA is not valid. The invalid argument is contained 2601// in the message field. 2602// 2603// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2604func (c *ACMPCA) UntagCertificateAuthority(input *UntagCertificateAuthorityInput) (*UntagCertificateAuthorityOutput, error) { 2605 req, out := c.UntagCertificateAuthorityRequest(input) 2606 return out, req.Send() 2607} 2608 2609// UntagCertificateAuthorityWithContext is the same as UntagCertificateAuthority with the addition of 2610// the ability to pass a context and additional request options. 2611// 2612// See UntagCertificateAuthority for details on how to use this API operation. 2613// 2614// The context must be non-nil and will be used for request cancellation. If 2615// the context is nil a panic will occur. In the future the SDK may create 2616// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2617// for more information on using Contexts. 2618func (c *ACMPCA) UntagCertificateAuthorityWithContext(ctx aws.Context, input *UntagCertificateAuthorityInput, opts ...request.Option) (*UntagCertificateAuthorityOutput, error) { 2619 req, out := c.UntagCertificateAuthorityRequest(input) 2620 req.SetContext(ctx) 2621 req.ApplyOptions(opts...) 2622 return out, req.Send() 2623} 2624 2625const opUpdateCertificateAuthority = "UpdateCertificateAuthority" 2626 2627// UpdateCertificateAuthorityRequest generates a "aws/request.Request" representing the 2628// client's request for the UpdateCertificateAuthority operation. The "output" return 2629// value will be populated with the request's response once the request completes 2630// successfully. 2631// 2632// Use "Send" method on the returned Request to send the API call to the service. 2633// the "output" return value is not valid until after Send returns without error. 2634// 2635// See UpdateCertificateAuthority for more information on using the UpdateCertificateAuthority 2636// API call, and error handling. 2637// 2638// This method is useful when you want to inject custom logic or configuration 2639// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2640// 2641// 2642// // Example sending a request using the UpdateCertificateAuthorityRequest method. 2643// req, resp := client.UpdateCertificateAuthorityRequest(params) 2644// 2645// err := req.Send() 2646// if err == nil { // resp is now filled 2647// fmt.Println(resp) 2648// } 2649// 2650// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2651func (c *ACMPCA) UpdateCertificateAuthorityRequest(input *UpdateCertificateAuthorityInput) (req *request.Request, output *UpdateCertificateAuthorityOutput) { 2652 op := &request.Operation{ 2653 Name: opUpdateCertificateAuthority, 2654 HTTPMethod: "POST", 2655 HTTPPath: "/", 2656 } 2657 2658 if input == nil { 2659 input = &UpdateCertificateAuthorityInput{} 2660 } 2661 2662 output = &UpdateCertificateAuthorityOutput{} 2663 req = c.newRequest(op, input, output) 2664 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2665 return 2666} 2667 2668// UpdateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2669// 2670// Updates the status or configuration of a private certificate authority (CA). 2671// Your private CA must be in the ACTIVE or DISABLED state before you can update 2672// it. You can disable a private CA that is in the ACTIVE state or make a CA 2673// that is in the DISABLED state active again. 2674// 2675// Both PCA and the IAM principal must have permission to write to the S3 bucket 2676// that you specify. If the IAM principal making the call does not have permission 2677// to write to the bucket, then an exception is thrown. For more information, 2678// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2679// 2680// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2681// with awserr.Error's Code and Message methods to get detailed information about 2682// the error. 2683// 2684// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2685// API operation UpdateCertificateAuthority for usage and error information. 2686// 2687// Returned Error Types: 2688// * ConcurrentModificationException 2689// A previous update to your private CA is still ongoing. 2690// 2691// * ResourceNotFoundException 2692// A resource such as a private CA, S3 bucket, certificate, audit report, or 2693// policy cannot be found. 2694// 2695// * InvalidArgsException 2696// One or more of the specified arguments was not valid. 2697// 2698// * InvalidArnException 2699// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2700// 2701// * InvalidStateException 2702// The state of the private CA does not allow this action to occur. 2703// 2704// * InvalidPolicyException 2705// The resource policy is invalid or is missing a required statement. For general 2706// information about IAM policy and statement structure, see Overview of JSON 2707// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2708// 2709// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2710func (c *ACMPCA) UpdateCertificateAuthority(input *UpdateCertificateAuthorityInput) (*UpdateCertificateAuthorityOutput, error) { 2711 req, out := c.UpdateCertificateAuthorityRequest(input) 2712 return out, req.Send() 2713} 2714 2715// UpdateCertificateAuthorityWithContext is the same as UpdateCertificateAuthority with the addition of 2716// the ability to pass a context and additional request options. 2717// 2718// See UpdateCertificateAuthority for details on how to use this API operation. 2719// 2720// The context must be non-nil and will be used for request cancellation. If 2721// the context is nil a panic will occur. In the future the SDK may create 2722// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2723// for more information on using Contexts. 2724func (c *ACMPCA) UpdateCertificateAuthorityWithContext(ctx aws.Context, input *UpdateCertificateAuthorityInput, opts ...request.Option) (*UpdateCertificateAuthorityOutput, error) { 2725 req, out := c.UpdateCertificateAuthorityRequest(input) 2726 req.SetContext(ctx) 2727 req.ApplyOptions(opts...) 2728 return out, req.Send() 2729} 2730 2731// Contains information about the certificate subject. The Subject field in 2732// the certificate identifies the entity that owns or controls the public key 2733// in the certificate. The entity can be a user, computer, device, or service. 2734// The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 2735// of relative distinguished names (RDNs). The RDNs are separated by commas 2736// in the certificate. 2737type ASN1Subject struct { 2738 _ struct{} `type:"structure"` 2739 2740 // For CA and end-entity certificates in a private PKI, the common name (CN) 2741 // can be any string within the length limit. 2742 // 2743 // Note: In publicly trusted certificates, the common name must be a fully qualified 2744 // domain name (FQDN) associated with the certificate subject. 2745 CommonName *string `type:"string"` 2746 2747 // Two-digit code that specifies the country in which the certificate subject 2748 // located. 2749 Country *string `min:"2" type:"string"` 2750 2751 // Disambiguating information for the certificate subject. 2752 DistinguishedNameQualifier *string `type:"string"` 2753 2754 // Typically a qualifier appended to the name of an individual. Examples include 2755 // Jr. for junior, Sr. for senior, and III for third. 2756 GenerationQualifier *string `type:"string"` 2757 2758 // First name. 2759 GivenName *string `type:"string"` 2760 2761 // Concatenation that typically contains the first letter of the GivenName, 2762 // the first letter of the middle name if one exists, and the first letter of 2763 // the Surname. 2764 Initials *string `type:"string"` 2765 2766 // The locality (such as a city or town) in which the certificate subject is 2767 // located. 2768 Locality *string `type:"string"` 2769 2770 // Legal name of the organization with which the certificate subject is affiliated. 2771 Organization *string `type:"string"` 2772 2773 // A subdivision or unit of the organization (such as sales or finance) with 2774 // which the certificate subject is affiliated. 2775 OrganizationalUnit *string `type:"string"` 2776 2777 // Typically a shortened version of a longer GivenName. For example, Jonathan 2778 // is often shortened to John. Elizabeth is often shortened to Beth, Liz, or 2779 // Eliza. 2780 Pseudonym *string `type:"string"` 2781 2782 // The certificate serial number. 2783 SerialNumber *string `type:"string"` 2784 2785 // State in which the subject of the certificate is located. 2786 State *string `type:"string"` 2787 2788 // Family name. In the US and the UK, for example, the surname of an individual 2789 // is ordered last. In Asian cultures the surname is typically ordered first. 2790 Surname *string `type:"string"` 2791 2792 // A title such as Mr. or Ms., which is pre-pended to the name to refer formally 2793 // to the certificate subject. 2794 Title *string `type:"string"` 2795} 2796 2797// String returns the string representation 2798func (s ASN1Subject) String() string { 2799 return awsutil.Prettify(s) 2800} 2801 2802// GoString returns the string representation 2803func (s ASN1Subject) GoString() string { 2804 return s.String() 2805} 2806 2807// Validate inspects the fields of the type to determine if they are valid. 2808func (s *ASN1Subject) Validate() error { 2809 invalidParams := request.ErrInvalidParams{Context: "ASN1Subject"} 2810 if s.Country != nil && len(*s.Country) < 2 { 2811 invalidParams.Add(request.NewErrParamMinLen("Country", 2)) 2812 } 2813 2814 if invalidParams.Len() > 0 { 2815 return invalidParams 2816 } 2817 return nil 2818} 2819 2820// SetCommonName sets the CommonName field's value. 2821func (s *ASN1Subject) SetCommonName(v string) *ASN1Subject { 2822 s.CommonName = &v 2823 return s 2824} 2825 2826// SetCountry sets the Country field's value. 2827func (s *ASN1Subject) SetCountry(v string) *ASN1Subject { 2828 s.Country = &v 2829 return s 2830} 2831 2832// SetDistinguishedNameQualifier sets the DistinguishedNameQualifier field's value. 2833func (s *ASN1Subject) SetDistinguishedNameQualifier(v string) *ASN1Subject { 2834 s.DistinguishedNameQualifier = &v 2835 return s 2836} 2837 2838// SetGenerationQualifier sets the GenerationQualifier field's value. 2839func (s *ASN1Subject) SetGenerationQualifier(v string) *ASN1Subject { 2840 s.GenerationQualifier = &v 2841 return s 2842} 2843 2844// SetGivenName sets the GivenName field's value. 2845func (s *ASN1Subject) SetGivenName(v string) *ASN1Subject { 2846 s.GivenName = &v 2847 return s 2848} 2849 2850// SetInitials sets the Initials field's value. 2851func (s *ASN1Subject) SetInitials(v string) *ASN1Subject { 2852 s.Initials = &v 2853 return s 2854} 2855 2856// SetLocality sets the Locality field's value. 2857func (s *ASN1Subject) SetLocality(v string) *ASN1Subject { 2858 s.Locality = &v 2859 return s 2860} 2861 2862// SetOrganization sets the Organization field's value. 2863func (s *ASN1Subject) SetOrganization(v string) *ASN1Subject { 2864 s.Organization = &v 2865 return s 2866} 2867 2868// SetOrganizationalUnit sets the OrganizationalUnit field's value. 2869func (s *ASN1Subject) SetOrganizationalUnit(v string) *ASN1Subject { 2870 s.OrganizationalUnit = &v 2871 return s 2872} 2873 2874// SetPseudonym sets the Pseudonym field's value. 2875func (s *ASN1Subject) SetPseudonym(v string) *ASN1Subject { 2876 s.Pseudonym = &v 2877 return s 2878} 2879 2880// SetSerialNumber sets the SerialNumber field's value. 2881func (s *ASN1Subject) SetSerialNumber(v string) *ASN1Subject { 2882 s.SerialNumber = &v 2883 return s 2884} 2885 2886// SetState sets the State field's value. 2887func (s *ASN1Subject) SetState(v string) *ASN1Subject { 2888 s.State = &v 2889 return s 2890} 2891 2892// SetSurname sets the Surname field's value. 2893func (s *ASN1Subject) SetSurname(v string) *ASN1Subject { 2894 s.Surname = &v 2895 return s 2896} 2897 2898// SetTitle sets the Title field's value. 2899func (s *ASN1Subject) SetTitle(v string) *ASN1Subject { 2900 s.Title = &v 2901 return s 2902} 2903 2904// Provides access information used by the authorityInfoAccess and subjectInfoAccess 2905// extensions described in RFC 5280 (https://tools.ietf.org/html/rfc5280). 2906type AccessDescription struct { 2907 _ struct{} `type:"structure"` 2908 2909 // The location of AccessDescription information. 2910 // 2911 // AccessLocation is a required field 2912 AccessLocation *GeneralName `type:"structure" required:"true"` 2913 2914 // The type and format of AccessDescription information. 2915 // 2916 // AccessMethod is a required field 2917 AccessMethod *AccessMethod `type:"structure" required:"true"` 2918} 2919 2920// String returns the string representation 2921func (s AccessDescription) String() string { 2922 return awsutil.Prettify(s) 2923} 2924 2925// GoString returns the string representation 2926func (s AccessDescription) GoString() string { 2927 return s.String() 2928} 2929 2930// Validate inspects the fields of the type to determine if they are valid. 2931func (s *AccessDescription) Validate() error { 2932 invalidParams := request.ErrInvalidParams{Context: "AccessDescription"} 2933 if s.AccessLocation == nil { 2934 invalidParams.Add(request.NewErrParamRequired("AccessLocation")) 2935 } 2936 if s.AccessMethod == nil { 2937 invalidParams.Add(request.NewErrParamRequired("AccessMethod")) 2938 } 2939 if s.AccessLocation != nil { 2940 if err := s.AccessLocation.Validate(); err != nil { 2941 invalidParams.AddNested("AccessLocation", err.(request.ErrInvalidParams)) 2942 } 2943 } 2944 2945 if invalidParams.Len() > 0 { 2946 return invalidParams 2947 } 2948 return nil 2949} 2950 2951// SetAccessLocation sets the AccessLocation field's value. 2952func (s *AccessDescription) SetAccessLocation(v *GeneralName) *AccessDescription { 2953 s.AccessLocation = v 2954 return s 2955} 2956 2957// SetAccessMethod sets the AccessMethod field's value. 2958func (s *AccessDescription) SetAccessMethod(v *AccessMethod) *AccessDescription { 2959 s.AccessMethod = v 2960 return s 2961} 2962 2963// Describes the type and format of extension access. Only one of CustomObjectIdentifier 2964// or AccessMethodType may be provided. Providing both results in InvalidArgsException. 2965type AccessMethod struct { 2966 _ struct{} `type:"structure"` 2967 2968 // Specifies the AccessMethod. 2969 AccessMethodType *string `type:"string" enum:"AccessMethodType"` 2970 2971 // An object identifier (OID) specifying the AccessMethod. The OID must satisfy 2972 // the regular expression shown below. For more information, see NIST's definition 2973 // of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 2974 CustomObjectIdentifier *string `type:"string"` 2975} 2976 2977// String returns the string representation 2978func (s AccessMethod) String() string { 2979 return awsutil.Prettify(s) 2980} 2981 2982// GoString returns the string representation 2983func (s AccessMethod) GoString() string { 2984 return s.String() 2985} 2986 2987// SetAccessMethodType sets the AccessMethodType field's value. 2988func (s *AccessMethod) SetAccessMethodType(v string) *AccessMethod { 2989 s.AccessMethodType = &v 2990 return s 2991} 2992 2993// SetCustomObjectIdentifier sets the CustomObjectIdentifier field's value. 2994func (s *AccessMethod) SetCustomObjectIdentifier(v string) *AccessMethod { 2995 s.CustomObjectIdentifier = &v 2996 return s 2997} 2998 2999// Contains X.509 certificate information to be placed in an issued certificate. 3000// An APIPassthrough or APICSRPassthrough template variant must be selected, 3001// or else this parameter is ignored. 3002// 3003// If conflicting or duplicate certificate information is supplied from other 3004// sources, ACM Private CA applies order of operation rules (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) 3005// to determine what information is used. 3006type ApiPassthrough struct { 3007 _ struct{} `type:"structure"` 3008 3009 // Specifies X.509 extension information for a certificate. 3010 Extensions *Extensions `type:"structure"` 3011 3012 // Contains information about the certificate subject. The Subject field in 3013 // the certificate identifies the entity that owns or controls the public key 3014 // in the certificate. The entity can be a user, computer, device, or service. 3015 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 3016 // of relative distinguished names (RDNs). The RDNs are separated by commas 3017 // in the certificate. 3018 Subject *ASN1Subject `type:"structure"` 3019} 3020 3021// String returns the string representation 3022func (s ApiPassthrough) String() string { 3023 return awsutil.Prettify(s) 3024} 3025 3026// GoString returns the string representation 3027func (s ApiPassthrough) GoString() string { 3028 return s.String() 3029} 3030 3031// Validate inspects the fields of the type to determine if they are valid. 3032func (s *ApiPassthrough) Validate() error { 3033 invalidParams := request.ErrInvalidParams{Context: "ApiPassthrough"} 3034 if s.Extensions != nil { 3035 if err := s.Extensions.Validate(); err != nil { 3036 invalidParams.AddNested("Extensions", err.(request.ErrInvalidParams)) 3037 } 3038 } 3039 if s.Subject != nil { 3040 if err := s.Subject.Validate(); err != nil { 3041 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3042 } 3043 } 3044 3045 if invalidParams.Len() > 0 { 3046 return invalidParams 3047 } 3048 return nil 3049} 3050 3051// SetExtensions sets the Extensions field's value. 3052func (s *ApiPassthrough) SetExtensions(v *Extensions) *ApiPassthrough { 3053 s.Extensions = v 3054 return s 3055} 3056 3057// SetSubject sets the Subject field's value. 3058func (s *ApiPassthrough) SetSubject(v *ASN1Subject) *ApiPassthrough { 3059 s.Subject = v 3060 return s 3061} 3062 3063// Contains information about your private certificate authority (CA). Your 3064// private CA can issue and revoke X.509 digital certificates. Digital certificates 3065// verify that the entity named in the certificate Subject field owns or controls 3066// the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority 3067// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3068// action to create your private CA. You must then call the GetCertificateAuthorityCertificate 3069// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) 3070// action to retrieve a private CA certificate signing request (CSR). Sign the 3071// CSR with your ACM Private CA-hosted or on-premises root or subordinate CA 3072// certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 3073// action to import the signed certificate into AWS Certificate Manager (ACM). 3074type CertificateAuthority struct { 3075 _ struct{} `type:"structure"` 3076 3077 // Amazon Resource Name (ARN) for your private certificate authority (CA). The 3078 // format is 12345678-1234-1234-1234-123456789012 . 3079 Arn *string `min:"5" type:"string"` 3080 3081 // Your private CA configuration. 3082 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure"` 3083 3084 // Date and time at which your private CA was created. 3085 CreatedAt *time.Time `type:"timestamp"` 3086 3087 // Reason the request to create your private CA failed. 3088 FailureReason *string `type:"string" enum:"FailureReason"` 3089 3090 // Defines a cryptographic key management compliance standard used for handling 3091 // CA keys. 3092 // 3093 // Default: FIPS_140_2_LEVEL_3_OR_HIGHER 3094 // 3095 // Note: AWS Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. 3096 // You must explicitly specify this parameter and value when creating a CA in 3097 // that Region. Specifying a different value (or no value) results in an InvalidArgsException 3098 // with the message "A certificate authority cannot be created in this region 3099 // with the specified security standard." 3100 KeyStorageSecurityStandard *string `type:"string" enum:"KeyStorageSecurityStandard"` 3101 3102 // Date and time at which your private CA was last updated. 3103 LastStateChangeAt *time.Time `type:"timestamp"` 3104 3105 // Date and time after which your private CA certificate is not valid. 3106 NotAfter *time.Time `type:"timestamp"` 3107 3108 // Date and time before which your private CA certificate is not valid. 3109 NotBefore *time.Time `type:"timestamp"` 3110 3111 // The AWS account ID that owns the certificate authority. 3112 OwnerAccount *string `min:"12" type:"string"` 3113 3114 // The period during which a deleted CA can be restored. For more information, 3115 // see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest 3116 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html) 3117 // action. 3118 RestorableUntil *time.Time `type:"timestamp"` 3119 3120 // Information about the certificate revocation list (CRL) created and maintained 3121 // by your private CA. 3122 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3123 3124 // Serial number of your private CA. 3125 Serial *string `type:"string"` 3126 3127 // Status of your private CA. 3128 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 3129 3130 // Type of your private CA. 3131 Type *string `type:"string" enum:"CertificateAuthorityType"` 3132} 3133 3134// String returns the string representation 3135func (s CertificateAuthority) String() string { 3136 return awsutil.Prettify(s) 3137} 3138 3139// GoString returns the string representation 3140func (s CertificateAuthority) GoString() string { 3141 return s.String() 3142} 3143 3144// SetArn sets the Arn field's value. 3145func (s *CertificateAuthority) SetArn(v string) *CertificateAuthority { 3146 s.Arn = &v 3147 return s 3148} 3149 3150// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3151func (s *CertificateAuthority) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CertificateAuthority { 3152 s.CertificateAuthorityConfiguration = v 3153 return s 3154} 3155 3156// SetCreatedAt sets the CreatedAt field's value. 3157func (s *CertificateAuthority) SetCreatedAt(v time.Time) *CertificateAuthority { 3158 s.CreatedAt = &v 3159 return s 3160} 3161 3162// SetFailureReason sets the FailureReason field's value. 3163func (s *CertificateAuthority) SetFailureReason(v string) *CertificateAuthority { 3164 s.FailureReason = &v 3165 return s 3166} 3167 3168// SetKeyStorageSecurityStandard sets the KeyStorageSecurityStandard field's value. 3169func (s *CertificateAuthority) SetKeyStorageSecurityStandard(v string) *CertificateAuthority { 3170 s.KeyStorageSecurityStandard = &v 3171 return s 3172} 3173 3174// SetLastStateChangeAt sets the LastStateChangeAt field's value. 3175func (s *CertificateAuthority) SetLastStateChangeAt(v time.Time) *CertificateAuthority { 3176 s.LastStateChangeAt = &v 3177 return s 3178} 3179 3180// SetNotAfter sets the NotAfter field's value. 3181func (s *CertificateAuthority) SetNotAfter(v time.Time) *CertificateAuthority { 3182 s.NotAfter = &v 3183 return s 3184} 3185 3186// SetNotBefore sets the NotBefore field's value. 3187func (s *CertificateAuthority) SetNotBefore(v time.Time) *CertificateAuthority { 3188 s.NotBefore = &v 3189 return s 3190} 3191 3192// SetOwnerAccount sets the OwnerAccount field's value. 3193func (s *CertificateAuthority) SetOwnerAccount(v string) *CertificateAuthority { 3194 s.OwnerAccount = &v 3195 return s 3196} 3197 3198// SetRestorableUntil sets the RestorableUntil field's value. 3199func (s *CertificateAuthority) SetRestorableUntil(v time.Time) *CertificateAuthority { 3200 s.RestorableUntil = &v 3201 return s 3202} 3203 3204// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3205func (s *CertificateAuthority) SetRevocationConfiguration(v *RevocationConfiguration) *CertificateAuthority { 3206 s.RevocationConfiguration = v 3207 return s 3208} 3209 3210// SetSerial sets the Serial field's value. 3211func (s *CertificateAuthority) SetSerial(v string) *CertificateAuthority { 3212 s.Serial = &v 3213 return s 3214} 3215 3216// SetStatus sets the Status field's value. 3217func (s *CertificateAuthority) SetStatus(v string) *CertificateAuthority { 3218 s.Status = &v 3219 return s 3220} 3221 3222// SetType sets the Type field's value. 