aws-sdk-acmpca 1.24.0 → 1.29.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-acmpca.rb +5 -2
- data/lib/aws-sdk-acmpca/client.rb +728 -142
- data/lib/aws-sdk-acmpca/client_api.rb +80 -10
- data/lib/aws-sdk-acmpca/errors.rb +18 -0
- data/lib/aws-sdk-acmpca/resource.rb +2 -0
- data/lib/aws-sdk-acmpca/types.rb +475 -87
- data/lib/aws-sdk-acmpca/waiters.rb +2 -0
- metadata +4 -4
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# WARNING ABOUT GENERATED CODE
|
2
4
|
#
|
3
5
|
# This file is generated. See the contributing guide for more information:
|
@@ -11,7 +13,9 @@ module Aws::ACMPCA
|
|
11
13
|
|
12
14
|
include Seahorse::Model
|
13
15
|
|
16
|
+
ASN1PrintableString64 = Shapes::StringShape.new(name: 'ASN1PrintableString64')
|
14
17
|
ASN1Subject = Shapes::StructureShape.new(name: 'ASN1Subject')
|
18
|
+
AWSPolicy = Shapes::StringShape.new(name: 'AWSPolicy')
|
15
19
|
AccountId = Shapes::StringShape.new(name: 'AccountId')
|
16
20
|
ActionList = Shapes::ListShape.new(name: 'ActionList')
|
17
21
|
ActionType = Shapes::StringShape.new(name: 'ActionType')
|
@@ -42,11 +46,11 @@ module Aws::ACMPCA
|
|
42
46
|
CsrBody = Shapes::StringShape.new(name: 'CsrBody')
|
43
47
|
DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
|
44
48
|
DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
|
49
|
+
DeletePolicyRequest = Shapes::StructureShape.new(name: 'DeletePolicyRequest')
|
45
50
|
DescribeCertificateAuthorityAuditReportRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportRequest')
|
46
51
|
DescribeCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportResponse')
|
47
52
|
DescribeCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityRequest')
|
48
53
|
DescribeCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityResponse')
|
49
|
-
DistinguishedNameQualifierString = Shapes::StringShape.new(name: 'DistinguishedNameQualifierString')
|
50
54
|
FailureReason = Shapes::StringShape.new(name: 'FailureReason')
|
51
55
|
GetCertificateAuthorityCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateRequest')
|
52
56
|
GetCertificateAuthorityCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateResponse')
|
@@ -54,6 +58,8 @@ module Aws::ACMPCA
|
|
54
58
|
GetCertificateAuthorityCsrResponse = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCsrResponse')
|
55
59
|
GetCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateRequest')
|
56
60
|
GetCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateResponse')
|
61
|
+
GetPolicyRequest = Shapes::StructureShape.new(name: 'GetPolicyRequest')
|
62
|
+
GetPolicyResponse = Shapes::StructureShape.new(name: 'GetPolicyResponse')
|
57
63
|
IdempotencyToken = Shapes::StringShape.new(name: 'IdempotencyToken')
|
58
64
|
ImportCertificateAuthorityCertificateRequest = Shapes::StructureShape.new(name: 'ImportCertificateAuthorityCertificateRequest')
|
59
65
|
Integer1To5000 = Shapes::IntegerShape.new(name: 'Integer1To5000')
|
@@ -74,6 +80,7 @@ module Aws::ACMPCA
|
|
74
80
|
ListPermissionsResponse = Shapes::StructureShape.new(name: 'ListPermissionsResponse')
|
75
81
|
ListTagsRequest = Shapes::StructureShape.new(name: 'ListTagsRequest')
|
76
82
|
ListTagsResponse = Shapes::StructureShape.new(name: 'ListTagsResponse')
|
83
|
+
LockoutPreventedException = Shapes::StructureShape.new(name: 'LockoutPreventedException')
|
77
84
|
MalformedCSRException = Shapes::StructureShape.new(name: 'MalformedCSRException')
|
78
85
|
MalformedCertificateException = Shapes::StructureShape.new(name: 'MalformedCertificateException')
|
79
86
|
MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
|
@@ -84,14 +91,18 @@ module Aws::ACMPCA
|
|
84
