1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCreateCertificateAuthority = "CreateCertificateAuthority" 17 18// CreateCertificateAuthorityRequest generates a "aws/request.Request" representing the 19// client's request for the CreateCertificateAuthority operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CreateCertificateAuthority for more information on using the CreateCertificateAuthority 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CreateCertificateAuthorityRequest method. 34// req, resp := client.CreateCertificateAuthorityRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 42func (c *ACMPCA) CreateCertificateAuthorityRequest(input *CreateCertificateAuthorityInput) (req *request.Request, output *CreateCertificateAuthorityOutput) { 43 op := &request.Operation{ 44 Name: opCreateCertificateAuthority, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CreateCertificateAuthorityInput{} 51 } 52 53 output = &CreateCertificateAuthorityOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CreateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 59// 60// Creates a root or subordinate private certificate authority (CA). You must 61// specify the CA configuration, an optional configuration for Online Certificate 62// Status Protocol (OCSP) and/or a certificate revocation list (CRL), the CA 63// type, and an optional idempotency token to avoid accidental creation of multiple 64// CAs. The CA configuration specifies the name of the algorithm and key size 65// to be used to create the CA private key, the type of signing algorithm that 66// the CA uses, and X.500 subject information. The OCSP configuration can optionally 67// specify a custom URL for the OCSP responder. The CRL configuration specifies 68// the CRL expiration period in days (the validity period of the CRL), the Amazon 69// S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket 70// that is included in certificates issued by the CA. If successful, this action 71// returns the Amazon Resource Name (ARN) of the CA. 72// 73// ACM Private CA assets that are stored in Amazon S3 can be protected with 74// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 75// 76// Both PCA and the IAM principal must have permission to write to the S3 bucket 77// that you specify. If the IAM principal making the call does not have permission 78// to write to the bucket, then an exception is thrown. For more information, 79// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 80// 81// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 82// with awserr.Error's Code and Message methods to get detailed information about 83// the error. 84// 85// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 86// API operation CreateCertificateAuthority for usage and error information. 87// 88// Returned Error Types: 89// * InvalidArgsException 90// One or more of the specified arguments was not valid. 91// 92// * InvalidPolicyException 93// The resource policy is invalid or is missing a required statement. For general 94// information about IAM policy and statement structure, see Overview of JSON 95// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 96// 97// * InvalidTagException 98// The tag associated with the CA is not valid. The invalid argument is contained 99// in the message field. 100// 101// * LimitExceededException 102// An ACM Private CA quota has been exceeded. See the exception message returned 103// to determine the quota that was exceeded. 104// 105// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority 106func (c *ACMPCA) CreateCertificateAuthority(input *CreateCertificateAuthorityInput) (*CreateCertificateAuthorityOutput, error) { 107 req, out := c.CreateCertificateAuthorityRequest(input) 108 return out, req.Send() 109} 110 111// CreateCertificateAuthorityWithContext is the same as CreateCertificateAuthority with the addition of 112// the ability to pass a context and additional request options. 113// 114// See CreateCertificateAuthority for details on how to use this API operation. 115// 116// The context must be non-nil and will be used for request cancellation. If 117// the context is nil a panic will occur. In the future the SDK may create 118// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 119// for more information on using Contexts. 120func (c *ACMPCA) CreateCertificateAuthorityWithContext(ctx aws.Context, input *CreateCertificateAuthorityInput, opts ...request.Option) (*CreateCertificateAuthorityOutput, error) { 121 req, out := c.CreateCertificateAuthorityRequest(input) 122 req.SetContext(ctx) 123 req.ApplyOptions(opts...) 124 return out, req.Send() 125} 126 127const opCreateCertificateAuthorityAuditReport = "CreateCertificateAuthorityAuditReport" 128 129// CreateCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 130// client's request for the CreateCertificateAuthorityAuditReport operation. The "output" return 131// value will be populated with the request's response once the request completes 132// successfully. 133// 134// Use "Send" method on the returned Request to send the API call to the service. 135// the "output" return value is not valid until after Send returns without error. 136// 137// See CreateCertificateAuthorityAuditReport for more information on using the CreateCertificateAuthorityAuditReport 138// API call, and error handling. 139// 140// This method is useful when you want to inject custom logic or configuration 141// into the SDK's request lifecycle. Such as custom headers, or retry logic. 142// 143// 144// // Example sending a request using the CreateCertificateAuthorityAuditReportRequest method. 145// req, resp := client.CreateCertificateAuthorityAuditReportRequest(params) 146// 147// err := req.Send() 148// if err == nil { // resp is now filled 149// fmt.Println(resp) 150// } 151// 152// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 153func (c *ACMPCA) CreateCertificateAuthorityAuditReportRequest(input *CreateCertificateAuthorityAuditReportInput) (req *request.Request, output *CreateCertificateAuthorityAuditReportOutput) { 154 op := &request.Operation{ 155 Name: opCreateCertificateAuthorityAuditReport, 156 HTTPMethod: "POST", 157 HTTPPath: "/", 158 } 159 160 if input == nil { 161 input = &CreateCertificateAuthorityAuditReportInput{} 162 } 163 164 output = &CreateCertificateAuthorityAuditReportOutput{} 165 req = c.newRequest(op, input, output) 166 return 167} 168 169// CreateCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 170// 171// Creates an audit report that lists every time that your CA private key is 172// used. The report is saved in the Amazon S3 bucket that you specify on input. 173// The IssueCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 174// and RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 175// actions use the private key. 176// 177// Both PCA and the IAM principal must have permission to write to the S3 bucket 178// that you specify. If the IAM principal making the call does not have permission 179// to write to the bucket, then an exception is thrown. For more information, 180// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 181// 182// ACM Private CA assets that are stored in Amazon S3 can be protected with 183// encryption. For more information, see Encrypting Your Audit Reports (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption). 184// 185// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 186// with awserr.Error's Code and Message methods to get detailed information about 187// the error. 188// 189// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 190// API operation CreateCertificateAuthorityAuditReport for usage and error information. 191// 192// Returned Error Types: 193// * RequestInProgressException 194// Your request is already in progress. 195// 196// * RequestFailedException 197// The request has failed for an unspecified reason. 198// 199// * ResourceNotFoundException 200// A resource such as a private CA, S3 bucket, certificate, audit report, or 201// policy cannot be found. 202// 203// * InvalidArnException 204// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 205// 206// * InvalidArgsException 207// One or more of the specified arguments was not valid. 208// 209// * InvalidStateException 210// The state of the private CA does not allow this action to occur. 211// 212// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport 213func (c *ACMPCA) CreateCertificateAuthorityAuditReport(input *CreateCertificateAuthorityAuditReportInput) (*CreateCertificateAuthorityAuditReportOutput, error) { 214 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 215 return out, req.Send() 216} 217 218// CreateCertificateAuthorityAuditReportWithContext is the same as CreateCertificateAuthorityAuditReport with the addition of 219// the ability to pass a context and additional request options. 220// 221// See CreateCertificateAuthorityAuditReport for details on how to use this API operation. 222// 223// The context must be non-nil and will be used for request cancellation. If 224// the context is nil a panic will occur. In the future the SDK may create 225// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 226// for more information on using Contexts. 227func (c *ACMPCA) CreateCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *CreateCertificateAuthorityAuditReportInput, opts ...request.Option) (*CreateCertificateAuthorityAuditReportOutput, error) { 228 req, out := c.CreateCertificateAuthorityAuditReportRequest(input) 229 req.SetContext(ctx) 230 req.ApplyOptions(opts...) 231 return out, req.Send() 232} 233 234const opCreatePermission = "CreatePermission" 235 236// CreatePermissionRequest generates a "aws/request.Request" representing the 237// client's request for the CreatePermission operation. The "output" return 238// value will be populated with the request's response once the request completes 239// successfully. 240// 241// Use "Send" method on the returned Request to send the API call to the service. 242// the "output" return value is not valid until after Send returns without error. 243// 244// See CreatePermission for more information on using the CreatePermission 245// API call, and error handling. 246// 247// This method is useful when you want to inject custom logic or configuration 248// into the SDK's request lifecycle. Such as custom headers, or retry logic. 249// 250// 251// // Example sending a request using the CreatePermissionRequest method. 252// req, resp := client.CreatePermissionRequest(params) 253// 254// err := req.Send() 255// if err == nil { // resp is now filled 256// fmt.Println(resp) 257// } 258// 259// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 260func (c *ACMPCA) CreatePermissionRequest(input *CreatePermissionInput) (req *request.Request, output *CreatePermissionOutput) { 261 op := &request.Operation{ 262 Name: opCreatePermission, 263 HTTPMethod: "POST", 264 HTTPPath: "/", 265 } 266 267 if input == nil { 268 input = &CreatePermissionInput{} 269 } 270 271 output = &CreatePermissionOutput{} 272 req = c.newRequest(op, input, output) 273 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 274 return 275} 276 277// CreatePermission API operation for AWS Certificate Manager Private Certificate Authority. 278// 279// Grants one or more permissions on a private CA to the AWS Certificate Manager 280// (ACM) service principal (acm.amazonaws.com). These permissions allow ACM 281// to issue and renew ACM certificates that reside in the same AWS account as 282// the CA. 283// 284// You can list current permissions with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 285// action and revoke them with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 286// action. 287// 288// About Permissions 289// 290// * If the private CA and the certificates it issues reside in the same 291// account, you can use CreatePermission to grant permissions for ACM to 292// carry out automatic certificate renewals. 293// 294// * For automatic certificate renewal to succeed, the ACM service principal 295// needs permissions to create, retrieve, and list certificates. 296// 297// * If the private CA and the ACM certificates reside in different accounts, 298// then permissions cannot be used to enable automatic renewals. Instead, 299// the ACM certificate owner must set up a resource-based policy to enable 300// cross-account issuance and renewals. For more information, see Using a 301// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 302// 303// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 304// with awserr.Error's Code and Message methods to get detailed information about 305// the error. 306// 307// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 308// API operation CreatePermission for usage and error information. 309// 310// Returned Error Types: 311// * ResourceNotFoundException 312// A resource such as a private CA, S3 bucket, certificate, audit report, or 313// policy cannot be found. 314// 315// * InvalidArnException 316// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 317// 318// * PermissionAlreadyExistsException 319// The designated permission has already been given to the user. 320// 321// * LimitExceededException 322// An ACM Private CA quota has been exceeded. See the exception message returned 323// to determine the quota that was exceeded. 324// 325// * InvalidStateException 326// The state of the private CA does not allow this action to occur. 327// 328// * RequestFailedException 329// The request has failed for an unspecified reason. 330// 331// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission 332func (c *ACMPCA) CreatePermission(input *CreatePermissionInput) (*CreatePermissionOutput, error) { 333 req, out := c.CreatePermissionRequest(input) 334 return out, req.Send() 335} 336 337// CreatePermissionWithContext is the same as CreatePermission with the addition of 338// the ability to pass a context and additional request options. 339// 340// See CreatePermission for details on how to use this API operation. 341// 342// The context must be non-nil and will be used for request cancellation. If 343// the context is nil a panic will occur. In the future the SDK may create 344// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 345// for more information on using Contexts. 346func (c *ACMPCA) CreatePermissionWithContext(ctx aws.Context, input *CreatePermissionInput, opts ...request.Option) (*CreatePermissionOutput, error) { 347 req, out := c.CreatePermissionRequest(input) 348 req.SetContext(ctx) 349 req.ApplyOptions(opts...) 350 return out, req.Send() 351} 352 353const opDeleteCertificateAuthority = "DeleteCertificateAuthority" 354 355// DeleteCertificateAuthorityRequest generates a "aws/request.Request" representing the 356// client's request for the DeleteCertificateAuthority operation. The "output" return 357// value will be populated with the request's response once the request completes 358// successfully. 359// 360// Use "Send" method on the returned Request to send the API call to the service. 361// the "output" return value is not valid until after Send returns without error. 362// 363// See DeleteCertificateAuthority for more information on using the DeleteCertificateAuthority 364// API call, and error handling. 365// 366// This method is useful when you want to inject custom logic or configuration 367// into the SDK's request lifecycle. Such as custom headers, or retry logic. 368// 369// 370// // Example sending a request using the DeleteCertificateAuthorityRequest method. 371// req, resp := client.DeleteCertificateAuthorityRequest(params) 372// 373// err := req.Send() 374// if err == nil { // resp is now filled 375// fmt.Println(resp) 376// } 377// 378// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 379func (c *ACMPCA) DeleteCertificateAuthorityRequest(input *DeleteCertificateAuthorityInput) (req *request.Request, output *DeleteCertificateAuthorityOutput) { 380 op := &request.Operation{ 381 Name: opDeleteCertificateAuthority, 382 HTTPMethod: "POST", 383 HTTPPath: "/", 384 } 385 386 if input == nil { 387 input = &DeleteCertificateAuthorityInput{} 388 } 389 390 output = &DeleteCertificateAuthorityOutput{} 391 req = c.newRequest(op, input, output) 392 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 393 return 394} 395 396// DeleteCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 397// 398// Deletes a private certificate authority (CA). You must provide the Amazon 399// Resource Name (ARN) of the private CA that you want to delete. You can find 400// the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 401// action. 402// 403// Deleting a CA will invalidate other CAs and certificates below it in your 404// CA hierarchy. 405// 406// Before you can delete a CA that you have created and activated, you must 407// disable it. To do this, call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 408// action and set the CertificateAuthorityStatus parameter to DISABLED. 409// 410// Additionally, you can delete a CA if you are waiting for it to be created 411// (that is, the status of the CA is CREATING). You can also delete it if the 412// CA has been created but you haven't yet imported the signed certificate into 413// ACM Private CA (that is, the status of the CA is PENDING_CERTIFICATE). 414// 415// When you successfully call DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html), 416// the CA's status changes to DELETED. However, the CA won't be permanently 417// deleted until the restoration period has passed. By default, if you do not 418// set the PermanentDeletionTimeInDays parameter, the CA remains restorable 419// for 30 days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority 420// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 421// action returns the time remaining in the restoration window of a private 422// CA in the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority 423// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html) 424// action. 425// 426// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 427// with awserr.Error's Code and Message methods to get detailed information about 428// the error. 429// 430// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 431// API operation DeleteCertificateAuthority for usage and error information. 432// 433// Returned Error Types: 434// * ConcurrentModificationException 435// A previous update to your private CA is still ongoing. 436// 437// * ResourceNotFoundException 438// A resource such as a private CA, S3 bucket, certificate, audit report, or 439// policy cannot be found. 440// 441// * InvalidArnException 442// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 443// 444// * InvalidStateException 445// The state of the private CA does not allow this action to occur. 446// 447// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority 448func (c *ACMPCA) DeleteCertificateAuthority(input *DeleteCertificateAuthorityInput) (*DeleteCertificateAuthorityOutput, error) { 449 req, out := c.DeleteCertificateAuthorityRequest(input) 450 return out, req.Send() 451} 452 453// DeleteCertificateAuthorityWithContext is the same as DeleteCertificateAuthority with the addition of 454// the ability to pass a context and additional request options. 455// 456// See DeleteCertificateAuthority for details on how to use this API operation. 457// 458// The context must be non-nil and will be used for request cancellation. If 459// the context is nil a panic will occur. In the future the SDK may create 460// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 461// for more information on using Contexts. 462func (c *ACMPCA) DeleteCertificateAuthorityWithContext(ctx aws.Context, input *DeleteCertificateAuthorityInput, opts ...request.Option) (*DeleteCertificateAuthorityOutput, error) { 463 req, out := c.DeleteCertificateAuthorityRequest(input) 464 req.SetContext(ctx) 465 req.ApplyOptions(opts...) 466 return out, req.Send() 467} 468 469const opDeletePermission = "DeletePermission" 470 471// DeletePermissionRequest generates a "aws/request.Request" representing the 472// client's request for the DeletePermission operation. The "output" return 473// value will be populated with the request's response once the request completes 474// successfully. 475// 476// Use "Send" method on the returned Request to send the API call to the service. 477// the "output" return value is not valid until after Send returns without error. 478// 479// See DeletePermission for more information on using the DeletePermission 480// API call, and error handling. 481// 482// This method is useful when you want to inject custom logic or configuration 483// into the SDK's request lifecycle. Such as custom headers, or retry logic. 484// 485// 486// // Example sending a request using the DeletePermissionRequest method. 487// req, resp := client.DeletePermissionRequest(params) 488// 489// err := req.Send() 490// if err == nil { // resp is now filled 491// fmt.Println(resp) 492// } 493// 494// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 495func (c *ACMPCA) DeletePermissionRequest(input *DeletePermissionInput) (req *request.Request, output *DeletePermissionOutput) { 496 op := &request.Operation{ 497 Name: opDeletePermission, 498 HTTPMethod: "POST", 499 HTTPPath: "/", 500 } 501 502 if input == nil { 503 input = &DeletePermissionInput{} 504 } 505 506 output = &DeletePermissionOutput{} 507 req = c.newRequest(op, input, output) 508 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 509 return 510} 511 512// DeletePermission API operation for AWS Certificate Manager Private Certificate Authority. 513// 514// Revokes permissions on a private CA granted to the AWS Certificate Manager 515// (ACM) service principal (acm.amazonaws.com). 516// 517// These permissions allow ACM to issue and renew ACM certificates that reside 518// in the same AWS account as the CA. If you revoke these permissions, ACM will 519// no longer renew the affected certificates automatically. 520// 521// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 522// action and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 523// action. 524// 525// About Permissions 526// 527// * If the private CA and the certificates it issues reside in the same 528// account, you can use CreatePermission to grant permissions for ACM to 529// carry out automatic certificate renewals. 530// 531// * For automatic certificate renewal to succeed, the ACM service principal 532// needs permissions to create, retrieve, and list certificates. 533// 534// * If the private CA and the ACM certificates reside in different accounts, 535// then permissions cannot be used to enable automatic renewals. Instead, 536// the ACM certificate owner must set up a resource-based policy to enable 537// cross-account issuance and renewals. For more information, see Using a 538// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 539// 540// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 541// with awserr.Error's Code and Message methods to get detailed information about 542// the error. 543// 544// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 545// API operation DeletePermission for usage and error information. 546// 547// Returned Error Types: 548// * ResourceNotFoundException 549// A resource such as a private CA, S3 bucket, certificate, audit report, or 550// policy cannot be found. 551// 552// * InvalidArnException 553// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 554// 555// * InvalidStateException 556// The state of the private CA does not allow this action to occur. 557// 558// * RequestFailedException 559// The request has failed for an unspecified reason. 560// 561// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission 562func (c *ACMPCA) DeletePermission(input *DeletePermissionInput) (*DeletePermissionOutput, error) { 563 req, out := c.DeletePermissionRequest(input) 564 return out, req.Send() 565} 566 567// DeletePermissionWithContext is the same as DeletePermission with the addition of 568// the ability to pass a context and additional request options. 569// 570// See DeletePermission for details on how to use this API operation. 571// 572// The context must be non-nil and will be used for request cancellation. If 573// the context is nil a panic will occur. In the future the SDK may create 574// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 575// for more information on using Contexts. 576func (c *ACMPCA) DeletePermissionWithContext(ctx aws.Context, input *DeletePermissionInput, opts ...request.Option) (*DeletePermissionOutput, error) { 577 req, out := c.DeletePermissionRequest(input) 578 req.SetContext(ctx) 579 req.ApplyOptions(opts...) 580 return out, req.Send() 581} 582 583const opDeletePolicy = "DeletePolicy" 584 585// DeletePolicyRequest generates a "aws/request.Request" representing the 586// client's request for the DeletePolicy operation. The "output" return 587// value will be populated with the request's response once the request completes 588// successfully. 589// 590// Use "Send" method on the returned Request to send the API call to the service. 591// the "output" return value is not valid until after Send returns without error. 592// 593// See DeletePolicy for more information on using the DeletePolicy 594// API call, and error handling. 595// 596// This method is useful when you want to inject custom logic or configuration 597// into the SDK's request lifecycle. Such as custom headers, or retry logic. 598// 599// 600// // Example sending a request using the DeletePolicyRequest method. 601// req, resp := client.DeletePolicyRequest(params) 602// 603// err := req.Send() 604// if err == nil { // resp is now filled 605// fmt.Println(resp) 606// } 607// 608// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 609func (c *ACMPCA) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 610 op := &request.Operation{ 611 Name: opDeletePolicy, 612 HTTPMethod: "POST", 613 HTTPPath: "/", 614 } 615 616 if input == nil { 617 input = &DeletePolicyInput{} 618 } 619 620 output = &DeletePolicyOutput{} 621 req = c.newRequest(op, input, output) 622 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 623 return 624} 625 626// DeletePolicy API operation for AWS Certificate Manager Private Certificate Authority. 627// 628// Deletes the resource-based policy attached to a private CA. Deletion will 629// remove any access that the policy has granted. If there is no policy attached 630// to the private CA, this action will return successful. 631// 632// If you delete a policy that was applied through AWS Resource Access Manager 633// (RAM), the CA will be removed from all shares in which it was included. 634// 635// The AWS Certificate Manager Service Linked Role that the policy supports 636// is not affected when you delete the policy. 637// 638// The current policy can be shown with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 639// and updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html). 640// 641// About Policies 642// 643// * A policy grants access on a private CA to an AWS customer account, to 644// AWS Organizations, or to an AWS Organizations unit. Policies are under 645// the control of a CA administrator. For more information, see Using a Resource 646// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 647// 648// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 649// certificates signed by a CA in another account. 650// 651// * For ACM to manage automatic renewal of these certificates, the ACM user 652// must configure a Service Linked Role (SLR). The SLR allows the ACM service 653// to assume the identity of the user, subject to confirmation against the 654// ACM Private CA policy. For more information, see Using a Service Linked 655// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 656// 657// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 658// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 659// 660// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 661// with awserr.Error's Code and Message methods to get detailed information about 662// the error. 663// 664// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 665// API operation DeletePolicy for usage and error information. 666// 667// Returned Error Types: 668// * ConcurrentModificationException 669// A previous update to your private CA is still ongoing. 670// 671// * InvalidArnException 672// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 673// 674// * InvalidStateException 675// The state of the private CA does not allow this action to occur. 676// 677// * LockoutPreventedException 678// The current action was prevented because it would lock the caller out from 679// performing subsequent actions. Verify that the specified parameters would 680// not result in the caller being denied access to the resource. 681// 682// * RequestFailedException 683// The request has failed for an unspecified reason. 684// 685// * ResourceNotFoundException 686// A resource such as a private CA, S3 bucket, certificate, audit report, or 687// policy cannot be found. 688// 689// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy 690func (c *ACMPCA) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 691 req, out := c.DeletePolicyRequest(input) 692 return out, req.Send() 693} 694 695// DeletePolicyWithContext is the same as DeletePolicy with the addition of 696// the ability to pass a context and additional request options. 697// 698// See DeletePolicy for details on how to use this API operation. 699// 700// The context must be non-nil and will be used for request cancellation. If 701// the context is nil a panic will occur. In the future the SDK may create 702// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 703// for more information on using Contexts. 704func (c *ACMPCA) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 705 req, out := c.DeletePolicyRequest(input) 706 req.SetContext(ctx) 707 req.ApplyOptions(opts...) 708 return out, req.Send() 709} 710 711const opDescribeCertificateAuthority = "DescribeCertificateAuthority" 712 713// DescribeCertificateAuthorityRequest generates a "aws/request.Request" representing the 714// client's request for the DescribeCertificateAuthority operation. The "output" return 715// value will be populated with the request's response once the request completes 716// successfully. 717// 718// Use "Send" method on the returned Request to send the API call to the service. 719// the "output" return value is not valid until after Send returns without error. 720// 721// See DescribeCertificateAuthority for more information on using the DescribeCertificateAuthority 722// API call, and error handling. 723// 724// This method is useful when you want to inject custom logic or configuration 725// into the SDK's request lifecycle. Such as custom headers, or retry logic. 726// 727// 728// // Example sending a request using the DescribeCertificateAuthorityRequest method. 729// req, resp := client.DescribeCertificateAuthorityRequest(params) 730// 731// err := req.Send() 732// if err == nil { // resp is now filled 733// fmt.Println(resp) 734// } 735// 736// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 737func (c *ACMPCA) DescribeCertificateAuthorityRequest(input *DescribeCertificateAuthorityInput) (req *request.Request, output *DescribeCertificateAuthorityOutput) { 738 op := &request.Operation{ 739 Name: opDescribeCertificateAuthority, 740 HTTPMethod: "POST", 741 HTTPPath: "/", 742 } 743 744 if input == nil { 745 input = &DescribeCertificateAuthorityInput{} 746 } 747 748 output = &DescribeCertificateAuthorityOutput{} 749 req = c.newRequest(op, input, output) 750 return 751} 752 753// DescribeCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 754// 755// Lists information about your private certificate authority (CA) or one that 756// has been shared with you. You specify the private CA on input by its ARN 757// (Amazon Resource Name). The output contains the status of your CA. This can 758// be any of the following: 759// 760// * CREATING - ACM Private CA is creating your private certificate authority. 761// 762// * PENDING_CERTIFICATE - The certificate is pending. You must use your 763// ACM Private CA-hosted or on-premises root or subordinate CA to sign your 764// private CA CSR and then import it into PCA. 765// 766// * ACTIVE - Your private CA is active. 767// 768// * DISABLED - Your private CA has been disabled. 769// 770// * EXPIRED - Your private CA certificate has expired. 771// 772// * FAILED - Your private CA has failed. Your CA can fail because of problems 773// such a network outage or back-end AWS failure or other errors. A failed 774// CA can never return to the pending state. You must create a new CA. 775// 776// * DELETED - Your private CA is within the restoration period, after which 777// it is permanently deleted. The length of time remaining in the CA's restoration 778// period is also included in this action's output. 779// 780// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 781// with awserr.Error's Code and Message methods to get detailed information about 782// the error. 783// 784// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 785// API operation DescribeCertificateAuthority for usage and error information. 786// 787// Returned Error Types: 788// * ResourceNotFoundException 789// A resource such as a private CA, S3 bucket, certificate, audit report, or 790// policy cannot be found. 791// 792// * InvalidArnException 793// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 794// 795// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority 796func (c *ACMPCA) DescribeCertificateAuthority(input *DescribeCertificateAuthorityInput) (*DescribeCertificateAuthorityOutput, error) { 797 req, out := c.DescribeCertificateAuthorityRequest(input) 798 return out, req.Send() 799} 800 801// DescribeCertificateAuthorityWithContext is the same as DescribeCertificateAuthority with the addition of 802// the ability to pass a context and additional request options. 803// 804// See DescribeCertificateAuthority for details on how to use this API operation. 805// 806// The context must be non-nil and will be used for request cancellation. If 807// the context is nil a panic will occur. In the future the SDK may create 808// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 809// for more information on using Contexts. 810func (c *ACMPCA) DescribeCertificateAuthorityWithContext(ctx aws.Context, input *DescribeCertificateAuthorityInput, opts ...request.Option) (*DescribeCertificateAuthorityOutput, error) { 811 req, out := c.DescribeCertificateAuthorityRequest(input) 812 req.SetContext(ctx) 813 req.ApplyOptions(opts...) 814 return out, req.Send() 815} 816 817const opDescribeCertificateAuthorityAuditReport = "DescribeCertificateAuthorityAuditReport" 818 819// DescribeCertificateAuthorityAuditReportRequest generates a "aws/request.Request" representing the 820// client's request for the DescribeCertificateAuthorityAuditReport operation. The "output" return 821// value will be populated with the request's response once the request completes 822// successfully. 823// 824// Use "Send" method on the returned Request to send the API call to the service. 825// the "output" return value is not valid until after Send returns without error. 826// 827// See DescribeCertificateAuthorityAuditReport for more information on using the DescribeCertificateAuthorityAuditReport 828// API call, and error handling. 829// 830// This method is useful when you want to inject custom logic or configuration 831// into the SDK's request lifecycle. Such as custom headers, or retry logic. 832// 833// 834// // Example sending a request using the DescribeCertificateAuthorityAuditReportRequest method. 835// req, resp := client.DescribeCertificateAuthorityAuditReportRequest(params) 836// 837// err := req.Send() 838// if err == nil { // resp is now filled 839// fmt.Println(resp) 840// } 841// 842// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 843func (c *ACMPCA) DescribeCertificateAuthorityAuditReportRequest(input *DescribeCertificateAuthorityAuditReportInput) (req *request.Request, output *DescribeCertificateAuthorityAuditReportOutput) { 844 op := &request.Operation{ 845 Name: opDescribeCertificateAuthorityAuditReport, 846 HTTPMethod: "POST", 847 HTTPPath: "/", 848 } 849 850 if input == nil { 851 input = &DescribeCertificateAuthorityAuditReportInput{} 852 } 853 854 output = &DescribeCertificateAuthorityAuditReportOutput{} 855 req = c.newRequest(op, input, output) 856 return 857} 858 859// DescribeCertificateAuthorityAuditReport API operation for AWS Certificate Manager Private Certificate Authority. 860// 861// Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport 862// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 863// action. Audit information is created every time the certificate authority 864// (CA) private key is used. The private key is used when you call the IssueCertificate 865// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 866// action or the RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 867// action. 868// 869// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 870// with awserr.Error's Code and Message methods to get detailed information about 871// the error. 872// 873// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 874// API operation DescribeCertificateAuthorityAuditReport for usage and error information. 875// 876// Returned Error Types: 877// * ResourceNotFoundException 878// A resource such as a private CA, S3 bucket, certificate, audit report, or 879// policy cannot be found. 880// 881// * InvalidArnException 882// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 883// 884// * InvalidArgsException 885// One or more of the specified arguments was not valid. 886// 887// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport 888func (c *ACMPCA) DescribeCertificateAuthorityAuditReport(input *DescribeCertificateAuthorityAuditReportInput) (*DescribeCertificateAuthorityAuditReportOutput, error) { 889 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 890 return out, req.Send() 891} 892 893// DescribeCertificateAuthorityAuditReportWithContext is the same as DescribeCertificateAuthorityAuditReport with the addition of 894// the ability to pass a context and additional request options. 895// 896// See DescribeCertificateAuthorityAuditReport for details on how to use this API operation. 897// 898// The context must be non-nil and will be used for request cancellation. If 899// the context is nil a panic will occur. In the future the SDK may create 900// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 901// for more information on using Contexts. 902func (c *ACMPCA) DescribeCertificateAuthorityAuditReportWithContext(ctx aws.Context, input *DescribeCertificateAuthorityAuditReportInput, opts ...request.Option) (*DescribeCertificateAuthorityAuditReportOutput, error) { 903 req, out := c.DescribeCertificateAuthorityAuditReportRequest(input) 904 req.SetContext(ctx) 905 req.ApplyOptions(opts...) 906 return out, req.Send() 907} 908 909const opGetCertificate = "GetCertificate" 910 911// GetCertificateRequest generates a "aws/request.Request" representing the 912// client's request for the GetCertificate operation. The "output" return 913// value will be populated with the request's response once the request completes 914// successfully. 915// 916// Use "Send" method on the returned Request to send the API call to the service. 917// the "output" return value is not valid until after Send returns without error. 918// 919// See GetCertificate for more information on using the GetCertificate 920// API call, and error handling. 921// 922// This method is useful when you want to inject custom logic or configuration 923// into the SDK's request lifecycle. Such as custom headers, or retry logic. 924// 925// 926// // Example sending a request using the GetCertificateRequest method. 927// req, resp := client.GetCertificateRequest(params) 928// 929// err := req.Send() 930// if err == nil { // resp is now filled 931// fmt.Println(resp) 932// } 933// 934// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 935func (c *ACMPCA) GetCertificateRequest(input *GetCertificateInput) (req *request.Request, output *GetCertificateOutput) { 936 op := &request.Operation{ 937 Name: opGetCertificate, 938 HTTPMethod: "POST", 939 HTTPPath: "/", 940 } 941 942 if input == nil { 943 input = &GetCertificateInput{} 944 } 945 946 output = &GetCertificateOutput{} 947 req = c.newRequest(op, input, output) 948 return 949} 950 951// GetCertificate API operation for AWS Certificate Manager Private Certificate Authority. 952// 953// Retrieves a certificate from your private CA or one that has been shared 954// with you. The ARN of the certificate is returned when you call the IssueCertificate 955// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) 956// action. You must specify both the ARN of your private CA and the ARN of the 957// issued certificate when calling the GetCertificate action. You can retrieve 958// the certificate if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport 959// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 960// action to create a report that contains information about all of the certificates 961// issued and revoked by your private CA. 962// 963// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 964// with awserr.Error's Code and Message methods to get detailed information about 965// the error. 966// 967// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 968// API operation GetCertificate for usage and error information. 969// 970// Returned Error Types: 971// * RequestInProgressException 972// Your request is already in progress. 973// 974// * RequestFailedException 975// The request has failed for an unspecified reason. 976// 977// * ResourceNotFoundException 978// A resource such as a private CA, S3 bucket, certificate, audit report, or 979// policy cannot be found. 980// 981// * InvalidArnException 982// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 983// 984// * InvalidStateException 985// The state of the private CA does not allow this action to occur. 986// 987// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate 988func (c *ACMPCA) GetCertificate(input *GetCertificateInput) (*GetCertificateOutput, error) { 989 req, out := c.GetCertificateRequest(input) 990 return out, req.Send() 991} 992 993// GetCertificateWithContext is the same as GetCertificate with the addition of 994// the ability to pass a context and additional request options. 995// 996// See GetCertificate for details on how to use this API operation. 997// 998// The context must be non-nil and will be used for request cancellation. If 999// the context is nil a panic will occur. In the future the SDK may create 1000// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1001// for more information on using Contexts. 1002func (c *ACMPCA) GetCertificateWithContext(ctx aws.Context, input *GetCertificateInput, opts ...request.Option) (*GetCertificateOutput, error) { 1003 req, out := c.GetCertificateRequest(input) 1004 req.SetContext(ctx) 1005 req.ApplyOptions(opts...) 1006 return out, req.Send() 1007} 1008 1009const opGetCertificateAuthorityCertificate = "GetCertificateAuthorityCertificate" 1010 1011// GetCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1012// client's request for the GetCertificateAuthorityCertificate operation. The "output" return 1013// value will be populated with the request's response once the request completes 1014// successfully. 1015// 1016// Use "Send" method on the returned Request to send the API call to the service. 