3223func (s *CertificateAuthority) SetType(v string) *CertificateAuthority { 3224 s.Type = &v 3225 return s 3226} 3227 3228// Contains configuration information for your private certificate authority 3229// (CA). This includes information about the class of public key algorithm and 3230// the key pair that your private CA creates when it issues a certificate. It 3231// also includes the signature algorithm that it uses when issuing certificates, 3232// and its X.500 distinguished name. You must specify this information when 3233// you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3234// action. 3235type CertificateAuthorityConfiguration struct { 3236 _ struct{} `type:"structure"` 3237 3238 // Specifies information to be added to the extension section of the certificate 3239 // signing request (CSR). 3240 CsrExtensions *CsrExtensions `type:"structure"` 3241 3242 // Type of the public key algorithm and size, in bits, of the key pair that 3243 // your CA creates when it issues a certificate. When you create a subordinate 3244 // CA, you must use a key algorithm supported by the parent CA. 3245 // 3246 // KeyAlgorithm is a required field 3247 KeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` 3248 3249 // Name of the algorithm your private CA uses to sign certificate requests. 3250 // 3251 // This parameter should not be confused with the SigningAlgorithm parameter 3252 // used to sign certificates when they are issued. 3253 // 3254 // SigningAlgorithm is a required field 3255 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 3256 3257 // Structure that contains X.500 distinguished name information for your private 3258 // CA. 3259 // 3260 // Subject is a required field 3261 Subject *ASN1Subject `type:"structure" required:"true"` 3262} 3263 3264// String returns the string representation 3265func (s CertificateAuthorityConfiguration) String() string { 3266 return awsutil.Prettify(s) 3267} 3268 3269// GoString returns the string representation 3270func (s CertificateAuthorityConfiguration) GoString() string { 3271 return s.String() 3272} 3273 3274// Validate inspects the fields of the type to determine if they are valid. 3275func (s *CertificateAuthorityConfiguration) Validate() error { 3276 invalidParams := request.ErrInvalidParams{Context: "CertificateAuthorityConfiguration"} 3277 if s.KeyAlgorithm == nil { 3278 invalidParams.Add(request.NewErrParamRequired("KeyAlgorithm")) 3279 } 3280 if s.SigningAlgorithm == nil { 3281 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 3282 } 3283 if s.Subject == nil { 3284 invalidParams.Add(request.NewErrParamRequired("Subject")) 3285 } 3286 if s.CsrExtensions != nil { 3287 if err := s.CsrExtensions.Validate(); err != nil { 3288 invalidParams.AddNested("CsrExtensions", err.(request.ErrInvalidParams)) 3289 } 3290 } 3291 if s.Subject != nil { 3292 if err := s.Subject.Validate(); err != nil { 3293 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3294 } 3295 } 3296 3297 if invalidParams.Len() > 0 { 3298 return invalidParams 3299 } 3300 return nil 3301} 3302 3303// SetCsrExtensions sets the CsrExtensions field's value. 3304func (s *CertificateAuthorityConfiguration) SetCsrExtensions(v *CsrExtensions) *CertificateAuthorityConfiguration { 3305 s.CsrExtensions = v 3306 return s 3307} 3308 3309// SetKeyAlgorithm sets the KeyAlgorithm field's value. 3310func (s *CertificateAuthorityConfiguration) SetKeyAlgorithm(v string) *CertificateAuthorityConfiguration { 3311 s.KeyAlgorithm = &v 3312 return s 3313} 3314 3315// SetSigningAlgorithm sets the SigningAlgorithm field's value. 3316func (s *CertificateAuthorityConfiguration) SetSigningAlgorithm(v string) *CertificateAuthorityConfiguration { 3317 s.SigningAlgorithm = &v 3318 return s 3319} 3320 3321// SetSubject sets the Subject field's value. 3322func (s *CertificateAuthorityConfiguration) SetSubject(v *ASN1Subject) *CertificateAuthorityConfiguration { 3323 s.Subject = v 3324 return s 3325} 3326 3327// The certificate authority certificate you are importing does not comply with 3328// conditions specified in the certificate that signed it. 3329type CertificateMismatchException struct { 3330 _ struct{} `type:"structure"` 3331 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3332 3333 Message_ *string `locationName:"message" type:"string"` 3334} 3335 3336// String returns the string representation 3337func (s CertificateMismatchException) String() string { 3338 return awsutil.Prettify(s) 3339} 3340 3341// GoString returns the string representation 3342func (s CertificateMismatchException) GoString() string { 3343 return s.String() 3344} 3345 3346func newErrorCertificateMismatchException(v protocol.ResponseMetadata) error { 3347 return &CertificateMismatchException{ 3348 RespMetadata: v, 3349 } 3350} 3351 3352// Code returns the exception type name. 3353func (s *CertificateMismatchException) Code() string { 3354 return "CertificateMismatchException" 3355} 3356 3357// Message returns the exception's message. 3358func (s *CertificateMismatchException) Message() string { 3359 if s.Message_ != nil { 3360 return *s.Message_ 3361 } 3362 return "" 3363} 3364 3365// OrigErr always returns nil, satisfies awserr.Error interface. 3366func (s *CertificateMismatchException) OrigErr() error { 3367 return nil 3368} 3369 3370func (s *CertificateMismatchException) Error() string { 3371 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3372} 3373 3374// Status code returns the HTTP status code for the request's response error. 3375func (s *CertificateMismatchException) StatusCode() int { 3376 return s.RespMetadata.StatusCode 3377} 3378 3379// RequestID returns the service's response RequestID for request. 3380func (s *CertificateMismatchException) RequestID() string { 3381 return s.RespMetadata.RequestID 3382} 3383 3384// A previous update to your private CA is still ongoing. 3385type ConcurrentModificationException struct { 3386 _ struct{} `type:"structure"` 3387 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3388 3389 Message_ *string `locationName:"message" type:"string"` 3390} 3391 3392// String returns the string representation 3393func (s ConcurrentModificationException) String() string { 3394 return awsutil.Prettify(s) 3395} 3396 3397// GoString returns the string representation 3398func (s ConcurrentModificationException) GoString() string { 3399 return s.String() 3400} 3401 3402func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error { 3403 return &ConcurrentModificationException{ 3404 RespMetadata: v, 3405 } 3406} 3407 3408// Code returns the exception type name. 3409func (s *ConcurrentModificationException) Code() string { 3410 return "ConcurrentModificationException" 3411} 3412 3413// Message returns the exception's message. 3414func (s *ConcurrentModificationException) Message() string { 3415 if s.Message_ != nil { 3416 return *s.Message_ 3417 } 3418 return "" 3419} 3420 3421// OrigErr always returns nil, satisfies awserr.Error interface. 3422func (s *ConcurrentModificationException) OrigErr() error { 3423 return nil 3424} 3425 3426func (s *ConcurrentModificationException) Error() string { 3427 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3428} 3429 3430// Status code returns the HTTP status code for the request's response error. 3431func (s *ConcurrentModificationException) StatusCode() int { 3432 return s.RespMetadata.StatusCode 3433} 3434 3435// RequestID returns the service's response RequestID for request. 3436func (s *ConcurrentModificationException) RequestID() string { 3437 return s.RespMetadata.RequestID 3438} 3439 3440type CreateCertificateAuthorityAuditReportInput struct { 3441 _ struct{} `type:"structure"` 3442 3443 // The format in which to create the report. This can be either JSON or CSV. 3444 // 3445 // AuditReportResponseFormat is a required field 3446 AuditReportResponseFormat *string `type:"string" required:"true" enum:"AuditReportResponseFormat"` 3447 3448 // The Amazon Resource Name (ARN) of the CA to be audited. This is of the form: 3449 // 3450 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3451 // 3452 // CertificateAuthorityArn is a required field 3453 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3454 3455 // The name of the S3 bucket that will contain the audit report. 3456 // 3457 // S3BucketName is a required field 3458 S3BucketName *string `min:"3" type:"string" required:"true"` 3459} 3460 3461// String returns the string representation 3462func (s CreateCertificateAuthorityAuditReportInput) String() string { 3463 return awsutil.Prettify(s) 3464} 3465 3466// GoString returns the string representation 3467func (s CreateCertificateAuthorityAuditReportInput) GoString() string { 3468 return s.String() 3469} 3470 3471// Validate inspects the fields of the type to determine if they are valid. 3472func (s *CreateCertificateAuthorityAuditReportInput) Validate() error { 3473 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityAuditReportInput"} 3474 if s.AuditReportResponseFormat == nil { 3475 invalidParams.Add(request.NewErrParamRequired("AuditReportResponseFormat")) 3476 } 3477 if s.CertificateAuthorityArn == nil { 3478 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3479 } 3480 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3481 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3482 } 3483 if s.S3BucketName == nil { 3484 invalidParams.Add(request.NewErrParamRequired("S3BucketName")) 3485 } 3486 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 3487 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 3488 } 3489 3490 if invalidParams.Len() > 0 { 3491 return invalidParams 3492 } 3493 return nil 3494} 3495 3496// SetAuditReportResponseFormat sets the AuditReportResponseFormat field's value. 3497func (s *CreateCertificateAuthorityAuditReportInput) SetAuditReportResponseFormat(v string) *CreateCertificateAuthorityAuditReportInput { 3498 s.AuditReportResponseFormat = &v 3499 return s 3500} 3501 3502// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3503func (s *CreateCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityAuditReportInput { 3504 s.CertificateAuthorityArn = &v 3505 return s 3506} 3507 3508// SetS3BucketName sets the S3BucketName field's value. 3509func (s *CreateCertificateAuthorityAuditReportInput) SetS3BucketName(v string) *CreateCertificateAuthorityAuditReportInput { 3510 s.S3BucketName = &v 3511 return s 3512} 3513 3514type CreateCertificateAuthorityAuditReportOutput struct { 3515 _ struct{} `type:"structure"` 3516 3517 // An alphanumeric string that contains a report identifier. 3518 AuditReportId *string `min:"36" type:"string"` 3519 3520 // The key that uniquely identifies the report file in your S3 bucket. 3521 S3Key *string `type:"string"` 3522} 3523 3524// String returns the string representation 3525func (s CreateCertificateAuthorityAuditReportOutput) String() string { 3526 return awsutil.Prettify(s) 3527} 3528 3529// GoString returns the string representation 3530func (s CreateCertificateAuthorityAuditReportOutput) GoString() string { 3531 return s.String() 3532} 3533 3534// SetAuditReportId sets the AuditReportId field's value. 3535func (s *CreateCertificateAuthorityAuditReportOutput) SetAuditReportId(v string) *CreateCertificateAuthorityAuditReportOutput { 3536 s.AuditReportId = &v 3537 return s 3538} 3539 3540// SetS3Key sets the S3Key field's value. 3541func (s *CreateCertificateAuthorityAuditReportOutput) SetS3Key(v string) *CreateCertificateAuthorityAuditReportOutput { 3542 s.S3Key = &v 3543 return s 3544} 3545 3546type CreateCertificateAuthorityInput struct { 3547 _ struct{} `type:"structure"` 3548 3549 // Name and bit size of the private key algorithm, the name of the signing algorithm, 3550 // and X.500 certificate subject information. 3551 // 3552 // CertificateAuthorityConfiguration is a required field 3553 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure" required:"true"` 3554 3555 // The type of the certificate authority. 3556 // 3557 // CertificateAuthorityType is a required field 3558 CertificateAuthorityType *string `type:"string" required:"true" enum:"CertificateAuthorityType"` 3559 3560 // Custom string that can be used to distinguish between calls to the CreateCertificateAuthority 3561 // action. Idempotency tokens for CreateCertificateAuthority time out after 3562 // five minutes. Therefore, if you call CreateCertificateAuthority multiple 3563 // times with the same idempotency token within five minutes, ACM Private CA 3564 // recognizes that you are requesting only certificate authority and will issue 3565 // only one. If you change the idempotency token for each call, PCA recognizes 3566 // that you are requesting multiple certificate authorities. 3567 IdempotencyToken *string `min:"1" type:"string"` 3568 3569 // Specifies a cryptographic key management compliance standard used for handling 3570 // CA keys. 3571 // 3572 // Default: FIPS_140_2_LEVEL_3_OR_HIGHER 3573 // 3574 // Note: AWS Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. 3575 // You must explicitly specify this parameter and value when creating a CA in 3576 // that Region. Specifying a different value (or no value) results in an InvalidArgsException 3577 // with the message "A certificate authority cannot be created in this region 3578 // with the specified security standard." 3579 KeyStorageSecurityStandard *string `type:"string" enum:"KeyStorageSecurityStandard"` 3580 3581 // Contains a Boolean value that you can use to enable a certification revocation 3582 // list (CRL) for the CA, the name of the S3 bucket to which ACM Private CA 3583 // will write the CRL, and an optional CNAME alias that you can use to hide 3584 // the name of your bucket in the CRL Distribution Points extension of your 3585 // CA certificate. For more information, see the CrlConfiguration (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html) 3586 // structure. 3587 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3588 3589 // Key-value pairs that will be attached to the new private CA. You can associate 3590 // up to 50 tags with a private CA. For information using tags with IAM to manage 3591 // permissions, see Controlling Access Using IAM Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html). 3592 Tags []*Tag `min:"1" type:"list"` 3593} 3594 3595// String returns the string representation 3596func (s CreateCertificateAuthorityInput) String() string { 3597 return awsutil.Prettify(s) 3598} 3599 3600// GoString returns the string representation 3601func (s CreateCertificateAuthorityInput) GoString() string { 3602 return s.String() 3603} 3604 3605// Validate inspects the fields of the type to determine if they are valid. 3606func (s *CreateCertificateAuthorityInput) Validate() error { 3607 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityInput"} 3608 if s.CertificateAuthorityConfiguration == nil { 3609 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityConfiguration")) 3610 } 3611 if s.CertificateAuthorityType == nil { 3612 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityType")) 3613 } 3614 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 3615 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 3616 } 3617 if s.Tags != nil && len(s.Tags) < 1 { 3618 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 3619 } 3620 if s.CertificateAuthorityConfiguration != nil { 3621 if err := s.CertificateAuthorityConfiguration.Validate(); err != nil { 3622 invalidParams.AddNested("CertificateAuthorityConfiguration", err.(request.ErrInvalidParams)) 3623 } 3624 } 3625 if s.RevocationConfiguration != nil { 3626 if err := s.RevocationConfiguration.Validate(); err != nil { 3627 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 3628 } 3629 } 3630 if s.Tags != nil { 3631 for i, v := range s.Tags { 3632 if v == nil { 3633 continue 3634 } 3635 if err := v.Validate(); err != nil { 3636 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 3637 } 3638 } 3639 } 3640 3641 if invalidParams.Len() > 0 { 3642 return invalidParams 3643 } 3644 return nil 3645} 3646 3647// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3648func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CreateCertificateAuthorityInput { 3649 s.CertificateAuthorityConfiguration = v 3650 return s 3651} 3652 3653// SetCertificateAuthorityType sets the CertificateAuthorityType field's value. 3654func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityType(v string) *CreateCertificateAuthorityInput { 3655 s.CertificateAuthorityType = &v 3656 return s 3657} 3658 3659// SetIdempotencyToken sets the IdempotencyToken field's value. 3660func (s *CreateCertificateAuthorityInput) SetIdempotencyToken(v string) *CreateCertificateAuthorityInput { 3661 s.IdempotencyToken = &v 3662 return s 3663} 3664 3665// SetKeyStorageSecurityStandard sets the KeyStorageSecurityStandard field's value. 3666func (s *CreateCertificateAuthorityInput) SetKeyStorageSecurityStandard(v string) *CreateCertificateAuthorityInput { 3667 s.KeyStorageSecurityStandard = &v 3668 return s 3669} 3670 3671// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3672func (s *CreateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *CreateCertificateAuthorityInput { 3673 s.RevocationConfiguration = v 3674 return s 3675} 3676 3677// SetTags sets the Tags field's value. 3678func (s *CreateCertificateAuthorityInput) SetTags(v []*Tag) *CreateCertificateAuthorityInput { 3679 s.Tags = v 3680 return s 3681} 3682 3683type CreateCertificateAuthorityOutput struct { 3684 _ struct{} `type:"structure"` 3685 3686 // If successful, the Amazon Resource Name (ARN) of the certificate authority 3687 // (CA). This is of the form: 3688 // 3689 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3690 CertificateAuthorityArn *string `min:"5" type:"string"` 3691} 3692 3693// String returns the string representation 3694func (s CreateCertificateAuthorityOutput) String() string { 3695 return awsutil.Prettify(s) 3696} 3697 3698// GoString returns the string representation 3699func (s CreateCertificateAuthorityOutput) GoString() string { 3700 return s.String() 3701} 3702 3703// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3704func (s *CreateCertificateAuthorityOutput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityOutput { 3705 s.CertificateAuthorityArn = &v 3706 return s 3707} 3708 3709type CreatePermissionInput struct { 3710 _ struct{} `type:"structure"` 3711 3712 // The actions that the specified AWS service principal can use. These include 3713 // IssueCertificate, GetCertificate, and ListPermissions. 3714 // 3715 // Actions is a required field 3716 Actions []*string `min:"1" type:"list" required:"true"` 3717 3718 // The Amazon Resource Name (ARN) of the CA that grants the permissions. You 3719 // can find the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 3720 // action. This must have the following form: 3721 // 3722 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3723 // 3724 // CertificateAuthorityArn is a required field 3725 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3726 3727 // The AWS service or identity that receives the permission. At this time, the 3728 // only valid principal is acm.amazonaws.com. 3729 // 3730 // Principal is a required field 3731 Principal *string `type:"string" required:"true"` 3732 3733 // The ID of the calling account. 3734 SourceAccount *string `min:"12" type:"string"` 3735} 3736 3737// String returns the string representation 3738func (s CreatePermissionInput) String() string { 3739 return awsutil.Prettify(s) 3740} 3741 3742// GoString returns the string representation 3743func (s CreatePermissionInput) GoString() string { 3744 return s.String() 3745} 3746 3747// Validate inspects the fields of the type to determine if they are valid. 3748func (s *CreatePermissionInput) Validate() error { 3749 invalidParams := request.ErrInvalidParams{Context: "CreatePermissionInput"} 3750 if s.Actions == nil { 3751 invalidParams.Add(request.NewErrParamRequired("Actions")) 3752 } 3753 if s.Actions != nil && len(s.Actions) < 1 { 3754 invalidParams.Add(request.NewErrParamMinLen("Actions", 1)) 3755 } 3756 if s.CertificateAuthorityArn == nil { 3757 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3758 } 3759 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3760 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3761 } 3762 if s.Principal == nil { 3763 invalidParams.Add(request.NewErrParamRequired("Principal")) 3764 } 3765 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 3766 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 3767 } 3768 3769 if invalidParams.Len() > 0 { 3770 return invalidParams 3771 } 3772 return nil 3773} 3774 3775// SetActions sets the Actions field's value. 3776func (s *CreatePermissionInput) SetActions(v []*string) *CreatePermissionInput { 3777 s.Actions = v 3778 return s 3779} 3780 3781// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3782func (s *CreatePermissionInput) SetCertificateAuthorityArn(v string) *CreatePermissionInput { 3783 s.CertificateAuthorityArn = &v 3784 return s 3785} 3786 3787// SetPrincipal sets the Principal field's value. 3788func (s *CreatePermissionInput) SetPrincipal(v string) *CreatePermissionInput { 3789 s.Principal = &v 3790 return s 3791} 3792 3793// SetSourceAccount sets the SourceAccount field's value. 3794func (s *CreatePermissionInput) SetSourceAccount(v string) *CreatePermissionInput { 3795 s.SourceAccount = &v 3796 return s 3797} 3798 3799type CreatePermissionOutput struct { 3800 _ struct{} `type:"structure"` 3801} 3802 3803// String returns the string representation 3804func (s CreatePermissionOutput) String() string { 3805 return awsutil.Prettify(s) 3806} 3807 3808// GoString returns the string representation 3809func (s CreatePermissionOutput) GoString() string { 3810 return s.String() 3811} 3812 3813// Contains configuration information for a certificate revocation list (CRL). 3814// Your private certificate authority (CA) creates base CRLs. Delta CRLs are 3815// not supported. You can enable CRLs for your new or an existing private CA 3816// by setting the Enabled parameter to true. Your private CA writes CRLs to 3817// an S3 bucket that you specify in the S3BucketName parameter. You can hide 3818// the name of your bucket by specifying a value for the CustomCname parameter. 3819// Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution 3820// Points extension of each certificate it issues. Your S3 bucket policy must 3821// give write permission to ACM Private CA. 3822// 3823// ACM Private CA assets that are stored in Amazon S3 can be protected with 3824// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 3825// 3826// Your private CA uses the value in the ExpirationInDays parameter to calculate 3827// the nextUpdate field in the CRL. The CRL is refreshed at 1/2 the age of next 3828// update or when a certificate is revoked. When a certificate is revoked, it 3829// is recorded in the next CRL that is generated and in the next audit report. 3830// Only time valid certificates are listed in the CRL. Expired certificates 3831// are not included. 3832// 3833// CRLs contain the following fields: 3834// 3835// * Version: The current version number defined in RFC 5280 is V2. The integer 3836// value is 0x1. 3837// 3838// * Signature Algorithm: The name of the algorithm used to sign the CRL. 3839// 3840// * Issuer: The X.500 distinguished name of your private CA that issued 3841// the CRL. 3842// 3843// * Last Update: The issue date and time of this CRL. 3844// 3845// * Next Update: The day and time by which the next CRL will be issued. 3846// 3847// * Revoked Certificates: List of revoked certificates. Each list item contains 3848// the following information. Serial Number: The serial number, in hexadecimal 3849// format, of the revoked certificate. Revocation Date: Date and time the 3850// certificate was revoked. CRL Entry Extensions: Optional extensions for 3851// the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked. 3852// 3853// * CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key 3854// Identifier: Identifies the public key associated with the private key 3855// used to sign the certificate. X509v3 CRL Number:: Decimal sequence number 3856// for the CRL. 3857// 3858// * Signature Algorithm: Algorithm used by your private CA to sign the CRL. 3859// 3860// * Signature Value: Signature computed over the CRL. 3861// 3862// Certificate revocation lists created by ACM Private CA are DER-encoded. You 3863// can use the following OpenSSL command to list a CRL. 3864// 3865// openssl crl -inform DER -text -in crl_path -noout 3866type CrlConfiguration struct { 3867 _ struct{} `type:"structure"` 3868 3869 // Name inserted into the certificate CRL Distribution Points extension that 3870 // enables the use of an alias for the CRL distribution point. Use this value 3871 // if you don't want the name of your S3 bucket to be public. 