91
|
PermissionList = Shapes::ListShape.new(name: 'PermissionList')
|
85
92
|
PositiveLong = Shapes::IntegerShape.new(name: 'PositiveLong')
|
86
93
|
Principal = Shapes::StringShape.new(name: 'Principal')
|
94
|
+
PutPolicyRequest = Shapes::StructureShape.new(name: 'PutPolicyRequest')
|
87
95
|
RequestAlreadyProcessedException = Shapes::StructureShape.new(name: 'RequestAlreadyProcessedException')
|
88
96
|
RequestFailedException = Shapes::StructureShape.new(name: 'RequestFailedException')
|
89
97
|
RequestInProgressException = Shapes::StructureShape.new(name: 'RequestInProgressException')
|
90
98
|
ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
|
99
|
+
ResourceOwner = Shapes::StringShape.new(name: 'ResourceOwner')
|
91
100
|
RestoreCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'RestoreCertificateAuthorityRequest')
|
92
101
|
RevocationConfiguration = Shapes::StructureShape.new(name: 'RevocationConfiguration')
|
93
102
|
RevocationReason = Shapes::StringShape.new(name: 'RevocationReason')
|
94
103
|
RevokeCertificateRequest = Shapes::StructureShape.new(name: 'RevokeCertificateRequest')
|
104
|
+
S3BucketName = Shapes::StringShape.new(name: 'S3BucketName')
|
105
|
+
S3Key = Shapes::StringShape.new(name: 'S3Key')
|
95
106
|
SigningAlgorithm = Shapes::StringShape.new(name: 'SigningAlgorithm')
|
96
107
|
String = Shapes::StringShape.new(name: 'String')
|
97
108
|
String128 = Shapes::StringShape.new(name: 'String128')
|
@@ -117,10 +128,10 @@ module Aws::ACMPCA
|
|
117
128
|
ASN1Subject.add_member(:country, Shapes::ShapeRef.new(shape: CountryCodeString, location_name: "Country"))
|
118
129
|
ASN1Subject.add_member(:organization, Shapes::ShapeRef.new(shape: String64, location_name: "Organization"))
|
119
130
|
ASN1Subject.add_member(:organizational_unit, Shapes::ShapeRef.new(shape: String64, location_name: "OrganizationalUnit"))
|
120
|
-
ASN1Subject.add_member(:distinguished_name_qualifier, Shapes::ShapeRef.new(shape:
|
131
|
+
ASN1Subject.add_member(:distinguished_name_qualifier, Shapes::ShapeRef.new(shape: ASN1PrintableString64, location_name: "DistinguishedNameQualifier"))
|
121
132
|
ASN1Subject.add_member(:state, Shapes::ShapeRef.new(shape: String128, location_name: "State"))
|
122
133
|
ASN1Subject.add_member(:common_name, Shapes::ShapeRef.new(shape: String64, location_name: "CommonName"))
|
123
|
-
ASN1Subject.add_member(:serial_number, Shapes::ShapeRef.new(shape:
|
134
|
+
ASN1Subject.add_member(:serial_number, Shapes::ShapeRef.new(shape: ASN1PrintableString64, location_name: "SerialNumber"))
|
124
135
|
ASN1Subject.add_member(:locality, Shapes::ShapeRef.new(shape: String128, location_name: "Locality"))
|
125
136
|
ASN1Subject.add_member(:title, Shapes::ShapeRef.new(shape: String64, location_name: "Title"))
|
126
137
|
ASN1Subject.add_member(:surname, Shapes::ShapeRef.new(shape: String40, location_name: "Surname"))
|
@@ -135,6 +146,7 @@ module Aws::ACMPCA
|
|
135
146
|
CertificateAuthorities.member = Shapes::ShapeRef.new(shape: CertificateAuthority)
|
136
147
|
|
137
148
|
CertificateAuthority.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
|
149
|
+
CertificateAuthority.add_member(:owner_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "OwnerAccount"))
|
138
150
|
CertificateAuthority.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
|
139
151
|
CertificateAuthority.add_member(:last_state_change_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "LastStateChangeAt"))
|
140
152
|
CertificateAuthority.add_member(:type, Shapes::ShapeRef.new(shape: CertificateAuthorityType, location_name: "Type"))
|
@@ -160,12 +172,12 @@ module Aws::ACMPCA
|
|