1017// the "output" return value is not valid until after Send returns without error. 1018// 1019// See GetCertificateAuthorityCertificate for more information on using the GetCertificateAuthorityCertificate 1020// API call, and error handling. 1021// 1022// This method is useful when you want to inject custom logic or configuration 1023// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1024// 1025// 1026// // Example sending a request using the GetCertificateAuthorityCertificateRequest method. 1027// req, resp := client.GetCertificateAuthorityCertificateRequest(params) 1028// 1029// err := req.Send() 1030// if err == nil { // resp is now filled 1031// fmt.Println(resp) 1032// } 1033// 1034// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1035func (c *ACMPCA) GetCertificateAuthorityCertificateRequest(input *GetCertificateAuthorityCertificateInput) (req *request.Request, output *GetCertificateAuthorityCertificateOutput) { 1036 op := &request.Operation{ 1037 Name: opGetCertificateAuthorityCertificate, 1038 HTTPMethod: "POST", 1039 HTTPPath: "/", 1040 } 1041 1042 if input == nil { 1043 input = &GetCertificateAuthorityCertificateInput{} 1044 } 1045 1046 output = &GetCertificateAuthorityCertificateOutput{} 1047 req = c.newRequest(op, input, output) 1048 return 1049} 1050 1051// GetCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1052// 1053// Retrieves the certificate and certificate chain for your private certificate 1054// authority (CA) or one that has been shared with you. Both the certificate 1055// and the chain are base64 PEM-encoded. The chain does not include the CA certificate. 1056// Each certificate in the chain signs the one before it. 1057// 1058// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1059// with awserr.Error's Code and Message methods to get detailed information about 1060// the error. 1061// 1062// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1063// API operation GetCertificateAuthorityCertificate for usage and error information. 1064// 1065// Returned Error Types: 1066// * ResourceNotFoundException 1067// A resource such as a private CA, S3 bucket, certificate, audit report, or 1068// policy cannot be found. 1069// 1070// * InvalidStateException 1071// The state of the private CA does not allow this action to occur. 1072// 1073// * InvalidArnException 1074// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1075// 1076// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate 1077func (c *ACMPCA) GetCertificateAuthorityCertificate(input *GetCertificateAuthorityCertificateInput) (*GetCertificateAuthorityCertificateOutput, error) { 1078 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1079 return out, req.Send() 1080} 1081 1082// GetCertificateAuthorityCertificateWithContext is the same as GetCertificateAuthorityCertificate with the addition of 1083// the ability to pass a context and additional request options. 1084// 1085// See GetCertificateAuthorityCertificate for details on how to use this API operation. 1086// 1087// The context must be non-nil and will be used for request cancellation. If 1088// the context is nil a panic will occur. In the future the SDK may create 1089// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1090// for more information on using Contexts. 1091func (c *ACMPCA) GetCertificateAuthorityCertificateWithContext(ctx aws.Context, input *GetCertificateAuthorityCertificateInput, opts ...request.Option) (*GetCertificateAuthorityCertificateOutput, error) { 1092 req, out := c.GetCertificateAuthorityCertificateRequest(input) 1093 req.SetContext(ctx) 1094 req.ApplyOptions(opts...) 1095 return out, req.Send() 1096} 1097 1098const opGetCertificateAuthorityCsr = "GetCertificateAuthorityCsr" 1099 1100// GetCertificateAuthorityCsrRequest generates a "aws/request.Request" representing the 1101// client's request for the GetCertificateAuthorityCsr operation. The "output" return 1102// value will be populated with the request's response once the request completes 1103// successfully. 1104// 1105// Use "Send" method on the returned Request to send the API call to the service. 1106// the "output" return value is not valid until after Send returns without error. 1107// 1108// See GetCertificateAuthorityCsr for more information on using the GetCertificateAuthorityCsr 1109// API call, and error handling. 1110// 1111// This method is useful when you want to inject custom logic or configuration 1112// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1113// 1114// 1115// // Example sending a request using the GetCertificateAuthorityCsrRequest method. 1116// req, resp := client.GetCertificateAuthorityCsrRequest(params) 1117// 1118// err := req.Send() 1119// if err == nil { // resp is now filled 1120// fmt.Println(resp) 1121// } 1122// 1123// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1124func (c *ACMPCA) GetCertificateAuthorityCsrRequest(input *GetCertificateAuthorityCsrInput) (req *request.Request, output *GetCertificateAuthorityCsrOutput) { 1125 op := &request.Operation{ 1126 Name: opGetCertificateAuthorityCsr, 1127 HTTPMethod: "POST", 1128 HTTPPath: "/", 1129 } 1130 1131 if input == nil { 1132 input = &GetCertificateAuthorityCsrInput{} 1133 } 1134 1135 output = &GetCertificateAuthorityCsrOutput{} 1136 req = c.newRequest(op, input, output) 1137 return 1138} 1139 1140// GetCertificateAuthorityCsr API operation for AWS Certificate Manager Private Certificate Authority. 1141// 1142// Retrieves the certificate signing request (CSR) for your private certificate 1143// authority (CA). The CSR is created when you call the CreateCertificateAuthority 1144// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1145// action. Sign the CSR with your ACM Private CA-hosted or on-premises root 1146// or subordinate CA. Then import the signed certificate back into ACM Private 1147// CA by calling the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 1148// action. The CSR is returned as a base64 PEM-encoded string. 1149// 1150// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1151// with awserr.Error's Code and Message methods to get detailed information about 1152// the error. 1153// 1154// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1155// API operation GetCertificateAuthorityCsr for usage and error information. 1156// 1157// Returned Error Types: 1158// * RequestInProgressException 1159// Your request is already in progress. 1160// 1161// * RequestFailedException 1162// The request has failed for an unspecified reason. 1163// 1164// * ResourceNotFoundException 1165// A resource such as a private CA, S3 bucket, certificate, audit report, or 1166// policy cannot be found. 1167// 1168// * InvalidArnException 1169// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1170// 1171// * InvalidStateException 1172// The state of the private CA does not allow this action to occur. 1173// 1174// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr 1175func (c *ACMPCA) GetCertificateAuthorityCsr(input *GetCertificateAuthorityCsrInput) (*GetCertificateAuthorityCsrOutput, error) { 1176 req, out := c.GetCertificateAuthorityCsrRequest(input) 1177 return out, req.Send() 1178} 1179 1180// GetCertificateAuthorityCsrWithContext is the same as GetCertificateAuthorityCsr with the addition of 1181// the ability to pass a context and additional request options. 1182// 1183// See GetCertificateAuthorityCsr for details on how to use this API operation. 1184// 1185// The context must be non-nil and will be used for request cancellation. If 1186// the context is nil a panic will occur. In the future the SDK may create 1187// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1188// for more information on using Contexts. 1189func (c *ACMPCA) GetCertificateAuthorityCsrWithContext(ctx aws.Context, input *GetCertificateAuthorityCsrInput, opts ...request.Option) (*GetCertificateAuthorityCsrOutput, error) { 1190 req, out := c.GetCertificateAuthorityCsrRequest(input) 1191 req.SetContext(ctx) 1192 req.ApplyOptions(opts...) 1193 return out, req.Send() 1194} 1195 1196const opGetPolicy = "GetPolicy" 1197 1198// GetPolicyRequest generates a "aws/request.Request" representing the 1199// client's request for the GetPolicy operation. The "output" return 1200// value will be populated with the request's response once the request completes 1201// successfully. 1202// 1203// Use "Send" method on the returned Request to send the API call to the service. 1204// the "output" return value is not valid until after Send returns without error. 1205// 1206// See GetPolicy for more information on using the GetPolicy 1207// API call, and error handling. 1208// 1209// This method is useful when you want to inject custom logic or configuration 1210// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1211// 1212// 1213// // Example sending a request using the GetPolicyRequest method. 1214// req, resp := client.GetPolicyRequest(params) 1215// 1216// err := req.Send() 1217// if err == nil { // resp is now filled 1218// fmt.Println(resp) 1219// } 1220// 1221// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1222func (c *ACMPCA) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) { 1223 op := &request.Operation{ 1224 Name: opGetPolicy, 1225 HTTPMethod: "POST", 1226 HTTPPath: "/", 1227 } 1228 1229 if input == nil { 1230 input = &GetPolicyInput{} 1231 } 1232 1233 output = &GetPolicyOutput{} 1234 req = c.newRequest(op, input, output) 1235 return 1236} 1237 1238// GetPolicy API operation for AWS Certificate Manager Private Certificate Authority. 1239// 1240// Retrieves the resource-based policy attached to a private CA. If either the 1241// private CA resource or the policy cannot be found, this action returns a 1242// ResourceNotFoundException. 1243// 1244// The policy can be attached or updated with PutPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html) 1245// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 1246// 1247// About Policies 1248// 1249// * A policy grants access on a private CA to an AWS customer account, to 1250// AWS Organizations, or to an AWS Organizations unit. Policies are under 1251// the control of a CA administrator. For more information, see Using a Resource 1252// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1253// 1254// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 1255// certificates signed by a CA in another account. 1256// 1257// * For ACM to manage automatic renewal of these certificates, the ACM user 1258// must configure a Service Linked Role (SLR). The SLR allows the ACM service 1259// to assume the identity of the user, subject to confirmation against the 1260// ACM Private CA policy. For more information, see Using a Service Linked 1261// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 1262// 1263// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 1264// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 1265// 1266// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1267// with awserr.Error's Code and Message methods to get detailed information about 1268// the error. 1269// 1270// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1271// API operation GetPolicy for usage and error information. 1272// 1273// Returned Error Types: 1274// * InvalidArnException 1275// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1276// 1277// * InvalidStateException 1278// The state of the private CA does not allow this action to occur. 1279// 1280// * RequestFailedException 1281// The request has failed for an unspecified reason. 1282// 1283// * ResourceNotFoundException 1284// A resource such as a private CA, S3 bucket, certificate, audit report, or 1285// policy cannot be found. 1286// 1287// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy 1288func (c *ACMPCA) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) { 1289 req, out := c.GetPolicyRequest(input) 1290 return out, req.Send() 1291} 1292 1293// GetPolicyWithContext is the same as GetPolicy with the addition of 1294// the ability to pass a context and additional request options. 1295// 1296// See GetPolicy for details on how to use this API operation. 1297// 1298// The context must be non-nil and will be used for request cancellation. If 1299// the context is nil a panic will occur. In the future the SDK may create 1300// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1301// for more information on using Contexts. 1302func (c *ACMPCA) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error) { 1303 req, out := c.GetPolicyRequest(input) 1304 req.SetContext(ctx) 1305 req.ApplyOptions(opts...) 1306 return out, req.Send() 1307} 1308 1309const opImportCertificateAuthorityCertificate = "ImportCertificateAuthorityCertificate" 1310 1311// ImportCertificateAuthorityCertificateRequest generates a "aws/request.Request" representing the 1312// client's request for the ImportCertificateAuthorityCertificate operation. The "output" return 1313// value will be populated with the request's response once the request completes 1314// successfully. 1315// 1316// Use "Send" method on the returned Request to send the API call to the service. 1317// the "output" return value is not valid until after Send returns without error. 1318// 1319// See ImportCertificateAuthorityCertificate for more information on using the ImportCertificateAuthorityCertificate 1320// API call, and error handling. 1321// 1322// This method is useful when you want to inject custom logic or configuration 1323// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1324// 1325// 1326// // Example sending a request using the ImportCertificateAuthorityCertificateRequest method. 1327// req, resp := client.ImportCertificateAuthorityCertificateRequest(params) 1328// 1329// err := req.Send() 1330// if err == nil { // resp is now filled 1331// fmt.Println(resp) 1332// } 1333// 1334// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1335func (c *ACMPCA) ImportCertificateAuthorityCertificateRequest(input *ImportCertificateAuthorityCertificateInput) (req *request.Request, output *ImportCertificateAuthorityCertificateOutput) { 1336 op := &request.Operation{ 1337 Name: opImportCertificateAuthorityCertificate, 1338 HTTPMethod: "POST", 1339 HTTPPath: "/", 1340 } 1341 1342 if input == nil { 1343 input = &ImportCertificateAuthorityCertificateInput{} 1344 } 1345 1346 output = &ImportCertificateAuthorityCertificateOutput{} 1347 req = c.newRequest(op, input, output) 1348 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1349 return 1350} 1351 1352// ImportCertificateAuthorityCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1353// 1354// Imports a signed private CA certificate into ACM Private CA. This action 1355// is used when you are using a chain of trust whose root is located outside 1356// ACM Private CA. Before you can call this action, the following preparations 1357// must in place: 1358// 1359// In ACM Private CA, call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1360// action to create the private CA that you plan to back with the imported certificate. 1361// 1362// Call the GetCertificateAuthorityCsr (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html) 1363// action to generate a certificate signing request (CSR). 1364// 1365// Sign the CSR using a root or intermediate CA hosted by either an on-premises 1366// PKI hierarchy or by a commercial CA. 1367// 1368// Create a certificate chain and copy the signed certificate and the certificate 1369// chain to your working directory. 1370// 1371// ACM Private CA supports three scenarios for installing a CA certificate: 1372// 1373// * Installing a certificate for a root CA hosted by ACM Private CA. 1374// 1375// * Installing a subordinate CA certificate whose parent authority is hosted 1376// by ACM Private CA. 1377// 1378// * Installing a subordinate CA certificate whose parent authority is externally 1379// hosted. 1380// 1381// The following additional requirements apply when you import a CA certificate. 1382// 1383// * Only a self-signed certificate can be imported as a root CA. 1384// 1385// * A self-signed certificate cannot be imported as a subordinate CA. 1386// 1387// * Your certificate chain must not include the private CA certificate that 1388// you are importing. 1389// 1390// * Your root CA must be the last certificate in your chain. The subordinate 1391// certificate, if any, that your root CA signed must be next to last. The 1392// subordinate certificate signed by the preceding subordinate CA must come 1393// next, and so on until your chain is built. 1394// 1395// * The chain must be PEM-encoded. 1396// 1397// * The maximum allowed size of a certificate is 32 KB. 1398// 1399// * The maximum allowed size of a certificate chain is 2 MB. 1400// 1401// Enforcement of Critical Constraints 1402// 1403// ACM Private CA allows the following extensions to be marked critical in the 1404// imported CA certificate or chain. 1405// 1406// * Basic constraints (must be marked critical) 1407// 1408// * Subject alternative names 1409// 1410// * Key usage 1411// 1412// * Extended key usage 1413// 1414// * Authority key identifier 1415// 1416// * Subject key identifier 1417// 1418// * Issuer alternative name 1419// 1420// * Subject directory attributes 1421// 1422// * Subject information access 1423// 1424// * Certificate policies 1425// 1426// * Policy mappings 1427// 1428// * Inhibit anyPolicy 1429// 1430// ACM Private CA rejects the following extensions when they are marked critical 1431// in an imported CA certificate or chain. 1432// 1433// * Name constraints 1434// 1435// * Policy constraints 1436// 1437// * CRL distribution points 1438// 1439// * Authority information access 1440// 1441// * Freshest CRL 1442// 1443// * Any other extension 1444// 1445// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1446// with awserr.Error's Code and Message methods to get detailed information about 1447// the error. 1448// 1449// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1450// API operation ImportCertificateAuthorityCertificate for usage and error information. 1451// 1452// Returned Error Types: 1453// * ConcurrentModificationException 1454// A previous update to your private CA is still ongoing. 1455// 1456// * RequestInProgressException 1457// Your request is already in progress. 1458// 1459// * RequestFailedException 1460// The request has failed for an unspecified reason. 1461// 1462// * ResourceNotFoundException 1463// A resource such as a private CA, S3 bucket, certificate, audit report, or 1464// policy cannot be found. 1465// 1466// * InvalidArnException 1467// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1468// 1469// * InvalidRequestException 1470// The request action cannot be performed or is prohibited. 1471// 1472// * InvalidStateException 1473// The state of the private CA does not allow this action to occur. 1474// 1475// * MalformedCertificateException 1476// One or more fields in the certificate are invalid. 1477// 1478// * CertificateMismatchException 1479// The certificate authority certificate you are importing does not comply with 1480// conditions specified in the certificate that signed it. 1481// 1482// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate 1483func (c *ACMPCA) ImportCertificateAuthorityCertificate(input *ImportCertificateAuthorityCertificateInput) (*ImportCertificateAuthorityCertificateOutput, error) { 1484 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1485 return out, req.Send() 1486} 1487 1488// ImportCertificateAuthorityCertificateWithContext is the same as ImportCertificateAuthorityCertificate with the addition of 1489// the ability to pass a context and additional request options. 1490// 1491// See ImportCertificateAuthorityCertificate for details on how to use this API operation. 1492// 1493// The context must be non-nil and will be used for request cancellation. If 1494// the context is nil a panic will occur. In the future the SDK may create 1495// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1496// for more information on using Contexts. 1497func (c *ACMPCA) ImportCertificateAuthorityCertificateWithContext(ctx aws.Context, input *ImportCertificateAuthorityCertificateInput, opts ...request.Option) (*ImportCertificateAuthorityCertificateOutput, error) { 1498 req, out := c.ImportCertificateAuthorityCertificateRequest(input) 1499 req.SetContext(ctx) 1500 req.ApplyOptions(opts...) 1501 return out, req.Send() 1502} 1503 1504const opIssueCertificate = "IssueCertificate" 1505 1506// IssueCertificateRequest generates a "aws/request.Request" representing the 1507// client's request for the IssueCertificate operation. The "output" return 1508// value will be populated with the request's response once the request completes 1509// successfully. 1510// 1511// Use "Send" method on the returned Request to send the API call to the service. 1512// the "output" return value is not valid until after Send returns without error. 1513// 1514// See IssueCertificate for more information on using the IssueCertificate 1515// API call, and error handling. 1516// 1517// This method is useful when you want to inject custom logic or configuration 1518// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1519// 1520// 1521// // Example sending a request using the IssueCertificateRequest method. 1522// req, resp := client.IssueCertificateRequest(params) 1523// 1524// err := req.Send() 1525// if err == nil { // resp is now filled 1526// fmt.Println(resp) 1527// } 1528// 1529// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1530func (c *ACMPCA) IssueCertificateRequest(input *IssueCertificateInput) (req *request.Request, output *IssueCertificateOutput) { 1531 op := &request.Operation{ 1532 Name: opIssueCertificate, 1533 HTTPMethod: "POST", 1534 HTTPPath: "/", 1535 } 1536 1537 if input == nil { 1538 input = &IssueCertificateInput{} 1539 } 1540 1541 output = &IssueCertificateOutput{} 1542 req = c.newRequest(op, input, output) 1543 return 1544} 1545 1546// IssueCertificate API operation for AWS Certificate Manager Private Certificate Authority. 1547// 1548// Uses your private certificate authority (CA), or one that has been shared 1549// with you, to issue a client certificate. This action returns the Amazon Resource 1550// Name (ARN) of the certificate. You can retrieve the certificate by calling 1551// the GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 1552// action and specifying the ARN. 1553// 1554// You cannot use the ACM ListCertificateAuthorities action to retrieve the 1555// ARNs of the certificates that you issue by using ACM Private CA. 1556// 1557// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1558// with awserr.Error's Code and Message methods to get detailed information about 1559// the error. 1560// 1561// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1562// API operation IssueCertificate for usage and error information. 1563// 1564// Returned Error Types: 1565// * LimitExceededException 1566// An ACM Private CA quota has been exceeded. See the exception message returned 1567// to determine the quota that was exceeded. 1568// 1569// * ResourceNotFoundException 1570// A resource such as a private CA, S3 bucket, certificate, audit report, or 1571// policy cannot be found. 1572// 1573// * InvalidStateException 1574// The state of the private CA does not allow this action to occur. 1575// 1576// * InvalidArnException 1577// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1578// 1579// * InvalidArgsException 1580// One or more of the specified arguments was not valid. 1581// 1582// * MalformedCSRException 1583// The certificate signing request is invalid. 1584// 1585// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate 1586func (c *ACMPCA) IssueCertificate(input *IssueCertificateInput) (*IssueCertificateOutput, error) { 1587 req, out := c.IssueCertificateRequest(input) 1588 return out, req.Send() 1589} 1590 1591// IssueCertificateWithContext is the same as IssueCertificate with the addition of 1592// the ability to pass a context and additional request options. 1593// 1594// See IssueCertificate for details on how to use this API operation. 1595// 1596// The context must be non-nil and will be used for request cancellation. If 1597// the context is nil a panic will occur. In the future the SDK may create 1598// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1599// for more information on using Contexts. 1600func (c *ACMPCA) IssueCertificateWithContext(ctx aws.Context, input *IssueCertificateInput, opts ...request.Option) (*IssueCertificateOutput, error) { 1601 req, out := c.IssueCertificateRequest(input) 1602 req.SetContext(ctx) 1603 req.ApplyOptions(opts...) 1604 return out, req.Send() 1605} 1606 1607const opListCertificateAuthorities = "ListCertificateAuthorities" 1608 1609// ListCertificateAuthoritiesRequest generates a "aws/request.Request" representing the 1610// client's request for the ListCertificateAuthorities operation. The "output" return 1611// value will be populated with the request's response once the request completes 1612// successfully. 1613// 1614// Use "Send" method on the returned Request to send the API call to the service. 1615// the "output" return value is not valid until after Send returns without error. 1616// 1617// See ListCertificateAuthorities for more information on using the ListCertificateAuthorities 1618// API call, and error handling. 1619// 1620// This method is useful when you want to inject custom logic or configuration 1621// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1622// 1623// 1624// // Example sending a request using the ListCertificateAuthoritiesRequest method. 1625// req, resp := client.ListCertificateAuthoritiesRequest(params) 1626// 1627// err := req.Send() 1628// if err == nil { // resp is now filled 1629// fmt.Println(resp) 1630// } 1631// 1632// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1633func (c *ACMPCA) ListCertificateAuthoritiesRequest(input *ListCertificateAuthoritiesInput) (req *request.Request, output *ListCertificateAuthoritiesOutput) { 1634 op := &request.Operation{ 1635 Name: opListCertificateAuthorities, 1636 HTTPMethod: "POST", 1637 HTTPPath: "/", 1638 Paginator: &request.Paginator{ 1639 InputTokens: []string{"NextToken"}, 1640 OutputTokens: []string{"NextToken"}, 1641 LimitToken: "MaxResults", 1642 TruncationToken: "", 1643 }, 1644 } 1645 1646 if input == nil { 1647 input = &ListCertificateAuthoritiesInput{} 1648 } 1649 1650 output = &ListCertificateAuthoritiesOutput{} 1651 req = c.newRequest(op, input, output) 1652 return 1653} 1654 1655// ListCertificateAuthorities API operation for AWS Certificate Manager Private Certificate Authority. 1656// 1657// Lists the private certificate authorities that you created by using the CreateCertificateAuthority 1658// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 1659// action. 1660// 1661// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1662// with awserr.Error's Code and Message methods to get detailed information about 1663// the error. 1664// 1665// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1666// API operation ListCertificateAuthorities for usage and error information. 1667// 1668// Returned Error Types: 1669// * InvalidNextTokenException 1670// The token specified in the NextToken argument is not valid. Use the token 1671// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1672// 1673// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities 1674func (c *ACMPCA) ListCertificateAuthorities(input *ListCertificateAuthoritiesInput) (*ListCertificateAuthoritiesOutput, error) { 1675 req, out := c.ListCertificateAuthoritiesRequest(input) 1676 return out, req.Send() 1677} 1678 1679// ListCertificateAuthoritiesWithContext is the same as ListCertificateAuthorities with the addition of 1680// the ability to pass a context and additional request options. 1681// 1682// See ListCertificateAuthorities for details on how to use this API operation. 1683// 1684// The context must be non-nil and will be used for request cancellation. If 1685// the context is nil a panic will occur. In the future the SDK may create 1686// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1687// for more information on using Contexts. 1688func (c *ACMPCA) ListCertificateAuthoritiesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, opts ...request.Option) (*ListCertificateAuthoritiesOutput, error) { 1689 req, out := c.ListCertificateAuthoritiesRequest(input) 1690 req.SetContext(ctx) 1691 req.ApplyOptions(opts...) 1692 return out, req.Send() 1693} 1694 1695// ListCertificateAuthoritiesPages iterates over the pages of a ListCertificateAuthorities operation, 1696// calling the "fn" function with the response data for each page. To stop 1697// iterating, return false from the fn function. 1698// 1699// See ListCertificateAuthorities method for more information on how to use this operation. 1700// 1701// Note: This operation can generate multiple requests to a service. 1702// 1703// // Example iterating over at most 3 pages of a ListCertificateAuthorities operation. 1704// pageNum := 0 1705// err := client.ListCertificateAuthoritiesPages(params, 1706// func(page *acmpca.ListCertificateAuthoritiesOutput, lastPage bool) bool { 1707// pageNum++ 1708// fmt.Println(page) 1709// return pageNum <= 3 1710// }) 1711// 1712func (c *ACMPCA) ListCertificateAuthoritiesPages(input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool) error { 1713 return c.ListCertificateAuthoritiesPagesWithContext(aws.BackgroundContext(), input, fn) 1714} 1715 1716// ListCertificateAuthoritiesPagesWithContext same as ListCertificateAuthoritiesPages except 1717// it takes a Context and allows setting request options on the pages. 1718// 1719// The context must be non-nil and will be used for request cancellation. If 1720// the context is nil a panic will occur. In the future the SDK may create 1721// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1722// for more information on using Contexts. 1723func (c *ACMPCA) ListCertificateAuthoritiesPagesWithContext(ctx aws.Context, input *ListCertificateAuthoritiesInput, fn func(*ListCertificateAuthoritiesOutput, bool) bool, opts ...request.Option) error { 1724 p := request.Pagination{ 1725 NewRequest: func() (*request.Request, error) { 1726 var inCpy *ListCertificateAuthoritiesInput 1727 if input != nil { 1728 tmp := *input 1729 inCpy = &tmp 1730 } 1731 req, _ := c.ListCertificateAuthoritiesRequest(inCpy) 1732 req.SetContext(ctx) 1733 req.ApplyOptions(opts...) 1734 return req, nil 1735 }, 1736 } 1737 1738 for p.Next() { 1739 if !fn(p.Page().(*ListCertificateAuthoritiesOutput), !p.HasNextPage()) { 1740 break 1741 } 1742 } 1743 1744 return p.Err() 1745} 1746 1747const opListPermissions = "ListPermissions" 1748 1749// ListPermissionsRequest generates a "aws/request.Request" representing the 1750// client's request for the ListPermissions operation. The "output" return 1751// value will be populated with the request's response once the request completes 1752// successfully. 1753// 1754// Use "Send" method on the returned Request to send the API call to the service. 1755// the "output" return value is not valid until after Send returns without error. 1756// 1757// See ListPermissions for more information on using the ListPermissions 1758// API call, and error handling. 1759// 1760// This method is useful when you want to inject custom logic or configuration 1761// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1762// 1763// 1764// // Example sending a request using the ListPermissionsRequest method. 1765// req, resp := client.ListPermissionsRequest(params) 1766// 1767// err := req.Send() 1768// if err == nil { // resp is now filled 1769// fmt.Println(resp) 1770// } 1771// 1772// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1773func (c *ACMPCA) ListPermissionsRequest(input *ListPermissionsInput) (req *request.Request, output *ListPermissionsOutput) { 1774 op := &request.Operation{ 1775 Name: opListPermissions, 1776 HTTPMethod: "POST", 1777 HTTPPath: "/", 1778 Paginator: &request.Paginator{ 1779 InputTokens: []string{"NextToken"}, 1780 OutputTokens: []string{"NextToken"}, 1781 LimitToken: "MaxResults", 1782 TruncationToken: "", 1783 }, 1784 } 1785 1786 if input == nil { 1787 input = &ListPermissionsInput{} 1788 } 1789 1790 output = &ListPermissionsOutput{} 1791 req = c.newRequest(op, input, output) 1792 return 1793} 1794 1795// ListPermissions API operation for AWS Certificate Manager Private Certificate Authority. 1796// 1797// List all permissions on a private CA, if any, granted to the AWS Certificate 1798// Manager (ACM) service principal (acm.amazonaws.com). 1799// 1800// These permissions allow ACM to issue and renew ACM certificates that reside 1801// in the same AWS account as the CA. 1802// 1803// Permissions can be granted with the CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 1804// action and revoked with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 1805// action. 1806// 1807// About Permissions 1808// 1809// * If the private CA and the certificates it issues reside in the same 1810// account, you can use CreatePermission to grant permissions for ACM to 1811// carry out automatic certificate renewals. 1812// 1813// * For automatic certificate renewal to succeed, the ACM service principal 1814// needs permissions to create, retrieve, and list certificates. 1815// 1816// * If the private CA and the ACM certificates reside in different accounts, 1817// then permissions cannot be used to enable automatic renewals. Instead, 1818// the ACM certificate owner must set up a resource-based policy to enable 1819// cross-account issuance and renewals. For more information, see Using a 1820// Resource Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 1821// 1822// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1823// with awserr.Error's Code and Message methods to get detailed information about 1824// the error. 1825// 1826// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1827// API operation ListPermissions for usage and error information. 1828// 1829// Returned Error Types: 1830// * ResourceNotFoundException 1831// A resource such as a private CA, S3 bucket, certificate, audit report, or 1832// policy cannot be found. 1833// 1834// * InvalidArnException 1835// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1836// 1837// * InvalidNextTokenException 1838// The token specified in the NextToken argument is not valid. Use the token 1839// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 1840// 1841// * InvalidStateException 1842// The state of the private CA does not allow this action to occur. 1843// 1844// * RequestFailedException 1845// The request has failed for an unspecified reason. 1846// 1847// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions 1848func (c *ACMPCA) ListPermissions(input *ListPermissionsInput) (*ListPermissionsOutput, error) { 1849 req, out := c.ListPermissionsRequest(input) 1850 return out, req.Send() 1851} 1852 1853// ListPermissionsWithContext is the same as ListPermissions with the addition of 1854// the ability to pass a context and additional request options. 1855// 1856// See ListPermissions for details on how to use this API operation. 1857// 1858// The context must be non-nil and will be used for request cancellation. If 1859// the context is nil a panic will occur. In the future the SDK may create 1860// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1861// for more information on using Contexts. 1862func (c *ACMPCA) ListPermissionsWithContext(ctx aws.Context, input *ListPermissionsInput, opts ...request.Option) (*ListPermissionsOutput, error) { 1863 req, out := c.ListPermissionsRequest(input) 1864 req.SetContext(ctx) 1865 req.ApplyOptions(opts...) 1866 return out, req.Send() 1867} 1868 1869// ListPermissionsPages iterates over the pages of a ListPermissions operation, 1870// calling the "fn" function with the response data for each page. To stop 1871// iterating, return false from the fn function. 1872// 1873// See ListPermissions method for more information on how to use this operation. 1874// 1875// Note: This operation can generate multiple requests to a service. 1876// 1877// // Example iterating over at most 3 pages of a ListPermissions operation. 1878// pageNum := 0 1879// err := client.ListPermissionsPages(params, 1880// func(page *acmpca.ListPermissionsOutput, lastPage bool) bool { 1881// pageNum++ 1882// fmt.Println(page) 1883// return pageNum <= 3 1884// }) 1885// 1886func (c *ACMPCA) ListPermissionsPages(input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool) error { 1887 return c.ListPermissionsPagesWithContext(aws.BackgroundContext(), input, fn) 1888} 1889 1890// ListPermissionsPagesWithContext same as ListPermissionsPages except 1891// it takes a Context and allows setting request options on the pages. 1892// 1893// The context must be non-nil and will be used for request cancellation. If 1894// the context is nil a panic will occur. In the future the SDK may create 1895// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1896// for more information on using Contexts. 1897func (c *ACMPCA) ListPermissionsPagesWithContext(ctx aws.Context, input *ListPermissionsInput, fn func(*ListPermissionsOutput, bool) bool, opts ...request.Option) error { 1898 p := request.Pagination{ 1899 NewRequest: func() (*request.Request, error) { 1900 var inCpy *ListPermissionsInput 1901 if input != nil { 1902 tmp := *input 1903 inCpy = &tmp 1904 } 1905 req, _ := c.ListPermissionsRequest(inCpy) 1906 req.SetContext(ctx) 1907 req.ApplyOptions(opts...) 1908 return req, nil 1909 }, 1910 } 1911 1912 for p.Next() { 1913 if !fn(p.Page().(*ListPermissionsOutput), !p.HasNextPage()) { 1914 break 1915 } 1916 } 1917 1918 return p.Err() 1919} 1920 1921const opListTags = "ListTags" 1922 1923// ListTagsRequest generates a "aws/request.Request" representing the 1924// client's request for the ListTags operation. The "output" return 1925// value will be populated with the request's response once the request completes 1926// successfully. 1927// 1928// Use "Send" method on the returned Request to send the API call to the service. 1929// the "output" return value is not valid until after Send returns without error. 1930// 1931// See ListTags for more information on using the ListTags 1932// API call, and error handling. 1933// 1934// This method is useful when you want to inject custom logic or configuration 1935// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1936// 1937// 1938// // Example sending a request using the ListTagsRequest method. 1939// req, resp := client.ListTagsRequest(params) 1940// 1941// err := req.Send() 1942// if err == nil { // resp is now filled 1943// fmt.Println(resp) 1944// } 1945// 1946// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1947func (c *ACMPCA) ListTagsRequest(input *ListTagsInput) (req *request.Request, output *ListTagsOutput) { 1948 op := &request.Operation{ 1949 Name: opListTags, 1950 HTTPMethod: "POST", 1951 HTTPPath: "/", 1952 Paginator: &request.Paginator{ 1953 InputTokens: []string{"NextToken"}, 1954 OutputTokens: []string{"NextToken"}, 1955 LimitToken: "MaxResults", 1956 TruncationToken: "", 1957 }, 1958 } 1959 1960 if input == nil { 1961 input = &ListTagsInput{} 1962 } 1963 1964 output = &ListTagsOutput{} 1965 req = c.newRequest(op, input, output) 1966 return 1967} 1968 1969// ListTags API operation for AWS Certificate Manager Private Certificate Authority. 1970// 1971// Lists the tags, if any, that are associated with your private CA or one that 1972// has been shared with you. Tags are labels that you can use to identify and 1973// organize your CAs. Each tag consists of a key and an optional value. Call 1974// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 1975// action to add one or more tags to your CA. Call the UntagCertificateAuthority 1976// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 1977// action to remove tags. 1978// 1979// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1980// with awserr.Error's Code and Message methods to get detailed information about 1981// the error. 1982// 1983// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 1984// API operation ListTags for usage and error information. 1985// 1986// Returned Error Types: 1987// * ResourceNotFoundException 1988// A resource such as a private CA, S3 bucket, certificate, audit report, or 1989// policy cannot be found. 1990// 1991// * InvalidArnException 1992// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 1993// 1994// * InvalidStateException 1995// The state of the private CA does not allow this action to occur. 1996// 1997// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags 1998func (c *ACMPCA) ListTags(input *ListTagsInput) (*ListTagsOutput, error) { 1999 req, out := c.ListTagsRequest(input) 2000 return out, req.Send() 2001} 2002 2003// ListTagsWithContext is the same as ListTags with the addition of 2004// the ability to pass a context and additional request options. 2005// 2006// See ListTags for details on how to use this API operation. 2007// 2008// The context must be non-nil and will be used for request cancellation. If 2009// the context is nil a panic will occur. In the future the SDK may create 2010// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2011// for more information on using Contexts. 2012func (c *ACMPCA) ListTagsWithContext(ctx aws.Context, input *ListTagsInput, opts ...request.Option) (*ListTagsOutput, error) { 2013 req, out := c.ListTagsRequest(input) 2014 req.SetContext(ctx) 2015 req.ApplyOptions(opts...) 2016 return out, req.Send() 2017} 2018 2019// ListTagsPages iterates over the pages of a ListTags operation, 2020// calling the "fn" function with the response data for each page. To stop 2021// iterating, return false from the fn function. 2022// 2023// See ListTags method for more information on how to use this operation. 2024// 2025// Note: This operation can generate multiple requests to a service. 2026// 2027// // Example iterating over at most 3 pages of a ListTags operation. 2028// pageNum := 0 2029// err := client.ListTagsPages(params, 2030// func(page *acmpca.ListTagsOutput, lastPage bool) bool { 2031// pageNum++ 2032// fmt.Println(page) 2033// return pageNum <= 3 2034// }) 2035// 2036func (c *ACMPCA) ListTagsPages(input *ListTagsInput, fn func(*ListTagsOutput, bool) bool) error { 2037 return c.ListTagsPagesWithContext(aws.BackgroundContext(), input, fn) 2038} 2039 2040// ListTagsPagesWithContext same as ListTagsPages except 2041// it takes a Context and allows setting request options on the pages. 2042// 2043// The context must be non-nil and will be used for request cancellation. If 2044// the context is nil a panic will occur. In the future the SDK may create 2045// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2046// for more information on using Contexts. 2047func (c *ACMPCA) ListTagsPagesWithContext(ctx aws.Context, input *ListTagsInput, fn func(*ListTagsOutput, bool) bool, opts ...request.Option) error { 2048 p := request.Pagination{ 2049 NewRequest: func() (*request.Request, error) { 2050 var inCpy *ListTagsInput 2051 if input != nil { 2052 tmp := *input 2053 inCpy = &tmp 2054 } 2055 req, _ := c.ListTagsRequest(inCpy) 2056 req.SetContext(ctx) 2057 req.ApplyOptions(opts...) 2058 return req, nil 2059 }, 2060 } 2061 2062 for p.Next() { 2063 if !fn(p.Page().(*ListTagsOutput), !p.HasNextPage()) { 2064 break 2065 } 2066 } 2067 2068 return p.Err() 2069} 2070 2071const opPutPolicy = "PutPolicy" 2072 2073// PutPolicyRequest generates a "aws/request.Request" representing the 2074// client's request for the PutPolicy operation. The "output" return 2075// value will be populated with the request's response once the request completes 2076// successfully. 