3872 CustomCname *string `type:"string"` 3873 3874 // Boolean value that specifies whether certificate revocation lists (CRLs) 3875 // are enabled. You can use this value to enable certificate revocation for 3876 // a new CA when you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3877 // action or for an existing CA when you call the UpdateCertificateAuthority 3878 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 3879 // action. 3880 // 3881 // Enabled is a required field 3882 Enabled *bool `type:"boolean" required:"true"` 3883 3884 // Validity period of the CRL in days. 3885 ExpirationInDays *int64 `min:"1" type:"integer"` 3886 3887 // Name of the S3 bucket that contains the CRL. If you do not provide a value 3888 // for the CustomCname argument, the name of your S3 bucket is placed into the 3889 // CRL Distribution Points extension of the issued certificate. You can change 3890 // the name of your bucket by calling the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 3891 // action. You must specify a bucket policy that allows ACM Private CA to write 3892 // the CRL to your bucket. 3893 S3BucketName *string `min:"3" type:"string"` 3894} 3895 3896// String returns the string representation 3897func (s CrlConfiguration) String() string { 3898 return awsutil.Prettify(s) 3899} 3900 3901// GoString returns the string representation 3902func (s CrlConfiguration) GoString() string { 3903 return s.String() 3904} 3905 3906// Validate inspects the fields of the type to determine if they are valid. 3907func (s *CrlConfiguration) Validate() error { 3908 invalidParams := request.ErrInvalidParams{Context: "CrlConfiguration"} 3909 if s.Enabled == nil { 3910 invalidParams.Add(request.NewErrParamRequired("Enabled")) 3911 } 3912 if s.ExpirationInDays != nil && *s.ExpirationInDays < 1 { 3913 invalidParams.Add(request.NewErrParamMinValue("ExpirationInDays", 1)) 3914 } 3915 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 3916 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 3917 } 3918 3919 if invalidParams.Len() > 0 { 3920 return invalidParams 3921 } 3922 return nil 3923} 3924 3925// SetCustomCname sets the CustomCname field's value. 3926func (s *CrlConfiguration) SetCustomCname(v string) *CrlConfiguration { 3927 s.CustomCname = &v 3928 return s 3929} 3930 3931// SetEnabled sets the Enabled field's value. 3932func (s *CrlConfiguration) SetEnabled(v bool) *CrlConfiguration { 3933 s.Enabled = &v 3934 return s 3935} 3936 3937// SetExpirationInDays sets the ExpirationInDays field's value. 3938func (s *CrlConfiguration) SetExpirationInDays(v int64) *CrlConfiguration { 3939 s.ExpirationInDays = &v 3940 return s 3941} 3942 3943// SetS3BucketName sets the S3BucketName field's value. 3944func (s *CrlConfiguration) SetS3BucketName(v string) *CrlConfiguration { 3945 s.S3BucketName = &v 3946 return s 3947} 3948 3949// Describes the certificate extensions to be added to the certificate signing 3950// request (CSR). 3951type CsrExtensions struct { 3952 _ struct{} `type:"structure"` 3953 3954 // Indicates the purpose of the certificate and of the key contained in the 3955 // certificate. 3956 KeyUsage *KeyUsage `type:"structure"` 3957 3958 // For CA certificates, provides a path to additional information pertaining 3959 // to the CA, such as revocation and policy. For more information, see Subject 3960 // Information Access (https://tools.ietf.org/html/rfc5280#section-4.2.2.2) 3961 // in RFC 5280. 3962 SubjectInformationAccess []*AccessDescription `type:"list"` 3963} 3964 3965// String returns the string representation 3966func (s CsrExtensions) String() string { 3967 return awsutil.Prettify(s) 3968} 3969 3970// GoString returns the string representation 3971func (s CsrExtensions) GoString() string { 3972 return s.String() 3973} 3974 3975// Validate inspects the fields of the type to determine if they are valid. 3976func (s *CsrExtensions) Validate() error { 3977 invalidParams := request.ErrInvalidParams{Context: "CsrExtensions"} 3978 if s.SubjectInformationAccess != nil { 3979 for i, v := range s.SubjectInformationAccess { 3980 if v == nil { 3981 continue 3982 } 3983 if err := v.Validate(); err != nil { 3984 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectInformationAccess", i), err.(request.ErrInvalidParams)) 3985 } 3986 } 3987 } 3988 3989 if invalidParams.Len() > 0 { 3990 return invalidParams 3991 } 3992 return nil 3993} 3994 3995// SetKeyUsage sets the KeyUsage field's value. 3996func (s *CsrExtensions) SetKeyUsage(v *KeyUsage) *CsrExtensions { 3997 s.KeyUsage = v 3998 return s 3999} 4000 4001// SetSubjectInformationAccess sets the SubjectInformationAccess field's value. 4002func (s *CsrExtensions) SetSubjectInformationAccess(v []*AccessDescription) *CsrExtensions { 4003 s.SubjectInformationAccess = v 4004 return s 4005} 4006 4007type DeleteCertificateAuthorityInput struct { 4008 _ struct{} `type:"structure"` 4009 4010 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4011 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4012 // This must have the following form: 4013 // 4014 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4015 // 4016 // CertificateAuthorityArn is a required field 4017 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4018 4019 // The number of days to make a CA restorable after it has been deleted. This 4020 // can be anywhere from 7 to 30 days, with 30 being the default. 4021 PermanentDeletionTimeInDays *int64 `min:"7" type:"integer"` 4022} 4023 4024// String returns the string representation 4025func (s DeleteCertificateAuthorityInput) String() string { 4026 return awsutil.Prettify(s) 4027} 4028 4029// GoString returns the string representation 4030func (s DeleteCertificateAuthorityInput) GoString() string { 4031 return s.String() 4032} 4033 4034// Validate inspects the fields of the type to determine if they are valid. 4035func (s *DeleteCertificateAuthorityInput) Validate() error { 4036 invalidParams := request.ErrInvalidParams{Context: "DeleteCertificateAuthorityInput"} 4037 if s.CertificateAuthorityArn == nil { 4038 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4039 } 4040 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4041 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4042 } 4043 if s.PermanentDeletionTimeInDays != nil && *s.PermanentDeletionTimeInDays < 7 { 4044 invalidParams.Add(request.NewErrParamMinValue("PermanentDeletionTimeInDays", 7)) 4045 } 4046 4047 if invalidParams.Len() > 0 { 4048 return invalidParams 4049 } 4050 return nil 4051} 4052 4053// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4054func (s *DeleteCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DeleteCertificateAuthorityInput { 4055 s.CertificateAuthorityArn = &v 4056 return s 4057} 4058 4059// SetPermanentDeletionTimeInDays sets the PermanentDeletionTimeInDays field's value. 4060func (s *DeleteCertificateAuthorityInput) SetPermanentDeletionTimeInDays(v int64) *DeleteCertificateAuthorityInput { 4061 s.PermanentDeletionTimeInDays = &v 4062 return s 4063} 4064 4065type DeleteCertificateAuthorityOutput struct { 4066 _ struct{} `type:"structure"` 4067} 4068 4069// String returns the string representation 4070func (s DeleteCertificateAuthorityOutput) String() string { 4071 return awsutil.Prettify(s) 4072} 4073 4074// GoString returns the string representation 4075func (s DeleteCertificateAuthorityOutput) GoString() string { 4076 return s.String() 4077} 4078 4079type DeletePermissionInput struct { 4080 _ struct{} `type:"structure"` 4081 4082 // The Amazon Resource Number (ARN) of the private CA that issued the permissions. 4083 // You can find the CA's ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4084 // action. This must have the following form: 4085 // 4086 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4087 // 4088 // CertificateAuthorityArn is a required field 4089 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4090 4091 // The AWS service or identity that will have its CA permissions revoked. At 4092 // this time, the only valid service principal is acm.amazonaws.com 4093 // 4094 // Principal is a required field 4095 Principal *string `type:"string" required:"true"` 4096 4097 // The AWS account that calls this action. 4098 SourceAccount *string `min:"12" type:"string"` 4099} 4100 4101// String returns the string representation 4102func (s DeletePermissionInput) String() string { 4103 return awsutil.Prettify(s) 4104} 4105 4106// GoString returns the string representation 4107func (s DeletePermissionInput) GoString() string { 4108 return s.String() 4109} 4110 4111// Validate inspects the fields of the type to determine if they are valid. 4112func (s *DeletePermissionInput) Validate() error { 4113 invalidParams := request.ErrInvalidParams{Context: "DeletePermissionInput"} 4114 if s.CertificateAuthorityArn == nil { 4115 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4116 } 4117 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4118 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4119 } 4120 if s.Principal == nil { 4121 invalidParams.Add(request.NewErrParamRequired("Principal")) 4122 } 4123 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 4124 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 4125 } 4126 4127 if invalidParams.Len() > 0 { 4128 return invalidParams 4129 } 4130 return nil 4131} 4132 4133// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4134func (s *DeletePermissionInput) SetCertificateAuthorityArn(v string) *DeletePermissionInput { 4135 s.CertificateAuthorityArn = &v 4136 return s 4137} 4138 4139// SetPrincipal sets the Principal field's value. 4140func (s *DeletePermissionInput) SetPrincipal(v string) *DeletePermissionInput { 4141 s.Principal = &v 4142 return s 4143} 4144 4145// SetSourceAccount sets the SourceAccount field's value. 4146func (s *DeletePermissionInput) SetSourceAccount(v string) *DeletePermissionInput { 4147 s.SourceAccount = &v 4148 return s 4149} 4150 4151type DeletePermissionOutput struct { 4152 _ struct{} `type:"structure"` 4153} 4154 4155// String returns the string representation 4156func (s DeletePermissionOutput) String() string { 4157 return awsutil.Prettify(s) 4158} 4159 4160// GoString returns the string representation 4161func (s DeletePermissionOutput) GoString() string { 4162 return s.String() 4163} 4164 4165type DeletePolicyInput struct { 4166 _ struct{} `type:"structure"` 4167 4168 // The Amazon Resource Number (ARN) of the private CA that will have its policy 4169 // deleted. You can find the CA's ARN by calling the ListCertificateAuthorities 4170 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4171 // action. The ARN value must have the form arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab. 4172 // 4173 // ResourceArn is a required field 4174 ResourceArn *string `min:"5" type:"string" required:"true"` 4175} 4176 4177// String returns the string representation 4178func (s DeletePolicyInput) String() string { 4179 return awsutil.Prettify(s) 4180} 4181 4182// GoString returns the string representation 4183func (s DeletePolicyInput) GoString() string { 4184 return s.String() 4185} 4186 4187// Validate inspects the fields of the type to determine if they are valid. 4188func (s *DeletePolicyInput) Validate() error { 4189 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 4190 if s.ResourceArn == nil { 4191 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 4192 } 4193 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 4194 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 4195 } 4196 4197 if invalidParams.Len() > 0 { 4198 return invalidParams 4199 } 4200 return nil 4201} 4202 4203// SetResourceArn sets the ResourceArn field's value. 4204func (s *DeletePolicyInput) SetResourceArn(v string) *DeletePolicyInput { 4205 s.ResourceArn = &v 4206 return s 4207} 4208 4209type DeletePolicyOutput struct { 4210 _ struct{} `type:"structure"` 4211} 4212 4213// String returns the string representation 4214func (s DeletePolicyOutput) String() string { 4215 return awsutil.Prettify(s) 4216} 4217 4218// GoString returns the string representation 4219func (s DeletePolicyOutput) GoString() string { 4220 return s.String() 4221} 4222 4223type DescribeCertificateAuthorityAuditReportInput struct { 4224 _ struct{} `type:"structure"` 4225 4226 // The report ID returned by calling the CreateCertificateAuthorityAuditReport 4227 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 4228 // action. 4229 // 4230 // AuditReportId is a required field 4231 AuditReportId *string `min:"36" type:"string" required:"true"` 4232 4233 // The Amazon Resource Name (ARN) of the private CA. This must be of the form: 4234 // 4235 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4236 // 4237 // CertificateAuthorityArn is a required field 4238 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4239} 4240 4241// String returns the string representation 4242func (s DescribeCertificateAuthorityAuditReportInput) String() string { 4243 return awsutil.Prettify(s) 4244} 4245 4246// GoString returns the string representation 4247func (s DescribeCertificateAuthorityAuditReportInput) GoString() string { 4248 return s.String() 4249} 4250 4251// Validate inspects the fields of the type to determine if they are valid. 4252func (s *DescribeCertificateAuthorityAuditReportInput) Validate() error { 4253 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityAuditReportInput"} 4254 if s.AuditReportId == nil { 4255 invalidParams.Add(request.NewErrParamRequired("AuditReportId")) 4256 } 4257 if s.AuditReportId != nil && len(*s.AuditReportId) < 36 { 4258 invalidParams.Add(request.NewErrParamMinLen("AuditReportId", 36)) 4259 } 4260 if s.CertificateAuthorityArn == nil { 4261 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4262 } 4263 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4264 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4265 } 4266 4267 if invalidParams.Len() > 0 { 4268 return invalidParams 4269 } 4270 return nil 4271} 4272 4273// SetAuditReportId sets the AuditReportId field's value. 4274func (s *DescribeCertificateAuthorityAuditReportInput) SetAuditReportId(v string) *DescribeCertificateAuthorityAuditReportInput { 4275 s.AuditReportId = &v 4276 return s 4277} 4278 4279// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4280func (s *DescribeCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityAuditReportInput { 4281 s.CertificateAuthorityArn = &v 4282 return s 4283} 4284 4285type DescribeCertificateAuthorityAuditReportOutput struct { 4286 _ struct{} `type:"structure"` 4287 4288 // Specifies whether report creation is in progress, has succeeded, or has failed. 4289 AuditReportStatus *string `type:"string" enum:"AuditReportStatus"` 4290 4291 // The date and time at which the report was created. 4292 CreatedAt *time.Time `type:"timestamp"` 4293 4294 // Name of the S3 bucket that contains the report. 4295 S3BucketName *string `min:"3" type:"string"` 4296 4297 // S3 key that uniquely identifies the report file in your S3 bucket. 4298 S3Key *string `type:"string"` 4299} 4300 4301// String returns the string representation 4302func (s DescribeCertificateAuthorityAuditReportOutput) String() string { 4303 return awsutil.Prettify(s) 4304} 4305 4306// GoString returns the string representation 4307func (s DescribeCertificateAuthorityAuditReportOutput) GoString() string { 4308 return s.String() 4309} 4310 4311// SetAuditReportStatus sets the AuditReportStatus field's value. 4312func (s *DescribeCertificateAuthorityAuditReportOutput) SetAuditReportStatus(v string) *DescribeCertificateAuthorityAuditReportOutput { 4313 s.AuditReportStatus = &v 4314 return s 4315} 4316 4317// SetCreatedAt sets the CreatedAt field's value. 4318func (s *DescribeCertificateAuthorityAuditReportOutput) SetCreatedAt(v time.Time) *DescribeCertificateAuthorityAuditReportOutput { 4319 s.CreatedAt = &v 4320 return s 4321} 4322 4323// SetS3BucketName sets the S3BucketName field's value. 4324func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3BucketName(v string) *DescribeCertificateAuthorityAuditReportOutput { 4325 s.S3BucketName = &v 4326 return s 4327} 4328 4329// SetS3Key sets the S3Key field's value. 4330func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3Key(v string) *DescribeCertificateAuthorityAuditReportOutput { 4331 s.S3Key = &v 4332 return s 4333} 4334 4335type DescribeCertificateAuthorityInput struct { 4336 _ struct{} `type:"structure"` 4337 4338 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4339 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4340 // This must be of the form: 4341 // 4342 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4343 // 4344 // CertificateAuthorityArn is a required field 4345 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4346} 4347 4348// String returns the string representation 4349func (s DescribeCertificateAuthorityInput) String() string { 4350 return awsutil.Prettify(s) 4351} 4352 4353// GoString returns the string representation 4354func (s DescribeCertificateAuthorityInput) GoString() string { 4355 return s.String() 4356} 4357 4358// Validate inspects the fields of the type to determine if they are valid. 4359func (s *DescribeCertificateAuthorityInput) Validate() error { 4360 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityInput"} 4361 if s.CertificateAuthorityArn == nil { 4362 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4363 } 4364 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4365 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4366 } 4367 4368 if invalidParams.Len() > 0 { 4369 return invalidParams 4370 } 4371 return nil 4372} 4373 4374// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4375func (s *DescribeCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityInput { 4376 s.CertificateAuthorityArn = &v 4377 return s 4378} 4379 4380type DescribeCertificateAuthorityOutput struct { 4381 _ struct{} `type:"structure"` 4382 4383 // A CertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html) 4384 // structure that contains information about your private CA. 4385 CertificateAuthority *CertificateAuthority `type:"structure"` 4386} 4387 4388// String returns the string representation 4389func (s DescribeCertificateAuthorityOutput) String() string { 4390 return awsutil.Prettify(s) 4391} 4392 4393// GoString returns the string representation 4394func (s DescribeCertificateAuthorityOutput) GoString() string { 4395 return s.String() 4396} 4397 4398// SetCertificateAuthority sets the CertificateAuthority field's value. 4399func (s *DescribeCertificateAuthorityOutput) SetCertificateAuthority(v *CertificateAuthority) *DescribeCertificateAuthorityOutput { 4400 s.CertificateAuthority = v 4401 return s 4402} 4403 4404// Describes an Electronic Data Interchange (EDI) entity as described in as 4405// defined in Subject Alternative Name (https://tools.ietf.org/html/rfc5280) 4406// in RFC 5280. 4407type EdiPartyName struct { 4408 _ struct{} `type:"structure"` 4409 4410 // Specifies the name assigner. 4411 NameAssigner *string `type:"string"` 4412 4413 // Specifies the party name. 4414 // 4415 // PartyName is a required field 4416 PartyName *string `type:"string" required:"true"` 4417} 4418 4419// String returns the string representation 4420func (s EdiPartyName) String() string { 4421 return awsutil.Prettify(s) 4422} 4423 4424// GoString returns the string representation 4425func (s EdiPartyName) GoString() string { 4426 return s.String() 4427} 4428 4429// Validate inspects the fields of the type to determine if they are valid. 4430func (s *EdiPartyName) Validate() error { 4431 invalidParams := request.ErrInvalidParams{Context: "EdiPartyName"} 4432 if s.PartyName == nil { 4433 invalidParams.Add(request.NewErrParamRequired("PartyName")) 4434 } 4435 4436 if invalidParams.Len() > 0 { 4437 return invalidParams 4438 } 4439 return nil 4440} 4441 4442// SetNameAssigner sets the NameAssigner field's value. 4443func (s *EdiPartyName) SetNameAssigner(v string) *EdiPartyName { 4444 s.NameAssigner = &v 4445 return s 4446} 4447 4448// SetPartyName sets the PartyName field's value. 4449func (s *EdiPartyName) SetPartyName(v string) *EdiPartyName { 4450 s.PartyName = &v 4451 return s 4452} 4453 4454// Specifies additional purposes for which the certified public key may be used 4455// other than basic purposes indicated in the KeyUsage extension. 4456type ExtendedKeyUsage struct { 4457 _ struct{} `type:"structure"` 4458 4459 // Specifies a custom ExtendedKeyUsage with an object identifier (OID). 4460 ExtendedKeyUsageObjectIdentifier *string `type:"string"` 4461 4462 // Specifies a standard ExtendedKeyUsage as defined as in RFC 5280 (https://tools.ietf.org/html/rfc5280#section-4.2.1.12). 4463 ExtendedKeyUsageType *string `type:"string" enum:"ExtendedKeyUsageType"` 4464} 4465 4466// String returns the string representation 4467func (s ExtendedKeyUsage) String() string { 4468 return awsutil.Prettify(s) 4469} 4470 4471// GoString returns the string representation 4472func (s ExtendedKeyUsage) GoString() string { 4473 return s.String() 4474} 4475 4476// SetExtendedKeyUsageObjectIdentifier sets the ExtendedKeyUsageObjectIdentifier field's value. 4477func (s *ExtendedKeyUsage) SetExtendedKeyUsageObjectIdentifier(v string) *ExtendedKeyUsage { 4478 s.ExtendedKeyUsageObjectIdentifier = &v 4479 return s 4480} 4481 4482// SetExtendedKeyUsageType sets the ExtendedKeyUsageType field's value. 4483func (s *ExtendedKeyUsage) SetExtendedKeyUsageType(v string) *ExtendedKeyUsage { 4484 s.ExtendedKeyUsageType = &v 4485 return s 4486} 4487 4488// Contains X.509 extension information for a certificate. 4489type Extensions struct { 4490 _ struct{} `type:"structure"` 4491 4492 // Contains a sequence of one or more policy information terms, each of which 4493 // consists of an object identifier (OID) and optional qualifiers. For more 4494 // information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 4495 // 4496 // In an end-entity certificate, these terms indicate the policy under which 4497 // the certificate was issued and the purposes for which it may be used. In 4498 // a CA certificate, these terms limit the set of policies for certification 4499 // paths that include this certificate. 4500 CertificatePolicies []*PolicyInformation `min:"1" type:"list"` 4501 4502 // Specifies additional purposes for which the certified public key may be used 4503 // other than basic purposes indicated in the KeyUsage extension. 4504 ExtendedKeyUsage []*ExtendedKeyUsage `min:"1" type:"list"` 4505 4506 // Defines one or more purposes for which the key contained in the certificate 4507 // can be used. Default value for each option is false. 4508 KeyUsage *KeyUsage `type:"structure"` 4509 4510 // The subject alternative name extension allows identities to be bound to the 4511 // subject of the certificate. These identities may be included in addition 4512 // to or in place of the identity in the subject field of the certificate. 4513 SubjectAlternativeNames []*GeneralName `min:"1" type:"list"` 4514} 4515 4516// String returns the string representation 4517func (s Extensions) String() string { 4518 return awsutil.Prettify(s) 4519} 4520 4521// GoString returns the string representation 4522func (s Extensions) GoString() string { 4523 return s.String() 4524} 4525 4526// Validate inspects the fields of the type to determine if they are valid. 