160
172
|
ConcurrentModificationException.struct_class = Types::ConcurrentModificationException
|
161
173
|
|
162
174
|
CreateCertificateAuthorityAuditReportRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
163
|
-
CreateCertificateAuthorityAuditReportRequest.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape:
|
175
|
+
CreateCertificateAuthorityAuditReportRequest.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: S3BucketName, required: true, location_name: "S3BucketName"))
|
164
176
|
CreateCertificateAuthorityAuditReportRequest.add_member(:audit_report_response_format, Shapes::ShapeRef.new(shape: AuditReportResponseFormat, required: true, location_name: "AuditReportResponseFormat"))
|
165
177
|
CreateCertificateAuthorityAuditReportRequest.struct_class = Types::CreateCertificateAuthorityAuditReportRequest
|
166
178
|
|
167
179
|
CreateCertificateAuthorityAuditReportResponse.add_member(:audit_report_id, Shapes::ShapeRef.new(shape: AuditReportId, location_name: "AuditReportId"))
|
168
|
-
CreateCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape:
|
180
|
+
CreateCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape: S3Key, location_name: "S3Key"))
|
169
181
|
CreateCertificateAuthorityAuditReportResponse.struct_class = Types::CreateCertificateAuthorityAuditReportResponse
|
170
182
|
|
171
183
|
CreateCertificateAuthorityRequest.add_member(:certificate_authority_configuration, Shapes::ShapeRef.new(shape: CertificateAuthorityConfiguration, required: true, location_name: "CertificateAuthorityConfiguration"))
|
@@ -199,13 +211,16 @@ module Aws::ACMPCA
|
|
199
211
|
DeletePermissionRequest.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
|
200
212
|
DeletePermissionRequest.struct_class = Types::DeletePermissionRequest
|
201
213
|
|
214
|
+
DeletePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
|
215
|
+
DeletePolicyRequest.struct_class = Types::DeletePolicyRequest
|
216
|
+
|
202
217
|
DescribeCertificateAuthorityAuditReportRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
203
218
|
DescribeCertificateAuthorityAuditReportRequest.add_member(:audit_report_id, Shapes::ShapeRef.new(shape: AuditReportId, required: true, location_name: "AuditReportId"))
|
204
219
|
DescribeCertificateAuthorityAuditReportRequest.struct_class = Types::DescribeCertificateAuthorityAuditReportRequest
|
205
220
|
|
206
221
|
DescribeCertificateAuthorityAuditReportResponse.add_member(:audit_report_status, Shapes::ShapeRef.new(shape: AuditReportStatus, location_name: "AuditReportStatus"))
|
207
|
-
DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape:
|
208
|
-
DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape:
|
222
|
+
DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: S3BucketName, location_name: "S3BucketName"))
|
223
|
+
DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape: S3Key, location_name: "S3Key"))
|
209
224
|
DescribeCertificateAuthorityAuditReportResponse.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
|
210
225
|
DescribeCertificateAuthorityAuditReportResponse.struct_class = Types::DescribeCertificateAuthorityAuditReportResponse
|
211
226
|
|
@@ -236,6 +251,12 @@ module Aws::ACMPCA
|
|
236
251
|
GetCertificateResponse.add_member(:certificate_chain, Shapes::ShapeRef.new(shape: CertificateChain, location_name: "CertificateChain"))
|
237
252
|
GetCertificateResponse.struct_class = Types::GetCertificateResponse
|
238
253
|
|
254
|
+
GetPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
|
255
|
+
GetPolicyRequest.struct_class = Types::GetPolicyRequest
|
256
|
+
|
257
|
+
GetPolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, location_name: "Policy"))