2077// 2078// Use "Send" method on the returned Request to send the API call to the service. 2079// the "output" return value is not valid until after Send returns without error. 2080// 2081// See PutPolicy for more information on using the PutPolicy 2082// API call, and error handling. 2083// 2084// This method is useful when you want to inject custom logic or configuration 2085// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2086// 2087// 2088// // Example sending a request using the PutPolicyRequest method. 2089// req, resp := client.PutPolicyRequest(params) 2090// 2091// err := req.Send() 2092// if err == nil { // resp is now filled 2093// fmt.Println(resp) 2094// } 2095// 2096// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2097func (c *ACMPCA) PutPolicyRequest(input *PutPolicyInput) (req *request.Request, output *PutPolicyOutput) { 2098 op := &request.Operation{ 2099 Name: opPutPolicy, 2100 HTTPMethod: "POST", 2101 HTTPPath: "/", 2102 } 2103 2104 if input == nil { 2105 input = &PutPolicyInput{} 2106 } 2107 2108 output = &PutPolicyOutput{} 2109 req = c.newRequest(op, input, output) 2110 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2111 return 2112} 2113 2114// PutPolicy API operation for AWS Certificate Manager Private Certificate Authority. 2115// 2116// Attaches a resource-based policy to a private CA. 2117// 2118// A policy can also be applied by sharing a private CA through AWS Resource 2119// Access Manager (RAM). For more information, see Attach a Policy for Cross-Account 2120// Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2121// 2122// The policy can be displayed with GetPolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) 2123// and removed with DeletePolicy (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 2124// 2125// About Policies 2126// 2127// * A policy grants access on a private CA to an AWS customer account, to 2128// AWS Organizations, or to an AWS Organizations unit. Policies are under 2129// the control of a CA administrator. For more information, see Using a Resource 2130// Based Policy with ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 2131// 2132// * A policy permits a user of AWS Certificate Manager (ACM) to issue ACM 2133// certificates signed by a CA in another account. 2134// 2135// * For ACM to manage automatic renewal of these certificates, the ACM user 2136// must configure a Service Linked Role (SLR). The SLR allows the ACM service 2137// to assume the identity of the user, subject to confirmation against the 2138// ACM Private CA policy. For more information, see Using a Service Linked 2139// Role with ACM (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 2140// 2141// * Updates made in AWS Resource Manager (RAM) are reflected in policies. 2142// For more information, see Attach a Policy for Cross-Account Access (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 2143// 2144// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2145// with awserr.Error's Code and Message methods to get detailed information about 2146// the error. 2147// 2148// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2149// API operation PutPolicy for usage and error information. 2150// 2151// Returned Error Types: 2152// * ConcurrentModificationException 2153// A previous update to your private CA is still ongoing. 2154// 2155// * InvalidArnException 2156// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2157// 2158// * InvalidStateException 2159// The state of the private CA does not allow this action to occur. 2160// 2161// * InvalidPolicyException 2162// The resource policy is invalid or is missing a required statement. For general 2163// information about IAM policy and statement structure, see Overview of JSON 2164// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2165// 2166// * LockoutPreventedException 2167// The current action was prevented because it would lock the caller out from 2168// performing subsequent actions. Verify that the specified parameters would 2169// not result in the caller being denied access to the resource. 2170// 2171// * RequestFailedException 2172// The request has failed for an unspecified reason. 2173// 2174// * ResourceNotFoundException 2175// A resource such as a private CA, S3 bucket, certificate, audit report, or 2176// policy cannot be found. 2177// 2178// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy 2179func (c *ACMPCA) PutPolicy(input *PutPolicyInput) (*PutPolicyOutput, error) { 2180 req, out := c.PutPolicyRequest(input) 2181 return out, req.Send() 2182} 2183 2184// PutPolicyWithContext is the same as PutPolicy with the addition of 2185// the ability to pass a context and additional request options. 2186// 2187// See PutPolicy for details on how to use this API operation. 2188// 2189// The context must be non-nil and will be used for request cancellation. If 2190// the context is nil a panic will occur. In the future the SDK may create 2191// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2192// for more information on using Contexts. 2193func (c *ACMPCA) PutPolicyWithContext(ctx aws.Context, input *PutPolicyInput, opts ...request.Option) (*PutPolicyOutput, error) { 2194 req, out := c.PutPolicyRequest(input) 2195 req.SetContext(ctx) 2196 req.ApplyOptions(opts...) 2197 return out, req.Send() 2198} 2199 2200const opRestoreCertificateAuthority = "RestoreCertificateAuthority" 2201 2202// RestoreCertificateAuthorityRequest generates a "aws/request.Request" representing the 2203// client's request for the RestoreCertificateAuthority operation. The "output" return 2204// value will be populated with the request's response once the request completes 2205// successfully. 2206// 2207// Use "Send" method on the returned Request to send the API call to the service. 2208// the "output" return value is not valid until after Send returns without error. 2209// 2210// See RestoreCertificateAuthority for more information on using the RestoreCertificateAuthority 2211// API call, and error handling. 2212// 2213// This method is useful when you want to inject custom logic or configuration 2214// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2215// 2216// 2217// // Example sending a request using the RestoreCertificateAuthorityRequest method. 2218// req, resp := client.RestoreCertificateAuthorityRequest(params) 2219// 2220// err := req.Send() 2221// if err == nil { // resp is now filled 2222// fmt.Println(resp) 2223// } 2224// 2225// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2226func (c *ACMPCA) RestoreCertificateAuthorityRequest(input *RestoreCertificateAuthorityInput) (req *request.Request, output *RestoreCertificateAuthorityOutput) { 2227 op := &request.Operation{ 2228 Name: opRestoreCertificateAuthority, 2229 HTTPMethod: "POST", 2230 HTTPPath: "/", 2231 } 2232 2233 if input == nil { 2234 input = &RestoreCertificateAuthorityInput{} 2235 } 2236 2237 output = &RestoreCertificateAuthorityOutput{} 2238 req = c.newRequest(op, input, output) 2239 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2240 return 2241} 2242 2243// RestoreCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2244// 2245// Restores a certificate authority (CA) that is in the DELETED state. You can 2246// restore a CA during the period that you defined in the PermanentDeletionTimeInDays 2247// parameter of the DeleteCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html) 2248// action. Currently, you can specify 7 to 30 days. If you did not specify a 2249// PermanentDeletionTimeInDays value, by default you can restore the CA at any 2250// time in a 30 day period. You can check the time remaining in the restoration 2251// period of a private CA in the DELETED state by calling the DescribeCertificateAuthority 2252// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html) 2253// or ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 2254// actions. The status of a restored CA is set to its pre-deletion status when 2255// the RestoreCertificateAuthority action returns. To change its status to ACTIVE, 2256// call the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 2257// action. If the private CA was in the PENDING_CERTIFICATE state at deletion, 2258// you must use the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 2259// action to import a certificate authority into the private CA before it can 2260// be activated. You cannot restore a CA after the restoration period has ended. 2261// 2262// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2263// with awserr.Error's Code and Message methods to get detailed information about 2264// the error. 2265// 2266// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2267// API operation RestoreCertificateAuthority for usage and error information. 2268// 2269// Returned Error Types: 2270// * ResourceNotFoundException 2271// A resource such as a private CA, S3 bucket, certificate, audit report, or 2272// policy cannot be found. 2273// 2274// * InvalidStateException 2275// The state of the private CA does not allow this action to occur. 2276// 2277// * InvalidArnException 2278// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2279// 2280// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority 2281func (c *ACMPCA) RestoreCertificateAuthority(input *RestoreCertificateAuthorityInput) (*RestoreCertificateAuthorityOutput, error) { 2282 req, out := c.RestoreCertificateAuthorityRequest(input) 2283 return out, req.Send() 2284} 2285 2286// RestoreCertificateAuthorityWithContext is the same as RestoreCertificateAuthority with the addition of 2287// the ability to pass a context and additional request options. 2288// 2289// See RestoreCertificateAuthority for details on how to use this API operation. 2290// 2291// The context must be non-nil and will be used for request cancellation. If 2292// the context is nil a panic will occur. In the future the SDK may create 2293// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2294// for more information on using Contexts. 2295func (c *ACMPCA) RestoreCertificateAuthorityWithContext(ctx aws.Context, input *RestoreCertificateAuthorityInput, opts ...request.Option) (*RestoreCertificateAuthorityOutput, error) { 2296 req, out := c.RestoreCertificateAuthorityRequest(input) 2297 req.SetContext(ctx) 2298 req.ApplyOptions(opts...) 2299 return out, req.Send() 2300} 2301 2302const opRevokeCertificate = "RevokeCertificate" 2303 2304// RevokeCertificateRequest generates a "aws/request.Request" representing the 2305// client's request for the RevokeCertificate operation. The "output" return 2306// value will be populated with the request's response once the request completes 2307// successfully. 2308// 2309// Use "Send" method on the returned Request to send the API call to the service. 2310// the "output" return value is not valid until after Send returns without error. 2311// 2312// See RevokeCertificate for more information on using the RevokeCertificate 2313// API call, and error handling. 2314// 2315// This method is useful when you want to inject custom logic or configuration 2316// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2317// 2318// 2319// // Example sending a request using the RevokeCertificateRequest method. 2320// req, resp := client.RevokeCertificateRequest(params) 2321// 2322// err := req.Send() 2323// if err == nil { // resp is now filled 2324// fmt.Println(resp) 2325// } 2326// 2327// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2328func (c *ACMPCA) RevokeCertificateRequest(input *RevokeCertificateInput) (req *request.Request, output *RevokeCertificateOutput) { 2329 op := &request.Operation{ 2330 Name: opRevokeCertificate, 2331 HTTPMethod: "POST", 2332 HTTPPath: "/", 2333 } 2334 2335 if input == nil { 2336 input = &RevokeCertificateInput{} 2337 } 2338 2339 output = &RevokeCertificateOutput{} 2340 req = c.newRequest(op, input, output) 2341 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2342 return 2343} 2344 2345// RevokeCertificate API operation for AWS Certificate Manager Private Certificate Authority. 2346// 2347// Revokes a certificate that was issued inside ACM Private CA. If you enable 2348// a certificate revocation list (CRL) when you create or update your private 2349// CA, information about the revoked certificates will be included in the CRL. 2350// ACM Private CA writes the CRL to an S3 bucket that you specify. A CRL is 2351// typically updated approximately 30 minutes after a certificate is revoked. 2352// If for any reason the CRL update fails, ACM Private CA attempts makes further 2353// attempts every 15 minutes. With Amazon CloudWatch, you can create alarms 2354// for the metrics CRLGenerated and MisconfiguredCRLBucket. For more information, 2355// see Supported CloudWatch Metrics (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html). 2356// 2357// Both PCA and the IAM principal must have permission to write to the S3 bucket 2358// that you specify. If the IAM principal making the call does not have permission 2359// to write to the bucket, then an exception is thrown. For more information, 2360// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2361// 2362// ACM Private CA also writes revocation information to the audit report. For 2363// more information, see CreateCertificateAuthorityAuditReport (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html). 2364// 2365// You cannot revoke a root CA self-signed certificate. 2366// 2367// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2368// with awserr.Error's Code and Message methods to get detailed information about 2369// the error. 2370// 2371// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2372// API operation RevokeCertificate for usage and error information. 2373// 2374// Returned Error Types: 2375// * ConcurrentModificationException 2376// A previous update to your private CA is still ongoing. 2377// 2378// * InvalidArnException 2379// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2380// 2381// * InvalidRequestException 2382// The request action cannot be performed or is prohibited. 2383// 2384// * InvalidStateException 2385// The state of the private CA does not allow this action to occur. 2386// 2387// * LimitExceededException 2388// An ACM Private CA quota has been exceeded. See the exception message returned 2389// to determine the quota that was exceeded. 2390// 2391// * ResourceNotFoundException 2392// A resource such as a private CA, S3 bucket, certificate, audit report, or 2393// policy cannot be found. 2394// 2395// * RequestAlreadyProcessedException 2396// Your request has already been completed. 2397// 2398// * RequestInProgressException 2399// Your request is already in progress. 2400// 2401// * RequestFailedException 2402// The request has failed for an unspecified reason. 2403// 2404// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate 2405func (c *ACMPCA) RevokeCertificate(input *RevokeCertificateInput) (*RevokeCertificateOutput, error) { 2406 req, out := c.RevokeCertificateRequest(input) 2407 return out, req.Send() 2408} 2409 2410// RevokeCertificateWithContext is the same as RevokeCertificate with the addition of 2411// the ability to pass a context and additional request options. 2412// 2413// See RevokeCertificate for details on how to use this API operation. 2414// 2415// The context must be non-nil and will be used for request cancellation. If 2416// the context is nil a panic will occur. In the future the SDK may create 2417// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2418// for more information on using Contexts. 2419func (c *ACMPCA) RevokeCertificateWithContext(ctx aws.Context, input *RevokeCertificateInput, opts ...request.Option) (*RevokeCertificateOutput, error) { 2420 req, out := c.RevokeCertificateRequest(input) 2421 req.SetContext(ctx) 2422 req.ApplyOptions(opts...) 2423 return out, req.Send() 2424} 2425 2426const opTagCertificateAuthority = "TagCertificateAuthority" 2427 2428// TagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2429// client's request for the TagCertificateAuthority operation. The "output" return 2430// value will be populated with the request's response once the request completes 2431// successfully. 2432// 2433// Use "Send" method on the returned Request to send the API call to the service. 2434// the "output" return value is not valid until after Send returns without error. 2435// 2436// See TagCertificateAuthority for more information on using the TagCertificateAuthority 2437// API call, and error handling. 2438// 2439// This method is useful when you want to inject custom logic or configuration 2440// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2441// 2442// 2443// // Example sending a request using the TagCertificateAuthorityRequest method. 2444// req, resp := client.TagCertificateAuthorityRequest(params) 2445// 2446// err := req.Send() 2447// if err == nil { // resp is now filled 2448// fmt.Println(resp) 2449// } 2450// 2451// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2452func (c *ACMPCA) TagCertificateAuthorityRequest(input *TagCertificateAuthorityInput) (req *request.Request, output *TagCertificateAuthorityOutput) { 2453 op := &request.Operation{ 2454 Name: opTagCertificateAuthority, 2455 HTTPMethod: "POST", 2456 HTTPPath: "/", 2457 } 2458 2459 if input == nil { 2460 input = &TagCertificateAuthorityInput{} 2461 } 2462 2463 output = &TagCertificateAuthorityOutput{} 2464 req = c.newRequest(op, input, output) 2465 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2466 return 2467} 2468 2469// TagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2470// 2471// Adds one or more tags to your private CA. Tags are labels that you can use 2472// to identify and organize your AWS resources. Each tag consists of a key and 2473// an optional value. You specify the private CA on input by its Amazon Resource 2474// Name (ARN). You specify the tag by using a key-value pair. You can apply 2475// a tag to just one private CA if you want to identify a specific characteristic 2476// of that CA, or you can apply the same tag to multiple private CAs if you 2477// want to filter for a common relationship among those CAs. To remove one or 2478// more tags, use the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 2479// action. Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2480// action to see what tags are associated with your CA. 2481// 2482// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2483// with awserr.Error's Code and Message methods to get detailed information about 2484// the error. 2485// 2486// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2487// API operation TagCertificateAuthority for usage and error information. 2488// 2489// Returned Error Types: 2490// * ResourceNotFoundException 2491// A resource such as a private CA, S3 bucket, certificate, audit report, or 2492// policy cannot be found. 2493// 2494// * InvalidArnException 2495// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2496// 2497// * InvalidStateException 2498// The state of the private CA does not allow this action to occur. 2499// 2500// * InvalidTagException 2501// The tag associated with the CA is not valid. The invalid argument is contained 2502// in the message field. 2503// 2504// * TooManyTagsException 2505// You can associate up to 50 tags with a private CA. Exception information 2506// is contained in the exception message field. 2507// 2508// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority 2509func (c *ACMPCA) TagCertificateAuthority(input *TagCertificateAuthorityInput) (*TagCertificateAuthorityOutput, error) { 2510 req, out := c.TagCertificateAuthorityRequest(input) 2511 return out, req.Send() 2512} 2513 2514// TagCertificateAuthorityWithContext is the same as TagCertificateAuthority with the addition of 2515// the ability to pass a context and additional request options. 2516// 2517// See TagCertificateAuthority for details on how to use this API operation. 2518// 2519// The context must be non-nil and will be used for request cancellation. If 2520// the context is nil a panic will occur. In the future the SDK may create 2521// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2522// for more information on using Contexts. 2523func (c *ACMPCA) TagCertificateAuthorityWithContext(ctx aws.Context, input *TagCertificateAuthorityInput, opts ...request.Option) (*TagCertificateAuthorityOutput, error) { 2524 req, out := c.TagCertificateAuthorityRequest(input) 2525 req.SetContext(ctx) 2526 req.ApplyOptions(opts...) 2527 return out, req.Send() 2528} 2529 2530const opUntagCertificateAuthority = "UntagCertificateAuthority" 2531 2532// UntagCertificateAuthorityRequest generates a "aws/request.Request" representing the 2533// client's request for the UntagCertificateAuthority operation. The "output" return 2534// value will be populated with the request's response once the request completes 2535// successfully. 2536// 2537// Use "Send" method on the returned Request to send the API call to the service. 2538// the "output" return value is not valid until after Send returns without error. 2539// 2540// See UntagCertificateAuthority for more information on using the UntagCertificateAuthority 2541// API call, and error handling. 2542// 2543// This method is useful when you want to inject custom logic or configuration 2544// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2545// 2546// 2547// // Example sending a request using the UntagCertificateAuthorityRequest method. 2548// req, resp := client.UntagCertificateAuthorityRequest(params) 2549// 2550// err := req.Send() 2551// if err == nil { // resp is now filled 2552// fmt.Println(resp) 2553// } 2554// 2555// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2556func (c *ACMPCA) UntagCertificateAuthorityRequest(input *UntagCertificateAuthorityInput) (req *request.Request, output *UntagCertificateAuthorityOutput) { 2557 op := &request.Operation{ 2558 Name: opUntagCertificateAuthority, 2559 HTTPMethod: "POST", 2560 HTTPPath: "/", 2561 } 2562 2563 if input == nil { 2564 input = &UntagCertificateAuthorityInput{} 2565 } 2566 2567 output = &UntagCertificateAuthorityOutput{} 2568 req = c.newRequest(op, input, output) 2569 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2570 return 2571} 2572 2573// UntagCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2574// 2575// Remove one or more tags from your private CA. A tag consists of a key-value 2576// pair. If you do not specify the value portion of the tag when calling this 2577// action, the tag will be removed regardless of value. If you specify a value, 2578// the tag is removed only if it is associated with the specified value. To 2579// add tags to a private CA, use the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html). 2580// Call the ListTags (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html) 2581// action to see what tags are associated with your CA. 2582// 2583// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2584// with awserr.Error's Code and Message methods to get detailed information about 2585// the error. 2586// 2587// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2588// API operation UntagCertificateAuthority for usage and error information. 2589// 2590// Returned Error Types: 2591// * ResourceNotFoundException 2592// A resource such as a private CA, S3 bucket, certificate, audit report, or 2593// policy cannot be found. 2594// 2595// * InvalidArnException 2596// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2597// 2598// * InvalidStateException 2599// The state of the private CA does not allow this action to occur. 2600// 2601// * InvalidTagException 2602// The tag associated with the CA is not valid. The invalid argument is contained 2603// in the message field. 2604// 2605// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority 2606func (c *ACMPCA) UntagCertificateAuthority(input *UntagCertificateAuthorityInput) (*UntagCertificateAuthorityOutput, error) { 2607 req, out := c.UntagCertificateAuthorityRequest(input) 2608 return out, req.Send() 2609} 2610 2611// UntagCertificateAuthorityWithContext is the same as UntagCertificateAuthority with the addition of 2612// the ability to pass a context and additional request options. 2613// 2614// See UntagCertificateAuthority for details on how to use this API operation. 2615// 2616// The context must be non-nil and will be used for request cancellation. If 2617// the context is nil a panic will occur. In the future the SDK may create 2618// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2619// for more information on using Contexts. 2620func (c *ACMPCA) UntagCertificateAuthorityWithContext(ctx aws.Context, input *UntagCertificateAuthorityInput, opts ...request.Option) (*UntagCertificateAuthorityOutput, error) { 2621 req, out := c.UntagCertificateAuthorityRequest(input) 2622 req.SetContext(ctx) 2623 req.ApplyOptions(opts...) 2624 return out, req.Send() 2625} 2626 2627const opUpdateCertificateAuthority = "UpdateCertificateAuthority" 2628 2629// UpdateCertificateAuthorityRequest generates a "aws/request.Request" representing the 2630// client's request for the UpdateCertificateAuthority operation. The "output" return 2631// value will be populated with the request's response once the request completes 2632// successfully. 2633// 2634// Use "Send" method on the returned Request to send the API call to the service. 2635// the "output" return value is not valid until after Send returns without error. 2636// 2637// See UpdateCertificateAuthority for more information on using the UpdateCertificateAuthority 2638// API call, and error handling. 2639// 2640// This method is useful when you want to inject custom logic or configuration 2641// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2642// 2643// 2644// // Example sending a request using the UpdateCertificateAuthorityRequest method. 2645// req, resp := client.UpdateCertificateAuthorityRequest(params) 2646// 2647// err := req.Send() 2648// if err == nil { // resp is now filled 2649// fmt.Println(resp) 2650// } 2651// 2652// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2653func (c *ACMPCA) UpdateCertificateAuthorityRequest(input *UpdateCertificateAuthorityInput) (req *request.Request, output *UpdateCertificateAuthorityOutput) { 2654 op := &request.Operation{ 2655 Name: opUpdateCertificateAuthority, 2656 HTTPMethod: "POST", 2657 HTTPPath: "/", 2658 } 2659 2660 if input == nil { 2661 input = &UpdateCertificateAuthorityInput{} 2662 } 2663 2664 output = &UpdateCertificateAuthorityOutput{} 2665 req = c.newRequest(op, input, output) 2666 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2667 return 2668} 2669 2670// UpdateCertificateAuthority API operation for AWS Certificate Manager Private Certificate Authority. 2671// 2672// Updates the status or configuration of a private certificate authority (CA). 2673// Your private CA must be in the ACTIVE or DISABLED state before you can update 2674// it. You can disable a private CA that is in the ACTIVE state or make a CA 2675// that is in the DISABLED state active again. 2676// 2677// Both PCA and the IAM principal must have permission to write to the S3 bucket 2678// that you specify. If the IAM principal making the call does not have permission 2679// to write to the bucket, then an exception is thrown. For more information, 2680// see Configure Access to ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 2681// 2682// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2683// with awserr.Error's Code and Message methods to get detailed information about 2684// the error. 2685// 2686// See the AWS API reference guide for AWS Certificate Manager Private Certificate Authority's 2687// API operation UpdateCertificateAuthority for usage and error information. 2688// 2689// Returned Error Types: 2690// * ConcurrentModificationException 2691// A previous update to your private CA is still ongoing. 2692// 2693// * ResourceNotFoundException 2694// A resource such as a private CA, S3 bucket, certificate, audit report, or 2695// policy cannot be found. 2696// 2697// * InvalidArgsException 2698// One or more of the specified arguments was not valid. 2699// 2700// * InvalidArnException 2701// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 2702// 2703// * InvalidStateException 2704// The state of the private CA does not allow this action to occur. 2705// 2706// * InvalidPolicyException 2707// The resource policy is invalid or is missing a required statement. For general 2708// information about IAM policy and statement structure, see Overview of JSON 2709// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 2710// 2711// See also, https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority 2712func (c *ACMPCA) UpdateCertificateAuthority(input *UpdateCertificateAuthorityInput) (*UpdateCertificateAuthorityOutput, error) { 2713 req, out := c.UpdateCertificateAuthorityRequest(input) 2714 return out, req.Send() 2715} 2716 2717// UpdateCertificateAuthorityWithContext is the same as UpdateCertificateAuthority with the addition of 2718// the ability to pass a context and additional request options. 2719// 2720// See UpdateCertificateAuthority for details on how to use this API operation. 2721// 2722// The context must be non-nil and will be used for request cancellation. If 2723// the context is nil a panic will occur. In the future the SDK may create 2724// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2725// for more information on using Contexts. 2726func (c *ACMPCA) UpdateCertificateAuthorityWithContext(ctx aws.Context, input *UpdateCertificateAuthorityInput, opts ...request.Option) (*UpdateCertificateAuthorityOutput, error) { 2727 req, out := c.UpdateCertificateAuthorityRequest(input) 2728 req.SetContext(ctx) 2729 req.ApplyOptions(opts...) 2730 return out, req.Send() 2731} 2732 2733// Contains information about the certificate subject. The Subject field in 2734// the certificate identifies the entity that owns or controls the public key 2735// in the certificate. The entity can be a user, computer, device, or service. 2736// The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 2737// of relative distinguished names (RDNs). The RDNs are separated by commas 2738// in the certificate. 2739type ASN1Subject struct { 2740 _ struct{} `type:"structure"` 2741 2742 // For CA and end-entity certificates in a private PKI, the common name (CN) 2743 // can be any string within the length limit. 2744 // 2745 // Note: In publicly trusted certificates, the common name must be a fully qualified 2746 // domain name (FQDN) associated with the certificate subject. 2747 CommonName *string `type:"string"` 2748 2749 // Two-digit code that specifies the country in which the certificate subject 2750 // located. 2751 Country *string `min:"2" type:"string"` 2752 2753 // Disambiguating information for the certificate subject. 2754 DistinguishedNameQualifier *string `type:"string"` 2755 2756 // Typically a qualifier appended to the name of an individual. Examples include 2757 // Jr. for junior, Sr. for senior, and III for third. 2758 GenerationQualifier *string `type:"string"` 2759 2760 // First name. 2761 GivenName *string `type:"string"` 2762 2763 // Concatenation that typically contains the first letter of the GivenName, 2764 // the first letter of the middle name if one exists, and the first letter of 2765 // the Surname. 2766 Initials *string `type:"string"` 2767 2768 // The locality (such as a city or town) in which the certificate subject is 2769 // located. 2770 Locality *string `type:"string"` 2771 2772 // Legal name of the organization with which the certificate subject is affiliated. 2773 Organization *string `type:"string"` 2774 2775 // A subdivision or unit of the organization (such as sales or finance) with 2776 // which the certificate subject is affiliated. 2777 OrganizationalUnit *string `type:"string"` 2778 2779 // Typically a shortened version of a longer GivenName. For example, Jonathan 2780 // is often shortened to John. Elizabeth is often shortened to Beth, Liz, or 2781 // Eliza. 2782 Pseudonym *string `type:"string"` 2783 2784 // The certificate serial number. 2785 SerialNumber *string `type:"string"` 2786 2787 // State in which the subject of the certificate is located. 2788 State *string `type:"string"` 2789 2790 // Family name. In the US and the UK, for example, the surname of an individual 2791 // is ordered last. In Asian cultures the surname is typically ordered first. 2792 Surname *string `type:"string"` 2793 2794 // A title such as Mr. or Ms., which is pre-pended to the name to refer formally 2795 // to the certificate subject. 2796 Title *string `type:"string"` 2797} 2798 2799// String returns the string representation. 2800// 2801// API parameter values that are decorated as "sensitive" in the API will not 2802// be included in the string output. The member name will be present, but the 2803// value will be replaced with "sensitive". 2804func (s ASN1Subject) String() string { 2805 return awsutil.Prettify(s) 2806} 2807 2808// GoString returns the string representation. 2809// 2810// API parameter values that are decorated as "sensitive" in the API will not 2811// be included in the string output. The member name will be present, but the 2812// value will be replaced with "sensitive". 2813func (s ASN1Subject) GoString() string { 2814 return s.String() 2815} 2816 2817// Validate inspects the fields of the type to determine if they are valid. 2818func (s *ASN1Subject) Validate() error { 2819 invalidParams := request.ErrInvalidParams{Context: "ASN1Subject"} 2820 if s.Country != nil && len(*s.Country) < 2 { 2821 invalidParams.Add(request.NewErrParamMinLen("Country", 2)) 2822 } 2823 2824 if invalidParams.Len() > 0 { 2825 return invalidParams 2826 } 2827 return nil 2828} 2829 2830// SetCommonName sets the CommonName field's value. 2831func (s *ASN1Subject) SetCommonName(v string) *ASN1Subject { 2832 s.CommonName = &v 2833 return s 2834} 2835 2836// SetCountry sets the Country field's value. 2837func (s *ASN1Subject) SetCountry(v string) *ASN1Subject { 2838 s.Country = &v 2839 return s 2840} 2841 2842// SetDistinguishedNameQualifier sets the DistinguishedNameQualifier field's value. 2843func (s *ASN1Subject) SetDistinguishedNameQualifier(v string) *ASN1Subject { 2844 s.DistinguishedNameQualifier = &v 2845 return s 2846} 2847 2848// SetGenerationQualifier sets the GenerationQualifier field's value. 2849func (s *ASN1Subject) SetGenerationQualifier(v string) *ASN1Subject { 2850 s.GenerationQualifier = &v 2851 return s 2852} 2853 2854// SetGivenName sets the GivenName field's value. 2855func (s *ASN1Subject) SetGivenName(v string) *ASN1Subject { 2856 s.GivenName = &v 2857 return s 2858} 2859 2860// SetInitials sets the Initials field's value. 2861func (s *ASN1Subject) SetInitials(v string) *ASN1Subject { 2862 s.Initials = &v 2863 return s 2864} 2865 2866// SetLocality sets the Locality field's value. 2867func (s *ASN1Subject) SetLocality(v string) *ASN1Subject { 2868 s.Locality = &v 2869 return s 2870} 2871 2872// SetOrganization sets the Organization field's value. 2873func (s *ASN1Subject) SetOrganization(v string) *ASN1Subject { 2874 s.Organization = &v 2875 return s 2876} 2877 2878// SetOrganizationalUnit sets the OrganizationalUnit field's value. 2879func (s *ASN1Subject) SetOrganizationalUnit(v string) *ASN1Subject { 2880 s.OrganizationalUnit = &v 2881 return s 2882} 2883 2884// SetPseudonym sets the Pseudonym field's value. 2885func (s *ASN1Subject) SetPseudonym(v string) *ASN1Subject { 2886 s.Pseudonym = &v 2887 return s 2888} 2889 2890// SetSerialNumber sets the SerialNumber field's value. 2891func (s *ASN1Subject) SetSerialNumber(v string) *ASN1Subject { 2892 s.SerialNumber = &v 2893 return s 2894} 2895 2896// SetState sets the State field's value. 2897func (s *ASN1Subject) SetState(v string) *ASN1Subject { 2898 s.State = &v 2899 return s 2900} 2901 2902// SetSurname sets the Surname field's value. 2903func (s *ASN1Subject) SetSurname(v string) *ASN1Subject { 2904 s.Surname = &v 2905 return s 2906} 2907 2908// SetTitle sets the Title field's value. 2909func (s *ASN1Subject) SetTitle(v string) *ASN1Subject { 2910 s.Title = &v 2911 return s 2912} 2913 2914// Provides access information used by the authorityInfoAccess and subjectInfoAccess 2915// extensions described in RFC 5280 (https://tools.ietf.org/html/rfc5280). 2916type AccessDescription struct { 2917 _ struct{} `type:"structure"` 2918 2919 // The location of AccessDescription information. 2920 // 2921 // AccessLocation is a required field 2922 AccessLocation *GeneralName `type:"structure" required:"true"` 2923 2924 // The type and format of AccessDescription information. 2925 // 2926 // AccessMethod is a required field 2927 AccessMethod *AccessMethod `type:"structure" required:"true"` 2928} 2929 2930// String returns the string representation. 2931// 2932// API parameter values that are decorated as "sensitive" in the API will not 2933// be included in the string output. The member name will be present, but the 2934// value will be replaced with "sensitive". 2935func (s AccessDescription) String() string { 2936 return awsutil.Prettify(s) 2937} 2938 2939// GoString returns the string representation. 2940// 2941// API parameter values that are decorated as "sensitive" in the API will not 2942// be included in the string output. The member name will be present, but the 2943// value will be replaced with "sensitive". 2944func (s AccessDescription) GoString() string { 2945 return s.String() 2946} 2947 2948// Validate inspects the fields of the type to determine if they are valid. 2949func (s *AccessDescription) Validate() error { 2950 invalidParams := request.ErrInvalidParams{Context: "AccessDescription"} 2951 if s.AccessLocation == nil { 2952 invalidParams.Add(request.NewErrParamRequired("AccessLocation")) 2953 } 2954 if s.AccessMethod == nil { 2955 invalidParams.Add(request.NewErrParamRequired("AccessMethod")) 2956 } 2957 if s.AccessLocation != nil { 2958 if err := s.AccessLocation.Validate(); err != nil { 2959 invalidParams.AddNested("AccessLocation", err.(request.ErrInvalidParams)) 2960 } 2961 } 2962 2963 if invalidParams.Len() > 0 { 2964 return invalidParams 2965 } 2966 return nil 2967} 2968 2969// SetAccessLocation sets the AccessLocation field's value. 2970func (s *AccessDescription) SetAccessLocation(v *GeneralName) *AccessDescription { 2971 s.AccessLocation = v 2972 return s 2973} 2974 2975// SetAccessMethod sets the AccessMethod field's value. 2976func (s *AccessDescription) SetAccessMethod(v *AccessMethod) *AccessDescription { 2977 s.AccessMethod = v 2978 return s 2979} 2980 2981// Describes the type and format of extension access. Only one of CustomObjectIdentifier 2982// or AccessMethodType may be provided. Providing both results in InvalidArgsException. 2983type AccessMethod struct { 2984 _ struct{} `type:"structure"` 2985 2986 // Specifies the AccessMethod. 2987 AccessMethodType *string `type:"string" enum:"AccessMethodType"` 2988 2989 // An object identifier (OID) specifying the AccessMethod. The OID must satisfy 2990 // the regular expression shown below. For more information, see NIST's definition 2991 // of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 2992 CustomObjectIdentifier *string `type:"string"` 2993} 2994 2995// String returns the string representation. 2996// 2997// API parameter values that are decorated as "sensitive" in the API will not 2998// be included in the string output. The member name will be present, but the 2999// value will be replaced with "sensitive". 3000func (s AccessMethod) String() string { 3001 return awsutil.Prettify(s) 3002} 3003 3004// GoString returns the string representation. 3005// 3006// API parameter values that are decorated as "sensitive" in the API will not 3007// be included in the string output. The member name will be present, but the 3008// value will be replaced with "sensitive". 3009func (s AccessMethod) GoString() string { 3010 return s.String() 3011} 3012 3013// SetAccessMethodType sets the AccessMethodType field's value. 3014func (s *AccessMethod) SetAccessMethodType(v string) *AccessMethod { 3015 s.AccessMethodType = &v 3016 return s 3017} 3018 3019// SetCustomObjectIdentifier sets the CustomObjectIdentifier field's value. 3020func (s *AccessMethod) SetCustomObjectIdentifier(v string) *AccessMethod { 3021 s.CustomObjectIdentifier = &v 3022 return s 3023} 3024 3025// Contains X.509 certificate information to be placed in an issued certificate. 3026// An APIPassthrough or APICSRPassthrough template variant must be selected, 3027// or else this parameter is ignored. 3028// 3029// If conflicting or duplicate certificate information is supplied from other 3030// sources, ACM Private CA applies order of operation rules (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) 3031// to determine what information is used. 3032type ApiPassthrough struct { 3033 _ struct{} `type:"structure"` 3034 3035 // Specifies X.509 extension information for a certificate. 3036 Extensions *Extensions `type:"structure"` 3037 3038 // Contains information about the certificate subject. The Subject field in 3039 // the certificate identifies the entity that owns or controls the public key 3040 // in the certificate. The entity can be a user, computer, device, or service. 3041 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 3042 // of relative distinguished names (RDNs). The RDNs are separated by commas 3043 // in the certificate. 3044 Subject *ASN1Subject `type:"structure"` 3045} 3046 3047// String returns the string representation. 3048// 3049// API parameter values that are decorated as "sensitive" in the API will not 3050// be included in the string output. The member name will be present, but the 3051// value will be replaced with "sensitive". 3052func (s ApiPassthrough) String() string { 3053 return awsutil.Prettify(s) 3054} 3055 3056// GoString returns the string representation. 3057// 3058// API parameter values that are decorated as "sensitive" in the API will not 3059// be included in the string output. The member name will be present, but the 3060// value will be replaced with "sensitive". 3061func (s ApiPassthrough) GoString() string { 3062 return s.String() 3063} 3064 3065// Validate inspects the fields of the type to determine if they are valid. 3066func (s *ApiPassthrough) Validate() error { 3067 invalidParams := request.ErrInvalidParams{Context: "ApiPassthrough"} 3068 if s.Extensions != nil { 3069 if err := s.Extensions.Validate(); err != nil { 3070 invalidParams.AddNested("Extensions", err.(request.ErrInvalidParams)) 3071 } 3072 } 3073 if s.Subject != nil { 3074 if err := s.Subject.Validate(); err != nil { 3075 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3076 } 3077 } 3078 3079 if invalidParams.Len() > 0 { 3080 return invalidParams 3081 } 3082 return nil 3083} 3084 3085// SetExtensions sets the Extensions field's value. 3086func (s *ApiPassthrough) SetExtensions(v *Extensions) *ApiPassthrough { 3087 s.Extensions = v 3088 return s 3089} 3090 3091// SetSubject sets the Subject field's value. 