4527func (s *Extensions) Validate() error { 4528 invalidParams := request.ErrInvalidParams{Context: "Extensions"} 4529 if s.CertificatePolicies != nil && len(s.CertificatePolicies) < 1 { 4530 invalidParams.Add(request.NewErrParamMinLen("CertificatePolicies", 1)) 4531 } 4532 if s.ExtendedKeyUsage != nil && len(s.ExtendedKeyUsage) < 1 { 4533 invalidParams.Add(request.NewErrParamMinLen("ExtendedKeyUsage", 1)) 4534 } 4535 if s.SubjectAlternativeNames != nil && len(s.SubjectAlternativeNames) < 1 { 4536 invalidParams.Add(request.NewErrParamMinLen("SubjectAlternativeNames", 1)) 4537 } 4538 if s.CertificatePolicies != nil { 4539 for i, v := range s.CertificatePolicies { 4540 if v == nil { 4541 continue 4542 } 4543 if err := v.Validate(); err != nil { 4544 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CertificatePolicies", i), err.(request.ErrInvalidParams)) 4545 } 4546 } 4547 } 4548 if s.SubjectAlternativeNames != nil { 4549 for i, v := range s.SubjectAlternativeNames { 4550 if v == nil { 4551 continue 4552 } 4553 if err := v.Validate(); err != nil { 4554 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectAlternativeNames", i), err.(request.ErrInvalidParams)) 4555 } 4556 } 4557 } 4558 4559 if invalidParams.Len() > 0 { 4560 return invalidParams 4561 } 4562 return nil 4563} 4564 4565// SetCertificatePolicies sets the CertificatePolicies field's value. 4566func (s *Extensions) SetCertificatePolicies(v []*PolicyInformation) *Extensions { 4567 s.CertificatePolicies = v 4568 return s 4569} 4570 4571// SetExtendedKeyUsage sets the ExtendedKeyUsage field's value. 4572func (s *Extensions) SetExtendedKeyUsage(v []*ExtendedKeyUsage) *Extensions { 4573 s.ExtendedKeyUsage = v 4574 return s 4575} 4576 4577// SetKeyUsage sets the KeyUsage field's value. 4578func (s *Extensions) SetKeyUsage(v *KeyUsage) *Extensions { 4579 s.KeyUsage = v 4580 return s 4581} 4582 4583// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. 4584func (s *Extensions) SetSubjectAlternativeNames(v []*GeneralName) *Extensions { 4585 s.SubjectAlternativeNames = v 4586 return s 4587} 4588 4589// Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). 4590// Only one of the following naming options should be provided. Providing more 4591// than one option results in an InvalidArgsException error. 4592type GeneralName struct { 4593 _ struct{} `type:"structure"` 4594 4595 // Contains information about the certificate subject. The Subject field in 4596 // the certificate identifies the entity that owns or controls the public key 4597 // in the certificate. The entity can be a user, computer, device, or service. 4598 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 4599 // of relative distinguished names (RDNs). The RDNs are separated by commas 4600 // in the certificate. 4601 DirectoryName *ASN1Subject `type:"structure"` 4602 4603 // Represents GeneralName as a DNS name. 4604 DnsName *string `type:"string"` 4605 4606 // Represents GeneralName as an EdiPartyName object. 4607 EdiPartyName *EdiPartyName `type:"structure"` 4608 4609 // Represents GeneralName as an IPv4 or IPv6 address. 4610 IpAddress *string `type:"string"` 4611 4612 // Represents GeneralName using an OtherName object. 4613 OtherName *OtherName `type:"structure"` 4614 4615 // Represents GeneralName as an object identifier (OID). 4616 RegisteredId *string `type:"string"` 4617 4618 // Represents GeneralName as an RFC 822 (https://tools.ietf.org/html/rfc822) 4619 // email address. 4620 Rfc822Name *string `type:"string"` 4621 4622 // Represents GeneralName as a URI. 4623 UniformResourceIdentifier *string `type:"string"` 4624} 4625 4626// String returns the string representation 4627func (s GeneralName) String() string { 4628 return awsutil.Prettify(s) 4629} 4630 4631// GoString returns the string representation 4632func (s GeneralName) GoString() string { 4633 return s.String() 4634} 4635 4636// Validate inspects the fields of the type to determine if they are valid. 4637func (s *GeneralName) Validate() error { 4638 invalidParams := request.ErrInvalidParams{Context: "GeneralName"} 4639 if s.DirectoryName != nil { 4640 if err := s.DirectoryName.Validate(); err != nil { 4641 invalidParams.AddNested("DirectoryName", err.(request.ErrInvalidParams)) 4642 } 4643 } 4644 if s.EdiPartyName != nil { 4645 if err := s.EdiPartyName.Validate(); err != nil { 4646 invalidParams.AddNested("EdiPartyName", err.(request.ErrInvalidParams)) 4647 } 4648 } 4649 if s.OtherName != nil { 4650 if err := s.OtherName.Validate(); err != nil { 4651 invalidParams.AddNested("OtherName", err.(request.ErrInvalidParams)) 4652 } 4653 } 4654 4655 if invalidParams.Len() > 0 { 4656 return invalidParams 4657 } 4658 return nil 4659} 4660 4661// SetDirectoryName sets the DirectoryName field's value. 4662func (s *GeneralName) SetDirectoryName(v *ASN1Subject) *GeneralName { 4663 s.DirectoryName = v 4664 return s 4665} 4666 4667// SetDnsName sets the DnsName field's value. 4668func (s *GeneralName) SetDnsName(v string) *GeneralName { 4669 s.DnsName = &v 4670 return s 4671} 4672 4673// SetEdiPartyName sets the EdiPartyName field's value. 4674func (s *GeneralName) SetEdiPartyName(v *EdiPartyName) *GeneralName { 4675 s.EdiPartyName = v 4676 return s 4677} 4678 4679// SetIpAddress sets the IpAddress field's value. 4680func (s *GeneralName) SetIpAddress(v string) *GeneralName { 4681 s.IpAddress = &v 4682 return s 4683} 4684 4685// SetOtherName sets the OtherName field's value. 4686func (s *GeneralName) SetOtherName(v *OtherName) *GeneralName { 4687 s.OtherName = v 4688 return s 4689} 4690 4691// SetRegisteredId sets the RegisteredId field's value. 4692func (s *GeneralName) SetRegisteredId(v string) *GeneralName { 4693 s.RegisteredId = &v 4694 return s 4695} 4696 4697// SetRfc822Name sets the Rfc822Name field's value. 4698func (s *GeneralName) SetRfc822Name(v string) *GeneralName { 4699 s.Rfc822Name = &v 4700 return s 4701} 4702 4703// SetUniformResourceIdentifier sets the UniformResourceIdentifier field's value. 4704func (s *GeneralName) SetUniformResourceIdentifier(v string) *GeneralName { 4705 s.UniformResourceIdentifier = &v 4706 return s 4707} 4708 4709type GetCertificateAuthorityCertificateInput struct { 4710 _ struct{} `type:"structure"` 4711 4712 // The Amazon Resource Name (ARN) of your private CA. This is of the form: 4713 // 4714 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4715 // 4716 // CertificateAuthorityArn is a required field 4717 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4718} 4719 4720// String returns the string representation 4721func (s GetCertificateAuthorityCertificateInput) String() string { 4722 return awsutil.Prettify(s) 4723} 4724 4725// GoString returns the string representation 4726func (s GetCertificateAuthorityCertificateInput) GoString() string { 4727 return s.String() 4728} 4729 4730// Validate inspects the fields of the type to determine if they are valid. 4731func (s *GetCertificateAuthorityCertificateInput) Validate() error { 4732 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCertificateInput"} 4733 if s.CertificateAuthorityArn == nil { 4734 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4735 } 4736 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4737 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4738 } 4739 4740 if invalidParams.Len() > 0 { 4741 return invalidParams 4742 } 4743 return nil 4744} 4745 4746// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4747func (s *GetCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCertificateInput { 4748 s.CertificateAuthorityArn = &v 4749 return s 4750} 4751 4752type GetCertificateAuthorityCertificateOutput struct { 4753 _ struct{} `type:"structure"` 4754 4755 // Base64-encoded certificate authority (CA) certificate. 4756 Certificate *string `type:"string"` 4757 4758 // Base64-encoded certificate chain that includes any intermediate certificates 4759 // and chains up to root certificate that you used to sign your private CA certificate. 4760 // The chain does not include your private CA certificate. If this is a root 4761 // CA, the value will be null. 4762 CertificateChain *string `type:"string"` 4763} 4764 4765// String returns the string representation 4766func (s GetCertificateAuthorityCertificateOutput) String() string { 4767 return awsutil.Prettify(s) 4768} 4769 4770// GoString returns the string representation 4771func (s GetCertificateAuthorityCertificateOutput) GoString() string { 4772 return s.String() 4773} 4774 4775// SetCertificate sets the Certificate field's value. 4776func (s *GetCertificateAuthorityCertificateOutput) SetCertificate(v string) *GetCertificateAuthorityCertificateOutput { 4777 s.Certificate = &v 4778 return s 4779} 4780 4781// SetCertificateChain sets the CertificateChain field's value. 4782func (s *GetCertificateAuthorityCertificateOutput) SetCertificateChain(v string) *GetCertificateAuthorityCertificateOutput { 4783 s.CertificateChain = &v 4784 return s 4785} 4786 4787type GetCertificateAuthorityCsrInput struct { 4788 _ struct{} `type:"structure"` 4789 4790 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 4791 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 4792 // action. This must be of the form: 4793 // 4794 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 4795 // 4796 // CertificateAuthorityArn is a required field 4797 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4798} 4799 4800// String returns the string representation 4801func (s GetCertificateAuthorityCsrInput) String() string { 4802 return awsutil.Prettify(s) 4803} 4804 4805// GoString returns the string representation 4806func (s GetCertificateAuthorityCsrInput) GoString() string { 4807 return s.String() 4808} 4809 4810// Validate inspects the fields of the type to determine if they are valid. 4811func (s *GetCertificateAuthorityCsrInput) Validate() error { 4812 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCsrInput"} 4813 if s.CertificateAuthorityArn == nil { 4814 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4815 } 4816 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4817 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4818 } 4819 4820 if invalidParams.Len() > 0 { 4821 return invalidParams 4822 } 4823 return nil 4824} 4825 4826// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4827func (s *GetCertificateAuthorityCsrInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCsrInput { 4828 s.CertificateAuthorityArn = &v 4829 return s 4830} 4831 4832type GetCertificateAuthorityCsrOutput struct { 4833 _ struct{} `type:"structure"` 4834 4835 // The base64 PEM-encoded certificate signing request (CSR) for your private 4836 // CA certificate. 4837 Csr *string `type:"string"` 4838} 4839 4840// String returns the string representation 4841func (s GetCertificateAuthorityCsrOutput) String() string { 4842 return awsutil.Prettify(s) 4843} 4844 4845// GoString returns the string representation 4846func (s GetCertificateAuthorityCsrOutput) GoString() string { 4847 return s.String() 4848} 4849 4850// SetCsr sets the Csr field's value. 4851func (s *GetCertificateAuthorityCsrOutput) SetCsr(v string) *GetCertificateAuthorityCsrOutput { 4852 s.Csr = &v 4853 return s 4854} 4855 4856type GetCertificateInput struct { 4857 _ struct{} `type:"structure"` 4858 4859 // The ARN of the issued certificate. The ARN contains the certificate serial 4860 // number and must be in the following form: 4861 // 4862 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 4863 // 4864 // CertificateArn is a required field 4865 CertificateArn *string `min:"5" type:"string" required:"true"` 4866 4867 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4868 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4869 // This must be of the form: 4870 // 4871 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4872 // 4873 // CertificateAuthorityArn is a required field 4874 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4875} 4876 4877// String returns the string representation 4878func (s GetCertificateInput) String() string { 4879 return awsutil.Prettify(s) 4880} 4881 4882// GoString returns the string representation 4883func (s GetCertificateInput) GoString() string { 4884 return s.String() 4885} 4886 4887// Validate inspects the fields of the type to determine if they are valid. 4888func (s *GetCertificateInput) Validate() error { 4889 invalidParams := request.ErrInvalidParams{Context: "GetCertificateInput"} 4890 if s.CertificateArn == nil { 4891 invalidParams.Add(request.NewErrParamRequired("CertificateArn")) 4892 } 4893 if s.CertificateArn != nil && len(*s.CertificateArn) < 5 { 4894 invalidParams.Add(request.NewErrParamMinLen("CertificateArn", 5)) 4895 } 4896 if s.CertificateAuthorityArn == nil { 4897 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4898 } 4899 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4900 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4901 } 4902 4903 if invalidParams.Len() > 0 { 4904 return invalidParams 4905 } 4906 return nil 4907} 4908 4909// SetCertificateArn sets the CertificateArn field's value. 4910func (s *GetCertificateInput) SetCertificateArn(v string) *GetCertificateInput { 4911 s.CertificateArn = &v 4912 return s 4913} 4914 4915// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4916func (s *GetCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateInput { 4917 s.CertificateAuthorityArn = &v 4918 return s 4919} 4920 4921type GetCertificateOutput struct { 4922 _ struct{} `type:"structure"` 4923 4924 // The base64 PEM-encoded certificate specified by the CertificateArn parameter. 4925 Certificate *string `type:"string"` 4926 4927 // The base64 PEM-encoded certificate chain that chains up to the root CA certificate 4928 // that you used to sign your private CA certificate. 4929 CertificateChain *string `type:"string"` 4930} 4931 4932// String returns the string representation 4933func (s GetCertificateOutput) String() string { 4934 return awsutil.Prettify(s) 4935} 4936 4937// GoString returns the string representation 4938func (s GetCertificateOutput) GoString() string { 4939 return s.String() 4940} 4941 4942// SetCertificate sets the Certificate field's value. 4943func (s *GetCertificateOutput) SetCertificate(v string) *GetCertificateOutput { 4944 s.Certificate = &v 4945 return s 4946} 4947 4948// SetCertificateChain sets the CertificateChain field's value. 4949func (s *GetCertificateOutput) SetCertificateChain(v string) *GetCertificateOutput { 4950 s.CertificateChain = &v 4951 return s 4952} 4953 4954type GetPolicyInput struct { 4955 _ struct{} `type:"structure"` 4956 4957 // The Amazon Resource Number (ARN) of the private CA that will have its policy 4958 // retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities 4959 // action. 4960 // 4961 // ResourceArn is a required field 4962 ResourceArn *string `min:"5" type:"string" required:"true"` 4963} 4964 4965// String returns the string representation 4966func (s GetPolicyInput) String() string { 4967 return awsutil.Prettify(s) 4968} 4969 4970// GoString returns the string representation 4971func (s GetPolicyInput) GoString() string { 4972 return s.String() 4973} 4974 4975// Validate inspects the fields of the type to determine if they are valid. 4976func (s *GetPolicyInput) Validate() error { 4977 invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"} 4978 if s.ResourceArn == nil { 4979 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 4980 } 4981 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 4982 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 4983 } 4984 4985 if invalidParams.Len() > 0 { 4986 return invalidParams 4987 } 4988 return nil 4989} 4990 4991// SetResourceArn sets the ResourceArn field's value. 4992func (s *GetPolicyInput) SetResourceArn(v string) *GetPolicyInput { 4993 s.ResourceArn = &v 4994 return s 4995} 4996 4997type GetPolicyOutput struct { 4998 _ struct{} `type:"structure"` 4999 5000 // The policy attached to the private CA as a JSON document. 5001 Policy *string `min:"1" type:"string"` 5002} 5003 5004// String returns the string representation 5005func (s GetPolicyOutput) String() string { 5006 return awsutil.Prettify(s) 5007} 5008 5009// GoString returns the string representation 5010func (s GetPolicyOutput) GoString() string { 5011 return s.String() 5012} 5013 5014// SetPolicy sets the Policy field's value. 5015func (s *GetPolicyOutput) SetPolicy(v string) *GetPolicyOutput { 5016 s.Policy = &v 5017 return s 5018} 5019 5020type ImportCertificateAuthorityCertificateInput struct { 5021 _ struct{} `type:"structure"` 5022 5023 // The PEM-encoded certificate for a private CA. This may be a self-signed certificate 5024 // in the case of a root CA, or it may be signed by another CA that you control. 5025 // 5026 // Certificate is automatically base64 encoded/decoded by the SDK. 5027 // 5028 // Certificate is a required field 5029 Certificate []byte `min:"1" type:"blob" required:"true"` 5030 5031 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5032 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5033 // This must be of the form: 5034 // 5035 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5036 // 5037 // CertificateAuthorityArn is a required field 5038 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5039 5040 // A PEM-encoded file that contains all of your certificates, other than the 5041 // certificate you're importing, chaining up to your root CA. Your ACM Private 5042 // CA-hosted or on-premises root certificate is the last in the chain, and each 5043 // certificate in the chain signs the one preceding. 5044 // 5045 // This parameter must be supplied when you import a subordinate CA. When you 5046 // import a root CA, there is no chain. 5047 // 5048 // CertificateChain is automatically base64 encoded/decoded by the SDK. 5049 CertificateChain []byte `type:"blob"` 5050} 5051 5052// String returns the string representation 5053func (s ImportCertificateAuthorityCertificateInput) String() string { 5054 return awsutil.Prettify(s) 5055} 5056 5057// GoString returns the string representation 5058func (s ImportCertificateAuthorityCertificateInput) GoString() string { 5059 return s.String() 5060} 5061 5062// Validate inspects the fields of the type to determine if they are valid. 5063func (s *ImportCertificateAuthorityCertificateInput) Validate() error { 5064 invalidParams := request.ErrInvalidParams{Context: "ImportCertificateAuthorityCertificateInput"} 5065 if s.Certificate == nil { 5066 invalidParams.Add(request.NewErrParamRequired("Certificate")) 5067 } 5068 if s.Certificate != nil && len(s.Certificate) < 1 { 5069 invalidParams.Add(request.NewErrParamMinLen("Certificate", 1)) 5070 } 5071 if s.CertificateAuthorityArn == nil { 5072 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5073 } 5074 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5075 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5076 } 5077 5078 if invalidParams.Len() > 0 { 5079 return invalidParams 5080 } 5081 return nil 5082} 5083 5084// SetCertificate sets the Certificate field's value. 5085func (s *ImportCertificateAuthorityCertificateInput) SetCertificate(v []byte) *ImportCertificateAuthorityCertificateInput { 5086 s.Certificate = v 5087 return s 5088} 5089 5090// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5091func (s *ImportCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *ImportCertificateAuthorityCertificateInput { 5092 s.CertificateAuthorityArn = &v 5093 return s 5094} 5095 5096// SetCertificateChain sets the CertificateChain field's value. 5097func (s *ImportCertificateAuthorityCertificateInput) SetCertificateChain(v []byte) *ImportCertificateAuthorityCertificateInput { 5098 s.CertificateChain = v 5099 return s 5100} 5101 5102type ImportCertificateAuthorityCertificateOutput struct { 5103 _ struct{} `type:"structure"` 5104} 5105 5106// String returns the string representation 5107func (s ImportCertificateAuthorityCertificateOutput) String() string { 5108 return awsutil.Prettify(s) 5109} 5110 5111// GoString returns the string representation 5112func (s ImportCertificateAuthorityCertificateOutput) GoString() string { 5113 return s.String() 5114} 5115 5116// One or more of the specified arguments was not valid. 5117type InvalidArgsException struct { 5118 _ struct{} `type:"structure"` 5119 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5120 5121 Message_ *string `locationName:"message" type:"string"` 5122} 5123 5124// String returns the string representation 5125func (s InvalidArgsException) String() string { 5126 return awsutil.Prettify(s) 5127} 5128 5129// GoString returns the string representation 5130func (s InvalidArgsException) GoString() string { 5131 return s.String() 5132} 5133 5134func newErrorInvalidArgsException(v protocol.ResponseMetadata) error { 5135 return &InvalidArgsException{ 5136 RespMetadata: v, 5137 } 5138} 5139 5140// Code returns the exception type name. 5141func (s *InvalidArgsException) Code() string { 5142 return "InvalidArgsException" 5143} 5144 5145// Message returns the exception's message. 5146func (s *InvalidArgsException) Message() string { 5147 if s.Message_ != nil { 5148 return *s.Message_ 5149 } 5150 return "" 5151} 5152 5153// OrigErr always returns nil, satisfies awserr.Error interface. 5154func (s *InvalidArgsException) OrigErr() error { 5155 return nil 5156} 5157 5158func (s *InvalidArgsException) Error() string { 5159 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5160} 5161 5162// Status code returns the HTTP status code for the request's response error. 5163func (s *InvalidArgsException) StatusCode() int { 5164 return s.RespMetadata.StatusCode 5165} 5166 5167// RequestID returns the service's response RequestID for request. 5168func (s *InvalidArgsException) RequestID() string { 5169 return s.RespMetadata.RequestID 5170} 5171 5172// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 5173type InvalidArnException struct { 5174 _ struct{} `type:"structure"` 5175 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5176 5177 Message_ *string `locationName:"message" type:"string"` 5178} 5179 5180// String returns the string representation 5181func (s InvalidArnException) String() string { 5182 return awsutil.Prettify(s) 5183} 5184 5185// GoString returns the string representation 5186func (s InvalidArnException) GoString() string { 5187 return s.String() 5188} 5189 5190func newErrorInvalidArnException(v protocol.ResponseMetadata) error { 5191 return &InvalidArnException{ 5192 RespMetadata: v, 5193 } 5194} 5195 5196// Code returns the exception type name. 5197func (s *InvalidArnException) Code() string { 5198 return "InvalidArnException" 5199} 5200 5201// Message returns the exception's message. 5202func (s *InvalidArnException) Message() string { 5203 if s.Message_ != nil { 5204 return *s.Message_ 5205 } 5206 return "" 5207} 5208 5209// OrigErr always returns nil, satisfies awserr.Error interface. 5210func (s *InvalidArnException) OrigErr() error { 5211 return nil 5212} 5213 5214func (s *InvalidArnException) Error() string { 5215 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5216} 5217 5218// Status code returns the HTTP status code for the request's response error. 5219func (s *InvalidArnException) StatusCode() int { 5220 return s.RespMetadata.StatusCode 5221} 5222 5223// RequestID returns the service's response RequestID for request. 5224func (s *InvalidArnException) RequestID() string { 5225 return s.RespMetadata.RequestID 5226} 5227 5228// The token specified in the NextToken argument is not valid. Use the token 5229// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 5230type InvalidNextTokenException struct { 5231 _ struct{} `type:"structure"` 5232 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5233 5234 Message_ *string `locationName:"message" type:"string"` 5235} 5236 5237// String returns the string representation 5238func (s InvalidNextTokenException) String() string { 5239 return awsutil.Prettify(s) 5240} 5241 5242// GoString returns the string representation 5243func (s InvalidNextTokenException) GoString() string { 5244 return s.String() 5245} 5246 5247func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { 5248 return &InvalidNextTokenException{ 5249 RespMetadata: v, 5250 } 5251} 5252 5253// Code returns the exception type name. 5254func (s *InvalidNextTokenException) Code() string { 5255 return "InvalidNextTokenException" 5256} 5257 5258// Message returns the exception's message. 