|
258
|
+
GetPolicyResponse.struct_class = Types::GetPolicyResponse
|
259
|
+
|
239
260
|
ImportCertificateAuthorityCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
240
261
|
ImportCertificateAuthorityCertificateRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: CertificateBodyBlob, required: true, location_name: "Certificate"))
|
241
262
|
ImportCertificateAuthorityCertificateRequest.add_member(:certificate_chain, Shapes::ShapeRef.new(shape: CertificateChainBlob, location_name: "CertificateChain"))
|
@@ -278,6 +299,7 @@ module Aws::ACMPCA
|
|
278
299
|
|
279
300
|
ListCertificateAuthoritiesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
280
301
|
ListCertificateAuthoritiesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
302
|
+
ListCertificateAuthoritiesRequest.add_member(:resource_owner, Shapes::ShapeRef.new(shape: ResourceOwner, location_name: "ResourceOwner"))
|
281
303
|
ListCertificateAuthoritiesRequest.struct_class = Types::ListCertificateAuthoritiesRequest
|
282
304
|
|
283
305
|
ListCertificateAuthoritiesResponse.add_member(:certificate_authorities, Shapes::ShapeRef.new(shape: CertificateAuthorities, location_name: "CertificateAuthorities"))
|
@@ -302,6 +324,9 @@ module Aws::ACMPCA
|
|
302
324
|
ListTagsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
303
325
|
ListTagsResponse.struct_class = Types::ListTagsResponse
|
304
326
|
|
327
|
+
LockoutPreventedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
328
|
+
LockoutPreventedException.struct_class = Types::LockoutPreventedException
|
329
|
+
|
305
330
|
MalformedCSRException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
306
331
|
MalformedCSRException.struct_class = Types::MalformedCSRException
|
307
332
|
|
@@ -310,10 +335,10 @@ module Aws::ACMPCA
|
|
310
335
|
|
311
336
|
Permission.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
|
312
337
|
Permission.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
|
313
|
-
Permission.add_member(:principal, Shapes::ShapeRef.new(shape:
|
314
|
-
Permission.add_member(:source_account, Shapes::ShapeRef.new(shape:
|
338
|
+
Permission.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, location_name: "Principal"))
|
339
|
+
Permission.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
|
315
340
|
Permission.add_member(:actions, Shapes::ShapeRef.new(shape: ActionList, location_name: "Actions"))
|
316
|
-
Permission.add_member(:policy, Shapes::ShapeRef.new(shape:
|
341
|
+
Permission.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, location_name: "Policy"))
|
317
342
|
Permission.struct_class = Types::Permission
|
318
343
|
|
319
344
|
PermissionAlreadyExistsException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
@@ -321,6 +346,10 @@ module Aws::ACMPCA
|
|
321
346
|
|
322
347
|
PermissionList.member = Shapes::ShapeRef.new(shape: Permission)
|
323
348
|
|
349
|
+
PutPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
|
350
|
+
PutPolicyRequest.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, required: true, location_name: "Policy"))
|
351
|
+
PutPolicyRequest.struct_class = Types::PutPolicyRequest
|
352
|
+
|
324
353
|
RequestAlreadyProcessedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
325
354
|
RequestAlreadyProcessedException.struct_class = Types::RequestAlreadyProcessedException
|
326
355
|
|
@@ -453,6 +482,20 @@ module Aws::ACMPCA
|
|
453
482
|
o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
|
454
483
|
end)
|
455
484
|
|
485
|
+
api.add_operation(:delete_policy, Seahorse::Model::Operation.new.tap do |o|
|
486
|
+
o.name = "DeletePolicy"
|
487
|
+