3092func (s *ApiPassthrough) SetSubject(v *ASN1Subject) *ApiPassthrough { 3093 s.Subject = v 3094 return s 3095} 3096 3097// Contains information about your private certificate authority (CA). Your 3098// private CA can issue and revoke X.509 digital certificates. Digital certificates 3099// verify that the entity named in the certificate Subject field owns or controls 3100// the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority 3101// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3102// action to create your private CA. You must then call the GetCertificateAuthorityCertificate 3103// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) 3104// action to retrieve a private CA certificate signing request (CSR). Sign the 3105// CSR with your ACM Private CA-hosted or on-premises root or subordinate CA 3106// certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 3107// action to import the signed certificate into AWS Certificate Manager (ACM). 3108type CertificateAuthority struct { 3109 _ struct{} `type:"structure"` 3110 3111 // Amazon Resource Name (ARN) for your private certificate authority (CA). The 3112 // format is 12345678-1234-1234-1234-123456789012 . 3113 Arn *string `min:"5" type:"string"` 3114 3115 // Your private CA configuration. 3116 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure"` 3117 3118 // Date and time at which your private CA was created. 3119 CreatedAt *time.Time `type:"timestamp"` 3120 3121 // Reason the request to create your private CA failed. 3122 FailureReason *string `type:"string" enum:"FailureReason"` 3123 3124 // Defines a cryptographic key management compliance standard used for handling 3125 // CA keys. 3126 // 3127 // Default: FIPS_140_2_LEVEL_3_OR_HIGHER 3128 // 3129 // Note: AWS Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. 3130 // You must explicitly specify this parameter and value when creating a CA in 3131 // that Region. Specifying a different value (or no value) results in an InvalidArgsException 3132 // with the message "A certificate authority cannot be created in this region 3133 // with the specified security standard." 3134 KeyStorageSecurityStandard *string `type:"string" enum:"KeyStorageSecurityStandard"` 3135 3136 // Date and time at which your private CA was last updated. 3137 LastStateChangeAt *time.Time `type:"timestamp"` 3138 3139 // Date and time after which your private CA certificate is not valid. 3140 NotAfter *time.Time `type:"timestamp"` 3141 3142 // Date and time before which your private CA certificate is not valid. 3143 NotBefore *time.Time `type:"timestamp"` 3144 3145 // The AWS account ID that owns the certificate authority. 3146 OwnerAccount *string `min:"12" type:"string"` 3147 3148 // The period during which a deleted CA can be restored. For more information, 3149 // see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest 3150 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html) 3151 // action. 3152 RestorableUntil *time.Time `type:"timestamp"` 3153 3154 // Information about the Online Certificate Status Protocol (OCSP) configuration 3155 // or certificate revocation list (CRL) created and maintained by your private 3156 // CA. 3157 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3158 3159 // Serial number of your private CA. 3160 Serial *string `type:"string"` 3161 3162 // Status of your private CA. 3163 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 3164 3165 // Type of your private CA. 3166 Type *string `type:"string" enum:"CertificateAuthorityType"` 3167} 3168 3169// String returns the string representation. 3170// 3171// API parameter values that are decorated as "sensitive" in the API will not 3172// be included in the string output. The member name will be present, but the 3173// value will be replaced with "sensitive". 3174func (s CertificateAuthority) String() string { 3175 return awsutil.Prettify(s) 3176} 3177 3178// GoString returns the string representation. 3179// 3180// API parameter values that are decorated as "sensitive" in the API will not 3181// be included in the string output. The member name will be present, but the 3182// value will be replaced with "sensitive". 3183func (s CertificateAuthority) GoString() string { 3184 return s.String() 3185} 3186 3187// SetArn sets the Arn field's value. 3188func (s *CertificateAuthority) SetArn(v string) *CertificateAuthority { 3189 s.Arn = &v 3190 return s 3191} 3192 3193// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3194func (s *CertificateAuthority) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CertificateAuthority { 3195 s.CertificateAuthorityConfiguration = v 3196 return s 3197} 3198 3199// SetCreatedAt sets the CreatedAt field's value. 3200func (s *CertificateAuthority) SetCreatedAt(v time.Time) *CertificateAuthority { 3201 s.CreatedAt = &v 3202 return s 3203} 3204 3205// SetFailureReason sets the FailureReason field's value. 3206func (s *CertificateAuthority) SetFailureReason(v string) *CertificateAuthority { 3207 s.FailureReason = &v 3208 return s 3209} 3210 3211// SetKeyStorageSecurityStandard sets the KeyStorageSecurityStandard field's value. 3212func (s *CertificateAuthority) SetKeyStorageSecurityStandard(v string) *CertificateAuthority { 3213 s.KeyStorageSecurityStandard = &v 3214 return s 3215} 3216 3217// SetLastStateChangeAt sets the LastStateChangeAt field's value. 3218func (s *CertificateAuthority) SetLastStateChangeAt(v time.Time) *CertificateAuthority { 3219 s.LastStateChangeAt = &v 3220 return s 3221} 3222 3223// SetNotAfter sets the NotAfter field's value. 3224func (s *CertificateAuthority) SetNotAfter(v time.Time) *CertificateAuthority { 3225 s.NotAfter = &v 3226 return s 3227} 3228 3229// SetNotBefore sets the NotBefore field's value. 3230func (s *CertificateAuthority) SetNotBefore(v time.Time) *CertificateAuthority { 3231 s.NotBefore = &v 3232 return s 3233} 3234 3235// SetOwnerAccount sets the OwnerAccount field's value. 3236func (s *CertificateAuthority) SetOwnerAccount(v string) *CertificateAuthority { 3237 s.OwnerAccount = &v 3238 return s 3239} 3240 3241// SetRestorableUntil sets the RestorableUntil field's value. 3242func (s *CertificateAuthority) SetRestorableUntil(v time.Time) *CertificateAuthority { 3243 s.RestorableUntil = &v 3244 return s 3245} 3246 3247// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3248func (s *CertificateAuthority) SetRevocationConfiguration(v *RevocationConfiguration) *CertificateAuthority { 3249 s.RevocationConfiguration = v 3250 return s 3251} 3252 3253// SetSerial sets the Serial field's value. 3254func (s *CertificateAuthority) SetSerial(v string) *CertificateAuthority { 3255 s.Serial = &v 3256 return s 3257} 3258 3259// SetStatus sets the Status field's value. 3260func (s *CertificateAuthority) SetStatus(v string) *CertificateAuthority { 3261 s.Status = &v 3262 return s 3263} 3264 3265// SetType sets the Type field's value. 3266func (s *CertificateAuthority) SetType(v string) *CertificateAuthority { 3267 s.Type = &v 3268 return s 3269} 3270 3271// Contains configuration information for your private certificate authority 3272// (CA). This includes information about the class of public key algorithm and 3273// the key pair that your private CA creates when it issues a certificate. It 3274// also includes the signature algorithm that it uses when issuing certificates, 3275// and its X.500 distinguished name. You must specify this information when 3276// you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3277// action. 3278type CertificateAuthorityConfiguration struct { 3279 _ struct{} `type:"structure"` 3280 3281 // Specifies information to be added to the extension section of the certificate 3282 // signing request (CSR). 3283 CsrExtensions *CsrExtensions `type:"structure"` 3284 3285 // Type of the public key algorithm and size, in bits, of the key pair that 3286 // your CA creates when it issues a certificate. When you create a subordinate 3287 // CA, you must use a key algorithm supported by the parent CA. 3288 // 3289 // KeyAlgorithm is a required field 3290 KeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` 3291 3292 // Name of the algorithm your private CA uses to sign certificate requests. 3293 // 3294 // This parameter should not be confused with the SigningAlgorithm parameter 3295 // used to sign certificates when they are issued. 3296 // 3297 // SigningAlgorithm is a required field 3298 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 3299 3300 // Structure that contains X.500 distinguished name information for your private 3301 // CA. 3302 // 3303 // Subject is a required field 3304 Subject *ASN1Subject `type:"structure" required:"true"` 3305} 3306 3307// String returns the string representation. 3308// 3309// API parameter values that are decorated as "sensitive" in the API will not 3310// be included in the string output. The member name will be present, but the 3311// value will be replaced with "sensitive". 3312func (s CertificateAuthorityConfiguration) String() string { 3313 return awsutil.Prettify(s) 3314} 3315 3316// GoString returns the string representation. 3317// 3318// API parameter values that are decorated as "sensitive" in the API will not 3319// be included in the string output. The member name will be present, but the 3320// value will be replaced with "sensitive". 3321func (s CertificateAuthorityConfiguration) GoString() string { 3322 return s.String() 3323} 3324 3325// Validate inspects the fields of the type to determine if they are valid. 3326func (s *CertificateAuthorityConfiguration) Validate() error { 3327 invalidParams := request.ErrInvalidParams{Context: "CertificateAuthorityConfiguration"} 3328 if s.KeyAlgorithm == nil { 3329 invalidParams.Add(request.NewErrParamRequired("KeyAlgorithm")) 3330 } 3331 if s.SigningAlgorithm == nil { 3332 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 3333 } 3334 if s.Subject == nil { 3335 invalidParams.Add(request.NewErrParamRequired("Subject")) 3336 } 3337 if s.CsrExtensions != nil { 3338 if err := s.CsrExtensions.Validate(); err != nil { 3339 invalidParams.AddNested("CsrExtensions", err.(request.ErrInvalidParams)) 3340 } 3341 } 3342 if s.Subject != nil { 3343 if err := s.Subject.Validate(); err != nil { 3344 invalidParams.AddNested("Subject", err.(request.ErrInvalidParams)) 3345 } 3346 } 3347 3348 if invalidParams.Len() > 0 { 3349 return invalidParams 3350 } 3351 return nil 3352} 3353 3354// SetCsrExtensions sets the CsrExtensions field's value. 3355func (s *CertificateAuthorityConfiguration) SetCsrExtensions(v *CsrExtensions) *CertificateAuthorityConfiguration { 3356 s.CsrExtensions = v 3357 return s 3358} 3359 3360// SetKeyAlgorithm sets the KeyAlgorithm field's value. 3361func (s *CertificateAuthorityConfiguration) SetKeyAlgorithm(v string) *CertificateAuthorityConfiguration { 3362 s.KeyAlgorithm = &v 3363 return s 3364} 3365 3366// SetSigningAlgorithm sets the SigningAlgorithm field's value. 3367func (s *CertificateAuthorityConfiguration) SetSigningAlgorithm(v string) *CertificateAuthorityConfiguration { 3368 s.SigningAlgorithm = &v 3369 return s 3370} 3371 3372// SetSubject sets the Subject field's value. 3373func (s *CertificateAuthorityConfiguration) SetSubject(v *ASN1Subject) *CertificateAuthorityConfiguration { 3374 s.Subject = v 3375 return s 3376} 3377 3378// The certificate authority certificate you are importing does not comply with 3379// conditions specified in the certificate that signed it. 3380type CertificateMismatchException struct { 3381 _ struct{} `type:"structure"` 3382 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3383 3384 Message_ *string `locationName:"message" type:"string"` 3385} 3386 3387// String returns the string representation. 3388// 3389// API parameter values that are decorated as "sensitive" in the API will not 3390// be included in the string output. The member name will be present, but the 3391// value will be replaced with "sensitive". 3392func (s CertificateMismatchException) String() string { 3393 return awsutil.Prettify(s) 3394} 3395 3396// GoString returns the string representation. 3397// 3398// API parameter values that are decorated as "sensitive" in the API will not 3399// be included in the string output. The member name will be present, but the 3400// value will be replaced with "sensitive". 3401func (s CertificateMismatchException) GoString() string { 3402 return s.String() 3403} 3404 3405func newErrorCertificateMismatchException(v protocol.ResponseMetadata) error { 3406 return &CertificateMismatchException{ 3407 RespMetadata: v, 3408 } 3409} 3410 3411// Code returns the exception type name. 3412func (s *CertificateMismatchException) Code() string { 3413 return "CertificateMismatchException" 3414} 3415 3416// Message returns the exception's message. 3417func (s *CertificateMismatchException) Message() string { 3418 if s.Message_ != nil { 3419 return *s.Message_ 3420 } 3421 return "" 3422} 3423 3424// OrigErr always returns nil, satisfies awserr.Error interface. 3425func (s *CertificateMismatchException) OrigErr() error { 3426 return nil 3427} 3428 3429func (s *CertificateMismatchException) Error() string { 3430 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3431} 3432 3433// Status code returns the HTTP status code for the request's response error. 3434func (s *CertificateMismatchException) StatusCode() int { 3435 return s.RespMetadata.StatusCode 3436} 3437 3438// RequestID returns the service's response RequestID for request. 3439func (s *CertificateMismatchException) RequestID() string { 3440 return s.RespMetadata.RequestID 3441} 3442 3443// A previous update to your private CA is still ongoing. 3444type ConcurrentModificationException struct { 3445 _ struct{} `type:"structure"` 3446 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3447 3448 Message_ *string `locationName:"message" type:"string"` 3449} 3450 3451// String returns the string representation. 3452// 3453// API parameter values that are decorated as "sensitive" in the API will not 3454// be included in the string output. The member name will be present, but the 3455// value will be replaced with "sensitive". 3456func (s ConcurrentModificationException) String() string { 3457 return awsutil.Prettify(s) 3458} 3459 3460// GoString returns the string representation. 3461// 3462// API parameter values that are decorated as "sensitive" in the API will not 3463// be included in the string output. The member name will be present, but the 3464// value will be replaced with "sensitive". 3465func (s ConcurrentModificationException) GoString() string { 3466 return s.String() 3467} 3468 3469func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error { 3470 return &ConcurrentModificationException{ 3471 RespMetadata: v, 3472 } 3473} 3474 3475// Code returns the exception type name. 3476func (s *ConcurrentModificationException) Code() string { 3477 return "ConcurrentModificationException" 3478} 3479 3480// Message returns the exception's message. 3481func (s *ConcurrentModificationException) Message() string { 3482 if s.Message_ != nil { 3483 return *s.Message_ 3484 } 3485 return "" 3486} 3487 3488// OrigErr always returns nil, satisfies awserr.Error interface. 3489func (s *ConcurrentModificationException) OrigErr() error { 3490 return nil 3491} 3492 3493func (s *ConcurrentModificationException) Error() string { 3494 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3495} 3496 3497// Status code returns the HTTP status code for the request's response error. 3498func (s *ConcurrentModificationException) StatusCode() int { 3499 return s.RespMetadata.StatusCode 3500} 3501 3502// RequestID returns the service's response RequestID for request. 3503func (s *ConcurrentModificationException) RequestID() string { 3504 return s.RespMetadata.RequestID 3505} 3506 3507type CreateCertificateAuthorityAuditReportInput struct { 3508 _ struct{} `type:"structure"` 3509 3510 // The format in which to create the report. This can be either JSON or CSV. 3511 // 3512 // AuditReportResponseFormat is a required field 3513 AuditReportResponseFormat *string `type:"string" required:"true" enum:"AuditReportResponseFormat"` 3514 3515 // The Amazon Resource Name (ARN) of the CA to be audited. This is of the form: 3516 // 3517 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3518 // 3519 // CertificateAuthorityArn is a required field 3520 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3521 3522 // The name of the S3 bucket that will contain the audit report. 3523 // 3524 // S3BucketName is a required field 3525 S3BucketName *string `min:"3" type:"string" required:"true"` 3526} 3527 3528// String returns the string representation. 3529// 3530// API parameter values that are decorated as "sensitive" in the API will not 3531// be included in the string output. The member name will be present, but the 3532// value will be replaced with "sensitive". 3533func (s CreateCertificateAuthorityAuditReportInput) String() string { 3534 return awsutil.Prettify(s) 3535} 3536 3537// GoString returns the string representation. 3538// 3539// API parameter values that are decorated as "sensitive" in the API will not 3540// be included in the string output. The member name will be present, but the 3541// value will be replaced with "sensitive". 3542func (s CreateCertificateAuthorityAuditReportInput) GoString() string { 3543 return s.String() 3544} 3545 3546// Validate inspects the fields of the type to determine if they are valid. 3547func (s *CreateCertificateAuthorityAuditReportInput) Validate() error { 3548 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityAuditReportInput"} 3549 if s.AuditReportResponseFormat == nil { 3550 invalidParams.Add(request.NewErrParamRequired("AuditReportResponseFormat")) 3551 } 3552 if s.CertificateAuthorityArn == nil { 3553 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3554 } 3555 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3556 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3557 } 3558 if s.S3BucketName == nil { 3559 invalidParams.Add(request.NewErrParamRequired("S3BucketName")) 3560 } 3561 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 3562 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 3563 } 3564 3565 if invalidParams.Len() > 0 { 3566 return invalidParams 3567 } 3568 return nil 3569} 3570 3571// SetAuditReportResponseFormat sets the AuditReportResponseFormat field's value. 3572func (s *CreateCertificateAuthorityAuditReportInput) SetAuditReportResponseFormat(v string) *CreateCertificateAuthorityAuditReportInput { 3573 s.AuditReportResponseFormat = &v 3574 return s 3575} 3576 3577// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3578func (s *CreateCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityAuditReportInput { 3579 s.CertificateAuthorityArn = &v 3580 return s 3581} 3582 3583// SetS3BucketName sets the S3BucketName field's value. 3584func (s *CreateCertificateAuthorityAuditReportInput) SetS3BucketName(v string) *CreateCertificateAuthorityAuditReportInput { 3585 s.S3BucketName = &v 3586 return s 3587} 3588 3589type CreateCertificateAuthorityAuditReportOutput struct { 3590 _ struct{} `type:"structure"` 3591 3592 // An alphanumeric string that contains a report identifier. 3593 AuditReportId *string `min:"36" type:"string"` 3594 3595 // The key that uniquely identifies the report file in your S3 bucket. 3596 S3Key *string `type:"string"` 3597} 3598 3599// String returns the string representation. 3600// 3601// API parameter values that are decorated as "sensitive" in the API will not 3602// be included in the string output. The member name will be present, but the 3603// value will be replaced with "sensitive". 3604func (s CreateCertificateAuthorityAuditReportOutput) String() string { 3605 return awsutil.Prettify(s) 3606} 3607 3608// GoString returns the string representation. 3609// 3610// API parameter values that are decorated as "sensitive" in the API will not 3611// be included in the string output. The member name will be present, but the 3612// value will be replaced with "sensitive". 3613func (s CreateCertificateAuthorityAuditReportOutput) GoString() string { 3614 return s.String() 3615} 3616 3617// SetAuditReportId sets the AuditReportId field's value. 3618func (s *CreateCertificateAuthorityAuditReportOutput) SetAuditReportId(v string) *CreateCertificateAuthorityAuditReportOutput { 3619 s.AuditReportId = &v 3620 return s 3621} 3622 3623// SetS3Key sets the S3Key field's value. 3624func (s *CreateCertificateAuthorityAuditReportOutput) SetS3Key(v string) *CreateCertificateAuthorityAuditReportOutput { 3625 s.S3Key = &v 3626 return s 3627} 3628 3629type CreateCertificateAuthorityInput struct { 3630 _ struct{} `type:"structure"` 3631 3632 // Name and bit size of the private key algorithm, the name of the signing algorithm, 3633 // and X.500 certificate subject information. 3634 // 3635 // CertificateAuthorityConfiguration is a required field 3636 CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `type:"structure" required:"true"` 3637 3638 // The type of the certificate authority. 3639 // 3640 // CertificateAuthorityType is a required field 3641 CertificateAuthorityType *string `type:"string" required:"true" enum:"CertificateAuthorityType"` 3642 3643 // Custom string that can be used to distinguish between calls to the CreateCertificateAuthority 3644 // action. Idempotency tokens for CreateCertificateAuthority time out after 3645 // five minutes. Therefore, if you call CreateCertificateAuthority multiple 3646 // times with the same idempotency token within five minutes, ACM Private CA 3647 // recognizes that you are requesting only certificate authority and will issue 3648 // only one. If you change the idempotency token for each call, PCA recognizes 3649 // that you are requesting multiple certificate authorities. 3650 IdempotencyToken *string `min:"1" type:"string"` 3651 3652 // Specifies a cryptographic key management compliance standard used for handling 3653 // CA keys. 3654 // 3655 // Default: FIPS_140_2_LEVEL_3_OR_HIGHER 3656 // 3657 // Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in Region ap-northeast-3. 3658 // When creating a CA in the ap-northeast-3, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER 3659 // as the argument for KeyStorageSecurityStandard. Failure to do this results 3660 // in an InvalidArgsException with the message, "A certificate authority cannot 3661 // be created in this region with the specified security standard." 3662 KeyStorageSecurityStandard *string `type:"string" enum:"KeyStorageSecurityStandard"` 3663 3664 // Contains information to enable Online Certificate Status Protocol (OCSP) 3665 // support, to enable a certificate revocation list (CRL), to enable both, or 3666 // to enable neither. The default is for both certificate validation mechanisms 3667 // to be disabled. For more information, see the OcspConfiguration (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html) 3668 // and CrlConfiguration (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html) 3669 // types. 3670 RevocationConfiguration *RevocationConfiguration `type:"structure"` 3671 3672 // Key-value pairs that will be attached to the new private CA. You can associate 3673 // up to 50 tags with a private CA. For information using tags with IAM to manage 3674 // permissions, see Controlling Access Using IAM Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html). 3675 Tags []*Tag `min:"1" type:"list"` 3676} 3677 3678// String returns the string representation. 3679// 3680// API parameter values that are decorated as "sensitive" in the API will not 3681// be included in the string output. The member name will be present, but the 3682// value will be replaced with "sensitive". 3683func (s CreateCertificateAuthorityInput) String() string { 3684 return awsutil.Prettify(s) 3685} 3686 3687// GoString returns the string representation. 3688// 3689// API parameter values that are decorated as "sensitive" in the API will not 3690// be included in the string output. The member name will be present, but the 3691// value will be replaced with "sensitive". 3692func (s CreateCertificateAuthorityInput) GoString() string { 3693 return s.String() 3694} 3695 3696// Validate inspects the fields of the type to determine if they are valid. 3697func (s *CreateCertificateAuthorityInput) Validate() error { 3698 invalidParams := request.ErrInvalidParams{Context: "CreateCertificateAuthorityInput"} 3699 if s.CertificateAuthorityConfiguration == nil { 3700 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityConfiguration")) 3701 } 3702 if s.CertificateAuthorityType == nil { 3703 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityType")) 3704 } 3705 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 3706 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 3707 } 3708 if s.Tags != nil && len(s.Tags) < 1 { 3709 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 3710 } 3711 if s.CertificateAuthorityConfiguration != nil { 3712 if err := s.CertificateAuthorityConfiguration.Validate(); err != nil { 3713 invalidParams.AddNested("CertificateAuthorityConfiguration", err.(request.ErrInvalidParams)) 3714 } 3715 } 3716 if s.RevocationConfiguration != nil { 3717 if err := s.RevocationConfiguration.Validate(); err != nil { 3718 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 3719 } 3720 } 3721 if s.Tags != nil { 3722 for i, v := range s.Tags { 3723 if v == nil { 3724 continue 3725 } 3726 if err := v.Validate(); err != nil { 3727 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 3728 } 3729 } 3730 } 3731 3732 if invalidParams.Len() > 0 { 3733 return invalidParams 3734 } 3735 return nil 3736} 3737 3738// SetCertificateAuthorityConfiguration sets the CertificateAuthorityConfiguration field's value. 3739func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityConfiguration(v *CertificateAuthorityConfiguration) *CreateCertificateAuthorityInput { 3740 s.CertificateAuthorityConfiguration = v 3741 return s 3742} 3743 3744// SetCertificateAuthorityType sets the CertificateAuthorityType field's value. 3745func (s *CreateCertificateAuthorityInput) SetCertificateAuthorityType(v string) *CreateCertificateAuthorityInput { 3746 s.CertificateAuthorityType = &v 3747 return s 3748} 3749 3750// SetIdempotencyToken sets the IdempotencyToken field's value. 3751func (s *CreateCertificateAuthorityInput) SetIdempotencyToken(v string) *CreateCertificateAuthorityInput { 3752 s.IdempotencyToken = &v 3753 return s 3754} 3755 3756// SetKeyStorageSecurityStandard sets the KeyStorageSecurityStandard field's value. 3757func (s *CreateCertificateAuthorityInput) SetKeyStorageSecurityStandard(v string) *CreateCertificateAuthorityInput { 3758 s.KeyStorageSecurityStandard = &v 3759 return s 3760} 3761 3762// SetRevocationConfiguration sets the RevocationConfiguration field's value. 3763func (s *CreateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *CreateCertificateAuthorityInput { 3764 s.RevocationConfiguration = v 3765 return s 3766} 3767 3768// SetTags sets the Tags field's value. 3769func (s *CreateCertificateAuthorityInput) SetTags(v []*Tag) *CreateCertificateAuthorityInput { 3770 s.Tags = v 3771 return s 3772} 3773 3774type CreateCertificateAuthorityOutput struct { 3775 _ struct{} `type:"structure"` 3776 3777 // If successful, the Amazon Resource Name (ARN) of the certificate authority 3778 // (CA). This is of the form: 3779 // 3780 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3781 CertificateAuthorityArn *string `min:"5" type:"string"` 3782} 3783 3784// String returns the string representation. 3785// 3786// API parameter values that are decorated as "sensitive" in the API will not 3787// be included in the string output. The member name will be present, but the 3788// value will be replaced with "sensitive". 3789func (s CreateCertificateAuthorityOutput) String() string { 3790 return awsutil.Prettify(s) 3791} 3792 3793// GoString returns the string representation. 3794// 3795// API parameter values that are decorated as "sensitive" in the API will not 3796// be included in the string output. The member name will be present, but the 3797// value will be replaced with "sensitive". 3798func (s CreateCertificateAuthorityOutput) GoString() string { 3799 return s.String() 3800} 3801 3802// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3803func (s *CreateCertificateAuthorityOutput) SetCertificateAuthorityArn(v string) *CreateCertificateAuthorityOutput { 3804 s.CertificateAuthorityArn = &v 3805 return s 3806} 3807 3808type CreatePermissionInput struct { 3809 _ struct{} `type:"structure"` 3810 3811 // The actions that the specified AWS service principal can use. These include 3812 // IssueCertificate, GetCertificate, and ListPermissions. 3813 // 3814 // Actions is a required field 3815 Actions []*string `min:"1" type:"list" required:"true"` 3816 3817 // The Amazon Resource Name (ARN) of the CA that grants the permissions. You 3818 // can find the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 3819 // action. This must have the following form: 3820 // 3821 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 3822 // 3823 // CertificateAuthorityArn is a required field 3824 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 3825 3826 // The AWS service or identity that receives the permission. At this time, the 3827 // only valid principal is acm.amazonaws.com. 3828 // 3829 // Principal is a required field 3830 Principal *string `type:"string" required:"true"` 3831 3832 // The ID of the calling account. 3833 SourceAccount *string `min:"12" type:"string"` 3834} 3835 3836// String returns the string representation. 3837// 3838// API parameter values that are decorated as "sensitive" in the API will not 3839// be included in the string output. The member name will be present, but the 3840// value will be replaced with "sensitive". 3841func (s CreatePermissionInput) String() string { 3842 return awsutil.Prettify(s) 3843} 3844 3845// GoString returns the string representation. 3846// 3847// API parameter values that are decorated as "sensitive" in the API will not 3848// be included in the string output. The member name will be present, but the 3849// value will be replaced with "sensitive". 3850func (s CreatePermissionInput) GoString() string { 3851 return s.String() 3852} 3853 3854// Validate inspects the fields of the type to determine if they are valid. 3855func (s *CreatePermissionInput) Validate() error { 3856 invalidParams := request.ErrInvalidParams{Context: "CreatePermissionInput"} 3857 if s.Actions == nil { 3858 invalidParams.Add(request.NewErrParamRequired("Actions")) 3859 } 3860 if s.Actions != nil && len(s.Actions) < 1 { 3861 invalidParams.Add(request.NewErrParamMinLen("Actions", 1)) 3862 } 3863 if s.CertificateAuthorityArn == nil { 3864 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 3865 } 3866 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 3867 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 3868 } 3869 if s.Principal == nil { 3870 invalidParams.Add(request.NewErrParamRequired("Principal")) 3871 } 3872 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 3873 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 3874 } 3875 3876 if invalidParams.Len() > 0 { 3877 return invalidParams 3878 } 3879 return nil 3880} 3881 3882// SetActions sets the Actions field's value. 3883func (s *CreatePermissionInput) SetActions(v []*string) *CreatePermissionInput { 3884 s.Actions = v 3885 return s 3886} 3887 3888// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 3889func (s *CreatePermissionInput) SetCertificateAuthorityArn(v string) *CreatePermissionInput { 3890 s.CertificateAuthorityArn = &v 3891 return s 3892} 3893 3894// SetPrincipal sets the Principal field's value. 3895func (s *CreatePermissionInput) SetPrincipal(v string) *CreatePermissionInput { 3896 s.Principal = &v 3897 return s 3898} 3899 3900// SetSourceAccount sets the SourceAccount field's value. 3901func (s *CreatePermissionInput) SetSourceAccount(v string) *CreatePermissionInput { 3902 s.SourceAccount = &v 3903 return s 3904} 3905 3906type CreatePermissionOutput struct { 3907 _ struct{} `type:"structure"` 3908} 3909 3910// String returns the string representation. 3911// 3912// API parameter values that are decorated as "sensitive" in the API will not 3913// be included in the string output. The member name will be present, but the 3914// value will be replaced with "sensitive". 3915func (s CreatePermissionOutput) String() string { 3916 return awsutil.Prettify(s) 3917} 3918 3919// GoString returns the string representation. 3920// 3921// API parameter values that are decorated as "sensitive" in the API will not 3922// be included in the string output. The member name will be present, but the 3923// value will be replaced with "sensitive". 3924func (s CreatePermissionOutput) GoString() string { 3925 return s.String() 3926} 3927 3928// Contains configuration information for a certificate revocation list (CRL). 3929// Your private certificate authority (CA) creates base CRLs. Delta CRLs are 3930// not supported. You can enable CRLs for your new or an existing private CA 3931// by setting the Enabled parameter to true. Your private CA writes CRLs to 3932// an S3 bucket that you specify in the S3BucketName parameter. You can hide 3933// the name of your bucket by specifying a value for the CustomCname parameter. 3934// Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution 3935// Points extension of each certificate it issues. Your S3 bucket policy must 3936// give write permission to ACM Private CA. 3937// 3938// ACM Private CA assets that are stored in Amazon S3 can be protected with 3939// encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 3940// 3941// Your private CA uses the value in the ExpirationInDays parameter to calculate 3942// the nextUpdate field in the CRL. The CRL is refreshed at 1/2 the age of next 3943// update or when a certificate is revoked. When a certificate is revoked, it 3944// is recorded in the next CRL that is generated and in the next audit report. 3945// Only time valid certificates are listed in the CRL. Expired certificates 3946// are not included. 3947// 3948// A CRL is typically updated approximately 30 minutes after a certificate is 3949// revoked. If for any reason a CRL update fails, ACM Private CA makes further 3950// attempts every 15 minutes. 3951// 3952// CRLs contain the following fields: 3953// 3954// * Version: The current version number defined in RFC 5280 is V2. The integer 3955// value is 0x1. 3956// 3957// * Signature Algorithm: The name of the algorithm used to sign the CRL. 3958// 3959// * Issuer: The X.500 distinguished name of your private CA that issued 3960// the CRL. 3961// 3962// * Last Update: The issue date and time of this CRL. 3963// 3964// * Next Update: The day and time by which the next CRL will be issued. 3965// 3966// * Revoked Certificates: List of revoked certificates. Each list item contains 3967// the following information. Serial Number: The serial number, in hexadecimal 3968// format, of the revoked certificate. Revocation Date: Date and time the 3969// certificate was revoked. CRL Entry Extensions: Optional extensions for 3970// the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked. 3971// 3972// * CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key 3973// Identifier: Identifies the public key associated with the private key 3974// used to sign the certificate. X509v3 CRL Number:: Decimal sequence number 3975// for the CRL. 3976// 3977// * Signature Algorithm: Algorithm used by your private CA to sign the CRL. 3978// 3979// * Signature Value: Signature computed over the CRL. 3980// 3981// Certificate revocation lists created by ACM Private CA are DER-encoded. You 3982// can use the following OpenSSL command to list a CRL. 3983// 3984// openssl crl -inform DER -text -in crl_path -noout 3985// 3986// For more information, see Planning a certificate revocation list (CRL) (https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html) 3987// in the AWS Certificate Manager Private Certificate Authority (PCA) User Guide 3988type CrlConfiguration struct { 3989 _ struct{} `type:"structure"` 3990 3991 // Name inserted into the certificate CRL Distribution Points extension that 3992 // enables the use of an alias for the CRL distribution point. Use this value 3993 // if you don't want the name of your S3 bucket to be public. 3994 CustomCname *string `type:"string"` 3995 3996 // Boolean value that specifies whether certificate revocation lists (CRLs) 3997 // are enabled. You can use this value to enable certificate revocation for 3998 // a new CA when you call the CreateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 3999 // action or for an existing CA when you call the UpdateCertificateAuthority 4000 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 4001 // action. 4002 // 4003 // Enabled is a required field 4004 Enabled *bool `type:"boolean" required:"true"` 4005 4006 // Validity period of the CRL in days. 4007 ExpirationInDays *int64 `min:"1" type:"integer"` 4008 4009 // Name of the S3 bucket that contains the CRL. If you do not provide a value 4010 // for the CustomCname argument, the name of your S3 bucket is placed into the 4011 // CRL Distribution Points extension of the issued certificate. You can change 4012 // the name of your bucket by calling the UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 4013 // operation. You must specify a bucket policy (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies) 4014 // that allows ACM Private CA to write the CRL to your bucket. 4015 S3BucketName *string `min:"3" type:"string"` 4016 4017 // Determines whether the CRL will be publicly readable or privately held in 4018 // the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible 4019 // over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the 4020 // owner of the CRL S3 bucket can access the CRL, and your PKI clients may need 4021 // an alternative method of access. 4022 // 4023 // If no value is specified, the default is PUBLIC_READ. 4024 // 4025 // Note: This default can cause CA creation to fail in some circumstances. If 4026 // you have have enabled the Block Public Access (BPA) feature in your S3 account, 4027 // then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL, 4028 // and not doing so results in an error. If you have disabled BPA in S3, then 4029 // you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value. 4030 // 4031 // For more information, see Blocking public access to the S3 bucket (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa). 4032 S3ObjectAcl *string `type:"string" enum:"S3ObjectAcl"` 4033} 4034 4035// String returns the string representation. 4036// 4037// API parameter values that are decorated as "sensitive" in the API will not 4038// be included in the string output. The member name will be present, but the 4039// value will be replaced with "sensitive". 4040func (s CrlConfiguration) String() string { 4041 return awsutil.Prettify(s) 4042} 4043 4044// GoString returns the string representation. 4045// 4046// API parameter values that are decorated as "sensitive" in the API will not 4047// be included in the string output. The member name will be present, but the 4048// value will be replaced with "sensitive". 4049func (s CrlConfiguration) GoString() string { 4050 return s.String() 4051} 4052 4053// Validate inspects the fields of the type to determine if they are valid. 4054func (s *CrlConfiguration) Validate() error { 4055 invalidParams := request.ErrInvalidParams{Context: "CrlConfiguration"} 4056 if s.Enabled == nil { 4057 invalidParams.Add(request.NewErrParamRequired("Enabled")) 4058 } 4059 if s.ExpirationInDays != nil && *s.ExpirationInDays < 1 { 4060 invalidParams.Add(request.NewErrParamMinValue("ExpirationInDays", 1)) 4061 } 4062 if s.S3BucketName != nil && len(*s.S3BucketName) < 3 { 4063 invalidParams.Add(request.NewErrParamMinLen("S3BucketName", 3)) 4064 } 4065 4066 if invalidParams.Len() > 0 { 4067 return invalidParams 4068 } 4069 return nil 4070} 4071 4072// SetCustomCname sets the CustomCname field's value. 4073func (s *CrlConfiguration) SetCustomCname(v string) *CrlConfiguration { 4074 s.CustomCname = &v 4075 return s 4076} 4077 4078// SetEnabled sets the Enabled field's value. 4079func (s *CrlConfiguration) SetEnabled(v bool) *CrlConfiguration { 4080 s.Enabled = &v 4081 return s 4082} 4083 4084// SetExpirationInDays sets the ExpirationInDays field's value. 4085func (s *CrlConfiguration) SetExpirationInDays(v int64) *CrlConfiguration { 4086 s.ExpirationInDays = &v 4087 return s 4088} 4089 4090// SetS3BucketName sets the S3BucketName field's value. 4091func (s *CrlConfiguration) SetS3BucketName(v string) *CrlConfiguration { 4092 s.S3BucketName = &v 4093 return s 4094} 4095 4096// SetS3ObjectAcl sets the S3ObjectAcl field's value. 4097func (s *CrlConfiguration) SetS3ObjectAcl(v string) *CrlConfiguration { 4098 s.S3ObjectAcl = &v 4099 return s 4100} 4101 4102// Describes the certificate extensions to be added to the certificate signing 4103// request (CSR). 4104type CsrExtensions struct { 4105 _ struct{} `type:"structure"` 4106 4107 // Indicates the purpose of the certificate and of the key contained in the 4108 // certificate. 4109 KeyUsage *KeyUsage `type:"structure"` 4110 4111 // For CA certificates, provides a path to additional information pertaining 4112 // to the CA, such as revocation and policy. For more information, see Subject 4113 // Information Access (https://tools.ietf.org/html/rfc5280#section-4.2.2.2) 4114 // in RFC 5280. 4115 SubjectInformationAccess []*AccessDescription `type:"list"` 4116} 4117 4118// String returns the string representation. 4119// 4120// API parameter values that are decorated as "sensitive" in the API will not 4121// be included in the string output. The member name will be present, but the 4122// value will be replaced with "sensitive". 4123func (s CsrExtensions) String() string { 4124 return awsutil.Prettify(s) 4125} 4126 4127// GoString returns the string representation. 4128// 4129// API parameter values that are decorated as "sensitive" in the API will not 4130// be included in the string output. The member name will be present, but the 4131// value will be replaced with "sensitive". 4132func (s CsrExtensions) GoString() string { 4133 return s.String() 4134} 4135 4136// Validate inspects the fields of the type to determine if they are valid. 4137func (s *CsrExtensions) Validate() error { 4138 invalidParams := request.ErrInvalidParams{Context: "CsrExtensions"} 4139 if s.SubjectInformationAccess != nil { 4140 for i, v := range s.SubjectInformationAccess { 4141 if v == nil { 4142 continue 4143 } 4144 if err := v.Validate(); err != nil { 4145 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectInformationAccess", i), err.(request.ErrInvalidParams)) 4146 } 4147 } 4148 } 4149 4150 if invalidParams.Len() > 0 { 4151 return invalidParams 4152 } 4153 return nil 4154} 4155 4156// SetKeyUsage sets the KeyUsage field's value. 4157func (s *CsrExtensions) SetKeyUsage(v *KeyUsage) *CsrExtensions { 4158 s.KeyUsage = v 4159 return s 4160} 4161 4162// SetSubjectInformationAccess sets the SubjectInformationAccess field's value. 4163func (s *CsrExtensions) SetSubjectInformationAccess(v []*AccessDescription) *CsrExtensions { 4164 s.SubjectInformationAccess = v 4165 return s 4166} 4167 4168type DeleteCertificateAuthorityInput struct { 4169 _ struct{} `type:"structure"` 4170 4171 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4172 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4173 // This must have the following form: 4174 // 4175 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4176 // 4177 // CertificateAuthorityArn is a required field 4178 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4179 4180 // The number of days to make a CA restorable after it has been deleted. This 4181 // can be anywhere from 7 to 30 days, with 30 being the default. 4182 PermanentDeletionTimeInDays *int64 `min:"7" type:"integer"` 4183} 4184 4185// String returns the string representation. 