5259func (s *InvalidNextTokenException) Message() string { 5260 if s.Message_ != nil { 5261 return *s.Message_ 5262 } 5263 return "" 5264} 5265 5266// OrigErr always returns nil, satisfies awserr.Error interface. 5267func (s *InvalidNextTokenException) OrigErr() error { 5268 return nil 5269} 5270 5271func (s *InvalidNextTokenException) Error() string { 5272 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5273} 5274 5275// Status code returns the HTTP status code for the request's response error. 5276func (s *InvalidNextTokenException) StatusCode() int { 5277 return s.RespMetadata.StatusCode 5278} 5279 5280// RequestID returns the service's response RequestID for request. 5281func (s *InvalidNextTokenException) RequestID() string { 5282 return s.RespMetadata.RequestID 5283} 5284 5285// The resource policy is invalid or is missing a required statement. For general 5286// information about IAM policy and statement structure, see Overview of JSON 5287// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 5288type InvalidPolicyException struct { 5289 _ struct{} `type:"structure"` 5290 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5291 5292 Message_ *string `locationName:"message" type:"string"` 5293} 5294 5295// String returns the string representation 5296func (s InvalidPolicyException) String() string { 5297 return awsutil.Prettify(s) 5298} 5299 5300// GoString returns the string representation 5301func (s InvalidPolicyException) GoString() string { 5302 return s.String() 5303} 5304 5305func newErrorInvalidPolicyException(v protocol.ResponseMetadata) error { 5306 return &InvalidPolicyException{ 5307 RespMetadata: v, 5308 } 5309} 5310 5311// Code returns the exception type name. 5312func (s *InvalidPolicyException) Code() string { 5313 return "InvalidPolicyException" 5314} 5315 5316// Message returns the exception's message. 5317func (s *InvalidPolicyException) Message() string { 5318 if s.Message_ != nil { 5319 return *s.Message_ 5320 } 5321 return "" 5322} 5323 5324// OrigErr always returns nil, satisfies awserr.Error interface. 5325func (s *InvalidPolicyException) OrigErr() error { 5326 return nil 5327} 5328 5329func (s *InvalidPolicyException) Error() string { 5330 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5331} 5332 5333// Status code returns the HTTP status code for the request's response error. 5334func (s *InvalidPolicyException) StatusCode() int { 5335 return s.RespMetadata.StatusCode 5336} 5337 5338// RequestID returns the service's response RequestID for request. 5339func (s *InvalidPolicyException) RequestID() string { 5340 return s.RespMetadata.RequestID 5341} 5342 5343// The request action cannot be performed or is prohibited. 5344type InvalidRequestException struct { 5345 _ struct{} `type:"structure"` 5346 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5347 5348 Message_ *string `locationName:"message" type:"string"` 5349} 5350 5351// String returns the string representation 5352func (s InvalidRequestException) String() string { 5353 return awsutil.Prettify(s) 5354} 5355 5356// GoString returns the string representation 5357func (s InvalidRequestException) GoString() string { 5358 return s.String() 5359} 5360 5361func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { 5362 return &InvalidRequestException{ 5363 RespMetadata: v, 5364 } 5365} 5366 5367// Code returns the exception type name. 5368func (s *InvalidRequestException) Code() string { 5369 return "InvalidRequestException" 5370} 5371 5372// Message returns the exception's message. 5373func (s *InvalidRequestException) Message() string { 5374 if s.Message_ != nil { 5375 return *s.Message_ 5376 } 5377 return "" 5378} 5379 5380// OrigErr always returns nil, satisfies awserr.Error interface. 5381func (s *InvalidRequestException) OrigErr() error { 5382 return nil 5383} 5384 5385func (s *InvalidRequestException) Error() string { 5386 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5387} 5388 5389// Status code returns the HTTP status code for the request's response error. 5390func (s *InvalidRequestException) StatusCode() int { 5391 return s.RespMetadata.StatusCode 5392} 5393 5394// RequestID returns the service's response RequestID for request. 5395func (s *InvalidRequestException) RequestID() string { 5396 return s.RespMetadata.RequestID 5397} 5398 5399// The state of the private CA does not allow this action to occur. 5400type InvalidStateException struct { 5401 _ struct{} `type:"structure"` 5402 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5403 5404 Message_ *string `locationName:"message" type:"string"` 5405} 5406 5407// String returns the string representation 5408func (s InvalidStateException) String() string { 5409 return awsutil.Prettify(s) 5410} 5411 5412// GoString returns the string representation 5413func (s InvalidStateException) GoString() string { 5414 return s.String() 5415} 5416 5417func newErrorInvalidStateException(v protocol.ResponseMetadata) error { 5418 return &InvalidStateException{ 5419 RespMetadata: v, 5420 } 5421} 5422 5423// Code returns the exception type name. 5424func (s *InvalidStateException) Code() string { 5425 return "InvalidStateException" 5426} 5427 5428// Message returns the exception's message. 5429func (s *InvalidStateException) Message() string { 5430 if s.Message_ != nil { 5431 return *s.Message_ 5432 } 5433 return "" 5434} 5435 5436// OrigErr always returns nil, satisfies awserr.Error interface. 5437func (s *InvalidStateException) OrigErr() error { 5438 return nil 5439} 5440 5441func (s *InvalidStateException) Error() string { 5442 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5443} 5444 5445// Status code returns the HTTP status code for the request's response error. 5446func (s *InvalidStateException) StatusCode() int { 5447 return s.RespMetadata.StatusCode 5448} 5449 5450// RequestID returns the service's response RequestID for request. 5451func (s *InvalidStateException) RequestID() string { 5452 return s.RespMetadata.RequestID 5453} 5454 5455// The tag associated with the CA is not valid. The invalid argument is contained 5456// in the message field. 5457type InvalidTagException struct { 5458 _ struct{} `type:"structure"` 5459 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5460 5461 Message_ *string `locationName:"message" type:"string"` 5462} 5463 5464// String returns the string representation 5465func (s InvalidTagException) String() string { 5466 return awsutil.Prettify(s) 5467} 5468 5469// GoString returns the string representation 5470func (s InvalidTagException) GoString() string { 5471 return s.String() 5472} 5473 5474func newErrorInvalidTagException(v protocol.ResponseMetadata) error { 5475 return &InvalidTagException{ 5476 RespMetadata: v, 5477 } 5478} 5479 5480// Code returns the exception type name. 5481func (s *InvalidTagException) Code() string { 5482 return "InvalidTagException" 5483} 5484 5485// Message returns the exception's message. 5486func (s *InvalidTagException) Message() string { 5487 if s.Message_ != nil { 5488 return *s.Message_ 5489 } 5490 return "" 5491} 5492 5493// OrigErr always returns nil, satisfies awserr.Error interface. 5494func (s *InvalidTagException) OrigErr() error { 5495 return nil 5496} 5497 5498func (s *InvalidTagException) Error() string { 5499 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5500} 5501 5502// Status code returns the HTTP status code for the request's response error. 5503func (s *InvalidTagException) StatusCode() int { 5504 return s.RespMetadata.StatusCode 5505} 5506 5507// RequestID returns the service's response RequestID for request. 5508func (s *InvalidTagException) RequestID() string { 5509 return s.RespMetadata.RequestID 5510} 5511 5512type IssueCertificateInput struct { 5513 _ struct{} `type:"structure"` 5514 5515 // Specifies X.509 certificate information to be included in the issued certificate. 5516 // An APIPassthrough or APICSRPassthrough template variant must be selected, 5517 // or else this parameter is ignored. For more information about using these 5518 // templates, see Understanding Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5519 // 5520 // If conflicting or duplicate certificate information is supplied during certificate 5521 // issuance, ACM Private CA applies order of operation rules (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) 5522 // to determine what information is used. 5523 ApiPassthrough *ApiPassthrough `type:"structure"` 5524 5525 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5526 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5527 // This must be of the form: 5528 // 5529 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5530 // 5531 // CertificateAuthorityArn is a required field 5532 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5533 5534 // The certificate signing request (CSR) for the certificate you want to issue. 5535 // As an example, you can use the following OpenSSL command to create the CSR 5536 // and a 2048 bit RSA private key. 5537 // 5538 // openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem 5539 // -out csr/test_cert_.csr 5540 // 5541 // If you have a configuration file, you can then use the following OpenSSL 5542 // command. The usr_cert block in the configuration file contains your X509 5543 // version 3 extensions. 5544 // 5545 // openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 5546 // -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr 5547 // 5548 // Note: A CSR must provide either a subject name or a subject alternative name 5549 // or the request will be rejected. 5550 // 5551 // Csr is automatically base64 encoded/decoded by the SDK. 5552 // 5553 // Csr is a required field 5554 Csr []byte `min:"1" type:"blob" required:"true"` 5555 5556 // Alphanumeric string that can be used to distinguish between calls to the 5557 // IssueCertificate action. Idempotency tokens for IssueCertificate time out 5558 // after one minute. Therefore, if you call IssueCertificate multiple times 5559 // with the same idempotency token within one minute, ACM Private CA recognizes 5560 // that you are requesting only one certificate and will issue only one. If 5561 // you change the idempotency token for each call, PCA recognizes that you are 5562 // requesting multiple certificates. 5563 IdempotencyToken *string `min:"1" type:"string"` 5564 5565 // The name of the algorithm that will be used to sign the certificate to be 5566 // issued. 5567 // 5568 // This parameter should not be confused with the SigningAlgorithm parameter 5569 // used to sign a CSR in the CreateCertificateAuthority action. 5570 // 5571 // SigningAlgorithm is a required field 5572 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 5573 5574 // Specifies a custom configuration template to use when issuing a certificate. 5575 // If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1 5576 // template. For CA certificates, you should choose the shortest path length 5577 // that meets your needs. The path length is indicated by the PathLenN portion 5578 // of the ARN, where N is the CA depth (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth). 5579 // 5580 // Note: The CA depth configured on a subordinate CA certificate must not exceed 5581 // the limit set by its parents in the CA hierarchy. 5582 // 5583 // For a list of TemplateArn values supported by ACM Private CA, see Understanding 5584 // Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5585 TemplateArn *string `min:"5" type:"string"` 5586 5587 // Information describing the end of the validity period of the certificate. 5588 // This parameter sets the “Not After” date for the certificate. 5589 // 5590 // Certificate validity is the period of time during which a certificate is 5591 // valid. Validity can be expressed as an explicit date and time when the certificate 5592 // expires, or as a span of time after issuance, stated in days, months, or 5593 // years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 5594 // in RFC 5280. 5595 // 5596 // This value is unaffected when ValidityNotBefore is also specified. For example, 5597 // if Validity is set to 20 days in the future, the certificate will expire 5598 // 20 days from issuance time regardless of the ValidityNotBefore value. 5599 // 5600 // The end of the validity period configured on a certificate must not exceed 5601 // the limit set on its parents in the CA hierarchy. 5602 // 5603 // Validity is a required field 5604 Validity *Validity `type:"structure" required:"true"` 5605 5606 // Information describing the start of the validity period of the certificate. 5607 // This parameter sets the “Not Before" date for the certificate. 5608 // 5609 // By default, when issuing a certificate, ACM Private CA sets the "Not Before" 5610 // date to the issuance time minus 60 minutes. This compensates for clock inconsistencies 5611 // across computer systems. The ValidityNotBefore parameter can be used to customize 5612 // the “Not Before” value. 5613 // 5614 // Unlike the Validity parameter, the ValidityNotBefore parameter is optional. 5615 // 5616 // The ValidityNotBefore value is expressed as an explicit date and time, using 5617 // the Validity type value ABSOLUTE. For more information, see Validity (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html) 5618 // in this API reference and Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 5619 // in RFC 5280. 5620 ValidityNotBefore *Validity `type:"structure"` 5621} 5622 5623// String returns the string representation 5624func (s IssueCertificateInput) String() string { 5625 return awsutil.Prettify(s) 5626} 5627 5628// GoString returns the string representation 5629func (s IssueCertificateInput) GoString() string { 5630 return s.String() 5631} 5632 5633// Validate inspects the fields of the type to determine if they are valid. 5634func (s *IssueCertificateInput) Validate() error { 5635 invalidParams := request.ErrInvalidParams{Context: "IssueCertificateInput"} 5636 if s.CertificateAuthorityArn == nil { 5637 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5638 } 5639 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5640 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5641 } 5642 if s.Csr == nil { 5643 invalidParams.Add(request.NewErrParamRequired("Csr")) 5644 } 5645 if s.Csr != nil && len(s.Csr) < 1 { 5646 invalidParams.Add(request.NewErrParamMinLen("Csr", 1)) 5647 } 5648 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 5649 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 5650 } 5651 if s.SigningAlgorithm == nil { 5652 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 5653 } 5654 if s.TemplateArn != nil && len(*s.TemplateArn) < 5 { 5655 invalidParams.Add(request.NewErrParamMinLen("TemplateArn", 5)) 5656 } 5657 if s.Validity == nil { 5658 invalidParams.Add(request.NewErrParamRequired("Validity")) 5659 } 5660 if s.ApiPassthrough != nil { 5661 if err := s.ApiPassthrough.Validate(); err != nil { 5662 invalidParams.AddNested("ApiPassthrough", err.(request.ErrInvalidParams)) 5663 } 5664 } 5665 if s.Validity != nil { 5666 if err := s.Validity.Validate(); err != nil { 5667 invalidParams.AddNested("Validity", err.(request.ErrInvalidParams)) 5668 } 5669 } 5670 if s.ValidityNotBefore != nil { 5671 if err := s.ValidityNotBefore.Validate(); err != nil { 5672 invalidParams.AddNested("ValidityNotBefore", err.(request.ErrInvalidParams)) 5673 } 5674 } 5675 5676 if invalidParams.Len() > 0 { 5677 return invalidParams 5678 } 5679 return nil 5680} 5681 5682// SetApiPassthrough sets the ApiPassthrough field's value. 5683func (s *IssueCertificateInput) SetApiPassthrough(v *ApiPassthrough) *IssueCertificateInput { 5684 s.ApiPassthrough = v 5685 return s 5686} 5687 5688// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5689func (s *IssueCertificateInput) SetCertificateAuthorityArn(v string) *IssueCertificateInput { 5690 s.CertificateAuthorityArn = &v 5691 return s 5692} 5693 5694// SetCsr sets the Csr field's value. 5695func (s *IssueCertificateInput) SetCsr(v []byte) *IssueCertificateInput { 5696 s.Csr = v 5697 return s 5698} 5699 5700// SetIdempotencyToken sets the IdempotencyToken field's value. 5701func (s *IssueCertificateInput) SetIdempotencyToken(v string) *IssueCertificateInput { 5702 s.IdempotencyToken = &v 5703 return s 5704} 5705 5706// SetSigningAlgorithm sets the SigningAlgorithm field's value. 5707func (s *IssueCertificateInput) SetSigningAlgorithm(v string) *IssueCertificateInput { 5708 s.SigningAlgorithm = &v 5709 return s 5710} 5711 5712// SetTemplateArn sets the TemplateArn field's value. 5713func (s *IssueCertificateInput) SetTemplateArn(v string) *IssueCertificateInput { 5714 s.TemplateArn = &v 5715 return s 5716} 5717 5718// SetValidity sets the Validity field's value. 5719func (s *IssueCertificateInput) SetValidity(v *Validity) *IssueCertificateInput { 5720 s.Validity = v 5721 return s 5722} 5723 5724// SetValidityNotBefore sets the ValidityNotBefore field's value. 5725func (s *IssueCertificateInput) SetValidityNotBefore(v *Validity) *IssueCertificateInput { 5726 s.ValidityNotBefore = v 5727 return s 5728} 5729 5730type IssueCertificateOutput struct { 5731 _ struct{} `type:"structure"` 5732 5733 // The Amazon Resource Name (ARN) of the issued certificate and the certificate 5734 // serial number. This is of the form: 5735 // 5736 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 5737 CertificateArn *string `min:"5" type:"string"` 5738} 5739 5740// String returns the string representation 5741func (s IssueCertificateOutput) String() string { 5742 return awsutil.Prettify(s) 5743} 5744 5745// GoString returns the string representation 5746func (s IssueCertificateOutput) GoString() string { 5747 return s.String() 5748} 5749 5750// SetCertificateArn sets the CertificateArn field's value. 5751func (s *IssueCertificateOutput) SetCertificateArn(v string) *IssueCertificateOutput { 5752 s.CertificateArn = &v 5753 return s 5754} 5755 5756// Defines one or more purposes for which the key contained in the certificate 5757// can be used. Default value for each option is false. 5758type KeyUsage struct { 5759 _ struct{} `type:"structure"` 5760 5761 // Key can be used to sign CRLs. 5762 CRLSign *bool `type:"boolean"` 5763 5764 // Key can be used to decipher data. 5765 DataEncipherment *bool `type:"boolean"` 5766 5767 // Key can be used only to decipher data. 5768 DecipherOnly *bool `type:"boolean"` 5769 5770 // Key can be used for digital signing. 5771 DigitalSignature *bool `type:"boolean"` 5772 5773 // Key can be used only to encipher data. 5774 EncipherOnly *bool `type:"boolean"` 5775 5776 // Key can be used in a key-agreement protocol. 5777 KeyAgreement *bool `type:"boolean"` 5778 5779 // Key can be used to sign certificates. 5780 KeyCertSign *bool `type:"boolean"` 5781 5782 // Key can be used to encipher data. 5783 KeyEncipherment *bool `type:"boolean"` 5784 5785 // Key can be used for non-repudiation. 5786 NonRepudiation *bool `type:"boolean"` 5787} 5788 5789// String returns the string representation 5790func (s KeyUsage) String() string { 5791 return awsutil.Prettify(s) 5792} 5793 5794// GoString returns the string representation 5795func (s KeyUsage) GoString() string { 5796 return s.String() 5797} 5798 5799// SetCRLSign sets the CRLSign field's value. 5800func (s *KeyUsage) SetCRLSign(v bool) *KeyUsage { 5801 s.CRLSign = &v 5802 return s 5803} 5804 5805// SetDataEncipherment sets the DataEncipherment field's value. 5806func (s *KeyUsage) SetDataEncipherment(v bool) *KeyUsage { 5807 s.DataEncipherment = &v 5808 return s 5809} 5810 5811// SetDecipherOnly sets the DecipherOnly field's value. 5812func (s *KeyUsage) SetDecipherOnly(v bool) *KeyUsage { 5813 s.DecipherOnly = &v 5814 return s 5815} 5816 5817// SetDigitalSignature sets the DigitalSignature field's value. 5818func (s *KeyUsage) SetDigitalSignature(v bool) *KeyUsage { 5819 s.DigitalSignature = &v 5820 return s 5821} 5822 5823// SetEncipherOnly sets the EncipherOnly field's value. 5824func (s *KeyUsage) SetEncipherOnly(v bool) *KeyUsage { 5825 s.EncipherOnly = &v 5826 return s 5827} 5828 5829// SetKeyAgreement sets the KeyAgreement field's value. 5830func (s *KeyUsage) SetKeyAgreement(v bool) *KeyUsage { 5831 s.KeyAgreement = &v 5832 return s 5833} 5834 5835// SetKeyCertSign sets the KeyCertSign field's value. 5836func (s *KeyUsage) SetKeyCertSign(v bool) *KeyUsage { 5837 s.KeyCertSign = &v 5838 return s 5839} 5840 5841// SetKeyEncipherment sets the KeyEncipherment field's value. 5842func (s *KeyUsage) SetKeyEncipherment(v bool) *KeyUsage { 5843 s.KeyEncipherment = &v 5844 return s 5845} 5846 5847// SetNonRepudiation sets the NonRepudiation field's value. 5848func (s *KeyUsage) SetNonRepudiation(v bool) *KeyUsage { 5849 s.NonRepudiation = &v 5850 return s 5851} 5852 5853// An ACM Private CA quota has been exceeded. See the exception message returned 5854// to determine the quota that was exceeded. 5855type LimitExceededException struct { 5856 _ struct{} `type:"structure"` 5857 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5858 5859 Message_ *string `locationName:"message" type:"string"` 5860} 5861 5862// String returns the string representation 5863func (s LimitExceededException) String() string { 5864 return awsutil.Prettify(s) 5865} 5866 5867// GoString returns the string representation 5868func (s LimitExceededException) GoString() string { 5869 return s.String() 5870} 5871 5872func newErrorLimitExceededException(v protocol.ResponseMetadata) error { 5873 return &LimitExceededException{ 5874 RespMetadata: v, 5875 } 5876} 5877 5878// Code returns the exception type name. 5879func (s *LimitExceededException) Code() string { 5880 return "LimitExceededException" 5881} 5882 5883// Message returns the exception's message. 5884func (s *LimitExceededException) Message() string { 5885 if s.Message_ != nil { 5886 return *s.Message_ 5887 } 5888 return "" 5889} 5890 5891// OrigErr always returns nil, satisfies awserr.Error interface. 5892func (s *LimitExceededException) OrigErr() error { 5893 return nil 5894} 5895 5896func (s *LimitExceededException) Error() string { 5897 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5898} 5899 5900// Status code returns the HTTP status code for the request's response error. 5901func (s *LimitExceededException) StatusCode() int { 5902 return s.RespMetadata.StatusCode 5903} 5904 5905// RequestID returns the service's response RequestID for request. 5906func (s *LimitExceededException) RequestID() string { 5907 return s.RespMetadata.RequestID 5908} 5909 5910type ListCertificateAuthoritiesInput struct { 5911 _ struct{} `type:"structure"` 5912 5913 // Use this parameter when paginating results to specify the maximum number 5914 // of items to return in the response on each page. If additional items exist 5915 // beyond the number you specify, the NextToken element is sent in the response. 5916 // Use this NextToken value in a subsequent request to retrieve additional items. 5917 MaxResults *int64 `min:"1" type:"integer"` 5918 5919 // Use this parameter when paginating results in a subsequent request after 5920 // you receive a response with truncated results. Set it to the value of the 5921 // NextToken parameter from the response you just received. 5922 NextToken *string `min:"1" type:"string"` 5923 5924 // Use this parameter to filter the returned set of certificate authorities 5925 // based on their owner. The default is SELF. 5926 ResourceOwner *string `type:"string" enum:"ResourceOwner"` 5927} 5928 5929// String returns the string representation 5930func (s ListCertificateAuthoritiesInput) String() string { 5931 return awsutil.Prettify(s) 5932} 5933 5934// GoString returns the string representation 5935func (s ListCertificateAuthoritiesInput) GoString() string { 5936 return s.String() 5937} 5938 5939// Validate inspects the fields of the type to determine if they are valid. 5940func (s *ListCertificateAuthoritiesInput) Validate() error { 5941 invalidParams := request.ErrInvalidParams{Context: "ListCertificateAuthoritiesInput"} 5942 if s.MaxResults != nil && *s.MaxResults < 1 { 5943 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 5944 } 5945 if s.NextToken != nil && len(*s.NextToken) < 1 { 5946 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 5947 } 5948 5949 if invalidParams.Len() > 0 { 5950 return invalidParams 5951 } 5952 return nil 5953} 5954 5955// SetMaxResults sets the MaxResults field's value. 5956func (s *ListCertificateAuthoritiesInput) SetMaxResults(v int64) *ListCertificateAuthoritiesInput { 5957 s.MaxResults = &v 5958 return s 5959} 5960 5961// SetNextToken sets the NextToken field's value. 5962func (s *ListCertificateAuthoritiesInput) SetNextToken(v string) *ListCertificateAuthoritiesInput { 5963 s.NextToken = &v 5964 return s 5965} 5966 5967// SetResourceOwner sets the ResourceOwner field's value. 5968func (s *ListCertificateAuthoritiesInput) SetResourceOwner(v string) *ListCertificateAuthoritiesInput { 5969 s.ResourceOwner = &v 5970 return s 5971} 5972 5973type ListCertificateAuthoritiesOutput struct { 5974 _ struct{} `type:"structure"` 5975 5976 // Summary information about each certificate authority you have created. 5977 CertificateAuthorities []*CertificateAuthority `type:"list"` 5978 5979 // When the list is truncated, this value is present and should be used for 5980 // the NextToken parameter in a subsequent pagination request. 5981 NextToken *string `min:"1" type:"string"` 5982} 5983 5984// String returns the string representation 5985func (s ListCertificateAuthoritiesOutput) String() string { 5986 return awsutil.Prettify(s) 5987} 5988 5989// GoString returns the string representation 5990func (s ListCertificateAuthoritiesOutput) GoString() string { 5991 return s.String() 5992} 5993 5994// SetCertificateAuthorities sets the CertificateAuthorities field's value. 5995func (s *ListCertificateAuthoritiesOutput) SetCertificateAuthorities(v []*CertificateAuthority) *ListCertificateAuthoritiesOutput { 5996 s.CertificateAuthorities = v 5997 return s 5998} 5999 6000// SetNextToken sets the NextToken field's value. 6001func (s *ListCertificateAuthoritiesOutput) SetNextToken(v string) *ListCertificateAuthoritiesOutput { 6002 s.NextToken = &v 6003 return s 6004} 6005 6006type ListPermissionsInput struct { 6007 _ struct{} `type:"structure"` 6008 6009 // The Amazon Resource Number (ARN) of the private CA to inspect. You can find 6010 // the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6011 // action. This must be of the form: arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 6012 // You can get a private CA's ARN by running the ListCertificateAuthorities 6013 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6014 // action. 6015 // 6016 // CertificateAuthorityArn is a required field 6017 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 6018 6019 // When paginating results, use this parameter to specify the maximum number 6020 // of items to return in the response. If additional items exist beyond the 6021 // number you specify, the NextToken element is sent in the response. Use this 6022 // NextToken value in a subsequent request to retrieve additional items. 6023 MaxResults *int64 `min:"1" type:"integer"` 6024 6025 // When paginating results, use this parameter in a subsequent request after 6026 // you receive a response with truncated results. Set it to the value of NextToken 6027 // from the response you just received. 6028 NextToken *string `min:"1" type:"string"` 6029} 6030 6031// String returns the string representation 6032func (s ListPermissionsInput) String() string { 6033 return awsutil.Prettify(s) 6034} 6035 6036// GoString returns the string representation 6037func (s ListPermissionsInput) GoString() string { 6038 return s.String() 6039} 6040 6041// Validate inspects the fields of the type to determine if they are valid. 6042func (s *ListPermissionsInput) Validate() error { 6043 invalidParams := request.ErrInvalidParams{Context: "ListPermissionsInput"} 6044 if s.CertificateAuthorityArn == nil { 6045 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6046 } 6047 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6048 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6049 } 6050 if s.MaxResults != nil && *s.MaxResults < 1 { 6051 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6052 } 6053 if s.NextToken != nil && len(*s.NextToken) < 1 { 6054 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6055 } 6056 6057 if invalidParams.Len() > 0 { 6058 return invalidParams 6059 } 6060 return nil 6061} 6062 6063// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6064func (s *ListPermissionsInput) SetCertificateAuthorityArn(v string) *ListPermissionsInput { 6065 s.CertificateAuthorityArn = &v 6066 return s 6067} 6068 6069// SetMaxResults sets the MaxResults field's value. 6070func (s *ListPermissionsInput) SetMaxResults(v int64) *ListPermissionsInput { 6071 s.MaxResults = &v 6072 return s 6073} 6074 6075// SetNextToken sets the NextToken field's value. 6076func (s *ListPermissionsInput) SetNextToken(v string) *ListPermissionsInput { 6077 s.NextToken = &v 6078 return s 6079} 6080 6081type ListPermissionsOutput struct { 6082 _ struct{} `type:"structure"` 6083 6084 // When the list is truncated, this value is present and should be used for 6085 // the NextToken parameter in a subsequent pagination request. 6086 NextToken *string `min:"1" type:"string"` 6087 6088 // Summary information about each permission assigned by the specified private 6089 // CA, including the action enabled, the policy provided, and the time of creation. 6090 Permissions []*Permission `type:"list"` 6091} 6092 6093// String returns the string representation 6094func (s ListPermissionsOutput) String() string { 6095 return awsutil.Prettify(s) 6096} 6097 6098// GoString returns the string representation 6099func (s ListPermissionsOutput) GoString() string { 6100 return s.String() 6101} 6102 6103// SetNextToken sets the NextToken field's value. 6104func (s *ListPermissionsOutput) SetNextToken(v string) *ListPermissionsOutput { 6105 s.NextToken = &v 6106 return s 6107} 6108 6109// SetPermissions sets the Permissions field's value. 6110func (s *ListPermissionsOutput) SetPermissions(v []*Permission) *ListPermissionsOutput { 6111 s.Permissions = v 6112 return s 6113} 6114 6115type ListTagsInput struct { 6116 _ struct{} `type:"structure"` 6117 6118 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 6119 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 6120 // action. This must be of the form: 6121 // 6122 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 6123 // 6124 // CertificateAuthorityArn is a required field 6125 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 6126 6127 // Use this parameter when paginating results to specify the maximum number 6128 // of items to return in the response. If additional items exist beyond the 6129 // number you specify, the NextToken element is sent in the response. Use this 6130 // NextToken value in a subsequent request to retrieve additional items. 6131 MaxResults *int64 `min:"1" type:"integer"` 6132 6133 // Use this parameter when paginating results in a subsequent request after 6134 // you receive a response with truncated results. Set it to the value of NextToken 6135 // from the response you just received. 6136 NextToken *string `min:"1" type:"string"` 6137} 6138 6139// String returns the string representation 6140func (s ListTagsInput) String() string { 6141 return awsutil.Prettify(s) 6142} 6143 6144// GoString returns the string representation 6145func (s ListTagsInput) GoString() string { 6146 return s.String() 6147} 6148 6149// Validate inspects the fields of the type to determine if they are valid. 6150func (s *ListTagsInput) Validate() error { 6151 invalidParams := request.ErrInvalidParams{Context: "ListTagsInput"} 6152 if s.CertificateAuthorityArn == nil { 6153 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6154 } 6155 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6156 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6157 } 6158 if s.MaxResults != nil && *s.MaxResults < 1 { 6159 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6160 } 6161 if s.NextToken != nil && len(*s.NextToken) < 1 { 6162 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6163 } 6164 6165 if invalidParams.Len() > 0 { 6166 return invalidParams 6167 } 6168 return nil 6169} 6170 6171// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6172func (s *ListTagsInput) SetCertificateAuthorityArn(v string) *ListTagsInput { 6173 s.CertificateAuthorityArn = &v 6174 return s 6175} 6176 6177// SetMaxResults sets the MaxResults field's value. 6178func (s *ListTagsInput) SetMaxResults(v int64) *ListTagsInput { 6179 s.MaxResults = &v 6180 return s 6181} 6182 6183// SetNextToken sets the NextToken field's value. 6184func (s *ListTagsInput) SetNextToken(v string) *ListTagsInput { 6185 s.NextToken = &v 6186 return s 6187} 6188 6189type ListTagsOutput struct { 6190 _ struct{} `type:"structure"` 6191 6192 // When the list is truncated, this value is present and should be used for 6193 // the NextToken parameter in a subsequent pagination request. 6194 NextToken *string `min:"1" type:"string"` 6195 6196 // The tags associated with your private CA. 6197 Tags []*Tag `min:"1" type:"list"` 6198} 6199 6200// String returns the string representation 6201func (s ListTagsOutput) String() string { 6202 return awsutil.Prettify(s) 6203} 6204 6205// GoString returns the string representation 6206func (s ListTagsOutput) GoString() string { 6207 return s.String() 6208} 6209 6210// SetNextToken sets the NextToken field's value. 6211func (s *ListTagsOutput) SetNextToken(v string) *ListTagsOutput { 6212 s.NextToken = &v 6213 return s 6214} 6215 6216// SetTags sets the Tags field's value. 6217func (s *ListTagsOutput) SetTags(v []*Tag) *ListTagsOutput { 6218 s.Tags = v 6219 return s 6220} 6221 6222// The current action was prevented because it would lock the caller out from 6223// performing subsequent actions. Verify that the specified parameters would 6224// not result in the caller being denied access to the resource. 6225type LockoutPreventedException struct { 6226 _ struct{} `type:"structure"` 6227 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6228 6229 Message_ *string `locationName:"message" type:"string"` 6230} 6231 6232// String returns the string representation 6233func (s LockoutPreventedException) String() string { 6234 return awsutil.Prettify(s) 6235} 6236 6237// GoString returns the string representation 6238func (s LockoutPreventedException) GoString() string { 6239 return s.String() 6240} 6241 6242func newErrorLockoutPreventedException(v protocol.ResponseMetadata) error { 6243 return &LockoutPreventedException{ 6244 RespMetadata: v, 6245 } 6246} 6247 6248// Code returns the exception type name. 6249func (s *LockoutPreventedException) Code() string { 6250 return "LockoutPreventedException" 6251} 6252 6253// Message returns the exception's message. 6254func (s *LockoutPreventedException) Message() string { 6255 if s.Message_ != nil { 6256 return *s.Message_ 6257 } 6258 return "" 6259} 6260 6261// OrigErr always returns nil, satisfies awserr.Error interface. 6262func (s *LockoutPreventedException) OrigErr() error { 6263 return nil 6264} 6265 6266func (s *LockoutPreventedException) Error() string { 6267 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6268} 6269 6270// Status code returns the HTTP status code for the request's response error. 6271func (s *LockoutPreventedException) StatusCode() int { 6272 return s.RespMetadata.StatusCode 6273} 6274 6275// RequestID returns the service's response RequestID for request. 6276func (s *LockoutPreventedException) RequestID() string { 6277 return s.RespMetadata.RequestID 6278} 6279 6280// The certificate signing request is invalid. 6281type MalformedCSRException struct { 6282 _ struct{} `type:"structure"` 6283 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6284 6285 Message_ *string `locationName:"message" type:"string"` 6286} 6287 6288// String returns the string representation 6289func (s MalformedCSRException) String() string { 6290 return awsutil.Prettify(s) 6291} 6292 6293// GoString returns the string representation 6294func (s MalformedCSRException) GoString() string { 6295 return s.String() 6296} 6297 6298func newErrorMalformedCSRException(v protocol.ResponseMetadata) error { 6299 return &MalformedCSRException{ 6300 RespMetadata: v, 6301 } 6302} 6303 6304// Code returns the exception type name. 6305func (s *MalformedCSRException) Code() string { 6306 return "MalformedCSRException" 6307} 6308 6309// Message returns the exception's message. 6310func (s *MalformedCSRException) Message() string { 6311 if s.Message_ != nil { 6312 return *s.Message_ 6313 } 6314 return "" 6315} 6316 6317// OrigErr always returns nil, satisfies awserr.Error interface. 6318func (s *MalformedCSRException) OrigErr() error { 6319 return nil 6320} 6321 6322func (s *MalformedCSRException) Error() string { 6323 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6324} 6325 6326// Status code returns the HTTP status code for the request's response error. 6327func (s *MalformedCSRException) StatusCode() int { 6328 return s.RespMetadata.StatusCode 6329} 6330 6331// RequestID returns the service's response RequestID for request. 6332func (s *MalformedCSRException) RequestID() string { 6333 return s.RespMetadata.RequestID 6334} 6335 6336// One or more fields in the certificate are invalid. 6337type MalformedCertificateException struct { 6338 _ struct{} `type:"structure"` 6339 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6340 6341 Message_ *string `locationName:"message" type:"string"` 6342} 6343 6344// String returns the string representation 6345func (s MalformedCertificateException) String() string { 6346 return awsutil.Prettify(s) 6347} 6348 6349// GoString returns the string representation 6350func (s MalformedCertificateException) GoString() string { 6351 return s.String() 6352} 6353 6354func newErrorMalformedCertificateException(v protocol.ResponseMetadata) error { 6355 return &MalformedCertificateException{ 6356 RespMetadata: v, 6357 } 6358} 6359 6360// Code returns the exception type name. 6361func (s *MalformedCertificateException) Code() string { 6362 return "MalformedCertificateException" 6363} 6364 6365// Message returns the exception's message. 6366func (s *MalformedCertificateException) Message() string { 6367 if s.Message_ != nil { 6368 return *s.Message_ 6369 } 6370 return "" 6371} 6372 6373// OrigErr always returns nil, satisfies awserr.Error interface. 6374func (s *MalformedCertificateException) OrigErr() error { 6375 return nil 6376} 6377 6378func (s *MalformedCertificateException) Error() string { 6379 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6380} 6381 6382// Status code returns the HTTP status code for the request's response error. 6383func (s *MalformedCertificateException) StatusCode() int { 6384 return s.RespMetadata.StatusCode 6385} 6386 6387// RequestID returns the service's response RequestID for request. 6388func (s *MalformedCertificateException) RequestID() string { 6389 return s.RespMetadata.RequestID 6390} 6391 6392// Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) 6393// and value. The OID must satisfy the regular expression shown below. For more 6394// information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 6395type OtherName struct { 6396 _ struct{} `type:"structure"` 6397 6398 // Specifies an OID. 6399 // 6400 // TypeId is a required field 6401 TypeId *string `type:"string" required:"true"` 6402 6403 // Specifies an OID value. 6404 // 6405 // Value is a required field 6406 Value *string `type:"string" required:"true"` 6407} 6408 6409// String returns the string representation 6410func (s OtherName) String() string { 6411 return awsutil.Prettify(s) 6412} 6413 6414// GoString returns the string representation 6415func (s OtherName) GoString() string { 6416 return s.String() 6417} 6418 6419// Validate inspects the fields of the type to determine if they are valid. 6420func (s *OtherName) Validate() error { 6421 invalidParams := request.ErrInvalidParams{Context: "OtherName"} 6422 if s.TypeId == nil { 6423 invalidParams.Add(request.NewErrParamRequired("TypeId")) 6424 } 6425 if s.Value == nil { 6426 invalidParams.Add(request.NewErrParamRequired("Value")) 6427 } 6428 6429 if invalidParams.Len() > 0 { 6430 return invalidParams 6431 } 6432 return nil 6433} 6434 6435// SetTypeId sets the TypeId field's value. 6436func (s *OtherName) SetTypeId(v string) *OtherName { 6437 s.TypeId = &v 6438 return s 6439} 6440 6441// SetValue sets the Value field's value. 6442func (s *OtherName) SetValue(v string) *OtherName { 6443 s.Value = &v 6444 return s 6445} 6446 6447// Permissions designate which private CA actions can be performed by an AWS 6448// service or entity. In order for ACM to automatically renew private certificates, 6449// you must give the ACM service principal all available permissions (IssueCertificate, 6450// GetCertificate, and ListPermissions). Permissions can be assigned with the 6451// CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 6452// action, removed with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 6453// action, and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 6454// action. 6455type Permission struct { 6456 _ struct{} `type:"structure"` 6457 6458 // The private CA actions that can be performed by the designated AWS service. 6459 Actions []*string `min:"1" type:"list"` 6460 6461 // The Amazon Resource Number (ARN) of the private CA from which the permission 6462 // was issued. 6463 CertificateAuthorityArn *string `min:"5" type:"string"` 6464 6465 // The time at which the permission was created. 6466 CreatedAt *time.Time `type:"timestamp"` 6467 6468 // The name of the policy that is associated with the permission. 6469 Policy *string `min:"1" type:"string"` 6470 6471 // The AWS service or entity that holds the permission. At this time, the only 6472 // valid principal is acm.amazonaws.com. 6473 Principal *string `type:"string"` 6474 6475 // The ID of the account that assigned the permission. 6476 SourceAccount *string `min:"12" type:"string"` 6477} 6478 6479// String returns the string representation 6480func (s Permission) String() string { 6481 return awsutil.Prettify(s) 6482} 6483 6484// GoString returns the string representation 6485func (s Permission) GoString() string { 6486 return s.String() 6487} 6488 6489// SetActions sets the Actions field's value. 6490func (s *Permission) SetActions(v []*string) *Permission { 6491 s.Actions = v 6492 return s 6493} 6494 6495// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6496func (s *Permission) SetCertificateAuthorityArn(v string) *Permission { 6497 s.CertificateAuthorityArn = &v 6498 return s 6499} 6500 6501// SetCreatedAt sets the CreatedAt field's value. 6502func (s *Permission) SetCreatedAt(v time.Time) *Permission { 6503 s.CreatedAt = &v 6504 return s 6505} 6506 6507// SetPolicy sets the Policy field's value. 6508func (s *Permission) SetPolicy(v string) *Permission { 6509 s.Policy = &v 6510 return s 6511} 6512 6513// SetPrincipal sets the Principal field's value. 6514func (s *Permission) SetPrincipal(v string) *Permission { 6515 s.Principal = &v 6516 return s 6517} 6518 6519// SetSourceAccount sets the SourceAccount field's value. 6520func (s *Permission) SetSourceAccount(v string) *Permission { 6521 s.SourceAccount = &v 6522 return s 6523} 6524 6525// The designated permission has already been given to the user. 6526type PermissionAlreadyExistsException struct { 6527 _ struct{} `type:"structure"` 6528 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6529 6530 Message_ *string `locationName:"message" type:"string"` 6531} 6532 6533// String returns the string representation 6534func (s PermissionAlreadyExistsException) String() string { 6535 return awsutil.Prettify(s) 6536} 6537 6538// GoString returns the string representation 6539func (s PermissionAlreadyExistsException) GoString() string { 6540 return s.String() 6541} 6542 6543func newErrorPermissionAlreadyExistsException(v protocol.ResponseMetadata) error { 6544 return &PermissionAlreadyExistsException{ 6545 RespMetadata: v, 6546 } 6547} 6548 6549// Code returns the exception type name. 6550func (s *PermissionAlreadyExistsException) Code() string { 6551 return "PermissionAlreadyExistsException" 6552} 6553 6554// Message returns the exception's message. 6555func (s *PermissionAlreadyExistsException) Message() string { 6556 if s.Message_ != nil { 6557 return *s.Message_ 6558 } 6559 return "" 6560} 6561 6562// OrigErr always returns nil, satisfies awserr.Error interface. 6563func (s *PermissionAlreadyExistsException) OrigErr() error { 6564 return nil 6565} 6566 6567func (s *PermissionAlreadyExistsException) Error() string { 6568 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6569} 6570 6571// Status code returns the HTTP status code for the request's response error. 6572func (s *PermissionAlreadyExistsException) StatusCode() int { 6573 return s.RespMetadata.StatusCode 6574} 6575 6576// RequestID returns the service's response RequestID for request. 6577func (s *PermissionAlreadyExistsException) RequestID() string { 6578 return s.RespMetadata.RequestID 6579} 6580 6581// Defines the X.509 CertificatePolicies extension. 6582type PolicyInformation struct { 6583 _ struct{} `type:"structure"` 6584 6585 // Specifies the object identifier (OID) of the certificate policy under which 6586 // the certificate was issued. For more information, see NIST's definition of 6587 // Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 6588 // 6589 // CertPolicyId is a required field 6590 CertPolicyId *string `type:"string" required:"true"` 6591 6592 // Modifies the given CertPolicyId with a qualifier. ACM Private CA supports 6593 // the certification practice statement (CPS) qualifier. 6594 PolicyQualifiers []*PolicyQualifierInfo `min:"1" type:"list"` 6595} 6596 6597// String returns the string representation 6598func (s PolicyInformation) String() string { 6599 return awsutil.Prettify(s) 6600} 6601 6602// GoString returns the string representation 6603func (s PolicyInformation) GoString() string { 6604 return s.String() 6605} 6606 6607// Validate inspects the fields of the type to determine if they are valid. 6608func (s *PolicyInformation) Validate() error { 6609 invalidParams := request.ErrInvalidParams{Context: "PolicyInformation"} 6610 if s.CertPolicyId == nil { 6611 invalidParams.Add(request.NewErrParamRequired("CertPolicyId")) 6612 } 6613 if s.PolicyQualifiers != nil && len(s.PolicyQualifiers) < 1 { 6614 invalidParams.Add(request.NewErrParamMinLen("PolicyQualifiers", 1)) 6615 } 6616 if s.PolicyQualifiers != nil { 6617 for i, v := range s.PolicyQualifiers { 6618 if v == nil { 6619 continue 6620 } 6621 if err := v.Validate(); err != nil { 6622 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyQualifiers", i), err.(request.ErrInvalidParams)) 6623 } 6624 } 6625 } 6626 6627 if invalidParams.Len() > 0 { 6628 return invalidParams 6629 } 6630 return nil 6631} 6632 6633// SetCertPolicyId sets the CertPolicyId field's value. 6634func (s *PolicyInformation) SetCertPolicyId(v string) *PolicyInformation { 6635 s.CertPolicyId = &v 6636 return s 6637} 6638 6639// SetPolicyQualifiers sets the PolicyQualifiers field's value. 6640func (s *PolicyInformation) SetPolicyQualifiers(v []*PolicyQualifierInfo) *PolicyInformation { 6641 s.PolicyQualifiers = v 6642 return s 6643} 6644 6645// Modifies the CertPolicyId of a PolicyInformation object with a qualifier. 6646// ACM Private CA supports the certification practice statement (CPS) qualifier. 6647type PolicyQualifierInfo struct { 6648 _ struct{} `type:"structure"` 6649 6650 // Identifies the qualifier modifying a CertPolicyId. 