4186// 4187// API parameter values that are decorated as "sensitive" in the API will not 4188// be included in the string output. The member name will be present, but the 4189// value will be replaced with "sensitive". 4190func (s DeleteCertificateAuthorityInput) String() string { 4191 return awsutil.Prettify(s) 4192} 4193 4194// GoString returns the string representation. 4195// 4196// API parameter values that are decorated as "sensitive" in the API will not 4197// be included in the string output. The member name will be present, but the 4198// value will be replaced with "sensitive". 4199func (s DeleteCertificateAuthorityInput) GoString() string { 4200 return s.String() 4201} 4202 4203// Validate inspects the fields of the type to determine if they are valid. 4204func (s *DeleteCertificateAuthorityInput) Validate() error { 4205 invalidParams := request.ErrInvalidParams{Context: "DeleteCertificateAuthorityInput"} 4206 if s.CertificateAuthorityArn == nil { 4207 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4208 } 4209 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4210 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4211 } 4212 if s.PermanentDeletionTimeInDays != nil && *s.PermanentDeletionTimeInDays < 7 { 4213 invalidParams.Add(request.NewErrParamMinValue("PermanentDeletionTimeInDays", 7)) 4214 } 4215 4216 if invalidParams.Len() > 0 { 4217 return invalidParams 4218 } 4219 return nil 4220} 4221 4222// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4223func (s *DeleteCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DeleteCertificateAuthorityInput { 4224 s.CertificateAuthorityArn = &v 4225 return s 4226} 4227 4228// SetPermanentDeletionTimeInDays sets the PermanentDeletionTimeInDays field's value. 4229func (s *DeleteCertificateAuthorityInput) SetPermanentDeletionTimeInDays(v int64) *DeleteCertificateAuthorityInput { 4230 s.PermanentDeletionTimeInDays = &v 4231 return s 4232} 4233 4234type DeleteCertificateAuthorityOutput struct { 4235 _ struct{} `type:"structure"` 4236} 4237 4238// String returns the string representation. 4239// 4240// API parameter values that are decorated as "sensitive" in the API will not 4241// be included in the string output. The member name will be present, but the 4242// value will be replaced with "sensitive". 4243func (s DeleteCertificateAuthorityOutput) String() string { 4244 return awsutil.Prettify(s) 4245} 4246 4247// GoString returns the string representation. 4248// 4249// API parameter values that are decorated as "sensitive" in the API will not 4250// be included in the string output. The member name will be present, but the 4251// value will be replaced with "sensitive". 4252func (s DeleteCertificateAuthorityOutput) GoString() string { 4253 return s.String() 4254} 4255 4256type DeletePermissionInput struct { 4257 _ struct{} `type:"structure"` 4258 4259 // The Amazon Resource Number (ARN) of the private CA that issued the permissions. 4260 // You can find the CA's ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4261 // action. This must have the following form: 4262 // 4263 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4264 // 4265 // CertificateAuthorityArn is a required field 4266 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4267 4268 // The AWS service or identity that will have its CA permissions revoked. At 4269 // this time, the only valid service principal is acm.amazonaws.com 4270 // 4271 // Principal is a required field 4272 Principal *string `type:"string" required:"true"` 4273 4274 // The AWS account that calls this action. 4275 SourceAccount *string `min:"12" type:"string"` 4276} 4277 4278// String returns the string representation. 4279// 4280// API parameter values that are decorated as "sensitive" in the API will not 4281// be included in the string output. The member name will be present, but the 4282// value will be replaced with "sensitive". 4283func (s DeletePermissionInput) String() string { 4284 return awsutil.Prettify(s) 4285} 4286 4287// GoString returns the string representation. 4288// 4289// API parameter values that are decorated as "sensitive" in the API will not 4290// be included in the string output. The member name will be present, but the 4291// value will be replaced with "sensitive". 4292func (s DeletePermissionInput) GoString() string { 4293 return s.String() 4294} 4295 4296// Validate inspects the fields of the type to determine if they are valid. 4297func (s *DeletePermissionInput) Validate() error { 4298 invalidParams := request.ErrInvalidParams{Context: "DeletePermissionInput"} 4299 if s.CertificateAuthorityArn == nil { 4300 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4301 } 4302 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4303 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4304 } 4305 if s.Principal == nil { 4306 invalidParams.Add(request.NewErrParamRequired("Principal")) 4307 } 4308 if s.SourceAccount != nil && len(*s.SourceAccount) < 12 { 4309 invalidParams.Add(request.NewErrParamMinLen("SourceAccount", 12)) 4310 } 4311 4312 if invalidParams.Len() > 0 { 4313 return invalidParams 4314 } 4315 return nil 4316} 4317 4318// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4319func (s *DeletePermissionInput) SetCertificateAuthorityArn(v string) *DeletePermissionInput { 4320 s.CertificateAuthorityArn = &v 4321 return s 4322} 4323 4324// SetPrincipal sets the Principal field's value. 4325func (s *DeletePermissionInput) SetPrincipal(v string) *DeletePermissionInput { 4326 s.Principal = &v 4327 return s 4328} 4329 4330// SetSourceAccount sets the SourceAccount field's value. 4331func (s *DeletePermissionInput) SetSourceAccount(v string) *DeletePermissionInput { 4332 s.SourceAccount = &v 4333 return s 4334} 4335 4336type DeletePermissionOutput struct { 4337 _ struct{} `type:"structure"` 4338} 4339 4340// String returns the string representation. 4341// 4342// API parameter values that are decorated as "sensitive" in the API will not 4343// be included in the string output. The member name will be present, but the 4344// value will be replaced with "sensitive". 4345func (s DeletePermissionOutput) String() string { 4346 return awsutil.Prettify(s) 4347} 4348 4349// GoString returns the string representation. 4350// 4351// API parameter values that are decorated as "sensitive" in the API will not 4352// be included in the string output. The member name will be present, but the 4353// value will be replaced with "sensitive". 4354func (s DeletePermissionOutput) GoString() string { 4355 return s.String() 4356} 4357 4358type DeletePolicyInput struct { 4359 _ struct{} `type:"structure"` 4360 4361 // The Amazon Resource Number (ARN) of the private CA that will have its policy 4362 // deleted. You can find the CA's ARN by calling the ListCertificateAuthorities 4363 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 4364 // action. The ARN value must have the form arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab. 4365 // 4366 // ResourceArn is a required field 4367 ResourceArn *string `min:"5" type:"string" required:"true"` 4368} 4369 4370// String returns the string representation. 4371// 4372// API parameter values that are decorated as "sensitive" in the API will not 4373// be included in the string output. The member name will be present, but the 4374// value will be replaced with "sensitive". 4375func (s DeletePolicyInput) String() string { 4376 return awsutil.Prettify(s) 4377} 4378 4379// GoString returns the string representation. 4380// 4381// API parameter values that are decorated as "sensitive" in the API will not 4382// be included in the string output. The member name will be present, but the 4383// value will be replaced with "sensitive". 4384func (s DeletePolicyInput) GoString() string { 4385 return s.String() 4386} 4387 4388// Validate inspects the fields of the type to determine if they are valid. 4389func (s *DeletePolicyInput) Validate() error { 4390 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 4391 if s.ResourceArn == nil { 4392 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 4393 } 4394 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 4395 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 4396 } 4397 4398 if invalidParams.Len() > 0 { 4399 return invalidParams 4400 } 4401 return nil 4402} 4403 4404// SetResourceArn sets the ResourceArn field's value. 4405func (s *DeletePolicyInput) SetResourceArn(v string) *DeletePolicyInput { 4406 s.ResourceArn = &v 4407 return s 4408} 4409 4410type DeletePolicyOutput struct { 4411 _ struct{} `type:"structure"` 4412} 4413 4414// String returns the string representation. 4415// 4416// API parameter values that are decorated as "sensitive" in the API will not 4417// be included in the string output. The member name will be present, but the 4418// value will be replaced with "sensitive". 4419func (s DeletePolicyOutput) String() string { 4420 return awsutil.Prettify(s) 4421} 4422 4423// GoString returns the string representation. 4424// 4425// API parameter values that are decorated as "sensitive" in the API will not 4426// be included in the string output. The member name will be present, but the 4427// value will be replaced with "sensitive". 4428func (s DeletePolicyOutput) GoString() string { 4429 return s.String() 4430} 4431 4432type DescribeCertificateAuthorityAuditReportInput struct { 4433 _ struct{} `type:"structure"` 4434 4435 // The report ID returned by calling the CreateCertificateAuthorityAuditReport 4436 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html) 4437 // action. 4438 // 4439 // AuditReportId is a required field 4440 AuditReportId *string `min:"36" type:"string" required:"true"` 4441 4442 // The Amazon Resource Name (ARN) of the private CA. This must be of the form: 4443 // 4444 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4445 // 4446 // CertificateAuthorityArn is a required field 4447 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4448} 4449 4450// String returns the string representation. 4451// 4452// API parameter values that are decorated as "sensitive" in the API will not 4453// be included in the string output. The member name will be present, but the 4454// value will be replaced with "sensitive". 4455func (s DescribeCertificateAuthorityAuditReportInput) String() string { 4456 return awsutil.Prettify(s) 4457} 4458 4459// GoString returns the string representation. 4460// 4461// API parameter values that are decorated as "sensitive" in the API will not 4462// be included in the string output. The member name will be present, but the 4463// value will be replaced with "sensitive". 4464func (s DescribeCertificateAuthorityAuditReportInput) GoString() string { 4465 return s.String() 4466} 4467 4468// Validate inspects the fields of the type to determine if they are valid. 4469func (s *DescribeCertificateAuthorityAuditReportInput) Validate() error { 4470 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityAuditReportInput"} 4471 if s.AuditReportId == nil { 4472 invalidParams.Add(request.NewErrParamRequired("AuditReportId")) 4473 } 4474 if s.AuditReportId != nil && len(*s.AuditReportId) < 36 { 4475 invalidParams.Add(request.NewErrParamMinLen("AuditReportId", 36)) 4476 } 4477 if s.CertificateAuthorityArn == nil { 4478 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4479 } 4480 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4481 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4482 } 4483 4484 if invalidParams.Len() > 0 { 4485 return invalidParams 4486 } 4487 return nil 4488} 4489 4490// SetAuditReportId sets the AuditReportId field's value. 4491func (s *DescribeCertificateAuthorityAuditReportInput) SetAuditReportId(v string) *DescribeCertificateAuthorityAuditReportInput { 4492 s.AuditReportId = &v 4493 return s 4494} 4495 4496// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4497func (s *DescribeCertificateAuthorityAuditReportInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityAuditReportInput { 4498 s.CertificateAuthorityArn = &v 4499 return s 4500} 4501 4502type DescribeCertificateAuthorityAuditReportOutput struct { 4503 _ struct{} `type:"structure"` 4504 4505 // Specifies whether report creation is in progress, has succeeded, or has failed. 4506 AuditReportStatus *string `type:"string" enum:"AuditReportStatus"` 4507 4508 // The date and time at which the report was created. 4509 CreatedAt *time.Time `type:"timestamp"` 4510 4511 // Name of the S3 bucket that contains the report. 4512 S3BucketName *string `min:"3" type:"string"` 4513 4514 // S3 key that uniquely identifies the report file in your S3 bucket. 4515 S3Key *string `type:"string"` 4516} 4517 4518// String returns the string representation. 4519// 4520// API parameter values that are decorated as "sensitive" in the API will not 4521// be included in the string output. The member name will be present, but the 4522// value will be replaced with "sensitive". 4523func (s DescribeCertificateAuthorityAuditReportOutput) String() string { 4524 return awsutil.Prettify(s) 4525} 4526 4527// GoString returns the string representation. 4528// 4529// API parameter values that are decorated as "sensitive" in the API will not 4530// be included in the string output. The member name will be present, but the 4531// value will be replaced with "sensitive". 4532func (s DescribeCertificateAuthorityAuditReportOutput) GoString() string { 4533 return s.String() 4534} 4535 4536// SetAuditReportStatus sets the AuditReportStatus field's value. 4537func (s *DescribeCertificateAuthorityAuditReportOutput) SetAuditReportStatus(v string) *DescribeCertificateAuthorityAuditReportOutput { 4538 s.AuditReportStatus = &v 4539 return s 4540} 4541 4542// SetCreatedAt sets the CreatedAt field's value. 4543func (s *DescribeCertificateAuthorityAuditReportOutput) SetCreatedAt(v time.Time) *DescribeCertificateAuthorityAuditReportOutput { 4544 s.CreatedAt = &v 4545 return s 4546} 4547 4548// SetS3BucketName sets the S3BucketName field's value. 4549func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3BucketName(v string) *DescribeCertificateAuthorityAuditReportOutput { 4550 s.S3BucketName = &v 4551 return s 4552} 4553 4554// SetS3Key sets the S3Key field's value. 4555func (s *DescribeCertificateAuthorityAuditReportOutput) SetS3Key(v string) *DescribeCertificateAuthorityAuditReportOutput { 4556 s.S3Key = &v 4557 return s 4558} 4559 4560type DescribeCertificateAuthorityInput struct { 4561 _ struct{} `type:"structure"` 4562 4563 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 4564 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 4565 // This must be of the form: 4566 // 4567 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4568 // 4569 // CertificateAuthorityArn is a required field 4570 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4571} 4572 4573// String returns the string representation. 4574// 4575// API parameter values that are decorated as "sensitive" in the API will not 4576// be included in the string output. The member name will be present, but the 4577// value will be replaced with "sensitive". 4578func (s DescribeCertificateAuthorityInput) String() string { 4579 return awsutil.Prettify(s) 4580} 4581 4582// GoString returns the string representation. 4583// 4584// API parameter values that are decorated as "sensitive" in the API will not 4585// be included in the string output. The member name will be present, but the 4586// value will be replaced with "sensitive". 4587func (s DescribeCertificateAuthorityInput) GoString() string { 4588 return s.String() 4589} 4590 4591// Validate inspects the fields of the type to determine if they are valid. 4592func (s *DescribeCertificateAuthorityInput) Validate() error { 4593 invalidParams := request.ErrInvalidParams{Context: "DescribeCertificateAuthorityInput"} 4594 if s.CertificateAuthorityArn == nil { 4595 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 4596 } 4597 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 4598 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 4599 } 4600 4601 if invalidParams.Len() > 0 { 4602 return invalidParams 4603 } 4604 return nil 4605} 4606 4607// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 4608func (s *DescribeCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *DescribeCertificateAuthorityInput { 4609 s.CertificateAuthorityArn = &v 4610 return s 4611} 4612 4613type DescribeCertificateAuthorityOutput struct { 4614 _ struct{} `type:"structure"` 4615 4616 // A CertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html) 4617 // structure that contains information about your private CA. 4618 CertificateAuthority *CertificateAuthority `type:"structure"` 4619} 4620 4621// String returns the string representation. 4622// 4623// API parameter values that are decorated as "sensitive" in the API will not 4624// be included in the string output. The member name will be present, but the 4625// value will be replaced with "sensitive". 4626func (s DescribeCertificateAuthorityOutput) String() string { 4627 return awsutil.Prettify(s) 4628} 4629 4630// GoString returns the string representation. 4631// 4632// API parameter values that are decorated as "sensitive" in the API will not 4633// be included in the string output. The member name will be present, but the 4634// value will be replaced with "sensitive". 4635func (s DescribeCertificateAuthorityOutput) GoString() string { 4636 return s.String() 4637} 4638 4639// SetCertificateAuthority sets the CertificateAuthority field's value. 4640func (s *DescribeCertificateAuthorityOutput) SetCertificateAuthority(v *CertificateAuthority) *DescribeCertificateAuthorityOutput { 4641 s.CertificateAuthority = v 4642 return s 4643} 4644 4645// Describes an Electronic Data Interchange (EDI) entity as described in as 4646// defined in Subject Alternative Name (https://tools.ietf.org/html/rfc5280) 4647// in RFC 5280. 4648type EdiPartyName struct { 4649 _ struct{} `type:"structure"` 4650 4651 // Specifies the name assigner. 4652 NameAssigner *string `type:"string"` 4653 4654 // Specifies the party name. 4655 // 4656 // PartyName is a required field 4657 PartyName *string `type:"string" required:"true"` 4658} 4659 4660// String returns the string representation. 4661// 4662// API parameter values that are decorated as "sensitive" in the API will not 4663// be included in the string output. The member name will be present, but the 4664// value will be replaced with "sensitive". 4665func (s EdiPartyName) String() string { 4666 return awsutil.Prettify(s) 4667} 4668 4669// GoString returns the string representation. 4670// 4671// API parameter values that are decorated as "sensitive" in the API will not 4672// be included in the string output. The member name will be present, but the 4673// value will be replaced with "sensitive". 4674func (s EdiPartyName) GoString() string { 4675 return s.String() 4676} 4677 4678// Validate inspects the fields of the type to determine if they are valid. 4679func (s *EdiPartyName) Validate() error { 4680 invalidParams := request.ErrInvalidParams{Context: "EdiPartyName"} 4681 if s.PartyName == nil { 4682 invalidParams.Add(request.NewErrParamRequired("PartyName")) 4683 } 4684 4685 if invalidParams.Len() > 0 { 4686 return invalidParams 4687 } 4688 return nil 4689} 4690 4691// SetNameAssigner sets the NameAssigner field's value. 4692func (s *EdiPartyName) SetNameAssigner(v string) *EdiPartyName { 4693 s.NameAssigner = &v 4694 return s 4695} 4696 4697// SetPartyName sets the PartyName field's value. 4698func (s *EdiPartyName) SetPartyName(v string) *EdiPartyName { 4699 s.PartyName = &v 4700 return s 4701} 4702 4703// Specifies additional purposes for which the certified public key may be used 4704// other than basic purposes indicated in the KeyUsage extension. 4705type ExtendedKeyUsage struct { 4706 _ struct{} `type:"structure"` 4707 4708 // Specifies a custom ExtendedKeyUsage with an object identifier (OID). 4709 ExtendedKeyUsageObjectIdentifier *string `type:"string"` 4710 4711 // Specifies a standard ExtendedKeyUsage as defined as in RFC 5280 (https://tools.ietf.org/html/rfc5280#section-4.2.1.12). 4712 ExtendedKeyUsageType *string `type:"string" enum:"ExtendedKeyUsageType"` 4713} 4714 4715// String returns the string representation. 4716// 4717// API parameter values that are decorated as "sensitive" in the API will not 4718// be included in the string output. The member name will be present, but the 4719// value will be replaced with "sensitive". 4720func (s ExtendedKeyUsage) String() string { 4721 return awsutil.Prettify(s) 4722} 4723 4724// GoString returns the string representation. 4725// 4726// API parameter values that are decorated as "sensitive" in the API will not 4727// be included in the string output. The member name will be present, but the 4728// value will be replaced with "sensitive". 4729func (s ExtendedKeyUsage) GoString() string { 4730 return s.String() 4731} 4732 4733// SetExtendedKeyUsageObjectIdentifier sets the ExtendedKeyUsageObjectIdentifier field's value. 4734func (s *ExtendedKeyUsage) SetExtendedKeyUsageObjectIdentifier(v string) *ExtendedKeyUsage { 4735 s.ExtendedKeyUsageObjectIdentifier = &v 4736 return s 4737} 4738 4739// SetExtendedKeyUsageType sets the ExtendedKeyUsageType field's value. 4740func (s *ExtendedKeyUsage) SetExtendedKeyUsageType(v string) *ExtendedKeyUsage { 4741 s.ExtendedKeyUsageType = &v 4742 return s 4743} 4744 4745// Contains X.509 extension information for a certificate. 4746type Extensions struct { 4747 _ struct{} `type:"structure"` 4748 4749 // Contains a sequence of one or more policy information terms, each of which 4750 // consists of an object identifier (OID) and optional qualifiers. For more 4751 // information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 4752 // 4753 // In an end-entity certificate, these terms indicate the policy under which 4754 // the certificate was issued and the purposes for which it may be used. In 4755 // a CA certificate, these terms limit the set of policies for certification 4756 // paths that include this certificate. 4757 CertificatePolicies []*PolicyInformation `min:"1" type:"list"` 4758 4759 // Specifies additional purposes for which the certified public key may be used 4760 // other than basic purposes indicated in the KeyUsage extension. 4761 ExtendedKeyUsage []*ExtendedKeyUsage `min:"1" type:"list"` 4762 4763 // Defines one or more purposes for which the key contained in the certificate 4764 // can be used. Default value for each option is false. 4765 KeyUsage *KeyUsage `type:"structure"` 4766 4767 // The subject alternative name extension allows identities to be bound to the 4768 // subject of the certificate. These identities may be included in addition 4769 // to or in place of the identity in the subject field of the certificate. 4770 SubjectAlternativeNames []*GeneralName `min:"1" type:"list"` 4771} 4772 4773// String returns the string representation. 4774// 4775// API parameter values that are decorated as "sensitive" in the API will not 4776// be included in the string output. The member name will be present, but the 4777// value will be replaced with "sensitive". 4778func (s Extensions) String() string { 4779 return awsutil.Prettify(s) 4780} 4781 4782// GoString returns the string representation. 4783// 4784// API parameter values that are decorated as "sensitive" in the API will not 4785// be included in the string output. The member name will be present, but the 4786// value will be replaced with "sensitive". 4787func (s Extensions) GoString() string { 4788 return s.String() 4789} 4790 4791// Validate inspects the fields of the type to determine if they are valid. 4792func (s *Extensions) Validate() error { 4793 invalidParams := request.ErrInvalidParams{Context: "Extensions"} 4794 if s.CertificatePolicies != nil && len(s.CertificatePolicies) < 1 { 4795 invalidParams.Add(request.NewErrParamMinLen("CertificatePolicies", 1)) 4796 } 4797 if s.ExtendedKeyUsage != nil && len(s.ExtendedKeyUsage) < 1 { 4798 invalidParams.Add(request.NewErrParamMinLen("ExtendedKeyUsage", 1)) 4799 } 4800 if s.SubjectAlternativeNames != nil && len(s.SubjectAlternativeNames) < 1 { 4801 invalidParams.Add(request.NewErrParamMinLen("SubjectAlternativeNames", 1)) 4802 } 4803 if s.CertificatePolicies != nil { 4804 for i, v := range s.CertificatePolicies { 4805 if v == nil { 4806 continue 4807 } 4808 if err := v.Validate(); err != nil { 4809 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CertificatePolicies", i), err.(request.ErrInvalidParams)) 4810 } 4811 } 4812 } 4813 if s.SubjectAlternativeNames != nil { 4814 for i, v := range s.SubjectAlternativeNames { 4815 if v == nil { 4816 continue 4817 } 4818 if err := v.Validate(); err != nil { 4819 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubjectAlternativeNames", i), err.(request.ErrInvalidParams)) 4820 } 4821 } 4822 } 4823 4824 if invalidParams.Len() > 0 { 4825 return invalidParams 4826 } 4827 return nil 4828} 4829 4830// SetCertificatePolicies sets the CertificatePolicies field's value. 4831func (s *Extensions) SetCertificatePolicies(v []*PolicyInformation) *Extensions { 4832 s.CertificatePolicies = v 4833 return s 4834} 4835 4836// SetExtendedKeyUsage sets the ExtendedKeyUsage field's value. 4837func (s *Extensions) SetExtendedKeyUsage(v []*ExtendedKeyUsage) *Extensions { 4838 s.ExtendedKeyUsage = v 4839 return s 4840} 4841 4842// SetKeyUsage sets the KeyUsage field's value. 4843func (s *Extensions) SetKeyUsage(v *KeyUsage) *Extensions { 4844 s.KeyUsage = v 4845 return s 4846} 4847 4848// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. 4849func (s *Extensions) SetSubjectAlternativeNames(v []*GeneralName) *Extensions { 4850 s.SubjectAlternativeNames = v 4851 return s 4852} 4853 4854// Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). 4855// Only one of the following naming options should be provided. Providing more 4856// than one option results in an InvalidArgsException error. 4857type GeneralName struct { 4858 _ struct{} `type:"structure"` 4859 4860 // Contains information about the certificate subject. The Subject field in 4861 // the certificate identifies the entity that owns or controls the public key 4862 // in the certificate. The entity can be a user, computer, device, or service. 4863 // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence 4864 // of relative distinguished names (RDNs). The RDNs are separated by commas 4865 // in the certificate. 4866 DirectoryName *ASN1Subject `type:"structure"` 4867 4868 // Represents GeneralName as a DNS name. 4869 DnsName *string `type:"string"` 4870 4871 // Represents GeneralName as an EdiPartyName object. 4872 EdiPartyName *EdiPartyName `type:"structure"` 4873 4874 // Represents GeneralName as an IPv4 or IPv6 address. 4875 IpAddress *string `type:"string"` 4876 4877 // Represents GeneralName using an OtherName object. 4878 OtherName *OtherName `type:"structure"` 4879 4880 // Represents GeneralName as an object identifier (OID). 4881 RegisteredId *string `type:"string"` 4882 4883 // Represents GeneralName as an RFC 822 (https://tools.ietf.org/html/rfc822) 4884 // email address. 4885 Rfc822Name *string `type:"string"` 4886 4887 // Represents GeneralName as a URI. 4888 UniformResourceIdentifier *string `type:"string"` 4889} 4890 4891// String returns the string representation. 4892// 4893// API parameter values that are decorated as "sensitive" in the API will not 4894// be included in the string output. The member name will be present, but the 4895// value will be replaced with "sensitive". 4896func (s GeneralName) String() string { 4897 return awsutil.Prettify(s) 4898} 4899 4900// GoString returns the string representation. 4901// 4902// API parameter values that are decorated as "sensitive" in the API will not 4903// be included in the string output. The member name will be present, but the 4904// value will be replaced with "sensitive". 4905func (s GeneralName) GoString() string { 4906 return s.String() 4907} 4908 4909// Validate inspects the fields of the type to determine if they are valid. 4910func (s *GeneralName) Validate() error { 4911 invalidParams := request.ErrInvalidParams{Context: "GeneralName"} 4912 if s.DirectoryName != nil { 4913 if err := s.DirectoryName.Validate(); err != nil { 4914 invalidParams.AddNested("DirectoryName", err.(request.ErrInvalidParams)) 4915 } 4916 } 4917 if s.EdiPartyName != nil { 4918 if err := s.EdiPartyName.Validate(); err != nil { 4919 invalidParams.AddNested("EdiPartyName", err.(request.ErrInvalidParams)) 4920 } 4921 } 4922 if s.OtherName != nil { 4923 if err := s.OtherName.Validate(); err != nil { 4924 invalidParams.AddNested("OtherName", err.(request.ErrInvalidParams)) 4925 } 4926 } 4927 4928 if invalidParams.Len() > 0 { 4929 return invalidParams 4930 } 4931 return nil 4932} 4933 4934// SetDirectoryName sets the DirectoryName field's value. 4935func (s *GeneralName) SetDirectoryName(v *ASN1Subject) *GeneralName { 4936 s.DirectoryName = v 4937 return s 4938} 4939 4940// SetDnsName sets the DnsName field's value. 4941func (s *GeneralName) SetDnsName(v string) *GeneralName { 4942 s.DnsName = &v 4943 return s 4944} 4945 4946// SetEdiPartyName sets the EdiPartyName field's value. 4947func (s *GeneralName) SetEdiPartyName(v *EdiPartyName) *GeneralName { 4948 s.EdiPartyName = v 4949 return s 4950} 4951 4952// SetIpAddress sets the IpAddress field's value. 4953func (s *GeneralName) SetIpAddress(v string) *GeneralName { 4954 s.IpAddress = &v 4955 return s 4956} 4957 4958// SetOtherName sets the OtherName field's value. 4959func (s *GeneralName) SetOtherName(v *OtherName) *GeneralName { 4960 s.OtherName = v 4961 return s 4962} 4963 4964// SetRegisteredId sets the RegisteredId field's value. 4965func (s *GeneralName) SetRegisteredId(v string) *GeneralName { 4966 s.RegisteredId = &v 4967 return s 4968} 4969 4970// SetRfc822Name sets the Rfc822Name field's value. 4971func (s *GeneralName) SetRfc822Name(v string) *GeneralName { 4972 s.Rfc822Name = &v 4973 return s 4974} 4975 4976// SetUniformResourceIdentifier sets the UniformResourceIdentifier field's value. 4977func (s *GeneralName) SetUniformResourceIdentifier(v string) *GeneralName { 4978 s.UniformResourceIdentifier = &v 4979 return s 4980} 4981 4982type GetCertificateAuthorityCertificateInput struct { 4983 _ struct{} `type:"structure"` 4984 4985 // The Amazon Resource Name (ARN) of your private CA. This is of the form: 4986 // 4987 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 4988 // 4989 // CertificateAuthorityArn is a required field 4990 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 4991} 4992 4993// String returns the string representation. 4994// 4995// API parameter values that are decorated as "sensitive" in the API will not 4996// be included in the string output. The member name will be present, but the 4997// value will be replaced with "sensitive". 4998func (s GetCertificateAuthorityCertificateInput) String() string { 4999 return awsutil.Prettify(s) 5000} 5001 5002// GoString returns the string representation. 5003// 5004// API parameter values that are decorated as "sensitive" in the API will not 5005// be included in the string output. The member name will be present, but the 5006// value will be replaced with "sensitive". 5007func (s GetCertificateAuthorityCertificateInput) GoString() string { 5008 return s.String() 5009} 5010 5011// Validate inspects the fields of the type to determine if they are valid. 5012func (s *GetCertificateAuthorityCertificateInput) Validate() error { 5013 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCertificateInput"} 5014 if s.CertificateAuthorityArn == nil { 5015 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5016 } 5017 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5018 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5019 } 5020 5021 if invalidParams.Len() > 0 { 5022 return invalidParams 5023 } 5024 return nil 5025} 5026 5027// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5028func (s *GetCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCertificateInput { 5029 s.CertificateAuthorityArn = &v 5030 return s 5031} 5032 5033type GetCertificateAuthorityCertificateOutput struct { 5034 _ struct{} `type:"structure"` 5035 5036 // Base64-encoded certificate authority (CA) certificate. 5037 Certificate *string `type:"string"` 5038 5039 // Base64-encoded certificate chain that includes any intermediate certificates 5040 // and chains up to root certificate that you used to sign your private CA certificate. 5041 // The chain does not include your private CA certificate. If this is a root 5042 // CA, the value will be null. 5043 CertificateChain *string `type:"string"` 5044} 5045 5046// String returns the string representation. 5047// 5048// API parameter values that are decorated as "sensitive" in the API will not 5049// be included in the string output. The member name will be present, but the 5050// value will be replaced with "sensitive". 5051func (s GetCertificateAuthorityCertificateOutput) String() string { 5052 return awsutil.Prettify(s) 5053} 5054 5055// GoString returns the string representation. 5056// 5057// API parameter values that are decorated as "sensitive" in the API will not 5058// be included in the string output. The member name will be present, but the 5059// value will be replaced with "sensitive". 5060func (s GetCertificateAuthorityCertificateOutput) GoString() string { 5061 return s.String() 5062} 5063 5064// SetCertificate sets the Certificate field's value. 5065func (s *GetCertificateAuthorityCertificateOutput) SetCertificate(v string) *GetCertificateAuthorityCertificateOutput { 5066 s.Certificate = &v 5067 return s 5068} 5069 5070// SetCertificateChain sets the CertificateChain field's value. 5071func (s *GetCertificateAuthorityCertificateOutput) SetCertificateChain(v string) *GetCertificateAuthorityCertificateOutput { 5072 s.CertificateChain = &v 5073 return s 5074} 5075 5076type GetCertificateAuthorityCsrInput struct { 5077 _ struct{} `type:"structure"` 5078 5079 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 5080 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 5081 // action. This must be of the form: 5082 // 5083 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5084 // 5085 // CertificateAuthorityArn is a required field 5086 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5087} 5088 5089// String returns the string representation. 5090// 5091// API parameter values that are decorated as "sensitive" in the API will not 5092// be included in the string output. The member name will be present, but the 5093// value will be replaced with "sensitive". 5094func (s GetCertificateAuthorityCsrInput) String() string { 5095 return awsutil.Prettify(s) 5096} 5097 5098// GoString returns the string representation. 5099// 5100// API parameter values that are decorated as "sensitive" in the API will not 5101// be included in the string output. The member name will be present, but the 5102// value will be replaced with "sensitive". 5103func (s GetCertificateAuthorityCsrInput) GoString() string { 5104 return s.String() 5105} 5106 5107// Validate inspects the fields of the type to determine if they are valid. 5108func (s *GetCertificateAuthorityCsrInput) Validate() error { 5109 invalidParams := request.ErrInvalidParams{Context: "GetCertificateAuthorityCsrInput"} 5110 if s.CertificateAuthorityArn == nil { 5111 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5112 } 5113 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5114 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5115 } 5116 5117 if invalidParams.Len() > 0 { 5118 return invalidParams 5119 } 5120 return nil 5121} 5122 5123// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5124func (s *GetCertificateAuthorityCsrInput) SetCertificateAuthorityArn(v string) *GetCertificateAuthorityCsrInput { 5125 s.CertificateAuthorityArn = &v 5126 return s 5127} 5128 5129type GetCertificateAuthorityCsrOutput struct { 5130 _ struct{} `type:"structure"` 5131 5132 // The base64 PEM-encoded certificate signing request (CSR) for your private 5133 // CA certificate. 5134 Csr *string `type:"string"` 5135} 5136 5137// String returns the string representation. 5138// 5139// API parameter values that are decorated as "sensitive" in the API will not 5140// be included in the string output. The member name will be present, but the 5141// value will be replaced with "sensitive". 5142func (s GetCertificateAuthorityCsrOutput) String() string { 5143 return awsutil.Prettify(s) 5144} 5145 5146// GoString returns the string representation. 5147// 5148// API parameter values that are decorated as "sensitive" in the API will not 5149// be included in the string output. The member name will be present, but the 5150// value will be replaced with "sensitive". 5151func (s GetCertificateAuthorityCsrOutput) GoString() string { 5152 return s.String() 5153} 5154 5155// SetCsr sets the Csr field's value. 5156func (s *GetCertificateAuthorityCsrOutput) SetCsr(v string) *GetCertificateAuthorityCsrOutput { 5157 s.Csr = &v 5158 return s 5159} 5160 5161type GetCertificateInput struct { 5162 _ struct{} `type:"structure"` 5163 5164 // The ARN of the issued certificate. The ARN contains the certificate serial 5165 // number and must be in the following form: 5166 // 5167 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 5168 // 5169 // CertificateArn is a required field 5170 CertificateArn *string `min:"5" type:"string" required:"true"` 5171 5172 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5173 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5174 // This must be of the form: 5175 // 5176 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 . 5177 // 5178 // CertificateAuthorityArn is a required field 5179 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5180} 5181 5182// String returns the string representation. 5183// 5184// API parameter values that are decorated as "sensitive" in the API will not 5185// be included in the string output. The member name will be present, but the 5186// value will be replaced with "sensitive". 5187func (s GetCertificateInput) String() string { 5188 return awsutil.Prettify(s) 5189} 5190 5191// GoString returns the string representation. 5192// 5193// API parameter values that are decorated as "sensitive" in the API will not 5194// be included in the string output. The member name will be present, but the 5195// value will be replaced with "sensitive". 5196func (s GetCertificateInput) GoString() string { 5197 return s.String() 5198} 5199 5200// Validate inspects the fields of the type to determine if they are valid. 5201func (s *GetCertificateInput) Validate() error { 5202 invalidParams := request.ErrInvalidParams{Context: "GetCertificateInput"} 5203 if s.CertificateArn == nil { 5204 invalidParams.Add(request.NewErrParamRequired("CertificateArn")) 5205 } 5206 if s.CertificateArn != nil && len(*s.CertificateArn) < 5 { 5207 invalidParams.Add(request.NewErrParamMinLen("CertificateArn", 5)) 5208 } 5209 if s.CertificateAuthorityArn == nil { 5210 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5211 } 5212 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5213 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5214 } 5215 5216 if invalidParams.Len() > 0 { 5217 return invalidParams 5218 } 5219 return nil 5220} 5221 5222// SetCertificateArn sets the CertificateArn field's value. 5223func (s *GetCertificateInput) SetCertificateArn(v string) *GetCertificateInput { 5224 s.CertificateArn = &v 5225 return s 5226} 5227 5228// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5229func (s *GetCertificateInput) SetCertificateAuthorityArn(v string) *GetCertificateInput { 5230 s.CertificateAuthorityArn = &v 5231 return s 5232} 5233 5234type GetCertificateOutput struct { 5235 _ struct{} `type:"structure"` 5236 5237 // The base64 PEM-encoded certificate specified by the CertificateArn parameter. 5238 Certificate *string `type:"string"` 5239 5240 // The base64 PEM-encoded certificate chain that chains up to the root CA certificate 5241 // that you used to sign your private CA certificate. 5242 CertificateChain *string `type:"string"` 5243} 5244 5245// String returns the string representation. 5246// 5247// API parameter values that are decorated as "sensitive" in the API will not 5248// be included in the string output. The member name will be present, but the 5249// value will be replaced with "sensitive". 5250func (s GetCertificateOutput) String() string { 5251 return awsutil.Prettify(s) 5252} 5253 5254// GoString returns the string representation. 5255// 5256// API parameter values that are decorated as "sensitive" in the API will not 5257// be included in the string output. The member name will be present, but the 5258// value will be replaced with "sensitive". 5259func (s GetCertificateOutput) GoString() string { 5260 return s.String() 5261} 5262 5263// SetCertificate sets the Certificate field's value. 5264func (s *GetCertificateOutput) SetCertificate(v string) *GetCertificateOutput { 5265 s.Certificate = &v 5266 return s 5267} 5268 5269// SetCertificateChain sets the CertificateChain field's value. 5270func (s *GetCertificateOutput) SetCertificateChain(v string) *GetCertificateOutput { 5271 s.CertificateChain = &v 5272 return s 5273} 5274 5275type GetPolicyInput struct { 5276 _ struct{} `type:"structure"` 5277 5278 // The Amazon Resource Number (ARN) of the private CA that will have its policy 5279 // retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities 5280 // action. 5281 // 5282 // ResourceArn is a required field 5283 ResourceArn *string `min:"5" type:"string" required:"true"` 5284} 5285 5286// String returns the string representation. 5287// 5288// API parameter values that are decorated as "sensitive" in the API will not 5289// be included in the string output. The member name will be present, but the 5290// value will be replaced with "sensitive". 5291func (s GetPolicyInput) String() string { 5292 return awsutil.Prettify(s) 5293} 5294 5295// GoString returns the string representation. 5296// 5297// API parameter values that are decorated as "sensitive" in the API will not 5298// be included in the string output. The member name will be present, but the 5299// value will be replaced with "sensitive". 5300func (s GetPolicyInput) GoString() string { 5301 return s.String() 5302} 5303 5304// Validate inspects the fields of the type to determine if they are valid. 5305func (s *GetPolicyInput) Validate() error { 5306 invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"} 5307 if s.ResourceArn == nil { 5308 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 5309 } 5310 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 5311 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 5312 } 5313 5314 if invalidParams.Len() > 0 { 5315 return invalidParams 5316 } 5317 return nil 5318} 5319 5320// SetResourceArn sets the ResourceArn field's value. 5321func (s *GetPolicyInput) SetResourceArn(v string) *GetPolicyInput { 5322 s.ResourceArn = &v 5323 return s 5324} 5325 5326type GetPolicyOutput struct { 5327 _ struct{} `type:"structure"` 5328 5329 // The policy attached to the private CA as a JSON document. 5330 Policy *string `min:"1" type:"string"` 5331} 5332 5333// String returns the string representation. 5334// 5335// API parameter values that are decorated as "sensitive" in the API will not 5336// be included in the string output. The member name will be present, but the 5337// value will be replaced with "sensitive". 5338func (s GetPolicyOutput) String() string { 5339 return awsutil.Prettify(s) 5340} 5341 5342// GoString returns the string representation. 5343// 5344// API parameter values that are decorated as "sensitive" in the API will not 5345// be included in the string output. The member name will be present, but the 5346// value will be replaced with "sensitive". 5347func (s GetPolicyOutput) GoString() string { 5348 return s.String() 5349} 5350 5351// SetPolicy sets the Policy field's value. 5352func (s *GetPolicyOutput) SetPolicy(v string) *GetPolicyOutput { 5353 s.Policy = &v 5354 return s 5355} 5356 5357type ImportCertificateAuthorityCertificateInput struct { 5358 _ struct{} `type:"structure"` 5359 5360 // The PEM-encoded certificate for a private CA. This may be a self-signed certificate 5361 // in the case of a root CA, or it may be signed by another CA that you control. 5362 // Certificate is automatically base64 encoded/decoded by the SDK. 5363 // 5364 // Certificate is a required field 5365 Certificate []byte `min:"1" type:"blob" required:"true"` 5366 5367 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5368 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5369 // This must be of the form: 5370 // 5371 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5372 // 5373 // CertificateAuthorityArn is a required field 5374 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5375 5376 // A PEM-encoded file that contains all of your certificates, other than the 5377 // certificate you're importing, chaining up to your root CA. Your ACM Private 5378 // CA-hosted or on-premises root certificate is the last in the chain, and each 5379 // certificate in the chain signs the one preceding. 5380 // 5381 // This parameter must be supplied when you import a subordinate CA. When you 5382 // import a root CA, there is no chain. 5383 // CertificateChain is automatically base64 encoded/decoded by the SDK. 5384 CertificateChain []byte `type:"blob"` 5385} 5386 5387// String returns the string representation. 5388// 5389// API parameter values that are decorated as "sensitive" in the API will not 5390// be included in the string output. The member name will be present, but the 5391// value will be replaced with "sensitive". 5392func (s ImportCertificateAuthorityCertificateInput) String() string { 5393 return awsutil.Prettify(s) 5394} 5395 5396// GoString returns the string representation. 5397// 5398// API parameter values that are decorated as "sensitive" in the API will not 5399// be included in the string output. The member name will be present, but the 5400// value will be replaced with "sensitive". 5401func (s ImportCertificateAuthorityCertificateInput) GoString() string { 5402 return s.String() 5403} 5404 5405// Validate inspects the fields of the type to determine if they are valid. 5406func (s *ImportCertificateAuthorityCertificateInput) Validate() error { 5407 invalidParams := request.ErrInvalidParams{Context: "ImportCertificateAuthorityCertificateInput"} 5408 if s.Certificate == nil { 5409 invalidParams.Add(request.NewErrParamRequired("Certificate")) 5410 } 5411 if s.Certificate != nil && len(s.Certificate) < 1 { 5412 invalidParams.Add(request.NewErrParamMinLen("Certificate", 1)) 5413 } 5414 if s.CertificateAuthorityArn == nil { 5415 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 5416 } 5417 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 5418 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 5419 } 5420 5421 if invalidParams.Len() > 0 { 5422 return invalidParams 5423 } 5424 return nil 5425} 5426 5427// SetCertificate sets the Certificate field's value. 5428func (s *ImportCertificateAuthorityCertificateInput) SetCertificate(v []byte) *ImportCertificateAuthorityCertificateInput { 5429 s.Certificate = v 5430 return s 5431} 5432 5433// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 5434func (s *ImportCertificateAuthorityCertificateInput) SetCertificateAuthorityArn(v string) *ImportCertificateAuthorityCertificateInput { 5435 s.CertificateAuthorityArn = &v 5436 return s 5437} 5438 5439// SetCertificateChain sets the CertificateChain field's value. 5440func (s *ImportCertificateAuthorityCertificateInput) SetCertificateChain(v []byte) *ImportCertificateAuthorityCertificateInput { 5441 s.CertificateChain = v 5442 return s 5443} 5444 5445type ImportCertificateAuthorityCertificateOutput struct { 5446 _ struct{} `type:"structure"` 5447} 5448 5449// String returns the string representation. 5450// 5451// API parameter values that are decorated as "sensitive" in the API will not 5452// be included in the string output. The member name will be present, but the 5453// value will be replaced with "sensitive". 5454func (s ImportCertificateAuthorityCertificateOutput) String() string { 5455 return awsutil.Prettify(s) 5456} 5457 5458// GoString returns the string representation. 5459// 5460// API parameter values that are decorated as "sensitive" in the API will not 5461// be included in the string output. The member name will be present, but the 5462// value will be replaced with "sensitive". 5463func (s ImportCertificateAuthorityCertificateOutput) GoString() string { 5464 return s.String() 5465} 5466 5467// One or more of the specified arguments was not valid. 5468type InvalidArgsException struct { 5469 _ struct{} `type:"structure"` 5470 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5471 5472 Message_ *string `locationName:"message" type:"string"` 5473} 5474 5475// String returns the string representation. 5476// 5477// API parameter values that are decorated as "sensitive" in the API will not 5478// be included in the string output. The member name will be present, but the 5479// value will be replaced with "sensitive". 5480func (s InvalidArgsException) String() string { 5481 return awsutil.Prettify(s) 5482} 5483 5484// GoString returns the string representation. 5485// 5486// API parameter values that are decorated as "sensitive" in the API will not 5487// be included in the string output. The member name will be present, but the 5488// value will be replaced with "sensitive". 5489func (s InvalidArgsException) GoString() string { 5490 return s.String() 5491} 5492 5493func newErrorInvalidArgsException(v protocol.ResponseMetadata) error { 5494 return &InvalidArgsException{ 5495 RespMetadata: v, 5496 } 5497} 5498 5499// Code returns the exception type name. 5500func (s *InvalidArgsException) Code() string { 5501 return "InvalidArgsException" 5502} 5503 5504// Message returns the exception's message. 5505func (s *InvalidArgsException) Message() string { 5506 if s.Message_ != nil { 5507 return *s.Message_ 5508 } 5509 return "" 5510} 5511 5512// OrigErr always returns nil, satisfies awserr.Error interface. 5513func (s *InvalidArgsException) OrigErr() error { 5514 return nil 5515} 5516 5517func (s *InvalidArgsException) Error() string { 5518 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5519} 5520 5521// Status code returns the HTTP status code for the request's response error. 5522func (s *InvalidArgsException) StatusCode() int { 5523 return s.RespMetadata.StatusCode 5524} 5525 5526// RequestID returns the service's response RequestID for request. 5527func (s *InvalidArgsException) RequestID() string { 5528 return s.RespMetadata.RequestID 5529} 5530 5531// The requested Amazon Resource Name (ARN) does not refer to an existing resource. 5532type InvalidArnException struct { 5533 _ struct{} `type:"structure"` 5534 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5535 5536 Message_ *string `locationName:"message" type:"string"` 5537} 5538 5539// String returns the string representation. 5540// 5541// API parameter values that are decorated as "sensitive" in the API will not 5542// be included in the string output. The member name will be present, but the 5543// value will be replaced with "sensitive". 5544func (s InvalidArnException) String() string { 5545 return awsutil.Prettify(s) 5546} 5547 5548// GoString returns the string representation. 5549// 5550// API parameter values that are decorated as "sensitive" in the API will not 5551// be included in the string output. The member name will be present, but the 5552// value will be replaced with "sensitive". 5553func (s InvalidArnException) GoString() string { 5554 return s.String() 5555} 5556 5557func newErrorInvalidArnException(v protocol.ResponseMetadata) error { 5558 return &InvalidArnException{ 5559 RespMetadata: v, 5560 } 5561} 5562 5563// Code returns the exception type name. 5564func (s *InvalidArnException) Code() string { 5565 return "InvalidArnException" 5566} 5567 5568// Message returns the exception's message. 5569func (s *InvalidArnException) Message() string { 5570 if s.Message_ != nil { 5571 return *s.Message_ 5572 } 5573 return "" 5574} 5575 5576// OrigErr always returns nil, satisfies awserr.Error interface. 5577func (s *InvalidArnException) OrigErr() error { 5578 return nil 5579} 5580 5581func (s *InvalidArnException) Error() string { 5582 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5583} 5584 5585// Status code returns the HTTP status code for the request's response error. 5586func (s *InvalidArnException) StatusCode() int { 5587 return s.RespMetadata.StatusCode 5588} 5589 5590// RequestID returns the service's response RequestID for request. 5591func (s *InvalidArnException) RequestID() string { 5592 return s.RespMetadata.RequestID 5593} 5594 5595// The token specified in the NextToken argument is not valid. Use the token 5596// returned from your previous call to ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html). 5597type InvalidNextTokenException struct { 5598 _ struct{} `type:"structure"` 5599 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5600 5601 Message_ *string `locationName:"message" type:"string"` 5602} 5603 5604// String returns the string representation. 5605// 5606// API parameter values that are decorated as "sensitive" in the API will not 5607// be included in the string output. The member name will be present, but the 5608// value will be replaced with "sensitive". 5609func (s InvalidNextTokenException) String() string { 5610 return awsutil.Prettify(s) 5611} 5612 5613// GoString returns the string representation. 5614// 5615// API parameter values that are decorated as "sensitive" in the API will not 5616// be included in the string output. The member name will be present, but the 5617// value will be replaced with "sensitive". 5618func (s InvalidNextTokenException) GoString() string { 5619 return s.String() 5620} 5621 5622func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { 5623 return &InvalidNextTokenException{ 5624 RespMetadata: v, 5625 } 5626} 5627 5628// Code returns the exception type name. 5629func (s *InvalidNextTokenException) Code() string { 5630 return "InvalidNextTokenException" 5631} 5632 5633// Message returns the exception's message. 5634func (s *InvalidNextTokenException) Message() string { 5635 if s.Message_ != nil { 5636 return *s.Message_ 5637 } 5638 return "" 5639} 5640 5641// OrigErr always returns nil, satisfies awserr.Error interface. 5642func (s *InvalidNextTokenException) OrigErr() error { 5643 return nil 5644} 5645 5646func (s *InvalidNextTokenException) Error() string { 5647 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5648} 5649 5650// Status code returns the HTTP status code for the request's response error. 5651func (s *InvalidNextTokenException) StatusCode() int { 5652 return s.RespMetadata.StatusCode 5653} 5654 5655// RequestID returns the service's response RequestID for request. 5656func (s *InvalidNextTokenException) RequestID() string { 5657 return s.RespMetadata.RequestID 5658} 5659 5660// The resource policy is invalid or is missing a required statement. For general 5661// information about IAM policy and statement structure, see Overview of JSON 5662// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 5663type InvalidPolicyException struct { 5664 _ struct{} `type:"structure"` 5665 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5666 5667 Message_ *string `locationName:"message" type:"string"` 5668} 5669 5670// String returns the string representation. 5671// 5672// API parameter values that are decorated as "sensitive" in the API will not 5673// be included in the string output. The member name will be present, but the 5674// value will be replaced with "sensitive". 5675func (s InvalidPolicyException) String() string { 5676 return awsutil.Prettify(s) 5677} 5678 5679// GoString returns the string representation. 5680// 5681// API parameter values that are decorated as "sensitive" in the API will not 5682// be included in the string output. The member name will be present, but the 5683// value will be replaced with "sensitive". 5684func (s InvalidPolicyException) GoString() string { 5685 return s.String() 5686} 5687 5688func newErrorInvalidPolicyException(v protocol.ResponseMetadata) error { 5689 return &InvalidPolicyException{ 5690 RespMetadata: v, 5691 } 5692} 5693 5694// Code returns the exception type name. 5695func (s *InvalidPolicyException) Code() string { 5696 return "InvalidPolicyException" 5697} 5698 5699// Message returns the exception's message. 5700func (s *InvalidPolicyException) Message() string { 5701 if s.Message_ != nil { 5702 return *s.Message_ 5703 } 5704 return "" 5705} 5706 5707// OrigErr always returns nil, satisfies awserr.Error interface. 5708func (s *InvalidPolicyException) OrigErr() error { 5709 return nil 5710} 5711 5712func (s *InvalidPolicyException) Error() string { 5713 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5714} 5715 5716// Status code returns the HTTP status code for the request's response error. 5717func (s *InvalidPolicyException) StatusCode() int { 5718 return s.RespMetadata.StatusCode 5719} 5720 5721// RequestID returns the service's response RequestID for request. 5722func (s *InvalidPolicyException) RequestID() string { 5723 return s.RespMetadata.RequestID 5724} 5725 5726// The request action cannot be performed or is prohibited. 5727type InvalidRequestException struct { 5728 _ struct{} `type:"structure"` 5729 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5730 5731 Message_ *string `locationName:"message" type:"string"` 5732} 5733 5734// String returns the string representation. 5735// 5736// API parameter values that are decorated as "sensitive" in the API will not 5737// be included in the string output. The member name will be present, but the 5738// value will be replaced with "sensitive". 5739func (s InvalidRequestException) String() string { 5740 return awsutil.Prettify(s) 5741} 5742 5743// GoString returns the string representation. 5744// 5745// API parameter values that are decorated as "sensitive" in the API will not 5746// be included in the string output. The member name will be present, but the 5747// value will be replaced with "sensitive". 5748func (s InvalidRequestException) GoString() string { 5749 return s.String() 5750} 5751 5752func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { 5753 return &InvalidRequestException{ 5754 RespMetadata: v, 5755 } 5756} 5757 5758// Code returns the exception type name. 5759func (s *InvalidRequestException) Code() string { 5760 return "InvalidRequestException" 5761} 5762 5763// Message returns the exception's message. 5764func (s *InvalidRequestException) Message() string { 5765 if s.Message_ != nil { 5766 return *s.Message_ 5767 } 5768 return "" 5769} 5770 5771// OrigErr always returns nil, satisfies awserr.Error interface. 5772func (s *InvalidRequestException) OrigErr() error { 5773 return nil 5774} 5775 5776func (s *InvalidRequestException) Error() string { 5777 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5778} 5779 5780// Status code returns the HTTP status code for the request's response error. 5781func (s *InvalidRequestException) StatusCode() int { 5782 return s.RespMetadata.StatusCode 5783} 5784 5785// RequestID returns the service's response RequestID for request. 5786func (s *InvalidRequestException) RequestID() string { 5787 return s.RespMetadata.RequestID 5788} 5789 5790// The state of the private CA does not allow this action to occur. 5791type InvalidStateException struct { 5792 _ struct{} `type:"structure"` 5793 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5794 5795 Message_ *string `locationName:"message" type:"string"` 5796} 5797 5798// String returns the string representation. 5799// 5800// API parameter values that are decorated as "sensitive" in the API will not 5801// be included in the string output. The member name will be present, but the 5802// value will be replaced with "sensitive". 5803func (s InvalidStateException) String() string { 5804 return awsutil.Prettify(s) 5805} 5806 5807// GoString returns the string representation. 5808// 5809// API parameter values that are decorated as "sensitive" in the API will not 5810// be included in the string output. The member name will be present, but the 5811// value will be replaced with "sensitive". 5812func (s InvalidStateException) GoString() string { 5813 return s.String() 5814} 5815 5816func newErrorInvalidStateException(v protocol.ResponseMetadata) error { 5817 return &InvalidStateException{ 5818 RespMetadata: v, 5819 } 5820} 5821 5822// Code returns the exception type name. 5823func (s *InvalidStateException) Code() string { 5824 return "InvalidStateException" 5825} 5826 5827// Message returns the exception's message. 5828func (s *InvalidStateException) Message() string { 5829 if s.Message_ != nil { 5830 return *s.Message_ 5831 } 5832 return "" 5833} 5834 5835// OrigErr always returns nil, satisfies awserr.Error interface. 5836func (s *InvalidStateException) OrigErr() error { 5837 return nil 5838} 5839 5840func (s *InvalidStateException) Error() string { 5841 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5842} 5843 5844// Status code returns the HTTP status code for the request's response error. 5845func (s *InvalidStateException) StatusCode() int { 5846 return s.RespMetadata.StatusCode 5847} 5848 5849// RequestID returns the service's response RequestID for request. 5850func (s *InvalidStateException) RequestID() string { 5851 return s.RespMetadata.RequestID 5852} 5853 5854// The tag associated with the CA is not valid. The invalid argument is contained 5855// in the message field. 5856type InvalidTagException struct { 5857 _ struct{} `type:"structure"` 5858 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5859 5860 Message_ *string `locationName:"message" type:"string"` 5861} 5862 5863// String returns the string representation. 5864// 5865// API parameter values that are decorated as "sensitive" in the API will not 5866// be included in the string output. The member name will be present, but the 5867// value will be replaced with "sensitive". 5868func (s InvalidTagException) String() string { 5869 return awsutil.Prettify(s) 5870} 5871 5872// GoString returns the string representation. 5873// 5874// API parameter values that are decorated as "sensitive" in the API will not 5875// be included in the string output. The member name will be present, but the 5876// value will be replaced with "sensitive". 5877func (s InvalidTagException) GoString() string { 5878 return s.String() 5879} 5880 5881func newErrorInvalidTagException(v protocol.ResponseMetadata) error { 5882 return &InvalidTagException{ 5883 RespMetadata: v, 5884 } 5885} 5886 5887// Code returns the exception type name. 5888func (s *InvalidTagException) Code() string { 5889 return "InvalidTagException" 5890} 5891 5892// Message returns the exception's message. 5893func (s *InvalidTagException) Message() string { 5894 if s.Message_ != nil { 5895 return *s.Message_ 5896 } 5897 return "" 5898} 5899 5900// OrigErr always returns nil, satisfies awserr.Error interface. 5901func (s *InvalidTagException) OrigErr() error { 5902 return nil 5903} 5904 5905func (s *InvalidTagException) Error() string { 5906 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5907} 5908 5909// Status code returns the HTTP status code for the request's response error. 5910func (s *InvalidTagException) StatusCode() int { 5911 return s.RespMetadata.StatusCode 5912} 5913 5914// RequestID returns the service's response RequestID for request. 5915func (s *InvalidTagException) RequestID() string { 5916 return s.RespMetadata.RequestID 5917} 5918 5919type IssueCertificateInput struct { 5920 _ struct{} `type:"structure"` 5921 5922 // Specifies X.509 certificate information to be included in the issued certificate. 5923 // An APIPassthrough or APICSRPassthrough template variant must be selected, 5924 // or else this parameter is ignored. For more information about using these 5925 // templates, see Understanding Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5926 // 5927 // If conflicting or duplicate certificate information is supplied during certificate 5928 // issuance, ACM Private CA applies order of operation rules (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) 5929 // to determine what information is used. 5930 ApiPassthrough *ApiPassthrough `type:"structure"` 5931 5932 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 5933 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 5934 // This must be of the form: 5935 // 5936 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 5937 // 5938 // CertificateAuthorityArn is a required field 5939 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 5940 5941 // The certificate signing request (CSR) for the certificate you want to issue. 5942 // As an example, you can use the following OpenSSL command to create the CSR 5943 // and a 2048 bit RSA private key. 5944 // 5945 // openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem 5946 // -out csr/test_cert_.csr 5947 // 5948 // If you have a configuration file, you can then use the following OpenSSL 5949 // command. The usr_cert block in the configuration file contains your X509 5950 // version 3 extensions. 5951 // 5952 // openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 5953 // -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr 5954 // 5955 // Note: A CSR must provide either a subject name or a subject alternative name 5956 // or the request will be rejected. 5957 // Csr is automatically base64 encoded/decoded by the SDK. 5958 // 5959 // Csr is a required field 5960 Csr []byte `min:"1" type:"blob" required:"true"` 5961 5962 // Alphanumeric string that can be used to distinguish between calls to the 5963 // IssueCertificate action. Idempotency tokens for IssueCertificate time out 5964 // after one minute. Therefore, if you call IssueCertificate multiple times 5965 // with the same idempotency token within one minute, ACM Private CA recognizes 5966 // that you are requesting only one certificate and will issue only one. If 5967 // you change the idempotency token for each call, PCA recognizes that you are 5968 // requesting multiple certificates. 5969 IdempotencyToken *string `min:"1" type:"string"` 5970 5971 // The name of the algorithm that will be used to sign the certificate to be 5972 // issued. 5973 // 5974 // This parameter should not be confused with the SigningAlgorithm parameter 5975 // used to sign a CSR in the CreateCertificateAuthority action. 5976 // 5977 // SigningAlgorithm is a required field 5978 SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithm"` 5979 5980 // Specifies a custom configuration template to use when issuing a certificate. 5981 // If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1 5982 // template. For CA certificates, you should choose the shortest path length 5983 // that meets your needs. The path length is indicated by the PathLenN portion 5984 // of the ARN, where N is the CA depth (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth). 5985 // 5986 // Note: The CA depth configured on a subordinate CA certificate must not exceed 5987 // the limit set by its parents in the CA hierarchy. 5988 // 5989 // For a list of TemplateArn values supported by ACM Private CA, see Understanding 5990 // Certificate Templates (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html). 5991 TemplateArn *string `min:"5" type:"string"` 5992 5993 // Information describing the end of the validity period of the certificate. 5994 // This parameter sets the “Not After” date for the certificate. 5995 // 5996 // Certificate validity is the period of time during which a certificate is 5997 // valid. Validity can be expressed as an explicit date and time when the certificate 5998 // expires, or as a span of time after issuance, stated in days, months, or 5999 // years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 6000 // in RFC 5280. 6001 // 6002 // This value is unaffected when ValidityNotBefore is also specified. For example, 6003 // if Validity is set to 20 days in the future, the certificate will expire 6004 // 20 days from issuance time regardless of the ValidityNotBefore value. 6005 // 6006 // The end of the validity period configured on a certificate must not exceed 6007 // the limit set on its parents in the CA hierarchy. 6008 // 6009 // Validity is a required field 6010 Validity *Validity `type:"structure" required:"true"` 6011 6012 // Information describing the start of the validity period of the certificate. 6013 // This parameter sets the “Not Before" date for the certificate. 6014 // 6015 // By default, when issuing a certificate, ACM Private CA sets the "Not Before" 6016 // date to the issuance time minus 60 minutes. This compensates for clock inconsistencies 6017 // across computer systems. The ValidityNotBefore parameter can be used to customize 6018 // the “Not Before” value. 6019 // 6020 // Unlike the Validity parameter, the ValidityNotBefore parameter is optional. 6021 // 6022 // The ValidityNotBefore value is expressed as an explicit date and time, using 6023 // the Validity type value ABSOLUTE. For more information, see Validity (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html) 6024 // in this API reference and Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 6025 // in RFC 5280. 6026 ValidityNotBefore *Validity `type:"structure"` 6027} 6028 6029// String returns the string representation. 6030// 6031// API parameter values that are decorated as "sensitive" in the API will not 6032// be included in the string output. The member name will be present, but the 6033// value will be replaced with "sensitive". 6034func (s IssueCertificateInput) String() string { 6035 return awsutil.Prettify(s) 6036} 6037 6038// GoString returns the string representation. 6039// 6040// API parameter values that are decorated as "sensitive" in the API will not 6041// be included in the string output. The member name will be present, but the 6042// value will be replaced with "sensitive". 6043func (s IssueCertificateInput) GoString() string { 6044 return s.String() 6045} 6046 6047// Validate inspects the fields of the type to determine if they are valid. 6048func (s *IssueCertificateInput) Validate() error { 6049 invalidParams := request.ErrInvalidParams{Context: "IssueCertificateInput"} 6050 if s.CertificateAuthorityArn == nil { 6051 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6052 } 6053 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6054 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6055 } 6056 if s.Csr == nil { 6057 invalidParams.Add(request.NewErrParamRequired("Csr")) 6058 } 6059 if s.Csr != nil && len(s.Csr) < 1 { 6060 invalidParams.Add(request.NewErrParamMinLen("Csr", 1)) 6061 } 6062 if s.IdempotencyToken != nil && len(*s.IdempotencyToken) < 1 { 6063 invalidParams.Add(request.NewErrParamMinLen("IdempotencyToken", 1)) 6064 } 6065 if s.SigningAlgorithm == nil { 6066 invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) 6067 } 6068 if s.TemplateArn != nil && len(*s.TemplateArn) < 5 { 6069 invalidParams.Add(request.NewErrParamMinLen("TemplateArn", 5)) 6070 } 6071 if s.Validity == nil { 6072 invalidParams.Add(request.NewErrParamRequired("Validity")) 6073 } 6074 if s.ApiPassthrough != nil { 6075 if err := s.ApiPassthrough.Validate(); err != nil { 6076 invalidParams.AddNested("ApiPassthrough", err.(request.ErrInvalidParams)) 6077 } 6078 } 6079 if s.Validity != nil { 6080 if err := s.Validity.Validate(); err != nil { 6081 invalidParams.AddNested("Validity", err.(request.ErrInvalidParams)) 6082 } 6083 } 6084 if s.ValidityNotBefore != nil { 6085 if err := s.ValidityNotBefore.Validate(); err != nil { 6086 invalidParams.AddNested("ValidityNotBefore", err.(request.ErrInvalidParams)) 6087 } 6088 } 6089 6090 if invalidParams.Len() > 0 { 6091 return invalidParams 6092 } 6093 return nil 6094} 6095 6096// SetApiPassthrough sets the ApiPassthrough field's value. 6097func (s *IssueCertificateInput) SetApiPassthrough(v *ApiPassthrough) *IssueCertificateInput { 6098 s.ApiPassthrough = v 6099 return s 6100} 6101 6102// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6103func (s *IssueCertificateInput) SetCertificateAuthorityArn(v string) *IssueCertificateInput { 6104 s.CertificateAuthorityArn = &v 6105 return s 6106} 6107 6108// SetCsr sets the Csr field's value. 6109func (s *IssueCertificateInput) SetCsr(v []byte) *IssueCertificateInput { 6110 s.Csr = v 6111 return s 6112} 6113 6114// SetIdempotencyToken sets the IdempotencyToken field's value. 6115func (s *IssueCertificateInput) SetIdempotencyToken(v string) *IssueCertificateInput { 6116 s.IdempotencyToken = &v 6117 return s 6118} 6119 6120// SetSigningAlgorithm sets the SigningAlgorithm field's value. 6121func (s *IssueCertificateInput) SetSigningAlgorithm(v string) *IssueCertificateInput { 6122 s.SigningAlgorithm = &v 6123 return s 6124} 6125 6126// SetTemplateArn sets the TemplateArn field's value. 6127func (s *IssueCertificateInput) SetTemplateArn(v string) *IssueCertificateInput { 6128 s.TemplateArn = &v 6129 return s 6130} 6131 6132// SetValidity sets the Validity field's value. 6133func (s *IssueCertificateInput) SetValidity(v *Validity) *IssueCertificateInput { 6134 s.Validity = v 6135 return s 6136} 6137 6138// SetValidityNotBefore sets the ValidityNotBefore field's value. 6139func (s *IssueCertificateInput) SetValidityNotBefore(v *Validity) *IssueCertificateInput { 6140 s.ValidityNotBefore = v 6141 return s 6142} 6143 6144type IssueCertificateOutput struct { 6145 _ struct{} `type:"structure"` 6146 6147 // The Amazon Resource Name (ARN) of the issued certificate and the certificate 6148 // serial number. This is of the form: 6149 // 6150 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245 6151 CertificateArn *string `min:"5" type:"string"` 6152} 6153 6154// String returns the string representation. 6155// 6156// API parameter values that are decorated as "sensitive" in the API will not 6157// be included in the string output. The member name will be present, but the 6158// value will be replaced with "sensitive". 6159func (s IssueCertificateOutput) String() string { 6160 return awsutil.Prettify(s) 6161} 6162 6163// GoString returns the string representation. 6164// 6165// API parameter values that are decorated as "sensitive" in the API will not 6166// be included in the string output. The member name will be present, but the 6167// value will be replaced with "sensitive". 6168func (s IssueCertificateOutput) GoString() string { 6169 return s.String() 6170} 6171 6172// SetCertificateArn sets the CertificateArn field's value. 6173func (s *IssueCertificateOutput) SetCertificateArn(v string) *IssueCertificateOutput { 6174 s.CertificateArn = &v 6175 return s 6176} 6177 6178// Defines one or more purposes for which the key contained in the certificate 6179// can be used. Default value for each option is false. 6180type KeyUsage struct { 6181 _ struct{} `type:"structure"` 6182 6183 // Key can be used to sign CRLs. 6184 CRLSign *bool `type:"boolean"` 6185 6186 // Key can be used to decipher data. 6187 DataEncipherment *bool `type:"boolean"` 6188 6189 // Key can be used only to decipher data. 6190 DecipherOnly *bool `type:"boolean"` 6191 6192 // Key can be used for digital signing. 6193 DigitalSignature *bool `type:"boolean"` 6194 6195 // Key can be used only to encipher data. 6196 EncipherOnly *bool `type:"boolean"` 6197 6198 // Key can be used in a key-agreement protocol. 6199 KeyAgreement *bool `type:"boolean"` 6200 6201 // Key can be used to sign certificates. 6202 KeyCertSign *bool `type:"boolean"` 6203 6204 // Key can be used to encipher data. 6205 KeyEncipherment *bool `type:"boolean"` 6206 6207 // Key can be used for non-repudiation. 6208 NonRepudiation *bool `type:"boolean"` 6209} 6210 6211// String returns the string representation. 6212// 6213// API parameter values that are decorated as "sensitive" in the API will not 6214// be included in the string output. The member name will be present, but the 6215// value will be replaced with "sensitive". 6216func (s KeyUsage) String() string { 6217 return awsutil.Prettify(s) 6218} 6219 6220// GoString returns the string representation. 6221// 6222// API parameter values that are decorated as "sensitive" in the API will not 6223// be included in the string output. The member name will be present, but the 6224// value will be replaced with "sensitive". 6225func (s KeyUsage) GoString() string { 6226 return s.String() 6227} 6228 6229// SetCRLSign sets the CRLSign field's value. 6230func (s *KeyUsage) SetCRLSign(v bool) *KeyUsage { 6231 s.CRLSign = &v 6232 return s 6233} 6234 6235// SetDataEncipherment sets the DataEncipherment field's value. 6236func (s *KeyUsage) SetDataEncipherment(v bool) *KeyUsage { 6237 s.DataEncipherment = &v 6238 return s 6239} 6240 6241// SetDecipherOnly sets the DecipherOnly field's value. 6242func (s *KeyUsage) SetDecipherOnly(v bool) *KeyUsage { 6243 s.DecipherOnly = &v 6244 return s 6245} 6246 6247// SetDigitalSignature sets the DigitalSignature field's value. 6248func (s *KeyUsage) SetDigitalSignature(v bool) *KeyUsage { 6249 s.DigitalSignature = &v 6250 return s 6251} 6252 6253// SetEncipherOnly sets the EncipherOnly field's value. 6254func (s *KeyUsage) SetEncipherOnly(v bool) *KeyUsage { 6255 s.EncipherOnly = &v 6256 return s 6257} 6258 6259// SetKeyAgreement sets the KeyAgreement field's value. 6260func (s *KeyUsage) SetKeyAgreement(v bool) *KeyUsage { 6261 s.KeyAgreement = &v 6262 return s 6263} 6264 6265// SetKeyCertSign sets the KeyCertSign field's value. 6266func (s *KeyUsage) SetKeyCertSign(v bool) *KeyUsage { 6267 s.KeyCertSign = &v 6268 return s 6269} 6270 6271// SetKeyEncipherment sets the KeyEncipherment field's value. 6272func (s *KeyUsage) SetKeyEncipherment(v bool) *KeyUsage { 6273 s.KeyEncipherment = &v 6274 return s 6275} 6276 6277// SetNonRepudiation sets the NonRepudiation field's value. 6278func (s *KeyUsage) SetNonRepudiation(v bool) *KeyUsage { 6279 s.NonRepudiation = &v 6280 return s 6281} 6282 6283// An ACM Private CA quota has been exceeded. See the exception message returned 6284// to determine the quota that was exceeded. 6285type LimitExceededException struct { 6286 _ struct{} `type:"structure"` 6287 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6288 6289 Message_ *string `locationName:"message" type:"string"` 6290} 6291 6292// String returns the string representation. 6293// 6294// API parameter values that are decorated as "sensitive" in the API will not 6295// be included in the string output. The member name will be present, but the 6296// value will be replaced with "sensitive". 6297func (s LimitExceededException) String() string { 6298 return awsutil.Prettify(s) 6299} 6300 6301// GoString returns the string representation. 6302// 6303// API parameter values that are decorated as "sensitive" in the API will not 6304// be included in the string output. The member name will be present, but the 6305// value will be replaced with "sensitive". 6306func (s LimitExceededException) GoString() string { 6307 return s.String() 6308} 6309 6310func newErrorLimitExceededException(v protocol.ResponseMetadata) error { 6311 return &LimitExceededException{ 6312 RespMetadata: v, 6313 } 6314} 6315 6316// Code returns the exception type name. 6317func (s *LimitExceededException) Code() string { 6318 return "LimitExceededException" 6319} 6320 6321// Message returns the exception's message. 6322func (s *LimitExceededException) Message() string { 6323 if s.Message_ != nil { 6324 return *s.Message_ 6325 } 6326 return "" 6327} 6328 6329// OrigErr always returns nil, satisfies awserr.Error interface. 6330func (s *LimitExceededException) OrigErr() error { 6331 return nil 6332} 6333 6334func (s *LimitExceededException) Error() string { 6335 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6336} 6337 6338// Status code returns the HTTP status code for the request's response error. 6339func (s *LimitExceededException) StatusCode() int { 6340 return s.RespMetadata.StatusCode 6341} 6342 6343// RequestID returns the service's response RequestID for request. 6344func (s *LimitExceededException) RequestID() string { 6345 return s.RespMetadata.RequestID 6346} 6347 6348type ListCertificateAuthoritiesInput struct { 6349 _ struct{} `type:"structure"` 6350 6351 // Use this parameter when paginating results to specify the maximum number 6352 // of items to return in the response on each page. If additional items exist 6353 // beyond the number you specify, the NextToken element is sent in the response. 6354 // Use this NextToken value in a subsequent request to retrieve additional items. 6355 MaxResults *int64 `min:"1" type:"integer"` 6356 6357 // Use this parameter when paginating results in a subsequent request after 6358 // you receive a response with truncated results. Set it to the value of the 6359 // NextToken parameter from the response you just received. 6360 NextToken *string `min:"1" type:"string"` 6361 6362 // Use this parameter to filter the returned set of certificate authorities 6363 // based on their owner. The default is SELF. 6364 ResourceOwner *string `type:"string" enum:"ResourceOwner"` 6365} 6366 6367// String returns the string representation. 6368// 6369// API parameter values that are decorated as "sensitive" in the API will not 6370// be included in the string output. The member name will be present, but the 6371// value will be replaced with "sensitive". 6372func (s ListCertificateAuthoritiesInput) String() string { 6373 return awsutil.Prettify(s) 6374} 6375 6376// GoString returns the string representation. 6377// 6378// API parameter values that are decorated as "sensitive" in the API will not 6379// be included in the string output. The member name will be present, but the 6380// value will be replaced with "sensitive". 6381func (s ListCertificateAuthoritiesInput) GoString() string { 6382 return s.String() 6383} 6384 6385// Validate inspects the fields of the type to determine if they are valid. 6386func (s *ListCertificateAuthoritiesInput) Validate() error { 6387 invalidParams := request.ErrInvalidParams{Context: "ListCertificateAuthoritiesInput"} 6388 if s.MaxResults != nil && *s.MaxResults < 1 { 6389 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6390 } 6391 if s.NextToken != nil && len(*s.NextToken) < 1 { 6392 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6393 } 6394 6395 if invalidParams.Len() > 0 { 6396 return invalidParams 6397 } 6398 return nil 6399} 6400 6401// SetMaxResults sets the MaxResults field's value. 6402func (s *ListCertificateAuthoritiesInput) SetMaxResults(v int64) *ListCertificateAuthoritiesInput { 6403 s.MaxResults = &v 6404 return s 6405} 6406 6407// SetNextToken sets the NextToken field's value. 6408func (s *ListCertificateAuthoritiesInput) SetNextToken(v string) *ListCertificateAuthoritiesInput { 6409 s.NextToken = &v 6410 return s 6411} 6412 6413// SetResourceOwner sets the ResourceOwner field's value. 6414func (s *ListCertificateAuthoritiesInput) SetResourceOwner(v string) *ListCertificateAuthoritiesInput { 6415 s.ResourceOwner = &v 6416 return s 6417} 6418 6419type ListCertificateAuthoritiesOutput struct { 6420 _ struct{} `type:"structure"` 6421 6422 // Summary information about each certificate authority you have created. 6423 CertificateAuthorities []*CertificateAuthority `type:"list"` 6424 6425 // When the list is truncated, this value is present and should be used for 6426 // the NextToken parameter in a subsequent pagination request. 6427 NextToken *string `min:"1" type:"string"` 6428} 6429 6430// String returns the string representation. 6431// 6432// API parameter values that are decorated as "sensitive" in the API will not 6433// be included in the string output. The member name will be present, but the 6434// value will be replaced with "sensitive". 6435func (s ListCertificateAuthoritiesOutput) String() string { 6436 return awsutil.Prettify(s) 6437} 6438 6439// GoString returns the string representation. 6440// 6441// API parameter values that are decorated as "sensitive" in the API will not 6442// be included in the string output. The member name will be present, but the 6443// value will be replaced with "sensitive". 6444func (s ListCertificateAuthoritiesOutput) GoString() string { 6445 return s.String() 6446} 6447 6448// SetCertificateAuthorities sets the CertificateAuthorities field's value. 6449func (s *ListCertificateAuthoritiesOutput) SetCertificateAuthorities(v []*CertificateAuthority) *ListCertificateAuthoritiesOutput { 6450 s.CertificateAuthorities = v 6451 return s 6452} 6453 6454// SetNextToken sets the NextToken field's value. 6455func (s *ListCertificateAuthoritiesOutput) SetNextToken(v string) *ListCertificateAuthoritiesOutput { 6456 s.NextToken = &v 6457 return s 6458} 6459 6460type ListPermissionsInput struct { 6461 _ struct{} `type:"structure"` 6462 6463 // The Amazon Resource Number (ARN) of the private CA to inspect. You can find 6464 // the ARN by calling the ListCertificateAuthorities (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6465 // action. This must be of the form: arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 6466 // You can get a private CA's ARN by running the ListCertificateAuthorities 6467 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 6468 // action. 6469 // 6470 // CertificateAuthorityArn is a required field 6471 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 6472 6473 // When paginating results, use this parameter to specify the maximum number 6474 // of items to return in the response. If additional items exist beyond the 6475 // number you specify, the NextToken element is sent in the response. Use this 6476 // NextToken value in a subsequent request to retrieve additional items. 6477 MaxResults *int64 `min:"1" type:"integer"` 6478 6479 // When paginating results, use this parameter in a subsequent request after 6480 // you receive a response with truncated results. Set it to the value of NextToken 6481 // from the response you just received. 6482 NextToken *string `min:"1" type:"string"` 6483} 6484 6485// String returns the string representation. 6486// 6487// API parameter values that are decorated as "sensitive" in the API will not 6488// be included in the string output. The member name will be present, but the 6489// value will be replaced with "sensitive". 6490func (s ListPermissionsInput) String() string { 6491 return awsutil.Prettify(s) 6492} 6493 6494// GoString returns the string representation. 6495// 6496// API parameter values that are decorated as "sensitive" in the API will not 6497// be included in the string output. The member name will be present, but the 6498// value will be replaced with "sensitive". 6499func (s ListPermissionsInput) GoString() string { 6500 return s.String() 6501} 6502 6503// Validate inspects the fields of the type to determine if they are valid. 