6651 // 6652 // PolicyQualifierId is a required field 6653 PolicyQualifierId *string `type:"string" required:"true" enum:"PolicyQualifierId"` 6654 6655 // Defines the qualifier type. ACM Private CA supports the use of a URI for 6656 // a CPS qualifier in this field. 6657 // 6658 // Qualifier is a required field 6659 Qualifier *Qualifier `type:"structure" required:"true"` 6660} 6661 6662// String returns the string representation 6663func (s PolicyQualifierInfo) String() string { 6664 return awsutil.Prettify(s) 6665} 6666 6667// GoString returns the string representation 6668func (s PolicyQualifierInfo) GoString() string { 6669 return s.String() 6670} 6671 6672// Validate inspects the fields of the type to determine if they are valid. 6673func (s *PolicyQualifierInfo) Validate() error { 6674 invalidParams := request.ErrInvalidParams{Context: "PolicyQualifierInfo"} 6675 if s.PolicyQualifierId == nil { 6676 invalidParams.Add(request.NewErrParamRequired("PolicyQualifierId")) 6677 } 6678 if s.Qualifier == nil { 6679 invalidParams.Add(request.NewErrParamRequired("Qualifier")) 6680 } 6681 if s.Qualifier != nil { 6682 if err := s.Qualifier.Validate(); err != nil { 6683 invalidParams.AddNested("Qualifier", err.(request.ErrInvalidParams)) 6684 } 6685 } 6686 6687 if invalidParams.Len() > 0 { 6688 return invalidParams 6689 } 6690 return nil 6691} 6692 6693// SetPolicyQualifierId sets the PolicyQualifierId field's value. 6694func (s *PolicyQualifierInfo) SetPolicyQualifierId(v string) *PolicyQualifierInfo { 6695 s.PolicyQualifierId = &v 6696 return s 6697} 6698 6699// SetQualifier sets the Qualifier field's value. 6700func (s *PolicyQualifierInfo) SetQualifier(v *Qualifier) *PolicyQualifierInfo { 6701 s.Qualifier = v 6702 return s 6703} 6704 6705type PutPolicyInput struct { 6706 _ struct{} `type:"structure"` 6707 6708 // The path and file name of a JSON-formatted IAM policy to attach to the specified 6709 // private CA resource. If this policy does not contain all required statements 6710 // or if it includes any statement that is not allowed, the PutPolicy action 6711 // returns an InvalidPolicyException. For information about IAM policy and statement 6712 // structure, see Overview of JSON Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 6713 // 6714 // Policy is a required field 6715 Policy *string `min:"1" type:"string" required:"true"` 6716 6717 // The Amazon Resource Number (ARN) of the private CA to associate with the 6718 // policy. The ARN of the CA can be found by calling the ListCertificateAuthorities 6719 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6720 // action. 6721 // 6722 // ResourceArn is a required field 6723 ResourceArn *string `min:"5" type:"string" required:"true"` 6724} 6725 6726// String returns the string representation 6727func (s PutPolicyInput) String() string { 6728 return awsutil.Prettify(s) 6729} 6730 6731// GoString returns the string representation 6732func (s PutPolicyInput) GoString() string { 6733 return s.String() 6734} 6735 6736// Validate inspects the fields of the type to determine if they are valid. 6737func (s *PutPolicyInput) Validate() error { 6738 invalidParams := request.ErrInvalidParams{Context: "PutPolicyInput"} 6739 if s.Policy == nil { 6740 invalidParams.Add(request.NewErrParamRequired("Policy")) 6741 } 6742 if s.Policy != nil && len(*s.Policy) < 1 { 6743 invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) 6744 } 6745 if s.ResourceArn == nil { 6746 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 6747 } 6748 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 6749 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 6750 } 6751 6752 if invalidParams.Len() > 0 { 6753 return invalidParams 6754 } 6755 return nil 6756} 6757 6758// SetPolicy sets the Policy field's value. 6759func (s *PutPolicyInput) SetPolicy(v string) *PutPolicyInput { 6760 s.Policy = &v 6761 return s 6762} 6763 6764// SetResourceArn sets the ResourceArn field's value. 6765func (s *PutPolicyInput) SetResourceArn(v string) *PutPolicyInput { 6766 s.ResourceArn = &v 6767 return s 6768} 6769 6770type PutPolicyOutput struct { 6771 _ struct{} `type:"structure"` 6772} 6773 6774// String returns the string representation 6775func (s PutPolicyOutput) String() string { 6776 return awsutil.Prettify(s) 6777} 6778 6779// GoString returns the string representation 6780func (s PutPolicyOutput) GoString() string { 6781 return s.String() 6782} 6783 6784// Defines a PolicyInformation qualifier. ACM Private CA supports the certification 6785// practice statement (CPS) qualifier (https://tools.ietf.org/html/rfc5280#section-4.2.1.4) 6786// defined in RFC 5280. 6787type Qualifier struct { 6788 _ struct{} `type:"structure"` 6789 6790 // Contains a pointer to a certification practice statement (CPS) published 6791 // by the CA. 6792 // 6793 // CpsUri is a required field 6794 CpsUri *string `type:"string" required:"true"` 6795} 6796 6797// String returns the string representation 6798func (s Qualifier) String() string { 6799 return awsutil.Prettify(s) 6800} 6801 6802// GoString returns the string representation 6803func (s Qualifier) GoString() string { 6804 return s.String() 6805} 6806 6807// Validate inspects the fields of the type to determine if they are valid. 6808func (s *Qualifier) Validate() error { 6809 invalidParams := request.ErrInvalidParams{Context: "Qualifier"} 6810 if s.CpsUri == nil { 6811 invalidParams.Add(request.NewErrParamRequired("CpsUri")) 6812 } 6813 6814 if invalidParams.Len() > 0 { 6815 return invalidParams 6816 } 6817 return nil 6818} 6819 6820// SetCpsUri sets the CpsUri field's value. 6821func (s *Qualifier) SetCpsUri(v string) *Qualifier { 6822 s.CpsUri = &v 6823 return s 6824} 6825 6826// Your request has already been completed. 6827type RequestAlreadyProcessedException struct { 6828 _ struct{} `type:"structure"` 6829 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6830 6831 Message_ *string `locationName:"message" type:"string"` 6832} 6833 6834// String returns the string representation 6835func (s RequestAlreadyProcessedException) String() string { 6836 return awsutil.Prettify(s) 6837} 6838 6839// GoString returns the string representation 6840func (s RequestAlreadyProcessedException) GoString() string { 6841 return s.String() 6842} 6843 6844func newErrorRequestAlreadyProcessedException(v protocol.ResponseMetadata) error { 6845 return &RequestAlreadyProcessedException{ 6846 RespMetadata: v, 6847 } 6848} 6849 6850// Code returns the exception type name. 6851func (s *RequestAlreadyProcessedException) Code() string { 6852 return "RequestAlreadyProcessedException" 6853} 6854 6855// Message returns the exception's message. 6856func (s *RequestAlreadyProcessedException) Message() string { 6857 if s.Message_ != nil { 6858 return *s.Message_ 6859 } 6860 return "" 6861} 6862 6863// OrigErr always returns nil, satisfies awserr.Error interface. 6864func (s *RequestAlreadyProcessedException) OrigErr() error { 6865 return nil 6866} 6867 6868func (s *RequestAlreadyProcessedException) Error() string { 6869 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6870} 6871 6872// Status code returns the HTTP status code for the request's response error. 6873func (s *RequestAlreadyProcessedException) StatusCode() int { 6874 return s.RespMetadata.StatusCode 6875} 6876 6877// RequestID returns the service's response RequestID for request. 6878func (s *RequestAlreadyProcessedException) RequestID() string { 6879 return s.RespMetadata.RequestID 6880} 6881 6882// The request has failed for an unspecified reason. 6883type RequestFailedException struct { 6884 _ struct{} `type:"structure"` 6885 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6886 6887 Message_ *string `locationName:"message" type:"string"` 6888} 6889 6890// String returns the string representation 6891func (s RequestFailedException) String() string { 6892 return awsutil.Prettify(s) 6893} 6894 6895// GoString returns the string representation 6896func (s RequestFailedException) GoString() string { 6897 return s.String() 6898} 6899 6900func newErrorRequestFailedException(v protocol.ResponseMetadata) error { 6901 return &RequestFailedException{ 6902 RespMetadata: v, 6903 } 6904} 6905 6906// Code returns the exception type name. 6907func (s *RequestFailedException) Code() string { 6908 return "RequestFailedException" 6909} 6910 6911// Message returns the exception's message. 6912func (s *RequestFailedException) Message() string { 6913 if s.Message_ != nil { 6914 return *s.Message_ 6915 } 6916 return "" 6917} 6918 6919// OrigErr always returns nil, satisfies awserr.Error interface. 6920func (s *RequestFailedException) OrigErr() error { 6921 return nil 6922} 6923 6924func (s *RequestFailedException) Error() string { 6925 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6926} 6927 6928// Status code returns the HTTP status code for the request's response error. 6929func (s *RequestFailedException) StatusCode() int { 6930 return s.RespMetadata.StatusCode 6931} 6932 6933// RequestID returns the service's response RequestID for request. 6934func (s *RequestFailedException) RequestID() string { 6935 return s.RespMetadata.RequestID 6936} 6937 6938// Your request is already in progress. 6939type RequestInProgressException struct { 6940 _ struct{} `type:"structure"` 6941 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6942 6943 Message_ *string `locationName:"message" type:"string"` 6944} 6945 6946// String returns the string representation 6947func (s RequestInProgressException) String() string { 6948 return awsutil.Prettify(s) 6949} 6950 6951// GoString returns the string representation 6952func (s RequestInProgressException) GoString() string { 6953 return s.String() 6954} 6955 6956func newErrorRequestInProgressException(v protocol.ResponseMetadata) error { 6957 return &RequestInProgressException{ 6958 RespMetadata: v, 6959 } 6960} 6961 6962// Code returns the exception type name. 6963func (s *RequestInProgressException) Code() string { 6964 return "RequestInProgressException" 6965} 6966 6967// Message returns the exception's message. 6968func (s *RequestInProgressException) Message() string { 6969 if s.Message_ != nil { 6970 return *s.Message_ 6971 } 6972 return "" 6973} 6974 6975// OrigErr always returns nil, satisfies awserr.Error interface. 6976func (s *RequestInProgressException) OrigErr() error { 6977 return nil 6978} 6979 6980func (s *RequestInProgressException) Error() string { 6981 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6982} 6983 6984// Status code returns the HTTP status code for the request's response error. 6985func (s *RequestInProgressException) StatusCode() int { 6986 return s.RespMetadata.StatusCode 6987} 6988 6989// RequestID returns the service's response RequestID for request. 6990func (s *RequestInProgressException) RequestID() string { 6991 return s.RespMetadata.RequestID 6992} 6993 6994// A resource such as a private CA, S3 bucket, certificate, audit report, or 6995// policy cannot be found. 6996type ResourceNotFoundException struct { 6997 _ struct{} `type:"structure"` 6998 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6999 7000 Message_ *string `locationName:"message" type:"string"` 7001} 7002 7003// String returns the string representation 7004func (s ResourceNotFoundException) String() string { 7005 return awsutil.Prettify(s) 7006} 7007 7008// GoString returns the string representation 7009func (s ResourceNotFoundException) GoString() string { 7010 return s.String() 7011} 7012 7013func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { 7014 return &ResourceNotFoundException{ 7015 RespMetadata: v, 7016 } 7017} 7018 7019// Code returns the exception type name. 7020func (s *ResourceNotFoundException) Code() string { 7021 return "ResourceNotFoundException" 7022} 7023 7024// Message returns the exception's message. 7025func (s *ResourceNotFoundException) Message() string { 7026 if s.Message_ != nil { 7027 return *s.Message_ 7028 } 7029 return "" 7030} 7031 7032// OrigErr always returns nil, satisfies awserr.Error interface. 7033func (s *ResourceNotFoundException) OrigErr() error { 7034 return nil 7035} 7036 7037func (s *ResourceNotFoundException) Error() string { 7038 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7039} 7040 7041// Status code returns the HTTP status code for the request's response error. 7042func (s *ResourceNotFoundException) StatusCode() int { 7043 return s.RespMetadata.StatusCode 7044} 7045 7046// RequestID returns the service's response RequestID for request. 7047func (s *ResourceNotFoundException) RequestID() string { 7048 return s.RespMetadata.RequestID 7049} 7050 7051type RestoreCertificateAuthorityInput struct { 7052 _ struct{} `type:"structure"` 7053 7054 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 7055 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7056 // action. This must be of the form: 7057 // 7058 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7059 // 7060 // CertificateAuthorityArn is a required field 7061 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7062} 7063 7064// String returns the string representation 7065func (s RestoreCertificateAuthorityInput) String() string { 7066 return awsutil.Prettify(s) 7067} 7068 7069// GoString returns the string representation 7070func (s RestoreCertificateAuthorityInput) GoString() string { 7071 return s.String() 7072} 7073 7074// Validate inspects the fields of the type to determine if they are valid. 7075func (s *RestoreCertificateAuthorityInput) Validate() error { 7076 invalidParams := request.ErrInvalidParams{Context: "RestoreCertificateAuthorityInput"} 7077 if s.CertificateAuthorityArn == nil { 7078 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7079 } 7080 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7081 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7082 } 7083 7084 if invalidParams.Len() > 0 { 7085 return invalidParams 7086 } 7087 return nil 7088} 7089 7090// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7091func (s *RestoreCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *RestoreCertificateAuthorityInput { 7092 s.CertificateAuthorityArn = &v 7093 return s 7094} 7095 7096type RestoreCertificateAuthorityOutput struct { 7097 _ struct{} `type:"structure"` 7098} 7099 7100// String returns the string representation 7101func (s RestoreCertificateAuthorityOutput) String() string { 7102 return awsutil.Prettify(s) 7103} 7104 7105// GoString returns the string representation 7106func (s RestoreCertificateAuthorityOutput) GoString() string { 7107 return s.String() 7108} 7109 7110// Certificate revocation information used by the CreateCertificateAuthority 7111// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7112// and UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 7113// actions. Your private certificate authority (CA) can create and maintain 7114// a certificate revocation list (CRL). A CRL contains information about certificates 7115// revoked by your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html). 7116type RevocationConfiguration struct { 7117 _ struct{} `type:"structure"` 7118 7119 // Configuration of the certificate revocation list (CRL), if any, maintained 7120 // by your private CA. 7121 CrlConfiguration *CrlConfiguration `type:"structure"` 7122} 7123 7124// String returns the string representation 7125func (s RevocationConfiguration) String() string { 7126 return awsutil.Prettify(s) 7127} 7128 7129// GoString returns the string representation 7130func (s RevocationConfiguration) GoString() string { 7131 return s.String() 7132} 7133 7134// Validate inspects the fields of the type to determine if they are valid. 7135func (s *RevocationConfiguration) Validate() error { 7136 invalidParams := request.ErrInvalidParams{Context: "RevocationConfiguration"} 7137 if s.CrlConfiguration != nil { 7138 if err := s.CrlConfiguration.Validate(); err != nil { 7139 invalidParams.AddNested("CrlConfiguration", err.(request.ErrInvalidParams)) 7140 } 7141 } 7142 7143 if invalidParams.Len() > 0 { 7144 return invalidParams 7145 } 7146 return nil 7147} 7148 7149// SetCrlConfiguration sets the CrlConfiguration field's value. 7150func (s *RevocationConfiguration) SetCrlConfiguration(v *CrlConfiguration) *RevocationConfiguration { 7151 s.CrlConfiguration = v 7152 return s 7153} 7154 7155type RevokeCertificateInput struct { 7156 _ struct{} `type:"structure"` 7157 7158 // Amazon Resource Name (ARN) of the private CA that issued the certificate 7159 // to be revoked. This must be of the form: 7160 // 7161 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7162 // 7163 // CertificateAuthorityArn is a required field 7164 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7165 7166 // Serial number of the certificate to be revoked. This must be in hexadecimal 7167 // format. You can retrieve the serial number by calling GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 7168 // with the Amazon Resource Name (ARN) of the certificate you want and the ARN 7169 // of your private CA. The GetCertificate action retrieves the certificate in 7170 // the PEM format. You can use the following OpenSSL command to list the certificate 7171 // in text format and copy the hexadecimal serial number. 7172 // 7173 // openssl x509 -in file_path -text -noout 7174 // 7175 // You can also copy the serial number from the console or use the DescribeCertificate 7176 // (https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) 7177 // action in the AWS Certificate Manager API Reference. 7178 // 7179 // CertificateSerial is a required field 7180 CertificateSerial *string `type:"string" required:"true"` 7181 7182 // Specifies why you revoked the certificate. 7183 // 7184 // RevocationReason is a required field 7185 RevocationReason *string `type:"string" required:"true" enum:"RevocationReason"` 7186} 7187 7188// String returns the string representation 7189func (s RevokeCertificateInput) String() string { 7190 return awsutil.Prettify(s) 7191} 7192 7193// GoString returns the string representation 7194func (s RevokeCertificateInput) GoString() string { 7195 return s.String() 7196} 7197 7198// Validate inspects the fields of the type to determine if they are valid. 7199func (s *RevokeCertificateInput) Validate() error { 7200 invalidParams := request.ErrInvalidParams{Context: "RevokeCertificateInput"} 7201 if s.CertificateAuthorityArn == nil { 7202 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7203 } 7204 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7205 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7206 } 7207 if s.CertificateSerial == nil { 7208 invalidParams.Add(request.NewErrParamRequired("CertificateSerial")) 7209 } 7210 if s.RevocationReason == nil { 7211 invalidParams.Add(request.NewErrParamRequired("RevocationReason")) 7212 } 7213 7214 if invalidParams.Len() > 0 { 7215 return invalidParams 7216 } 7217 return nil 7218} 7219 7220// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7221func (s *RevokeCertificateInput) SetCertificateAuthorityArn(v string) *RevokeCertificateInput { 7222 s.CertificateAuthorityArn = &v 7223 return s 7224} 7225 7226// SetCertificateSerial sets the CertificateSerial field's value. 7227func (s *RevokeCertificateInput) SetCertificateSerial(v string) *RevokeCertificateInput { 7228 s.CertificateSerial = &v 7229 return s 7230} 7231 7232// SetRevocationReason sets the RevocationReason field's value. 7233func (s *RevokeCertificateInput) SetRevocationReason(v string) *RevokeCertificateInput { 7234 s.RevocationReason = &v 7235 return s 7236} 7237 7238type RevokeCertificateOutput struct { 7239 _ struct{} `type:"structure"` 7240} 7241 7242// String returns the string representation 7243func (s RevokeCertificateOutput) String() string { 7244 return awsutil.Prettify(s) 7245} 7246 7247// GoString returns the string representation 7248func (s RevokeCertificateOutput) GoString() string { 7249 return s.String() 7250} 7251 7252// Tags are labels that you can use to identify and organize your private CAs. 7253// Each tag consists of a key and an optional value. You can associate up to 7254// 50 tags with a private CA. To add one or more tags to a private CA, call 7255// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 7256// action. To remove a tag, call the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 7257// action. 7258type Tag struct { 7259 _ struct{} `type:"structure"` 7260 7261 // Key (name) of the tag. 7262 // 7263 // Key is a required field 7264 Key *string `min:"1" type:"string" required:"true"` 7265 7266 // Value of the tag. 7267 Value *string `type:"string"` 7268} 7269 7270// String returns the string representation 7271func (s Tag) String() string { 7272 return awsutil.Prettify(s) 7273} 7274 7275// GoString returns the string representation 7276func (s Tag) GoString() string { 7277 return s.String() 7278} 7279 7280// Validate inspects the fields of the type to determine if they are valid. 7281func (s *Tag) Validate() error { 7282 invalidParams := request.ErrInvalidParams{Context: "Tag"} 7283 if s.Key == nil { 7284 invalidParams.Add(request.NewErrParamRequired("Key")) 7285 } 7286 if s.Key != nil && len(*s.Key) < 1 { 7287 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 7288 } 7289 7290 if invalidParams.Len() > 0 { 7291 return invalidParams 7292 } 7293 return nil 7294} 7295 7296// SetKey sets the Key field's value. 7297func (s *Tag) SetKey(v string) *Tag { 7298 s.Key = &v 7299 return s 7300} 7301 7302// SetValue sets the Value field's value. 7303func (s *Tag) SetValue(v string) *Tag { 7304 s.Value = &v 7305 return s 7306} 7307 7308type TagCertificateAuthorityInput struct { 7309 _ struct{} `type:"structure"` 7310 7311 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 7312 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 7313 // This must be of the form: 7314 // 7315 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7316 // 7317 // CertificateAuthorityArn is a required field 7318 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7319 7320 // List of tags to be associated with the CA. 7321 // 7322 // Tags is a required field 7323 Tags []*Tag `min:"1" type:"list" required:"true"` 7324} 7325 7326// String returns the string representation 7327func (s TagCertificateAuthorityInput) String() string { 7328 return awsutil.Prettify(s) 7329} 7330 7331// GoString returns the string representation 7332func (s TagCertificateAuthorityInput) GoString() string { 7333 return s.String() 7334} 7335 7336// Validate inspects the fields of the type to determine if they are valid. 7337func (s *TagCertificateAuthorityInput) Validate() error { 7338 invalidParams := request.ErrInvalidParams{Context: "TagCertificateAuthorityInput"} 7339 if s.CertificateAuthorityArn == nil { 7340 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7341 } 7342 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7343 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7344 } 7345 if s.Tags == nil { 7346 invalidParams.Add(request.NewErrParamRequired("Tags")) 7347 } 7348 if s.Tags != nil && len(s.Tags) < 1 { 7349 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 7350 } 7351 if s.Tags != nil { 7352 for i, v := range s.Tags { 7353 if v == nil { 7354 continue 7355 } 7356 if err := v.Validate(); err != nil { 7357 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 7358 } 7359 } 7360 } 7361 7362 if invalidParams.Len() > 0 { 7363 return invalidParams 7364 } 7365 return nil 7366} 7367 7368// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7369func (s *TagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *TagCertificateAuthorityInput { 7370 s.CertificateAuthorityArn = &v 7371 return s 7372} 7373 7374// SetTags sets the Tags field's value. 7375func (s *TagCertificateAuthorityInput) SetTags(v []*Tag) *TagCertificateAuthorityInput { 7376 s.Tags = v 7377 return s 7378} 7379 7380type TagCertificateAuthorityOutput struct { 7381 _ struct{} `type:"structure"` 7382} 7383 7384// String returns the string representation 7385func (s TagCertificateAuthorityOutput) String() string { 7386 return awsutil.Prettify(s) 7387} 7388 7389// GoString returns the string representation 7390func (s TagCertificateAuthorityOutput) GoString() string { 7391 return s.String() 7392} 7393 7394// You can associate up to 50 tags with a private CA. Exception information 7395// is contained in the exception message field. 