6504func (s *ListPermissionsInput) Validate() error { 6505 invalidParams := request.ErrInvalidParams{Context: "ListPermissionsInput"} 6506 if s.CertificateAuthorityArn == nil { 6507 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6508 } 6509 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6510 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6511 } 6512 if s.MaxResults != nil && *s.MaxResults < 1 { 6513 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6514 } 6515 if s.NextToken != nil && len(*s.NextToken) < 1 { 6516 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6517 } 6518 6519 if invalidParams.Len() > 0 { 6520 return invalidParams 6521 } 6522 return nil 6523} 6524 6525// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6526func (s *ListPermissionsInput) SetCertificateAuthorityArn(v string) *ListPermissionsInput { 6527 s.CertificateAuthorityArn = &v 6528 return s 6529} 6530 6531// SetMaxResults sets the MaxResults field's value. 6532func (s *ListPermissionsInput) SetMaxResults(v int64) *ListPermissionsInput { 6533 s.MaxResults = &v 6534 return s 6535} 6536 6537// SetNextToken sets the NextToken field's value. 6538func (s *ListPermissionsInput) SetNextToken(v string) *ListPermissionsInput { 6539 s.NextToken = &v 6540 return s 6541} 6542 6543type ListPermissionsOutput struct { 6544 _ struct{} `type:"structure"` 6545 6546 // When the list is truncated, this value is present and should be used for 6547 // the NextToken parameter in a subsequent pagination request. 6548 NextToken *string `min:"1" type:"string"` 6549 6550 // Summary information about each permission assigned by the specified private 6551 // CA, including the action enabled, the policy provided, and the time of creation. 6552 Permissions []*Permission `type:"list"` 6553} 6554 6555// String returns the string representation. 6556// 6557// API parameter values that are decorated as "sensitive" in the API will not 6558// be included in the string output. The member name will be present, but the 6559// value will be replaced with "sensitive". 6560func (s ListPermissionsOutput) String() string { 6561 return awsutil.Prettify(s) 6562} 6563 6564// GoString returns the string representation. 6565// 6566// API parameter values that are decorated as "sensitive" in the API will not 6567// be included in the string output. The member name will be present, but the 6568// value will be replaced with "sensitive". 6569func (s ListPermissionsOutput) GoString() string { 6570 return s.String() 6571} 6572 6573// SetNextToken sets the NextToken field's value. 6574func (s *ListPermissionsOutput) SetNextToken(v string) *ListPermissionsOutput { 6575 s.NextToken = &v 6576 return s 6577} 6578 6579// SetPermissions sets the Permissions field's value. 6580func (s *ListPermissionsOutput) SetPermissions(v []*Permission) *ListPermissionsOutput { 6581 s.Permissions = v 6582 return s 6583} 6584 6585type ListTagsInput struct { 6586 _ struct{} `type:"structure"` 6587 6588 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 6589 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 6590 // action. This must be of the form: 6591 // 6592 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 6593 // 6594 // CertificateAuthorityArn is a required field 6595 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 6596 6597 // Use this parameter when paginating results to specify the maximum number 6598 // of items to return in the response. If additional items exist beyond the 6599 // number you specify, the NextToken element is sent in the response. Use this 6600 // NextToken value in a subsequent request to retrieve additional items. 6601 MaxResults *int64 `min:"1" type:"integer"` 6602 6603 // Use this parameter when paginating results in a subsequent request after 6604 // you receive a response with truncated results. Set it to the value of NextToken 6605 // from the response you just received. 6606 NextToken *string `min:"1" type:"string"` 6607} 6608 6609// String returns the string representation. 6610// 6611// API parameter values that are decorated as "sensitive" in the API will not 6612// be included in the string output. The member name will be present, but the 6613// value will be replaced with "sensitive". 6614func (s ListTagsInput) String() string { 6615 return awsutil.Prettify(s) 6616} 6617 6618// GoString returns the string representation. 6619// 6620// API parameter values that are decorated as "sensitive" in the API will not 6621// be included in the string output. The member name will be present, but the 6622// value will be replaced with "sensitive". 6623func (s ListTagsInput) GoString() string { 6624 return s.String() 6625} 6626 6627// Validate inspects the fields of the type to determine if they are valid. 6628func (s *ListTagsInput) Validate() error { 6629 invalidParams := request.ErrInvalidParams{Context: "ListTagsInput"} 6630 if s.CertificateAuthorityArn == nil { 6631 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 6632 } 6633 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 6634 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 6635 } 6636 if s.MaxResults != nil && *s.MaxResults < 1 { 6637 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 6638 } 6639 if s.NextToken != nil && len(*s.NextToken) < 1 { 6640 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 6641 } 6642 6643 if invalidParams.Len() > 0 { 6644 return invalidParams 6645 } 6646 return nil 6647} 6648 6649// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 6650func (s *ListTagsInput) SetCertificateAuthorityArn(v string) *ListTagsInput { 6651 s.CertificateAuthorityArn = &v 6652 return s 6653} 6654 6655// SetMaxResults sets the MaxResults field's value. 6656func (s *ListTagsInput) SetMaxResults(v int64) *ListTagsInput { 6657 s.MaxResults = &v 6658 return s 6659} 6660 6661// SetNextToken sets the NextToken field's value. 6662func (s *ListTagsInput) SetNextToken(v string) *ListTagsInput { 6663 s.NextToken = &v 6664 return s 6665} 6666 6667type ListTagsOutput struct { 6668 _ struct{} `type:"structure"` 6669 6670 // When the list is truncated, this value is present and should be used for 6671 // the NextToken parameter in a subsequent pagination request. 6672 NextToken *string `min:"1" type:"string"` 6673 6674 // The tags associated with your private CA. 6675 Tags []*Tag `min:"1" type:"list"` 6676} 6677 6678// String returns the string representation. 6679// 6680// API parameter values that are decorated as "sensitive" in the API will not 6681// be included in the string output. The member name will be present, but the 6682// value will be replaced with "sensitive". 6683func (s ListTagsOutput) String() string { 6684 return awsutil.Prettify(s) 6685} 6686 6687// GoString returns the string representation. 6688// 6689// API parameter values that are decorated as "sensitive" in the API will not 6690// be included in the string output. The member name will be present, but the 6691// value will be replaced with "sensitive". 6692func (s ListTagsOutput) GoString() string { 6693 return s.String() 6694} 6695 6696// SetNextToken sets the NextToken field's value. 6697func (s *ListTagsOutput) SetNextToken(v string) *ListTagsOutput { 6698 s.NextToken = &v 6699 return s 6700} 6701 6702// SetTags sets the Tags field's value. 6703func (s *ListTagsOutput) SetTags(v []*Tag) *ListTagsOutput { 6704 s.Tags = v 6705 return s 6706} 6707 6708// The current action was prevented because it would lock the caller out from 6709// performing subsequent actions. Verify that the specified parameters would 6710// not result in the caller being denied access to the resource. 6711type LockoutPreventedException struct { 6712 _ struct{} `type:"structure"` 6713 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6714 6715 Message_ *string `locationName:"message" type:"string"` 6716} 6717 6718// String returns the string representation. 6719// 6720// API parameter values that are decorated as "sensitive" in the API will not 6721// be included in the string output. The member name will be present, but the 6722// value will be replaced with "sensitive". 6723func (s LockoutPreventedException) String() string { 6724 return awsutil.Prettify(s) 6725} 6726 6727// GoString returns the string representation. 6728// 6729// API parameter values that are decorated as "sensitive" in the API will not 6730// be included in the string output. The member name will be present, but the 6731// value will be replaced with "sensitive". 6732func (s LockoutPreventedException) GoString() string { 6733 return s.String() 6734} 6735 6736func newErrorLockoutPreventedException(v protocol.ResponseMetadata) error { 6737 return &LockoutPreventedException{ 6738 RespMetadata: v, 6739 } 6740} 6741 6742// Code returns the exception type name. 6743func (s *LockoutPreventedException) Code() string { 6744 return "LockoutPreventedException" 6745} 6746 6747// Message returns the exception's message. 6748func (s *LockoutPreventedException) Message() string { 6749 if s.Message_ != nil { 6750 return *s.Message_ 6751 } 6752 return "" 6753} 6754 6755// OrigErr always returns nil, satisfies awserr.Error interface. 6756func (s *LockoutPreventedException) OrigErr() error { 6757 return nil 6758} 6759 6760func (s *LockoutPreventedException) Error() string { 6761 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6762} 6763 6764// Status code returns the HTTP status code for the request's response error. 6765func (s *LockoutPreventedException) StatusCode() int { 6766 return s.RespMetadata.StatusCode 6767} 6768 6769// RequestID returns the service's response RequestID for request. 6770func (s *LockoutPreventedException) RequestID() string { 6771 return s.RespMetadata.RequestID 6772} 6773 6774// The certificate signing request is invalid. 6775type MalformedCSRException struct { 6776 _ struct{} `type:"structure"` 6777 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6778 6779 Message_ *string `locationName:"message" type:"string"` 6780} 6781 6782// String returns the string representation. 6783// 6784// API parameter values that are decorated as "sensitive" in the API will not 6785// be included in the string output. The member name will be present, but the 6786// value will be replaced with "sensitive". 6787func (s MalformedCSRException) String() string { 6788 return awsutil.Prettify(s) 6789} 6790 6791// GoString returns the string representation. 6792// 6793// API parameter values that are decorated as "sensitive" in the API will not 6794// be included in the string output. The member name will be present, but the 6795// value will be replaced with "sensitive". 6796func (s MalformedCSRException) GoString() string { 6797 return s.String() 6798} 6799 6800func newErrorMalformedCSRException(v protocol.ResponseMetadata) error { 6801 return &MalformedCSRException{ 6802 RespMetadata: v, 6803 } 6804} 6805 6806// Code returns the exception type name. 6807func (s *MalformedCSRException) Code() string { 6808 return "MalformedCSRException" 6809} 6810 6811// Message returns the exception's message. 6812func (s *MalformedCSRException) Message() string { 6813 if s.Message_ != nil { 6814 return *s.Message_ 6815 } 6816 return "" 6817} 6818 6819// OrigErr always returns nil, satisfies awserr.Error interface. 6820func (s *MalformedCSRException) OrigErr() error { 6821 return nil 6822} 6823 6824func (s *MalformedCSRException) Error() string { 6825 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6826} 6827 6828// Status code returns the HTTP status code for the request's response error. 6829func (s *MalformedCSRException) StatusCode() int { 6830 return s.RespMetadata.StatusCode 6831} 6832 6833// RequestID returns the service's response RequestID for request. 6834func (s *MalformedCSRException) RequestID() string { 6835 return s.RespMetadata.RequestID 6836} 6837 6838// One or more fields in the certificate are invalid. 6839type MalformedCertificateException struct { 6840 _ struct{} `type:"structure"` 6841 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 6842 6843 Message_ *string `locationName:"message" type:"string"` 6844} 6845 6846// String returns the string representation. 6847// 6848// API parameter values that are decorated as "sensitive" in the API will not 6849// be included in the string output. The member name will be present, but the 6850// value will be replaced with "sensitive". 6851func (s MalformedCertificateException) String() string { 6852 return awsutil.Prettify(s) 6853} 6854 6855// GoString returns the string representation. 6856// 6857// API parameter values that are decorated as "sensitive" in the API will not 6858// be included in the string output. The member name will be present, but the 6859// value will be replaced with "sensitive". 6860func (s MalformedCertificateException) GoString() string { 6861 return s.String() 6862} 6863 6864func newErrorMalformedCertificateException(v protocol.ResponseMetadata) error { 6865 return &MalformedCertificateException{ 6866 RespMetadata: v, 6867 } 6868} 6869 6870// Code returns the exception type name. 6871func (s *MalformedCertificateException) Code() string { 6872 return "MalformedCertificateException" 6873} 6874 6875// Message returns the exception's message. 6876func (s *MalformedCertificateException) Message() string { 6877 if s.Message_ != nil { 6878 return *s.Message_ 6879 } 6880 return "" 6881} 6882 6883// OrigErr always returns nil, satisfies awserr.Error interface. 6884func (s *MalformedCertificateException) OrigErr() error { 6885 return nil 6886} 6887 6888func (s *MalformedCertificateException) Error() string { 6889 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 6890} 6891 6892// Status code returns the HTTP status code for the request's response error. 6893func (s *MalformedCertificateException) StatusCode() int { 6894 return s.RespMetadata.StatusCode 6895} 6896 6897// RequestID returns the service's response RequestID for request. 6898func (s *MalformedCertificateException) RequestID() string { 6899 return s.RespMetadata.RequestID 6900} 6901 6902// Contains information to enable and configure Online Certificate Status Protocol 6903// (OCSP) for validating certificate revocation status. 6904// 6905// When you revoke a certificate, OCSP responses may take up to 60 minutes to 6906// reflect the new status. 6907type OcspConfiguration struct { 6908 _ struct{} `type:"structure"` 6909 6910 // Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating 6911 // certificate revocation status. 6912 // 6913 // Enabled is a required field 6914 Enabled *bool `type:"boolean" required:"true"` 6915 6916 // By default, ACM Private CA injects an AWS domain into certificates being 6917 // validated by the Online Certificate Status Protocol (OCSP). A customer can 6918 // alternatively use this object to define a CNAME specifying a customized OCSP 6919 // domain. 6920 // 6921 // Note: The value of the CNAME must not include a protocol prefix such as "http://" 6922 // or "https://". 6923 // 6924 // For more information, see Customizing Online Certificate Status Protocol 6925 // (OCSP) (https://docs.aws.amazon.com/acm-pca/latest/userguide/ocsp-customize.html) 6926 // in the AWS Certificate Manager Private Certificate Authority (PCA) User Guide. 6927 OcspCustomCname *string `type:"string"` 6928} 6929 6930// String returns the string representation. 6931// 6932// API parameter values that are decorated as "sensitive" in the API will not 6933// be included in the string output. The member name will be present, but the 6934// value will be replaced with "sensitive". 6935func (s OcspConfiguration) String() string { 6936 return awsutil.Prettify(s) 6937} 6938 6939// GoString returns the string representation. 6940// 6941// API parameter values that are decorated as "sensitive" in the API will not 6942// be included in the string output. The member name will be present, but the 6943// value will be replaced with "sensitive". 6944func (s OcspConfiguration) GoString() string { 6945 return s.String() 6946} 6947 6948// Validate inspects the fields of the type to determine if they are valid. 6949func (s *OcspConfiguration) Validate() error { 6950 invalidParams := request.ErrInvalidParams{Context: "OcspConfiguration"} 6951 if s.Enabled == nil { 6952 invalidParams.Add(request.NewErrParamRequired("Enabled")) 6953 } 6954 6955 if invalidParams.Len() > 0 { 6956 return invalidParams 6957 } 6958 return nil 6959} 6960 6961// SetEnabled sets the Enabled field's value. 6962func (s *OcspConfiguration) SetEnabled(v bool) *OcspConfiguration { 6963 s.Enabled = &v 6964 return s 6965} 6966 6967// SetOcspCustomCname sets the OcspCustomCname field's value. 6968func (s *OcspConfiguration) SetOcspCustomCname(v string) *OcspConfiguration { 6969 s.OcspCustomCname = &v 6970 return s 6971} 6972 6973// Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) 6974// and value. The OID must satisfy the regular expression shown below. For more 6975// information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 6976type OtherName struct { 6977 _ struct{} `type:"structure"` 6978 6979 // Specifies an OID. 6980 // 6981 // TypeId is a required field 6982 TypeId *string `type:"string" required:"true"` 6983 6984 // Specifies an OID value. 6985 // 6986 // Value is a required field 6987 Value *string `type:"string" required:"true"` 6988} 6989 6990// String returns the string representation. 6991// 6992// API parameter values that are decorated as "sensitive" in the API will not 6993// be included in the string output. The member name will be present, but the 6994// value will be replaced with "sensitive". 6995func (s OtherName) String() string { 6996 return awsutil.Prettify(s) 6997} 6998 6999// GoString returns the string representation. 7000// 7001// API parameter values that are decorated as "sensitive" in the API will not 7002// be included in the string output. The member name will be present, but the 7003// value will be replaced with "sensitive". 7004func (s OtherName) GoString() string { 7005 return s.String() 7006} 7007 7008// Validate inspects the fields of the type to determine if they are valid. 7009func (s *OtherName) Validate() error { 7010 invalidParams := request.ErrInvalidParams{Context: "OtherName"} 7011 if s.TypeId == nil { 7012 invalidParams.Add(request.NewErrParamRequired("TypeId")) 7013 } 7014 if s.Value == nil { 7015 invalidParams.Add(request.NewErrParamRequired("Value")) 7016 } 7017 7018 if invalidParams.Len() > 0 { 7019 return invalidParams 7020 } 7021 return nil 7022} 7023 7024// SetTypeId sets the TypeId field's value. 7025func (s *OtherName) SetTypeId(v string) *OtherName { 7026 s.TypeId = &v 7027 return s 7028} 7029 7030// SetValue sets the Value field's value. 7031func (s *OtherName) SetValue(v string) *OtherName { 7032 s.Value = &v 7033 return s 7034} 7035 7036// Permissions designate which private CA actions can be performed by an AWS 7037// service or entity. In order for ACM to automatically renew private certificates, 7038// you must give the ACM service principal all available permissions (IssueCertificate, 7039// GetCertificate, and ListPermissions). Permissions can be assigned with the 7040// CreatePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 7041// action, removed with the DeletePermission (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 7042// action, and listed with the ListPermissions (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) 7043// action. 7044type Permission struct { 7045 _ struct{} `type:"structure"` 7046 7047 // The private CA actions that can be performed by the designated AWS service. 7048 Actions []*string `min:"1" type:"list"` 7049 7050 // The Amazon Resource Number (ARN) of the private CA from which the permission 7051 // was issued. 7052 CertificateAuthorityArn *string `min:"5" type:"string"` 7053 7054 // The time at which the permission was created. 7055 CreatedAt *time.Time `type:"timestamp"` 7056 7057 // The name of the policy that is associated with the permission. 7058 Policy *string `min:"1" type:"string"` 7059 7060 // The AWS service or entity that holds the permission. At this time, the only 7061 // valid principal is acm.amazonaws.com. 7062 Principal *string `type:"string"` 7063 7064 // The ID of the account that assigned the permission. 7065 SourceAccount *string `min:"12" type:"string"` 7066} 7067 7068// String returns the string representation. 7069// 7070// API parameter values that are decorated as "sensitive" in the API will not 7071// be included in the string output. The member name will be present, but the 7072// value will be replaced with "sensitive". 7073func (s Permission) String() string { 7074 return awsutil.Prettify(s) 7075} 7076 7077// GoString returns the string representation. 7078// 7079// API parameter values that are decorated as "sensitive" in the API will not 7080// be included in the string output. The member name will be present, but the 7081// value will be replaced with "sensitive". 7082func (s Permission) GoString() string { 7083 return s.String() 7084} 7085 7086// SetActions sets the Actions field's value. 7087func (s *Permission) SetActions(v []*string) *Permission { 7088 s.Actions = v 7089 return s 7090} 7091 7092// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7093func (s *Permission) SetCertificateAuthorityArn(v string) *Permission { 7094 s.CertificateAuthorityArn = &v 7095 return s 7096} 7097 7098// SetCreatedAt sets the CreatedAt field's value. 7099func (s *Permission) SetCreatedAt(v time.Time) *Permission { 7100 s.CreatedAt = &v 7101 return s 7102} 7103 7104// SetPolicy sets the Policy field's value. 7105func (s *Permission) SetPolicy(v string) *Permission { 7106 s.Policy = &v 7107 return s 7108} 7109 7110// SetPrincipal sets the Principal field's value. 7111func (s *Permission) SetPrincipal(v string) *Permission { 7112 s.Principal = &v 7113 return s 7114} 7115 7116// SetSourceAccount sets the SourceAccount field's value. 7117func (s *Permission) SetSourceAccount(v string) *Permission { 7118 s.SourceAccount = &v 7119 return s 7120} 7121 7122// The designated permission has already been given to the user. 7123type PermissionAlreadyExistsException struct { 7124 _ struct{} `type:"structure"` 7125 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7126 7127 Message_ *string `locationName:"message" type:"string"` 7128} 7129 7130// String returns the string representation. 7131// 7132// API parameter values that are decorated as "sensitive" in the API will not 7133// be included in the string output. The member name will be present, but the 7134// value will be replaced with "sensitive". 7135func (s PermissionAlreadyExistsException) String() string { 7136 return awsutil.Prettify(s) 7137} 7138 7139// GoString returns the string representation. 7140// 7141// API parameter values that are decorated as "sensitive" in the API will not 7142// be included in the string output. The member name will be present, but the 7143// value will be replaced with "sensitive". 7144func (s PermissionAlreadyExistsException) GoString() string { 7145 return s.String() 7146} 7147 7148func newErrorPermissionAlreadyExistsException(v protocol.ResponseMetadata) error { 7149 return &PermissionAlreadyExistsException{ 7150 RespMetadata: v, 7151 } 7152} 7153 7154// Code returns the exception type name. 7155func (s *PermissionAlreadyExistsException) Code() string { 7156 return "PermissionAlreadyExistsException" 7157} 7158 7159// Message returns the exception's message. 7160func (s *PermissionAlreadyExistsException) Message() string { 7161 if s.Message_ != nil { 7162 return *s.Message_ 7163 } 7164 return "" 7165} 7166 7167// OrigErr always returns nil, satisfies awserr.Error interface. 7168func (s *PermissionAlreadyExistsException) OrigErr() error { 7169 return nil 7170} 7171 7172func (s *PermissionAlreadyExistsException) Error() string { 7173 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7174} 7175 7176// Status code returns the HTTP status code for the request's response error. 7177func (s *PermissionAlreadyExistsException) StatusCode() int { 7178 return s.RespMetadata.StatusCode 7179} 7180 7181// RequestID returns the service's response RequestID for request. 7182func (s *PermissionAlreadyExistsException) RequestID() string { 7183 return s.RespMetadata.RequestID 7184} 7185 7186// Defines the X.509 CertificatePolicies extension. 7187type PolicyInformation struct { 7188 _ struct{} `type:"structure"` 7189 7190 // Specifies the object identifier (OID) of the certificate policy under which 7191 // the certificate was issued. For more information, see NIST's definition of 7192 // Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). 7193 // 7194 // CertPolicyId is a required field 7195 CertPolicyId *string `type:"string" required:"true"` 7196 7197 // Modifies the given CertPolicyId with a qualifier. ACM Private CA supports 7198 // the certification practice statement (CPS) qualifier. 7199 PolicyQualifiers []*PolicyQualifierInfo `min:"1" type:"list"` 7200} 7201 7202// String returns the string representation. 7203// 7204// API parameter values that are decorated as "sensitive" in the API will not 7205// be included in the string output. The member name will be present, but the 7206// value will be replaced with "sensitive". 7207func (s PolicyInformation) String() string { 7208 return awsutil.Prettify(s) 7209} 7210 7211// GoString returns the string representation. 7212// 7213// API parameter values that are decorated as "sensitive" in the API will not 7214// be included in the string output. The member name will be present, but the 7215// value will be replaced with "sensitive". 7216func (s PolicyInformation) GoString() string { 7217 return s.String() 7218} 7219 7220// Validate inspects the fields of the type to determine if they are valid. 7221func (s *PolicyInformation) Validate() error { 7222 invalidParams := request.ErrInvalidParams{Context: "PolicyInformation"} 7223 if s.CertPolicyId == nil { 7224 invalidParams.Add(request.NewErrParamRequired("CertPolicyId")) 7225 } 7226 if s.PolicyQualifiers != nil && len(s.PolicyQualifiers) < 1 { 7227 invalidParams.Add(request.NewErrParamMinLen("PolicyQualifiers", 1)) 7228 } 7229 if s.PolicyQualifiers != nil { 7230 for i, v := range s.PolicyQualifiers { 7231 if v == nil { 7232 continue 7233 } 7234 if err := v.Validate(); err != nil { 7235 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyQualifiers", i), err.(request.ErrInvalidParams)) 7236 } 7237 } 7238 } 7239 7240 if invalidParams.Len() > 0 { 7241 return invalidParams 7242 } 7243 return nil 7244} 7245 7246// SetCertPolicyId sets the CertPolicyId field's value. 7247func (s *PolicyInformation) SetCertPolicyId(v string) *PolicyInformation { 7248 s.CertPolicyId = &v 7249 return s 7250} 7251 7252// SetPolicyQualifiers sets the PolicyQualifiers field's value. 7253func (s *PolicyInformation) SetPolicyQualifiers(v []*PolicyQualifierInfo) *PolicyInformation { 7254 s.PolicyQualifiers = v 7255 return s 7256} 7257 7258// Modifies the CertPolicyId of a PolicyInformation object with a qualifier. 7259// ACM Private CA supports the certification practice statement (CPS) qualifier. 7260type PolicyQualifierInfo struct { 7261 _ struct{} `type:"structure"` 7262 7263 // Identifies the qualifier modifying a CertPolicyId. 7264 // 7265 // PolicyQualifierId is a required field 7266 PolicyQualifierId *string `type:"string" required:"true" enum:"PolicyQualifierId"` 7267 7268 // Defines the qualifier type. ACM Private CA supports the use of a URI for 7269 // a CPS qualifier in this field. 7270 // 7271 // Qualifier is a required field 7272 Qualifier *Qualifier `type:"structure" required:"true"` 7273} 7274 7275// String returns the string representation. 7276// 7277// API parameter values that are decorated as "sensitive" in the API will not 7278// be included in the string output. The member name will be present, but the 7279// value will be replaced with "sensitive". 7280func (s PolicyQualifierInfo) String() string { 7281 return awsutil.Prettify(s) 7282} 7283 7284// GoString returns the string representation. 7285// 7286// API parameter values that are decorated as "sensitive" in the API will not 7287// be included in the string output. The member name will be present, but the 7288// value will be replaced with "sensitive". 7289func (s PolicyQualifierInfo) GoString() string { 7290 return s.String() 7291} 7292 7293// Validate inspects the fields of the type to determine if they are valid. 7294func (s *PolicyQualifierInfo) Validate() error { 7295 invalidParams := request.ErrInvalidParams{Context: "PolicyQualifierInfo"} 7296 if s.PolicyQualifierId == nil { 7297 invalidParams.Add(request.NewErrParamRequired("PolicyQualifierId")) 7298 } 7299 if s.Qualifier == nil { 7300 invalidParams.Add(request.NewErrParamRequired("Qualifier")) 7301 } 7302 if s.Qualifier != nil { 7303 if err := s.Qualifier.Validate(); err != nil { 7304 invalidParams.AddNested("Qualifier", err.(request.ErrInvalidParams)) 7305 } 7306 } 7307 7308 if invalidParams.Len() > 0 { 7309 return invalidParams 7310 } 7311 return nil 7312} 7313 7314// SetPolicyQualifierId sets the PolicyQualifierId field's value. 7315func (s *PolicyQualifierInfo) SetPolicyQualifierId(v string) *PolicyQualifierInfo { 7316 s.PolicyQualifierId = &v 7317 return s 7318} 7319 7320// SetQualifier sets the Qualifier field's value. 7321func (s *PolicyQualifierInfo) SetQualifier(v *Qualifier) *PolicyQualifierInfo { 7322 s.Qualifier = v 7323 return s 7324} 7325 7326type PutPolicyInput struct { 7327 _ struct{} `type:"structure"` 7328 7329 // The path and file name of a JSON-formatted IAM policy to attach to the specified 7330 // private CA resource. If this policy does not contain all required statements 7331 // or if it includes any statement that is not allowed, the PutPolicy action 7332 // returns an InvalidPolicyException. For information about IAM policy and statement 7333 // structure, see Overview of JSON Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 7334 // 7335 // Policy is a required field 7336 Policy *string `min:"1" type:"string" required:"true"` 7337 7338 // The Amazon Resource Number (ARN) of the private CA to associate with the 7339 // policy. The ARN of the CA can be found by calling the ListCertificateAuthorities 7340 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 7341 // action. 7342 // 7343 // ResourceArn is a required field 7344 ResourceArn *string `min:"5" type:"string" required:"true"` 7345} 7346 7347// String returns the string representation. 7348// 7349// API parameter values that are decorated as "sensitive" in the API will not 7350// be included in the string output. The member name will be present, but the 7351// value will be replaced with "sensitive". 7352func (s PutPolicyInput) String() string { 7353 return awsutil.Prettify(s) 7354} 7355 7356// GoString returns the string representation. 7357// 7358// API parameter values that are decorated as "sensitive" in the API will not 7359// be included in the string output. The member name will be present, but the 7360// value will be replaced with "sensitive". 7361func (s PutPolicyInput) GoString() string { 7362 return s.String() 7363} 7364 7365// Validate inspects the fields of the type to determine if they are valid. 7366func (s *PutPolicyInput) Validate() error { 7367 invalidParams := request.ErrInvalidParams{Context: "PutPolicyInput"} 7368 if s.Policy == nil { 7369 invalidParams.Add(request.NewErrParamRequired("Policy")) 7370 } 7371 if s.Policy != nil && len(*s.Policy) < 1 { 7372 invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) 7373 } 7374 if s.ResourceArn == nil { 7375 invalidParams.Add(request.NewErrParamRequired("ResourceArn")) 7376 } 7377 if s.ResourceArn != nil && len(*s.ResourceArn) < 5 { 7378 invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 5)) 7379 } 7380 7381 if invalidParams.Len() > 0 { 7382 return invalidParams 7383 } 7384 return nil 7385} 7386 7387// SetPolicy sets the Policy field's value. 7388func (s *PutPolicyInput) SetPolicy(v string) *PutPolicyInput { 7389 s.Policy = &v 7390 return s 7391} 7392 7393// SetResourceArn sets the ResourceArn field's value. 7394func (s *PutPolicyInput) SetResourceArn(v string) *PutPolicyInput { 7395 s.ResourceArn = &v 7396 return s 7397} 7398 7399type PutPolicyOutput struct { 7400 _ struct{} `type:"structure"` 7401} 7402 7403// String returns the string representation. 7404// 7405// API parameter values that are decorated as "sensitive" in the API will not 7406// be included in the string output. The member name will be present, but the 7407// value will be replaced with "sensitive". 7408func (s PutPolicyOutput) String() string { 7409 return awsutil.Prettify(s) 7410} 7411 7412// GoString returns the string representation. 7413// 7414// API parameter values that are decorated as "sensitive" in the API will not 7415// be included in the string output. The member name will be present, but the 7416// value will be replaced with "sensitive". 7417func (s PutPolicyOutput) GoString() string { 7418 return s.String() 7419} 7420 7421// Defines a PolicyInformation qualifier. ACM Private CA supports the certification 7422// practice statement (CPS) qualifier (https://tools.ietf.org/html/rfc5280#section-4.2.1.4) 7423// defined in RFC 5280. 7424type Qualifier struct { 7425 _ struct{} `type:"structure"` 7426 7427 // Contains a pointer to a certification practice statement (CPS) published 7428 // by the CA. 7429 // 7430 // CpsUri is a required field 7431 CpsUri *string `type:"string" required:"true"` 7432} 7433 7434// String returns the string representation. 7435// 7436// API parameter values that are decorated as "sensitive" in the API will not 7437// be included in the string output. The member name will be present, but the 7438// value will be replaced with "sensitive". 7439func (s Qualifier) String() string { 7440 return awsutil.Prettify(s) 7441} 7442 7443// GoString returns the string representation. 7444// 7445// API parameter values that are decorated as "sensitive" in the API will not 7446// be included in the string output. The member name will be present, but the 7447// value will be replaced with "sensitive". 7448func (s Qualifier) GoString() string { 7449 return s.String() 7450} 7451 7452// Validate inspects the fields of the type to determine if they are valid. 7453func (s *Qualifier) Validate() error { 7454 invalidParams := request.ErrInvalidParams{Context: "Qualifier"} 7455 if s.CpsUri == nil { 7456 invalidParams.Add(request.NewErrParamRequired("CpsUri")) 7457 } 7458 7459 if invalidParams.Len() > 0 { 7460 return invalidParams 7461 } 7462 return nil 7463} 7464 7465// SetCpsUri sets the CpsUri field's value. 7466func (s *Qualifier) SetCpsUri(v string) *Qualifier { 7467 s.CpsUri = &v 7468 return s 7469} 7470 7471// Your request has already been completed. 7472type RequestAlreadyProcessedException struct { 7473 _ struct{} `type:"structure"` 7474 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7475 7476 Message_ *string `locationName:"message" type:"string"` 7477} 7478 7479// String returns the string representation. 7480// 7481// API parameter values that are decorated as "sensitive" in the API will not 7482// be included in the string output. The member name will be present, but the 7483// value will be replaced with "sensitive". 7484func (s RequestAlreadyProcessedException) String() string { 7485 return awsutil.Prettify(s) 7486} 7487 7488// GoString returns the string representation. 7489// 7490// API parameter values that are decorated as "sensitive" in the API will not 7491// be included in the string output. The member name will be present, but the 7492// value will be replaced with "sensitive". 7493func (s RequestAlreadyProcessedException) GoString() string { 7494 return s.String() 7495} 7496 7497func newErrorRequestAlreadyProcessedException(v protocol.ResponseMetadata) error { 7498 return &RequestAlreadyProcessedException{ 7499 RespMetadata: v, 7500 } 7501} 7502 7503// Code returns the exception type name. 7504func (s *RequestAlreadyProcessedException) Code() string { 7505 return "RequestAlreadyProcessedException" 7506} 7507 7508// Message returns the exception's message. 7509func (s *RequestAlreadyProcessedException) Message() string { 7510 if s.Message_ != nil { 7511 return *s.Message_ 7512 } 7513 return "" 7514} 7515 7516// OrigErr always returns nil, satisfies awserr.Error interface. 7517func (s *RequestAlreadyProcessedException) OrigErr() error { 7518 return nil 7519} 7520 7521func (s *RequestAlreadyProcessedException) Error() string { 7522 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7523} 7524 7525// Status code returns the HTTP status code for the request's response error. 7526func (s *RequestAlreadyProcessedException) StatusCode() int { 7527 return s.RespMetadata.StatusCode 7528} 7529 7530// RequestID returns the service's response RequestID for request. 7531func (s *RequestAlreadyProcessedException) RequestID() string { 7532 return s.RespMetadata.RequestID 7533} 7534 7535// The request has failed for an unspecified reason. 7536type RequestFailedException struct { 7537 _ struct{} `type:"structure"` 7538 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7539 7540 Message_ *string `locationName:"message" type:"string"` 7541} 7542 7543// String returns the string representation. 7544// 7545// API parameter values that are decorated as "sensitive" in the API will not 7546// be included in the string output. The member name will be present, but the 7547// value will be replaced with "sensitive". 7548func (s RequestFailedException) String() string { 7549 return awsutil.Prettify(s) 7550} 7551 7552// GoString returns the string representation. 7553// 7554// API parameter values that are decorated as "sensitive" in the API will not 7555// be included in the string output. The member name will be present, but the 7556// value will be replaced with "sensitive". 7557func (s RequestFailedException) GoString() string { 7558 return s.String() 7559} 7560 7561func newErrorRequestFailedException(v protocol.ResponseMetadata) error { 7562 return &RequestFailedException{ 7563 RespMetadata: v, 7564 } 7565} 7566 7567// Code returns the exception type name. 7568func (s *RequestFailedException) Code() string { 7569 return "RequestFailedException" 7570} 7571 7572// Message returns the exception's message. 7573func (s *RequestFailedException) Message() string { 7574 if s.Message_ != nil { 7575 return *s.Message_ 7576 } 7577 return "" 7578} 7579 7580// OrigErr always returns nil, satisfies awserr.Error interface. 7581func (s *RequestFailedException) OrigErr() error { 7582 return nil 7583} 7584 7585func (s *RequestFailedException) Error() string { 7586 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7587} 7588 7589// Status code returns the HTTP status code for the request's response error. 7590func (s *RequestFailedException) StatusCode() int { 7591 return s.RespMetadata.StatusCode 7592} 7593 7594// RequestID returns the service's response RequestID for request. 7595func (s *RequestFailedException) RequestID() string { 7596 return s.RespMetadata.RequestID 7597} 7598 7599// Your request is already in progress. 7600type RequestInProgressException struct { 7601 _ struct{} `type:"structure"` 7602 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7603 7604 Message_ *string `locationName:"message" type:"string"` 7605} 7606 7607// String returns the string representation. 7608// 7609// API parameter values that are decorated as "sensitive" in the API will not 7610// be included in the string output. The member name will be present, but the 7611// value will be replaced with "sensitive". 7612func (s RequestInProgressException) String() string { 7613 return awsutil.Prettify(s) 7614} 7615 7616// GoString returns the string representation. 7617// 7618// API parameter values that are decorated as "sensitive" in the API will not 7619// be included in the string output. The member name will be present, but the 7620// value will be replaced with "sensitive". 7621func (s RequestInProgressException) GoString() string { 7622 return s.String() 7623} 7624 7625func newErrorRequestInProgressException(v protocol.ResponseMetadata) error { 7626 return &RequestInProgressException{ 7627 RespMetadata: v, 7628 } 7629} 7630 7631// Code returns the exception type name. 7632func (s *RequestInProgressException) Code() string { 7633 return "RequestInProgressException" 7634} 7635 7636// Message returns the exception's message. 7637func (s *RequestInProgressException) Message() string { 7638 if s.Message_ != nil { 7639 return *s.Message_ 7640 } 7641 return "" 7642} 7643 7644// OrigErr always returns nil, satisfies awserr.Error interface. 7645func (s *RequestInProgressException) OrigErr() error { 7646 return nil 7647} 7648 7649func (s *RequestInProgressException) Error() string { 7650 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7651} 7652 7653// Status code returns the HTTP status code for the request's response error. 7654func (s *RequestInProgressException) StatusCode() int { 7655 return s.RespMetadata.StatusCode 7656} 7657 7658// RequestID returns the service's response RequestID for request. 7659func (s *RequestInProgressException) RequestID() string { 7660 return s.RespMetadata.RequestID 7661} 7662 7663// A resource such as a private CA, S3 bucket, certificate, audit report, or 7664// policy cannot be found. 7665type ResourceNotFoundException struct { 7666 _ struct{} `type:"structure"` 7667 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 7668 7669 Message_ *string `locationName:"message" type:"string"` 7670} 7671 7672// String returns the string representation. 7673// 7674// API parameter values that are decorated as "sensitive" in the API will not 7675// be included in the string output. The member name will be present, but the 7676// value will be replaced with "sensitive". 7677func (s ResourceNotFoundException) String() string { 7678 return awsutil.Prettify(s) 7679} 7680 7681// GoString returns the string representation. 7682// 7683// API parameter values that are decorated as "sensitive" in the API will not 7684// be included in the string output. The member name will be present, but the 7685// value will be replaced with "sensitive". 7686func (s ResourceNotFoundException) GoString() string { 7687 return s.String() 7688} 7689 7690func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { 7691 return &ResourceNotFoundException{ 7692 RespMetadata: v, 7693 } 7694} 7695 7696// Code returns the exception type name. 7697func (s *ResourceNotFoundException) Code() string { 7698 return "ResourceNotFoundException" 7699} 7700 7701// Message returns the exception's message. 7702func (s *ResourceNotFoundException) Message() string { 7703 if s.Message_ != nil { 7704 return *s.Message_ 7705 } 7706 return "" 7707} 7708 7709// OrigErr always returns nil, satisfies awserr.Error interface. 7710func (s *ResourceNotFoundException) OrigErr() error { 7711 return nil 7712} 7713 7714func (s *ResourceNotFoundException) Error() string { 7715 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 7716} 7717 7718// Status code returns the HTTP status code for the request's response error. 7719func (s *ResourceNotFoundException) StatusCode() int { 7720 return s.RespMetadata.StatusCode 7721} 7722 7723// RequestID returns the service's response RequestID for request. 7724func (s *ResourceNotFoundException) RequestID() string { 7725 return s.RespMetadata.RequestID 7726} 7727 7728type RestoreCertificateAuthorityInput struct { 7729 _ struct{} `type:"structure"` 7730 7731 // The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority 7732 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7733 // action. This must be of the form: 7734 // 7735 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7736 // 7737 // CertificateAuthorityArn is a required field 7738 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7739} 7740 7741// String returns the string representation. 