7396type TooManyTagsException struct { 7397 _ struct{} `type:"structure"` 7398 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7399 7400 Message_ *string `locationName:"message" type:"string"` 7401} 7402 7403// String returns the string representation 7404func (s TooManyTagsException) String() string { 7405 return awsutil.Prettify(s) 7406} 7407 7408// GoString returns the string representation 7409func (s TooManyTagsException) GoString() string { 7410 return s.String() 7411} 7412 7413func newErrorTooManyTagsException(v protocol.ResponseMetadata) error { 7414 return &TooManyTagsException{ 7415 RespMetadata: v, 7416 } 7417} 7418 7419// Code returns the exception type name. 7420func (s *TooManyTagsException) Code() string { 7421 return "TooManyTagsException" 7422} 7423 7424// Message returns the exception's message. 7425func (s *TooManyTagsException) Message() string { 7426 if s.Message_ != nil { 7427 return *s.Message_ 7428 } 7429 return "" 7430} 7431 7432// OrigErr always returns nil, satisfies awserr.Error interface. 7433func (s *TooManyTagsException) OrigErr() error { 7434 return nil 7435} 7436 7437func (s *TooManyTagsException) Error() string { 7438 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7439} 7440 7441// Status code returns the HTTP status code for the request's response error. 7442func (s *TooManyTagsException) StatusCode() int { 7443 return s.RespMetadata.StatusCode 7444} 7445 7446// RequestID returns the service's response RequestID for request. 7447func (s *TooManyTagsException) RequestID() string { 7448 return s.RespMetadata.RequestID 7449} 7450 7451type UntagCertificateAuthorityInput struct { 7452 _ struct{} `type:"structure"` 7453 7454 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 7455 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 7456 // This must be of the form: 7457 // 7458 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7459 // 7460 // CertificateAuthorityArn is a required field 7461 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7462 7463 // List of tags to be removed from the CA. 7464 // 7465 // Tags is a required field 7466 Tags []*Tag `min:"1" type:"list" required:"true"` 7467} 7468 7469// String returns the string representation 7470func (s UntagCertificateAuthorityInput) String() string { 7471 return awsutil.Prettify(s) 7472} 7473 7474// GoString returns the string representation 7475func (s UntagCertificateAuthorityInput) GoString() string { 7476 return s.String() 7477} 7478 7479// Validate inspects the fields of the type to determine if they are valid. 7480func (s *UntagCertificateAuthorityInput) Validate() error { 7481 invalidParams := request.ErrInvalidParams{Context: "UntagCertificateAuthorityInput"} 7482 if s.CertificateAuthorityArn == nil { 7483 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7484 } 7485 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7486 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7487 } 7488 if s.Tags == nil { 7489 invalidParams.Add(request.NewErrParamRequired("Tags")) 7490 } 7491 if s.Tags != nil && len(s.Tags) < 1 { 7492 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 7493 } 7494 if s.Tags != nil { 7495 for i, v := range s.Tags { 7496 if v == nil { 7497 continue 7498 } 7499 if err := v.Validate(); err != nil { 7500 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 7501 } 7502 } 7503 } 7504 7505 if invalidParams.Len() > 0 { 7506 return invalidParams 7507 } 7508 return nil 7509} 7510 7511// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7512func (s *UntagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UntagCertificateAuthorityInput { 7513 s.CertificateAuthorityArn = &v 7514 return s 7515} 7516 7517// SetTags sets the Tags field's value. 7518func (s *UntagCertificateAuthorityInput) SetTags(v []*Tag) *UntagCertificateAuthorityInput { 7519 s.Tags = v 7520 return s 7521} 7522 7523type UntagCertificateAuthorityOutput struct { 7524 _ struct{} `type:"structure"` 7525} 7526 7527// String returns the string representation 7528func (s UntagCertificateAuthorityOutput) String() string { 7529 return awsutil.Prettify(s) 7530} 7531 7532// GoString returns the string representation 7533func (s UntagCertificateAuthorityOutput) GoString() string { 7534 return s.String() 7535} 7536 7537type UpdateCertificateAuthorityInput struct { 7538 _ struct{} `type:"structure"` 7539 7540 // Amazon Resource Name (ARN) of the private CA that issued the certificate 7541 // to be revoked. This must be of the form: 7542 // 7543 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7544 // 7545 // CertificateAuthorityArn is a required field 7546 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7547 7548 // Revocation information for your private CA. 7549 RevocationConfiguration *RevocationConfiguration `type:"structure"` 7550 7551 // Status of your private CA. 7552 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 7553} 7554 7555// String returns the string representation 7556func (s UpdateCertificateAuthorityInput) String() string { 7557 return awsutil.Prettify(s) 7558} 7559 7560// GoString returns the string representation 7561func (s UpdateCertificateAuthorityInput) GoString() string { 7562 return s.String() 7563} 7564 7565// Validate inspects the fields of the type to determine if they are valid. 7566func (s *UpdateCertificateAuthorityInput) Validate() error { 7567 invalidParams := request.ErrInvalidParams{Context: "UpdateCertificateAuthorityInput"} 7568 if s.CertificateAuthorityArn == nil { 7569 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7570 } 7571 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7572 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7573 } 7574 if s.RevocationConfiguration != nil { 7575 if err := s.RevocationConfiguration.Validate(); err != nil { 7576 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 7577 } 7578 } 7579 7580 if invalidParams.Len() > 0 { 7581 return invalidParams 7582 } 7583 return nil 7584} 7585 7586// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7587func (s *UpdateCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UpdateCertificateAuthorityInput { 7588 s.CertificateAuthorityArn = &v 7589 return s 7590} 7591 7592// SetRevocationConfiguration sets the RevocationConfiguration field's value. 7593func (s *UpdateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *UpdateCertificateAuthorityInput { 7594 s.RevocationConfiguration = v 7595 return s 7596} 7597 7598// SetStatus sets the Status field's value. 7599func (s *UpdateCertificateAuthorityInput) SetStatus(v string) *UpdateCertificateAuthorityInput { 7600 s.Status = &v 7601 return s 7602} 7603 7604type UpdateCertificateAuthorityOutput struct { 7605 _ struct{} `type:"structure"` 7606} 7607 7608// String returns the string representation 7609func (s UpdateCertificateAuthorityOutput) String() string { 7610 return awsutil.Prettify(s) 7611} 7612 7613// GoString returns the string representation 7614func (s UpdateCertificateAuthorityOutput) GoString() string { 7615 return s.String() 7616} 7617 7618// Validity specifies the period of time during which a certificate is valid. 7619// Validity can be expressed as an explicit date and time when the validity 7620// of a certificate starts or expires, or as a span of time after issuance, 7621// stated in days, months, or years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 7622// in RFC 5280. 7623// 7624// ACM Private CA API consumes the Validity data type differently in two distinct 7625// parameters of the IssueCertificate action. The required parameter IssueCertificate:Validity 7626// specifies the end of a certificate's validity period. The optional parameter 7627// IssueCertificate:ValidityNotBefore specifies a customized starting time for 7628// the validity period. 7629type Validity struct { 7630 _ struct{} `type:"structure"` 7631 7632 // Determines how ACM Private CA interprets the Value parameter, an integer. 7633 // Supported validity types include those listed below. Type definitions with 7634 // values include a sample input value and the resulting output. 7635 // 7636 // END_DATE: The specific date and time when the certificate will expire, expressed 7637 // using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS) format. 7638 // When UTCTime is used, if the year field (YY) is greater than or equal to 7639 // 50, the year is interpreted as 19YY. If the year field is less than 50, the 7640 // year is interpreted as 20YY. 7641 // 7642 // * Sample input value: 491231235959 (UTCTime format) 7643 // 7644 // * Output expiration date/time: 12/31/2049 23:59:59 7645 // 7646 // ABSOLUTE: The specific date and time when the validity of a certificate will 7647 // start or expire, expressed in seconds since the Unix Epoch. 7648 // 7649 // * Sample input value: 2524608000 7650 // 7651 // * Output expiration date/time: 01/01/2050 00:00:00 7652 // 7653 // DAYS, MONTHS, YEARS: The relative time from the moment of issuance until 7654 // the certificate will expire, expressed in days, months, or years. 7655 // 7656 // Example if DAYS, issued on 10/12/2020 at 12:34:54 UTC: 7657 // 7658 // * Sample input value: 90 7659 // 7660 // * Output expiration date: 01/10/2020 12:34:54 UTC 7661 // 7662 // The minimum validity duration for a certificate using relative time (DAYS) 7663 // is one day. The minimum validity for a certificate using absolute time (ABSOLUTE 7664 // or END_DATE) is one second. 7665 // 7666 // Type is a required field 7667 Type *string `type:"string" required:"true" enum:"ValidityPeriodType"` 7668 7669 // A long integer interpreted according to the value of Type, below. 7670 // 7671 // Value is a required field 7672 Value *int64 `min:"1" type:"long" required:"true"` 7673} 7674 7675// String returns the string representation 7676func (s Validity) String() string { 7677 return awsutil.Prettify(s) 7678} 7679 7680// GoString returns the string representation 7681func (s Validity) GoString() string { 7682 return s.String() 7683} 7684 7685// Validate inspects the fields of the type to determine if they are valid. 7686func (s *Validity) Validate() error { 7687 invalidParams := request.ErrInvalidParams{Context: "Validity"} 7688 if s.Type == nil { 7689 invalidParams.Add(request.NewErrParamRequired("Type")) 7690 } 7691 if s.Value == nil { 7692 invalidParams.Add(request.NewErrParamRequired("Value")) 7693 } 7694 if s.Value != nil && *s.Value < 1 { 7695 invalidParams.Add(request.NewErrParamMinValue("Value", 1)) 7696 } 7697 7698 if invalidParams.Len() > 0 { 7699 return invalidParams 7700 } 7701 return nil 7702} 7703 7704// SetType sets the Type field's value. 7705func (s *Validity) SetType(v string) *Validity { 7706 s.Type = &v 7707 return s 7708} 7709 7710// SetValue sets the Value field's value. 7711func (s *Validity) SetValue(v int64) *Validity { 7712 s.Value = &v 7713 return s 7714} 7715 7716const ( 7717 // AccessMethodTypeCaRepository is a AccessMethodType enum value 7718 AccessMethodTypeCaRepository = "CA_REPOSITORY" 7719 7720 // AccessMethodTypeResourcePkiManifest is a AccessMethodType enum value 7721 AccessMethodTypeResourcePkiManifest = "RESOURCE_PKI_MANIFEST" 7722 7723 // AccessMethodTypeResourcePkiNotify is a AccessMethodType enum value 7724 AccessMethodTypeResourcePkiNotify = "RESOURCE_PKI_NOTIFY" 7725) 7726 7727// AccessMethodType_Values returns all elements of the AccessMethodType enum 7728func AccessMethodType_Values() []string { 7729 return []string{ 7730 AccessMethodTypeCaRepository, 7731 AccessMethodTypeResourcePkiManifest, 7732 AccessMethodTypeResourcePkiNotify, 7733 } 7734} 7735 7736const ( 7737 // ActionTypeIssueCertificate is a ActionType enum value 7738 ActionTypeIssueCertificate = "IssueCertificate" 7739 7740 // ActionTypeGetCertificate is a ActionType enum value 7741 ActionTypeGetCertificate = "GetCertificate" 7742 7743 // ActionTypeListPermissions is a ActionType enum value 7744 ActionTypeListPermissions = "ListPermissions" 7745) 7746 7747// ActionType_Values returns all elements of the ActionType enum 7748func ActionType_Values() []string { 7749 return []string{ 7750 ActionTypeIssueCertificate, 7751 ActionTypeGetCertificate, 7752 ActionTypeListPermissions, 7753 } 7754} 7755 7756const ( 7757 // AuditReportResponseFormatJson is a AuditReportResponseFormat enum value 7758 AuditReportResponseFormatJson = "JSON" 7759 7760 // AuditReportResponseFormatCsv is a AuditReportResponseFormat enum value 7761 AuditReportResponseFormatCsv = "CSV" 7762) 7763 7764// AuditReportResponseFormat_Values returns all elements of the AuditReportResponseFormat enum 7765func AuditReportResponseFormat_Values() []string { 7766 return []string{ 7767 AuditReportResponseFormatJson, 7768 AuditReportResponseFormatCsv, 7769 } 7770} 7771 7772const ( 7773 // AuditReportStatusCreating is a AuditReportStatus enum value 7774 AuditReportStatusCreating = "CREATING" 7775 7776 // AuditReportStatusSuccess is a AuditReportStatus enum value 7777 AuditReportStatusSuccess = "SUCCESS" 7778 7779 // AuditReportStatusFailed is a AuditReportStatus enum value 7780 AuditReportStatusFailed = "FAILED" 7781) 7782 7783// AuditReportStatus_Values returns all elements of the AuditReportStatus enum 7784func AuditReportStatus_Values() []string { 7785 return []string{ 7786 AuditReportStatusCreating, 7787 AuditReportStatusSuccess, 7788 AuditReportStatusFailed, 7789 } 7790} 7791 7792const ( 7793 // CertificateAuthorityStatusCreating is a CertificateAuthorityStatus enum value 7794 CertificateAuthorityStatusCreating = "CREATING" 7795 7796 // CertificateAuthorityStatusPendingCertificate is a CertificateAuthorityStatus enum value 7797 CertificateAuthorityStatusPendingCertificate = "PENDING_CERTIFICATE" 7798 7799 // CertificateAuthorityStatusActive is a CertificateAuthorityStatus enum value 7800 CertificateAuthorityStatusActive = "ACTIVE" 7801 7802 // CertificateAuthorityStatusDeleted is a CertificateAuthorityStatus enum value 7803 CertificateAuthorityStatusDeleted = "DELETED" 7804 7805 // CertificateAuthorityStatusDisabled is a CertificateAuthorityStatus enum value 7806 CertificateAuthorityStatusDisabled = "DISABLED" 7807 7808 // CertificateAuthorityStatusExpired is a CertificateAuthorityStatus enum value 7809 CertificateAuthorityStatusExpired = "EXPIRED" 7810 7811 // CertificateAuthorityStatusFailed is a CertificateAuthorityStatus enum value 7812 CertificateAuthorityStatusFailed = "FAILED" 7813) 7814 7815// CertificateAuthorityStatus_Values returns all elements of the CertificateAuthorityStatus enum 7816func CertificateAuthorityStatus_Values() []string { 7817 return []string{ 7818 CertificateAuthorityStatusCreating, 7819 CertificateAuthorityStatusPendingCertificate, 7820 CertificateAuthorityStatusActive, 7821 CertificateAuthorityStatusDeleted, 7822 CertificateAuthorityStatusDisabled, 7823 CertificateAuthorityStatusExpired, 7824 CertificateAuthorityStatusFailed, 7825 } 7826} 7827 7828const ( 7829 // CertificateAuthorityTypeRoot is a CertificateAuthorityType enum value 7830 CertificateAuthorityTypeRoot = "ROOT" 7831 7832 // CertificateAuthorityTypeSubordinate is a CertificateAuthorityType enum value 7833 CertificateAuthorityTypeSubordinate = "SUBORDINATE" 7834) 7835 7836// CertificateAuthorityType_Values returns all elements of the CertificateAuthorityType enum 7837func CertificateAuthorityType_Values() []string { 7838 return []string{ 7839 CertificateAuthorityTypeRoot, 7840 CertificateAuthorityTypeSubordinate, 7841 } 7842} 7843 7844const ( 7845 // ExtendedKeyUsageTypeServerAuth is a ExtendedKeyUsageType enum value 7846 ExtendedKeyUsageTypeServerAuth = "SERVER_AUTH" 7847 7848 // ExtendedKeyUsageTypeClientAuth is a ExtendedKeyUsageType enum value 7849 ExtendedKeyUsageTypeClientAuth = "CLIENT_AUTH" 7850 7851 // ExtendedKeyUsageTypeCodeSigning is a ExtendedKeyUsageType enum value 7852 ExtendedKeyUsageTypeCodeSigning = "CODE_SIGNING" 7853 7854 // ExtendedKeyUsageTypeEmailProtection is a ExtendedKeyUsageType enum value 7855 ExtendedKeyUsageTypeEmailProtection = "EMAIL_PROTECTION" 7856 7857 // ExtendedKeyUsageTypeTimeStamping is a ExtendedKeyUsageType enum value 7858 ExtendedKeyUsageTypeTimeStamping = "TIME_STAMPING" 7859 7860 // ExtendedKeyUsageTypeOcspSigning is a ExtendedKeyUsageType enum value 7861 ExtendedKeyUsageTypeOcspSigning = "OCSP_SIGNING" 7862 7863 // ExtendedKeyUsageTypeSmartCardLogin is a ExtendedKeyUsageType enum value 7864 ExtendedKeyUsageTypeSmartCardLogin = "SMART_CARD_LOGIN" 7865 7866 // ExtendedKeyUsageTypeDocumentSigning is a ExtendedKeyUsageType enum value 7867 ExtendedKeyUsageTypeDocumentSigning = "DOCUMENT_SIGNING" 7868 7869 // ExtendedKeyUsageTypeCertificateTransparency is a ExtendedKeyUsageType enum value 7870 ExtendedKeyUsageTypeCertificateTransparency = "CERTIFICATE_TRANSPARENCY" 7871) 7872 7873// ExtendedKeyUsageType_Values returns all elements of the ExtendedKeyUsageType enum 7874func ExtendedKeyUsageType_Values() []string { 7875 return []string{ 7876 ExtendedKeyUsageTypeServerAuth, 7877 ExtendedKeyUsageTypeClientAuth, 7878 ExtendedKeyUsageTypeCodeSigning, 7879 ExtendedKeyUsageTypeEmailProtection, 7880 ExtendedKeyUsageTypeTimeStamping, 7881 ExtendedKeyUsageTypeOcspSigning, 7882 ExtendedKeyUsageTypeSmartCardLogin, 7883 ExtendedKeyUsageTypeDocumentSigning, 7884 ExtendedKeyUsageTypeCertificateTransparency, 7885 } 7886} 7887 7888const ( 7889 // FailureReasonRequestTimedOut is a FailureReason enum value 7890 FailureReasonRequestTimedOut = "REQUEST_TIMED_OUT" 7891 7892 // FailureReasonUnsupportedAlgorithm is a FailureReason enum value 7893 FailureReasonUnsupportedAlgorithm = "UNSUPPORTED_ALGORITHM" 7894 7895 // FailureReasonOther is a FailureReason enum value 7896 FailureReasonOther = "OTHER" 7897) 7898 7899// FailureReason_Values returns all elements of the FailureReason enum 7900func FailureReason_Values() []string { 7901 return []string{ 7902 FailureReasonRequestTimedOut, 7903 FailureReasonUnsupportedAlgorithm, 7904 FailureReasonOther, 7905 } 7906} 7907 7908const ( 7909 // KeyAlgorithmRsa2048 is a KeyAlgorithm enum value 7910 KeyAlgorithmRsa2048 = "RSA_2048" 7911 7912 // KeyAlgorithmRsa4096 is a KeyAlgorithm enum value 7913 KeyAlgorithmRsa4096 = "RSA_4096" 7914 7915 // KeyAlgorithmEcPrime256v1 is a KeyAlgorithm enum value 7916 KeyAlgorithmEcPrime256v1 = "EC_prime256v1" 7917 7918 // KeyAlgorithmEcSecp384r1 is a KeyAlgorithm enum value 7919 KeyAlgorithmEcSecp384r1 = "EC_secp384r1" 7920) 7921 7922// KeyAlgorithm_Values returns all elements of the KeyAlgorithm enum 7923func KeyAlgorithm_Values() []string { 7924 return []string{ 7925 KeyAlgorithmRsa2048, 7926 KeyAlgorithmRsa4096, 7927 KeyAlgorithmEcPrime256v1, 7928 KeyAlgorithmEcSecp384r1, 7929 } 7930} 7931 7932const ( 7933 // KeyStorageSecurityStandardFips1402Level2OrHigher is a KeyStorageSecurityStandard enum value 7934 KeyStorageSecurityStandardFips1402Level2OrHigher = "FIPS_140_2_LEVEL_2_OR_HIGHER" 7935 7936 // KeyStorageSecurityStandardFips1402Level3OrHigher is a KeyStorageSecurityStandard enum value 7937 KeyStorageSecurityStandardFips1402Level3OrHigher = "FIPS_140_2_LEVEL_3_OR_HIGHER" 7938) 7939 7940// KeyStorageSecurityStandard_Values returns all elements of the KeyStorageSecurityStandard enum 7941func KeyStorageSecurityStandard_Values() []string { 7942 return []string{ 7943 KeyStorageSecurityStandardFips1402Level2OrHigher, 7944 KeyStorageSecurityStandardFips1402Level3OrHigher, 7945 } 7946} 7947 7948const ( 7949 // PolicyQualifierIdCps is a PolicyQualifierId enum value 7950 PolicyQualifierIdCps = "CPS" 7951) 7952 7953// PolicyQualifierId_Values returns all elements of the PolicyQualifierId enum 7954func PolicyQualifierId_Values() []string { 7955 return []string{ 7956 PolicyQualifierIdCps, 7957 } 7958} 7959 7960const ( 7961 // ResourceOwnerSelf is a ResourceOwner enum value 7962 ResourceOwnerSelf = "SELF" 7963 7964 // ResourceOwnerOtherAccounts is a ResourceOwner enum value 7965 ResourceOwnerOtherAccounts = "OTHER_ACCOUNTS" 7966) 7967 7968// ResourceOwner_Values returns all elements of the ResourceOwner enum 7969func ResourceOwner_Values() []string { 7970 return []string{ 7971 ResourceOwnerSelf, 7972 ResourceOwnerOtherAccounts, 7973 } 7974} 7975 7976const ( 7977 // RevocationReasonUnspecified is a RevocationReason enum value 7978 RevocationReasonUnspecified = "UNSPECIFIED" 7979 7980 // RevocationReasonKeyCompromise is a RevocationReason enum value 7981 RevocationReasonKeyCompromise = "KEY_COMPROMISE" 7982 7983 // RevocationReasonCertificateAuthorityCompromise is a RevocationReason enum value 7984 RevocationReasonCertificateAuthorityCompromise = "CERTIFICATE_AUTHORITY_COMPROMISE" 7985 7986 // RevocationReasonAffiliationChanged is a RevocationReason enum value 7987 RevocationReasonAffiliationChanged = "AFFILIATION_CHANGED" 7988 7989 // RevocationReasonSuperseded is a RevocationReason enum value 7990 RevocationReasonSuperseded = "SUPERSEDED" 7991 7992 // RevocationReasonCessationOfOperation is a RevocationReason enum value 7993 RevocationReasonCessationOfOperation = "CESSATION_OF_OPERATION" 7994 7995 // RevocationReasonPrivilegeWithdrawn is a RevocationReason enum value 7996 RevocationReasonPrivilegeWithdrawn = "PRIVILEGE_WITHDRAWN" 7997 7998 // RevocationReasonAACompromise is a RevocationReason enum value 7999 RevocationReasonAACompromise = "A_A_COMPROMISE" 8000) 8001 8002// RevocationReason_Values returns all elements of the RevocationReason enum 8003func RevocationReason_Values() []string { 8004 return []string{ 8005 RevocationReasonUnspecified, 8006 RevocationReasonKeyCompromise, 8007 RevocationReasonCertificateAuthorityCompromise, 8008 RevocationReasonAffiliationChanged, 8009 RevocationReasonSuperseded, 8010 RevocationReasonCessationOfOperation, 8011 RevocationReasonPrivilegeWithdrawn, 8012 RevocationReasonAACompromise, 8013 } 8014} 8015 8016const ( 8017 // SigningAlgorithmSha256withecdsa is a SigningAlgorithm enum value 8018 SigningAlgorithmSha256withecdsa = "SHA256WITHECDSA" 8019 8020 // SigningAlgorithmSha384withecdsa is a SigningAlgorithm enum value 8021 SigningAlgorithmSha384withecdsa = "SHA384WITHECDSA" 8022 8023 // SigningAlgorithmSha512withecdsa is a SigningAlgorithm enum value 8024 SigningAlgorithmSha512withecdsa = "SHA512WITHECDSA" 8025 8026 // SigningAlgorithmSha256withrsa is a SigningAlgorithm enum value 8027 SigningAlgorithmSha256withrsa = "SHA256WITHRSA" 8028 8029 // SigningAlgorithmSha384withrsa is a SigningAlgorithm enum value 8030 SigningAlgorithmSha384withrsa = "SHA384WITHRSA" 8031 8032 // SigningAlgorithmSha512withrsa is a SigningAlgorithm enum value 8033 SigningAlgorithmSha512withrsa = "SHA512WITHRSA" 8034) 8035 8036// SigningAlgorithm_Values returns all elements of the SigningAlgorithm enum 8037func SigningAlgorithm_Values() []string { 8038 return []string{ 8039 SigningAlgorithmSha256withecdsa, 8040 SigningAlgorithmSha384withecdsa, 8041 SigningAlgorithmSha512withecdsa, 8042 SigningAlgorithmSha256withrsa, 8043 SigningAlgorithmSha384withrsa, 8044 SigningAlgorithmSha512withrsa, 8045 } 8046} 8047 8048const ( 8049 // ValidityPeriodTypeEndDate is a ValidityPeriodType enum value 8050 ValidityPeriodTypeEndDate = "END_DATE" 8051 8052 // ValidityPeriodTypeAbsolute is a ValidityPeriodType enum value 8053 ValidityPeriodTypeAbsolute = "ABSOLUTE" 8054 8055 // ValidityPeriodTypeDays is a ValidityPeriodType enum value 8056 ValidityPeriodTypeDays = "DAYS" 8057 8058 // ValidityPeriodTypeMonths is a ValidityPeriodType enum value 8059 ValidityPeriodTypeMonths = "MONTHS" 8060 8061 // ValidityPeriodTypeYears is a ValidityPeriodType enum value 8062 ValidityPeriodTypeYears = "YEARS" 8063) 8064 8065// ValidityPeriodType_Values returns all elements of the ValidityPeriodType enum 8066func ValidityPeriodType_Values() []string { 8067 return []string{ 8068 ValidityPeriodTypeEndDate, 8069 ValidityPeriodTypeAbsolute, 8070 ValidityPeriodTypeDays, 8071 ValidityPeriodTypeMonths, 8072 ValidityPeriodTypeYears, 8073 } 8074} 8075