7742// 7743// API parameter values that are decorated as "sensitive" in the API will not 7744// be included in the string output. The member name will be present, but the 7745// value will be replaced with "sensitive". 7746func (s RestoreCertificateAuthorityInput) String() string { 7747 return awsutil.Prettify(s) 7748} 7749 7750// GoString returns the string representation. 7751// 7752// API parameter values that are decorated as "sensitive" in the API will not 7753// be included in the string output. The member name will be present, but the 7754// value will be replaced with "sensitive". 7755func (s RestoreCertificateAuthorityInput) GoString() string { 7756 return s.String() 7757} 7758 7759// Validate inspects the fields of the type to determine if they are valid. 7760func (s *RestoreCertificateAuthorityInput) Validate() error { 7761 invalidParams := request.ErrInvalidParams{Context: "RestoreCertificateAuthorityInput"} 7762 if s.CertificateAuthorityArn == nil { 7763 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7764 } 7765 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7766 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7767 } 7768 7769 if invalidParams.Len() > 0 { 7770 return invalidParams 7771 } 7772 return nil 7773} 7774 7775// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7776func (s *RestoreCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *RestoreCertificateAuthorityInput { 7777 s.CertificateAuthorityArn = &v 7778 return s 7779} 7780 7781type RestoreCertificateAuthorityOutput struct { 7782 _ struct{} `type:"structure"` 7783} 7784 7785// String returns the string representation. 7786// 7787// API parameter values that are decorated as "sensitive" in the API will not 7788// be included in the string output. The member name will be present, but the 7789// value will be replaced with "sensitive". 7790func (s RestoreCertificateAuthorityOutput) String() string { 7791 return awsutil.Prettify(s) 7792} 7793 7794// GoString returns the string representation. 7795// 7796// API parameter values that are decorated as "sensitive" in the API will not 7797// be included in the string output. The member name will be present, but the 7798// value will be replaced with "sensitive". 7799func (s RestoreCertificateAuthorityOutput) GoString() string { 7800 return s.String() 7801} 7802 7803// Certificate revocation information used by the CreateCertificateAuthority 7804// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html) 7805// and UpdateCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) 7806// actions. Your private certificate authority (CA) can configure Online Certificate 7807// Status Protocol (OCSP) support and/or maintain a certificate revocation list 7808// (CRL). OCSP returns validation information about certificates as requested 7809// by clients, and a CRL contains an updated list of certificates revoked by 7810// your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) 7811// and Setting up a certificate revocation method (https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html) 7812// in the AWS Certificate Manager Private Certificate Authority (PCA) User Guide. 7813type RevocationConfiguration struct { 7814 _ struct{} `type:"structure"` 7815 7816 // Configuration of the certificate revocation list (CRL), if any, maintained 7817 // by your private CA. A CRL is typically updated approximately 30 minutes after 7818 // a certificate is revoked. If for any reason a CRL update fails, ACM Private 7819 // CA makes further attempts every 15 minutes. 7820 CrlConfiguration *CrlConfiguration `type:"structure"` 7821 7822 // Configuration of Online Certificate Status Protocol (OCSP) support, if any, 7823 // maintained by your private CA. When you revoke a certificate, OCSP responses 7824 // may take up to 60 minutes to reflect the new status. 7825 OcspConfiguration *OcspConfiguration `type:"structure"` 7826} 7827 7828// String returns the string representation. 7829// 7830// API parameter values that are decorated as "sensitive" in the API will not 7831// be included in the string output. The member name will be present, but the 7832// value will be replaced with "sensitive". 7833func (s RevocationConfiguration) String() string { 7834 return awsutil.Prettify(s) 7835} 7836 7837// GoString returns the string representation. 7838// 7839// API parameter values that are decorated as "sensitive" in the API will not 7840// be included in the string output. The member name will be present, but the 7841// value will be replaced with "sensitive". 7842func (s RevocationConfiguration) GoString() string { 7843 return s.String() 7844} 7845 7846// Validate inspects the fields of the type to determine if they are valid. 7847func (s *RevocationConfiguration) Validate() error { 7848 invalidParams := request.ErrInvalidParams{Context: "RevocationConfiguration"} 7849 if s.CrlConfiguration != nil { 7850 if err := s.CrlConfiguration.Validate(); err != nil { 7851 invalidParams.AddNested("CrlConfiguration", err.(request.ErrInvalidParams)) 7852 } 7853 } 7854 if s.OcspConfiguration != nil { 7855 if err := s.OcspConfiguration.Validate(); err != nil { 7856 invalidParams.AddNested("OcspConfiguration", err.(request.ErrInvalidParams)) 7857 } 7858 } 7859 7860 if invalidParams.Len() > 0 { 7861 return invalidParams 7862 } 7863 return nil 7864} 7865 7866// SetCrlConfiguration sets the CrlConfiguration field's value. 7867func (s *RevocationConfiguration) SetCrlConfiguration(v *CrlConfiguration) *RevocationConfiguration { 7868 s.CrlConfiguration = v 7869 return s 7870} 7871 7872// SetOcspConfiguration sets the OcspConfiguration field's value. 7873func (s *RevocationConfiguration) SetOcspConfiguration(v *OcspConfiguration) *RevocationConfiguration { 7874 s.OcspConfiguration = v 7875 return s 7876} 7877 7878type RevokeCertificateInput struct { 7879 _ struct{} `type:"structure"` 7880 7881 // Amazon Resource Name (ARN) of the private CA that issued the certificate 7882 // to be revoked. This must be of the form: 7883 // 7884 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 7885 // 7886 // CertificateAuthorityArn is a required field 7887 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 7888 7889 // Serial number of the certificate to be revoked. This must be in hexadecimal 7890 // format. You can retrieve the serial number by calling GetCertificate (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 7891 // with the Amazon Resource Name (ARN) of the certificate you want and the ARN 7892 // of your private CA. The GetCertificate action retrieves the certificate in 7893 // the PEM format. You can use the following OpenSSL command to list the certificate 7894 // in text format and copy the hexadecimal serial number. 7895 // 7896 // openssl x509 -in file_path -text -noout 7897 // 7898 // You can also copy the serial number from the console or use the DescribeCertificate 7899 // (https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) 7900 // action in the AWS Certificate Manager API Reference. 7901 // 7902 // CertificateSerial is a required field 7903 CertificateSerial *string `type:"string" required:"true"` 7904 7905 // Specifies why you revoked the certificate. 7906 // 7907 // RevocationReason is a required field 7908 RevocationReason *string `type:"string" required:"true" enum:"RevocationReason"` 7909} 7910 7911// String returns the string representation. 7912// 7913// API parameter values that are decorated as "sensitive" in the API will not 7914// be included in the string output. The member name will be present, but the 7915// value will be replaced with "sensitive". 7916func (s RevokeCertificateInput) String() string { 7917 return awsutil.Prettify(s) 7918} 7919 7920// GoString returns the string representation. 7921// 7922// API parameter values that are decorated as "sensitive" in the API will not 7923// be included in the string output. The member name will be present, but the 7924// value will be replaced with "sensitive". 7925func (s RevokeCertificateInput) GoString() string { 7926 return s.String() 7927} 7928 7929// Validate inspects the fields of the type to determine if they are valid. 7930func (s *RevokeCertificateInput) Validate() error { 7931 invalidParams := request.ErrInvalidParams{Context: "RevokeCertificateInput"} 7932 if s.CertificateAuthorityArn == nil { 7933 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 7934 } 7935 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 7936 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 7937 } 7938 if s.CertificateSerial == nil { 7939 invalidParams.Add(request.NewErrParamRequired("CertificateSerial")) 7940 } 7941 if s.RevocationReason == nil { 7942 invalidParams.Add(request.NewErrParamRequired("RevocationReason")) 7943 } 7944 7945 if invalidParams.Len() > 0 { 7946 return invalidParams 7947 } 7948 return nil 7949} 7950 7951// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 7952func (s *RevokeCertificateInput) SetCertificateAuthorityArn(v string) *RevokeCertificateInput { 7953 s.CertificateAuthorityArn = &v 7954 return s 7955} 7956 7957// SetCertificateSerial sets the CertificateSerial field's value. 7958func (s *RevokeCertificateInput) SetCertificateSerial(v string) *RevokeCertificateInput { 7959 s.CertificateSerial = &v 7960 return s 7961} 7962 7963// SetRevocationReason sets the RevocationReason field's value. 7964func (s *RevokeCertificateInput) SetRevocationReason(v string) *RevokeCertificateInput { 7965 s.RevocationReason = &v 7966 return s 7967} 7968 7969type RevokeCertificateOutput struct { 7970 _ struct{} `type:"structure"` 7971} 7972 7973// String returns the string representation. 7974// 7975// API parameter values that are decorated as "sensitive" in the API will not 7976// be included in the string output. The member name will be present, but the 7977// value will be replaced with "sensitive". 7978func (s RevokeCertificateOutput) String() string { 7979 return awsutil.Prettify(s) 7980} 7981 7982// GoString returns the string representation. 7983// 7984// API parameter values that are decorated as "sensitive" in the API will not 7985// be included in the string output. The member name will be present, but the 7986// value will be replaced with "sensitive". 7987func (s RevokeCertificateOutput) GoString() string { 7988 return s.String() 7989} 7990 7991// Tags are labels that you can use to identify and organize your private CAs. 7992// Each tag consists of a key and an optional value. You can associate up to 7993// 50 tags with a private CA. To add one or more tags to a private CA, call 7994// the TagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html) 7995// action. To remove a tag, call the UntagCertificateAuthority (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html) 7996// action. 7997type Tag struct { 7998 _ struct{} `type:"structure"` 7999 8000 // Key (name) of the tag. 8001 // 8002 // Key is a required field 8003 Key *string `min:"1" type:"string" required:"true"` 8004 8005 // Value of the tag. 8006 Value *string `type:"string"` 8007} 8008 8009// String returns the string representation. 8010// 8011// API parameter values that are decorated as "sensitive" in the API will not 8012// be included in the string output. The member name will be present, but the 8013// value will be replaced with "sensitive". 8014func (s Tag) String() string { 8015 return awsutil.Prettify(s) 8016} 8017 8018// GoString returns the string representation. 8019// 8020// API parameter values that are decorated as "sensitive" in the API will not 8021// be included in the string output. The member name will be present, but the 8022// value will be replaced with "sensitive". 8023func (s Tag) GoString() string { 8024 return s.String() 8025} 8026 8027// Validate inspects the fields of the type to determine if they are valid. 8028func (s *Tag) Validate() error { 8029 invalidParams := request.ErrInvalidParams{Context: "Tag"} 8030 if s.Key == nil { 8031 invalidParams.Add(request.NewErrParamRequired("Key")) 8032 } 8033 if s.Key != nil && len(*s.Key) < 1 { 8034 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 8035 } 8036 8037 if invalidParams.Len() > 0 { 8038 return invalidParams 8039 } 8040 return nil 8041} 8042 8043// SetKey sets the Key field's value. 8044func (s *Tag) SetKey(v string) *Tag { 8045 s.Key = &v 8046 return s 8047} 8048 8049// SetValue sets the Value field's value. 8050func (s *Tag) SetValue(v string) *Tag { 8051 s.Value = &v 8052 return s 8053} 8054 8055type TagCertificateAuthorityInput struct { 8056 _ struct{} `type:"structure"` 8057 8058 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 8059 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 8060 // This must be of the form: 8061 // 8062 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 8063 // 8064 // CertificateAuthorityArn is a required field 8065 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 8066 8067 // List of tags to be associated with the CA. 8068 // 8069 // Tags is a required field 8070 Tags []*Tag `min:"1" type:"list" required:"true"` 8071} 8072 8073// String returns the string representation. 8074// 8075// API parameter values that are decorated as "sensitive" in the API will not 8076// be included in the string output. The member name will be present, but the 8077// value will be replaced with "sensitive". 8078func (s TagCertificateAuthorityInput) String() string { 8079 return awsutil.Prettify(s) 8080} 8081 8082// GoString returns the string representation. 8083// 8084// API parameter values that are decorated as "sensitive" in the API will not 8085// be included in the string output. The member name will be present, but the 8086// value will be replaced with "sensitive". 8087func (s TagCertificateAuthorityInput) GoString() string { 8088 return s.String() 8089} 8090 8091// Validate inspects the fields of the type to determine if they are valid. 8092func (s *TagCertificateAuthorityInput) Validate() error { 8093 invalidParams := request.ErrInvalidParams{Context: "TagCertificateAuthorityInput"} 8094 if s.CertificateAuthorityArn == nil { 8095 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 8096 } 8097 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 8098 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 8099 } 8100 if s.Tags == nil { 8101 invalidParams.Add(request.NewErrParamRequired("Tags")) 8102 } 8103 if s.Tags != nil && len(s.Tags) < 1 { 8104 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 8105 } 8106 if s.Tags != nil { 8107 for i, v := range s.Tags { 8108 if v == nil { 8109 continue 8110 } 8111 if err := v.Validate(); err != nil { 8112 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 8113 } 8114 } 8115 } 8116 8117 if invalidParams.Len() > 0 { 8118 return invalidParams 8119 } 8120 return nil 8121} 8122 8123// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 8124func (s *TagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *TagCertificateAuthorityInput { 8125 s.CertificateAuthorityArn = &v 8126 return s 8127} 8128 8129// SetTags sets the Tags field's value. 8130func (s *TagCertificateAuthorityInput) SetTags(v []*Tag) *TagCertificateAuthorityInput { 8131 s.Tags = v 8132 return s 8133} 8134 8135type TagCertificateAuthorityOutput struct { 8136 _ struct{} `type:"structure"` 8137} 8138 8139// String returns the string representation. 8140// 8141// API parameter values that are decorated as "sensitive" in the API will not 8142// be included in the string output. The member name will be present, but the 8143// value will be replaced with "sensitive". 8144func (s TagCertificateAuthorityOutput) String() string { 8145 return awsutil.Prettify(s) 8146} 8147 8148// GoString returns the string representation. 8149// 8150// API parameter values that are decorated as "sensitive" in the API will not 8151// be included in the string output. The member name will be present, but the 8152// value will be replaced with "sensitive". 8153func (s TagCertificateAuthorityOutput) GoString() string { 8154 return s.String() 8155} 8156 8157// You can associate up to 50 tags with a private CA. Exception information 8158// is contained in the exception message field. 8159type TooManyTagsException struct { 8160 _ struct{} `type:"structure"` 8161 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 8162 8163 Message_ *string `locationName:"message" type:"string"` 8164} 8165 8166// String returns the string representation. 8167// 8168// API parameter values that are decorated as "sensitive" in the API will not 8169// be included in the string output. The member name will be present, but the 8170// value will be replaced with "sensitive". 8171func (s TooManyTagsException) String() string { 8172 return awsutil.Prettify(s) 8173} 8174 8175// GoString returns the string representation. 8176// 8177// API parameter values that are decorated as "sensitive" in the API will not 8178// be included in the string output. The member name will be present, but the 8179// value will be replaced with "sensitive". 8180func (s TooManyTagsException) GoString() string { 8181 return s.String() 8182} 8183 8184func newErrorTooManyTagsException(v protocol.ResponseMetadata) error { 8185 return &TooManyTagsException{ 8186 RespMetadata: v, 8187 } 8188} 8189 8190// Code returns the exception type name. 8191func (s *TooManyTagsException) Code() string { 8192 return "TooManyTagsException" 8193} 8194 8195// Message returns the exception's message. 8196func (s *TooManyTagsException) Message() string { 8197 if s.Message_ != nil { 8198 return *s.Message_ 8199 } 8200 return "" 8201} 8202 8203// OrigErr always returns nil, satisfies awserr.Error interface. 8204func (s *TooManyTagsException) OrigErr() error { 8205 return nil 8206} 8207 8208func (s *TooManyTagsException) Error() string { 8209 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 8210} 8211 8212// Status code returns the HTTP status code for the request's response error. 8213func (s *TooManyTagsException) StatusCode() int { 8214 return s.RespMetadata.StatusCode 8215} 8216 8217// RequestID returns the service's response RequestID for request. 8218func (s *TooManyTagsException) RequestID() string { 8219 return s.RespMetadata.RequestID 8220} 8221 8222type UntagCertificateAuthorityInput struct { 8223 _ struct{} `type:"structure"` 8224 8225 // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority 8226 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html). 8227 // This must be of the form: 8228 // 8229 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 8230 // 8231 // CertificateAuthorityArn is a required field 8232 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 8233 8234 // List of tags to be removed from the CA. 8235 // 8236 // Tags is a required field 8237 Tags []*Tag `min:"1" type:"list" required:"true"` 8238} 8239 8240// String returns the string representation. 8241// 8242// API parameter values that are decorated as "sensitive" in the API will not 8243// be included in the string output. The member name will be present, but the 8244// value will be replaced with "sensitive". 8245func (s UntagCertificateAuthorityInput) String() string { 8246 return awsutil.Prettify(s) 8247} 8248 8249// GoString returns the string representation. 8250// 8251// API parameter values that are decorated as "sensitive" in the API will not 8252// be included in the string output. The member name will be present, but the 8253// value will be replaced with "sensitive". 8254func (s UntagCertificateAuthorityInput) GoString() string { 8255 return s.String() 8256} 8257 8258// Validate inspects the fields of the type to determine if they are valid. 8259func (s *UntagCertificateAuthorityInput) Validate() error { 8260 invalidParams := request.ErrInvalidParams{Context: "UntagCertificateAuthorityInput"} 8261 if s.CertificateAuthorityArn == nil { 8262 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 8263 } 8264 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 8265 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 8266 } 8267 if s.Tags == nil { 8268 invalidParams.Add(request.NewErrParamRequired("Tags")) 8269 } 8270 if s.Tags != nil && len(s.Tags) < 1 { 8271 invalidParams.Add(request.NewErrParamMinLen("Tags", 1)) 8272 } 8273 if s.Tags != nil { 8274 for i, v := range s.Tags { 8275 if v == nil { 8276 continue 8277 } 8278 if err := v.Validate(); err != nil { 8279 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 8280 } 8281 } 8282 } 8283 8284 if invalidParams.Len() > 0 { 8285 return invalidParams 8286 } 8287 return nil 8288} 8289 8290// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 8291func (s *UntagCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UntagCertificateAuthorityInput { 8292 s.CertificateAuthorityArn = &v 8293 return s 8294} 8295 8296// SetTags sets the Tags field's value. 8297func (s *UntagCertificateAuthorityInput) SetTags(v []*Tag) *UntagCertificateAuthorityInput { 8298 s.Tags = v 8299 return s 8300} 8301 8302type UntagCertificateAuthorityOutput struct { 8303 _ struct{} `type:"structure"` 8304} 8305 8306// String returns the string representation. 8307// 8308// API parameter values that are decorated as "sensitive" in the API will not 8309// be included in the string output. The member name will be present, but the 8310// value will be replaced with "sensitive". 8311func (s UntagCertificateAuthorityOutput) String() string { 8312 return awsutil.Prettify(s) 8313} 8314 8315// GoString returns the string representation. 8316// 8317// API parameter values that are decorated as "sensitive" in the API will not 8318// be included in the string output. The member name will be present, but the 8319// value will be replaced with "sensitive". 8320func (s UntagCertificateAuthorityOutput) GoString() string { 8321 return s.String() 8322} 8323 8324type UpdateCertificateAuthorityInput struct { 8325 _ struct{} `type:"structure"` 8326 8327 // Amazon Resource Name (ARN) of the private CA that issued the certificate 8328 // to be revoked. This must be of the form: 8329 // 8330 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 8331 // 8332 // CertificateAuthorityArn is a required field 8333 CertificateAuthorityArn *string `min:"5" type:"string" required:"true"` 8334 8335 // Contains information to enable Online Certificate Status Protocol (OCSP) 8336 // support, to enable a certificate revocation list (CRL), to enable both, or 8337 // to enable neither. If this parameter is not supplied, existing capibilites 8338 // remain unchanged. For more information, see the OcspConfiguration (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html) 8339 // and CrlConfiguration (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html) 8340 // types. 8341 RevocationConfiguration *RevocationConfiguration `type:"structure"` 8342 8343 // Status of your private CA. 8344 Status *string `type:"string" enum:"CertificateAuthorityStatus"` 8345} 8346 8347// String returns the string representation. 8348// 8349// API parameter values that are decorated as "sensitive" in the API will not 8350// be included in the string output. The member name will be present, but the 8351// value will be replaced with "sensitive". 8352func (s UpdateCertificateAuthorityInput) String() string { 8353 return awsutil.Prettify(s) 8354} 8355 8356// GoString returns the string representation. 8357// 8358// API parameter values that are decorated as "sensitive" in the API will not 8359// be included in the string output. The member name will be present, but the 8360// value will be replaced with "sensitive". 8361func (s UpdateCertificateAuthorityInput) GoString() string { 8362 return s.String() 8363} 8364 8365// Validate inspects the fields of the type to determine if they are valid. 8366func (s *UpdateCertificateAuthorityInput) Validate() error { 8367 invalidParams := request.ErrInvalidParams{Context: "UpdateCertificateAuthorityInput"} 8368 if s.CertificateAuthorityArn == nil { 8369 invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn")) 8370 } 8371 if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 { 8372 invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5)) 8373 } 8374 if s.RevocationConfiguration != nil { 8375 if err := s.RevocationConfiguration.Validate(); err != nil { 8376 invalidParams.AddNested("RevocationConfiguration", err.(request.ErrInvalidParams)) 8377 } 8378 } 8379 8380 if invalidParams.Len() > 0 { 8381 return invalidParams 8382 } 8383 return nil 8384} 8385 8386// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value. 8387func (s *UpdateCertificateAuthorityInput) SetCertificateAuthorityArn(v string) *UpdateCertificateAuthorityInput { 8388 s.CertificateAuthorityArn = &v 8389 return s 8390} 8391 8392// SetRevocationConfiguration sets the RevocationConfiguration field's value. 8393func (s *UpdateCertificateAuthorityInput) SetRevocationConfiguration(v *RevocationConfiguration) *UpdateCertificateAuthorityInput { 8394 s.RevocationConfiguration = v 8395 return s 8396} 8397 8398// SetStatus sets the Status field's value. 8399func (s *UpdateCertificateAuthorityInput) SetStatus(v string) *UpdateCertificateAuthorityInput { 8400 s.Status = &v 8401 return s 8402} 8403 8404type UpdateCertificateAuthorityOutput struct { 8405 _ struct{} `type:"structure"` 8406} 8407 8408// String returns the string representation. 8409// 8410// API parameter values that are decorated as "sensitive" in the API will not 8411// be included in the string output. The member name will be present, but the 8412// value will be replaced with "sensitive". 8413func (s UpdateCertificateAuthorityOutput) String() string { 8414 return awsutil.Prettify(s) 8415} 8416 8417// GoString returns the string representation. 8418// 8419// API parameter values that are decorated as "sensitive" in the API will not 8420// be included in the string output. The member name will be present, but the 8421// value will be replaced with "sensitive". 8422func (s UpdateCertificateAuthorityOutput) GoString() string { 8423 return s.String() 8424} 8425 8426// Validity specifies the period of time during which a certificate is valid. 8427// Validity can be expressed as an explicit date and time when the validity 8428// of a certificate starts or expires, or as a span of time after issuance, 8429// stated in days, months, or years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) 8430// in RFC 5280. 8431// 8432// ACM Private CA API consumes the Validity data type differently in two distinct 8433// parameters of the IssueCertificate action. The required parameter IssueCertificate:Validity 8434// specifies the end of a certificate's validity period. The optional parameter 8435// IssueCertificate:ValidityNotBefore specifies a customized starting time for 8436// the validity period. 8437type Validity struct { 8438 _ struct{} `type:"structure"` 8439 8440 // Determines how ACM Private CA interprets the Value parameter, an integer. 8441 // Supported validity types include those listed below. Type definitions with 8442 // values include a sample input value and the resulting output. 8443 // 8444 // END_DATE: The specific date and time when the certificate will expire, expressed 8445 // using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS) format. 8446 // When UTCTime is used, if the year field (YY) is greater than or equal to 8447 // 50, the year is interpreted as 19YY. If the year field is less than 50, the 8448 // year is interpreted as 20YY. 8449 // 8450 // * Sample input value: 491231235959 (UTCTime format) 8451 // 8452 // * Output expiration date/time: 12/31/2049 23:59:59 8453 // 8454 // ABSOLUTE: The specific date and time when the validity of a certificate will 8455 // start or expire, expressed in seconds since the Unix Epoch. 8456 // 8457 // * Sample input value: 2524608000 8458 // 8459 // * Output expiration date/time: 01/01/2050 00:00:00 8460 // 8461 // DAYS, MONTHS, YEARS: The relative time from the moment of issuance until 8462 // the certificate will expire, expressed in days, months, or years. 8463 // 8464 // Example if DAYS, issued on 10/12/2020 at 12:34:54 UTC: 8465 // 8466 // * Sample input value: 90 8467 // 8468 // * Output expiration date: 01/10/2020 12:34:54 UTC 8469 // 8470 // The minimum validity duration for a certificate using relative time (DAYS) 8471 // is one day. The minimum validity for a certificate using absolute time (ABSOLUTE 8472 // or END_DATE) is one second. 8473 // 8474 // Type is a required field 8475 Type *string `type:"string" required:"true" enum:"ValidityPeriodType"` 8476 8477 // A long integer interpreted according to the value of Type, below. 8478 // 8479 // Value is a required field 8480 Value *int64 `min:"1" type:"long" required:"true"` 8481} 8482 8483// String returns the string representation. 8484// 8485// API parameter values that are decorated as "sensitive" in the API will not 8486// be included in the string output. The member name will be present, but the 8487// value will be replaced with "sensitive". 8488func (s Validity) String() string { 8489 return awsutil.Prettify(s) 8490} 8491 8492// GoString returns the string representation. 8493// 8494// API parameter values that are decorated as "sensitive" in the API will not 8495// be included in the string output. The member name will be present, but the 8496// value will be replaced with "sensitive". 8497func (s Validity) GoString() string { 8498 return s.String() 8499} 8500 8501// Validate inspects the fields of the type to determine if they are valid. 8502func (s *Validity) Validate() error { 8503 invalidParams := request.ErrInvalidParams{Context: "Validity"} 8504 if s.Type == nil { 8505 invalidParams.Add(request.NewErrParamRequired("Type")) 8506 } 8507 if s.Value == nil { 8508 invalidParams.Add(request.NewErrParamRequired("Value")) 8509 } 8510 if s.Value != nil && *s.Value < 1 { 8511 invalidParams.Add(request.NewErrParamMinValue("Value", 1)) 8512 } 8513 8514 if invalidParams.Len() > 0 { 8515 return invalidParams 8516 } 8517 return nil 8518} 8519 8520// SetType sets the Type field's value. 8521func (s *Validity) SetType(v string) *Validity { 8522 s.Type = &v 8523 return s 8524} 8525 8526// SetValue sets the Value field's value. 8527func (s *Validity) SetValue(v int64) *Validity { 8528 s.Value = &v 8529 return s 8530} 8531 8532const ( 8533 // AccessMethodTypeCaRepository is a AccessMethodType enum value 8534 AccessMethodTypeCaRepository = "CA_REPOSITORY" 8535 8536 // AccessMethodTypeResourcePkiManifest is a AccessMethodType enum value 8537 AccessMethodTypeResourcePkiManifest = "RESOURCE_PKI_MANIFEST" 8538 8539 // AccessMethodTypeResourcePkiNotify is a AccessMethodType enum value 8540 AccessMethodTypeResourcePkiNotify = "RESOURCE_PKI_NOTIFY" 8541) 8542 8543// AccessMethodType_Values returns all elements of the AccessMethodType enum 8544func AccessMethodType_Values() []string { 8545 return []string{ 8546 AccessMethodTypeCaRepository, 8547 AccessMethodTypeResourcePkiManifest, 8548 AccessMethodTypeResourcePkiNotify, 8549 } 8550} 8551 8552const ( 8553 // ActionTypeIssueCertificate is a ActionType enum value 8554 ActionTypeIssueCertificate = "IssueCertificate" 8555 8556 // ActionTypeGetCertificate is a ActionType enum value 8557 ActionTypeGetCertificate = "GetCertificate" 8558 8559 // ActionTypeListPermissions is a ActionType enum value 8560 ActionTypeListPermissions = "ListPermissions" 8561) 8562 8563// ActionType_Values returns all elements of the ActionType enum 8564func ActionType_Values() []string { 8565 return []string{ 8566 ActionTypeIssueCertificate, 8567 ActionTypeGetCertificate, 8568 ActionTypeListPermissions, 8569 } 8570} 8571 8572const ( 8573 // AuditReportResponseFormatJson is a AuditReportResponseFormat enum value 8574 AuditReportResponseFormatJson = "JSON" 8575 8576 // AuditReportResponseFormatCsv is a AuditReportResponseFormat enum value 8577 AuditReportResponseFormatCsv = "CSV" 8578) 8579 8580// AuditReportResponseFormat_Values returns all elements of the AuditReportResponseFormat enum 8581func AuditReportResponseFormat_Values() []string { 8582 return []string{ 8583 AuditReportResponseFormatJson, 8584 AuditReportResponseFormatCsv, 8585 } 8586} 8587 8588const ( 8589 // AuditReportStatusCreating is a AuditReportStatus enum value 8590 AuditReportStatusCreating = "CREATING" 8591 8592 // AuditReportStatusSuccess is a AuditReportStatus enum value 8593 AuditReportStatusSuccess = "SUCCESS" 8594 8595 // AuditReportStatusFailed is a AuditReportStatus enum value 8596 AuditReportStatusFailed = "FAILED" 8597) 8598 8599// AuditReportStatus_Values returns all elements of the AuditReportStatus enum 8600func AuditReportStatus_Values() []string { 8601 return []string{ 8602 AuditReportStatusCreating, 8603 AuditReportStatusSuccess, 8604 AuditReportStatusFailed, 8605 } 8606} 8607 8608const ( 8609 // CertificateAuthorityStatusCreating is a CertificateAuthorityStatus enum value 8610 CertificateAuthorityStatusCreating = "CREATING" 8611 8612 // CertificateAuthorityStatusPendingCertificate is a CertificateAuthorityStatus enum value 8613 CertificateAuthorityStatusPendingCertificate = "PENDING_CERTIFICATE" 8614 8615 // CertificateAuthorityStatusActive is a CertificateAuthorityStatus enum value 8616 CertificateAuthorityStatusActive = "ACTIVE" 8617 8618 // CertificateAuthorityStatusDeleted is a CertificateAuthorityStatus enum value 8619 CertificateAuthorityStatusDeleted = "DELETED" 8620 8621 // CertificateAuthorityStatusDisabled is a CertificateAuthorityStatus enum value 8622 CertificateAuthorityStatusDisabled = "DISABLED" 8623 8624 // CertificateAuthorityStatusExpired is a CertificateAuthorityStatus enum value 8625 CertificateAuthorityStatusExpired = "EXPIRED" 8626 8627 // CertificateAuthorityStatusFailed is a CertificateAuthorityStatus enum value 8628 CertificateAuthorityStatusFailed = "FAILED" 8629) 8630 8631// CertificateAuthorityStatus_Values returns all elements of the CertificateAuthorityStatus enum 8632func CertificateAuthorityStatus_Values() []string { 8633 return []string{ 8634 CertificateAuthorityStatusCreating, 8635 CertificateAuthorityStatusPendingCertificate, 8636 CertificateAuthorityStatusActive, 8637 CertificateAuthorityStatusDeleted, 8638 CertificateAuthorityStatusDisabled, 8639 CertificateAuthorityStatusExpired, 8640 CertificateAuthorityStatusFailed, 8641 } 8642} 8643 8644const ( 8645 // CertificateAuthorityTypeRoot is a CertificateAuthorityType enum value 8646 CertificateAuthorityTypeRoot = "ROOT" 8647 8648 // CertificateAuthorityTypeSubordinate is a CertificateAuthorityType enum value 8649 CertificateAuthorityTypeSubordinate = "SUBORDINATE" 8650) 8651 8652// CertificateAuthorityType_Values returns all elements of the CertificateAuthorityType enum 8653func CertificateAuthorityType_Values() []string { 8654 return []string{ 8655 CertificateAuthorityTypeRoot, 8656 CertificateAuthorityTypeSubordinate, 8657 } 8658} 8659 8660const ( 8661 // ExtendedKeyUsageTypeServerAuth is a ExtendedKeyUsageType enum value 8662 ExtendedKeyUsageTypeServerAuth = "SERVER_AUTH" 8663 8664 // ExtendedKeyUsageTypeClientAuth is a ExtendedKeyUsageType enum value 8665 ExtendedKeyUsageTypeClientAuth = "CLIENT_AUTH" 8666 8667 // ExtendedKeyUsageTypeCodeSigning is a ExtendedKeyUsageType enum value 8668 ExtendedKeyUsageTypeCodeSigning = "CODE_SIGNING" 8669 8670 // ExtendedKeyUsageTypeEmailProtection is a ExtendedKeyUsageType enum value 8671 ExtendedKeyUsageTypeEmailProtection = "EMAIL_PROTECTION" 8672 8673 // ExtendedKeyUsageTypeTimeStamping is a ExtendedKeyUsageType enum value 8674 ExtendedKeyUsageTypeTimeStamping = "TIME_STAMPING" 8675 8676 // ExtendedKeyUsageTypeOcspSigning is a ExtendedKeyUsageType enum value 8677 ExtendedKeyUsageTypeOcspSigning = "OCSP_SIGNING" 8678 8679 // ExtendedKeyUsageTypeSmartCardLogin is a ExtendedKeyUsageType enum value 8680 ExtendedKeyUsageTypeSmartCardLogin = "SMART_CARD_LOGIN" 8681 8682 // ExtendedKeyUsageTypeDocumentSigning is a ExtendedKeyUsageType enum value 8683 ExtendedKeyUsageTypeDocumentSigning = "DOCUMENT_SIGNING" 8684 8685 // ExtendedKeyUsageTypeCertificateTransparency is a ExtendedKeyUsageType enum value 8686 ExtendedKeyUsageTypeCertificateTransparency = "CERTIFICATE_TRANSPARENCY" 8687) 8688 8689// ExtendedKeyUsageType_Values returns all elements of the ExtendedKeyUsageType enum 8690func ExtendedKeyUsageType_Values() []string { 8691 return []string{ 8692 ExtendedKeyUsageTypeServerAuth, 8693 ExtendedKeyUsageTypeClientAuth, 8694 ExtendedKeyUsageTypeCodeSigning, 8695 ExtendedKeyUsageTypeEmailProtection, 8696 ExtendedKeyUsageTypeTimeStamping, 8697 ExtendedKeyUsageTypeOcspSigning, 8698 ExtendedKeyUsageTypeSmartCardLogin, 8699 ExtendedKeyUsageTypeDocumentSigning, 8700 ExtendedKeyUsageTypeCertificateTransparency, 8701 } 8702} 8703 8704const ( 8705 // FailureReasonRequestTimedOut is a FailureReason enum value 8706 FailureReasonRequestTimedOut = "REQUEST_TIMED_OUT" 8707 8708 // FailureReasonUnsupportedAlgorithm is a FailureReason enum value 8709 FailureReasonUnsupportedAlgorithm = "UNSUPPORTED_ALGORITHM" 8710 8711 // FailureReasonOther is a FailureReason enum value 8712 FailureReasonOther = "OTHER" 8713) 8714 8715// FailureReason_Values returns all elements of the FailureReason enum 8716func FailureReason_Values() []string { 8717 return []string{ 8718 FailureReasonRequestTimedOut, 8719 FailureReasonUnsupportedAlgorithm, 8720 FailureReasonOther, 8721 } 8722} 8723 8724const ( 8725 // KeyAlgorithmRsa2048 is a KeyAlgorithm enum value 8726 KeyAlgorithmRsa2048 = "RSA_2048" 8727 8728 // KeyAlgorithmRsa4096 is a KeyAlgorithm enum value 8729 KeyAlgorithmRsa4096 = "RSA_4096" 8730 8731 // KeyAlgorithmEcPrime256v1 is a KeyAlgorithm enum value 8732 KeyAlgorithmEcPrime256v1 = "EC_prime256v1" 8733 8734 // KeyAlgorithmEcSecp384r1 is a KeyAlgorithm enum value 8735 KeyAlgorithmEcSecp384r1 = "EC_secp384r1" 8736) 8737 8738// KeyAlgorithm_Values returns all elements of the KeyAlgorithm enum 8739func KeyAlgorithm_Values() []string { 8740 return []string{ 8741 KeyAlgorithmRsa2048, 8742 KeyAlgorithmRsa4096, 8743 KeyAlgorithmEcPrime256v1, 8744 KeyAlgorithmEcSecp384r1, 8745 } 8746} 8747 8748const ( 8749 // KeyStorageSecurityStandardFips1402Level2OrHigher is a KeyStorageSecurityStandard enum value 8750 KeyStorageSecurityStandardFips1402Level2OrHigher = "FIPS_140_2_LEVEL_2_OR_HIGHER" 8751 8752 // KeyStorageSecurityStandardFips1402Level3OrHigher is a KeyStorageSecurityStandard enum value 8753 KeyStorageSecurityStandardFips1402Level3OrHigher = "FIPS_140_2_LEVEL_3_OR_HIGHER" 8754) 8755 8756// KeyStorageSecurityStandard_Values returns all elements of the KeyStorageSecurityStandard enum 8757func KeyStorageSecurityStandard_Values() []string { 8758 return []string{ 8759 KeyStorageSecurityStandardFips1402Level2OrHigher, 8760 KeyStorageSecurityStandardFips1402Level3OrHigher, 8761 } 8762} 8763 8764const ( 8765 // PolicyQualifierIdCps is a PolicyQualifierId enum value 8766 PolicyQualifierIdCps = "CPS" 8767) 8768 8769// PolicyQualifierId_Values returns all elements of the PolicyQualifierId enum 8770func PolicyQualifierId_Values() []string { 8771 return []string{ 8772 PolicyQualifierIdCps, 8773 } 8774} 8775 8776const ( 8777 // ResourceOwnerSelf is a ResourceOwner enum value 8778 ResourceOwnerSelf = "SELF" 8779 8780 // ResourceOwnerOtherAccounts is a ResourceOwner enum value 8781 ResourceOwnerOtherAccounts = "OTHER_ACCOUNTS" 8782) 8783 8784// ResourceOwner_Values returns all elements of the ResourceOwner enum 8785func ResourceOwner_Values() []string { 8786 return []string{ 8787 ResourceOwnerSelf, 8788 ResourceOwnerOtherAccounts, 8789 } 8790} 8791 8792const ( 8793 // RevocationReasonUnspecified is a RevocationReason enum value 8794 RevocationReasonUnspecified = "UNSPECIFIED" 8795 8796 // RevocationReasonKeyCompromise is a RevocationReason enum value 8797 RevocationReasonKeyCompromise = "KEY_COMPROMISE" 8798 8799 // RevocationReasonCertificateAuthorityCompromise is a RevocationReason enum value 8800 RevocationReasonCertificateAuthorityCompromise = "CERTIFICATE_AUTHORITY_COMPROMISE" 8801 8802 // RevocationReasonAffiliationChanged is a RevocationReason enum value 8803 RevocationReasonAffiliationChanged = "AFFILIATION_CHANGED" 8804 8805 // RevocationReasonSuperseded is a RevocationReason enum value 8806 RevocationReasonSuperseded = "SUPERSEDED" 8807 8808 // RevocationReasonCessationOfOperation is a RevocationReason enum value 8809 RevocationReasonCessationOfOperation = "CESSATION_OF_OPERATION" 8810 8811 // RevocationReasonPrivilegeWithdrawn is a RevocationReason enum value 8812 RevocationReasonPrivilegeWithdrawn = "PRIVILEGE_WITHDRAWN" 8813 8814 // RevocationReasonAACompromise is a RevocationReason enum value 8815 RevocationReasonAACompromise = "A_A_COMPROMISE" 8816) 8817 8818// RevocationReason_Values returns all elements of the RevocationReason enum 8819func RevocationReason_Values() []string { 8820 return []string{ 8821 RevocationReasonUnspecified, 8822 RevocationReasonKeyCompromise, 8823 RevocationReasonCertificateAuthorityCompromise, 8824 RevocationReasonAffiliationChanged, 8825 RevocationReasonSuperseded, 8826 RevocationReasonCessationOfOperation, 8827 RevocationReasonPrivilegeWithdrawn, 8828 RevocationReasonAACompromise, 8829 } 8830} 8831 8832const ( 8833 // S3ObjectAclPublicRead is a S3ObjectAcl enum value 8834 S3ObjectAclPublicRead = "PUBLIC_READ" 8835 8836 // S3ObjectAclBucketOwnerFullControl is a S3ObjectAcl enum value 8837 S3ObjectAclBucketOwnerFullControl = "BUCKET_OWNER_FULL_CONTROL" 8838) 8839 8840// S3ObjectAcl_Values returns all elements of the S3ObjectAcl enum 8841func S3ObjectAcl_Values() []string { 8842 return []string{ 8843 S3ObjectAclPublicRead, 8844 S3ObjectAclBucketOwnerFullControl, 8845 } 8846} 8847 8848const ( 8849 // SigningAlgorithmSha256withecdsa is a SigningAlgorithm enum value 8850 SigningAlgorithmSha256withecdsa = "SHA256WITHECDSA" 8851 8852 // SigningAlgorithmSha384withecdsa is a SigningAlgorithm enum value 8853 SigningAlgorithmSha384withecdsa = "SHA384WITHECDSA" 8854 8855 // SigningAlgorithmSha512withecdsa is a SigningAlgorithm enum value 8856 SigningAlgorithmSha512withecdsa = "SHA512WITHECDSA" 8857 8858 // SigningAlgorithmSha256withrsa is a SigningAlgorithm enum value 8859 SigningAlgorithmSha256withrsa = "SHA256WITHRSA" 8860 8861 // SigningAlgorithmSha384withrsa is a SigningAlgorithm enum value 8862 SigningAlgorithmSha384withrsa = "SHA384WITHRSA" 8863 8864 // SigningAlgorithmSha512withrsa is a SigningAlgorithm enum value 8865 SigningAlgorithmSha512withrsa = "SHA512WITHRSA" 8866) 8867 8868// SigningAlgorithm_Values returns all elements of the SigningAlgorithm enum 8869func SigningAlgorithm_Values() []string { 8870 return []string{ 8871 SigningAlgorithmSha256withecdsa, 8872 SigningAlgorithmSha384withecdsa, 8873 SigningAlgorithmSha512withecdsa, 8874 SigningAlgorithmSha256withrsa, 8875 SigningAlgorithmSha384withrsa, 8876 SigningAlgorithmSha512withrsa, 8877 } 8878} 8879 8880const ( 8881 // ValidityPeriodTypeEndDate is a ValidityPeriodType enum value 8882 ValidityPeriodTypeEndDate = "END_DATE" 8883 8884 // ValidityPeriodTypeAbsolute is a ValidityPeriodType enum value 8885 ValidityPeriodTypeAbsolute = "ABSOLUTE" 8886 8887 // ValidityPeriodTypeDays is a ValidityPeriodType enum value 8888 ValidityPeriodTypeDays = "DAYS" 8889 8890 // ValidityPeriodTypeMonths is a ValidityPeriodType enum value 8891 ValidityPeriodTypeMonths = "MONTHS" 8892 8893 // ValidityPeriodTypeYears is a ValidityPeriodType enum value 8894 ValidityPeriodTypeYears = "YEARS" 8895) 8896 8897// ValidityPeriodType_Values returns all elements of the ValidityPeriodType enum 8898func ValidityPeriodType_Values() []string { 8899 return []string{ 8900 ValidityPeriodTypeEndDate, 8901 ValidityPeriodTypeAbsolute, 8902 ValidityPeriodTypeDays, 8903 ValidityPeriodTypeMonths, 8904 ValidityPeriodTypeYears, 8905 } 8906} 8907