o.http_method = "POST"
|
488
|
+
o.http_request_uri = "/"
|
489
|
+
o.input = Shapes::ShapeRef.new(shape: DeletePolicyRequest)
|
490
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
491
|
+
o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
|
492
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
493
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
494
|
+
o.errors << Shapes::ShapeRef.new(shape: LockoutPreventedException)
|
495
|
+
o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
|
496
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
497
|
+
end)
|
498
|
+
|
456
499
|
api.add_operation(:describe_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
|
457
500
|
o.name = "DescribeCertificateAuthority"
|
458
501
|
o.http_method = "POST"
|
@@ -511,6 +554,18 @@ module Aws::ACMPCA
|
|
511
554
|
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
512
555
|
end)
|
513
556
|
|
557
|
+
api.add_operation(:get_policy, Seahorse::Model::Operation.new.tap do |o|
|
558
|
+
o.name = "GetPolicy"
|
559
|
+
o.http_method = "POST"
|
560
|
+
o.http_request_uri = "/"
|
561
|
+
o.input = Shapes::ShapeRef.new(shape: GetPolicyRequest)
|
562
|
+
o.output = Shapes::ShapeRef.new(shape: GetPolicyResponse)
|
563
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
564
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
565
|
+
o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
|
566
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
567
|
+
end)
|
568
|
+
|
514
569
|
api.add_operation(:import_certificate_authority_certificate, Seahorse::Model::Operation.new.tap do |o|
|
515
570
|
o.name = "ImportCertificateAuthorityCertificate"
|
516
571
|
o.http_method = "POST"
|
@@ -593,6 +648,21 @@ module Aws::ACMPCA
|
|
593
648
|
)
|
594
649
|
end)
|
595
650
|
|
651
|
+
api.add_operation(:put_policy, Seahorse::Model::Operation.new.tap do |o|
|
652
|
+
o.name = "PutPolicy"
|
653
|
+
o.http_method = "POST"
|
654
|
+
o.http_request_uri = "/"
|
655
|
+
o.input = Shapes::ShapeRef.new(shape: PutPolicyRequest)
|
656
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
657
|
+
o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
|
658
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
659
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
660
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidPolicyException)
|
661
|
+
o.errors << Shapes::ShapeRef.new(shape: LockoutPreventedException)
|
662
|
+
o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
|
663
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
664
|
+
end)
|
665
|
+
|
596
666
|
api.add_operation(:restore_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
|
597
667
|
o.name = "RestoreCertificateAuthority"
|
598
668
|
o.http_method = "POST"
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# WARNING ABOUT GENERATED CODE
|
2
4
|
#
|
3
5
|
# This file is generated. See the contributing guide for more information:
|
@@ -35,6 +37,7 @@ module Aws::ACMPCA
|
|
35
37
|
# * {InvalidStateException}
|
36
38
|
# * {InvalidTagException}
|
37
39
|
# * {LimitExceededException}
|
40
|
+
# * {LockoutPreventedException}
|
38
41
|
# * {MalformedCSRException}
|
39
42
|
# * {MalformedCertificateException}
|
40
43
|
# * {PermissionAlreadyExistsException}
|
@@ -200,6 +203,21 @@ module Aws::ACMPCA
|
|
200
203
|
end
|
201
204
|
end
|
202
205
|
|
206
|
+
class LockoutPreventedException < ServiceError
|
207
|
+
|
208
|
+
# @param [Seahorse::Client::RequestContext] context
|
209
|
+
# @param [String] message
|
210
|
+
# @param [Aws::ACMPCA::Types::LockoutPreventedException] data
|
211
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
212
|
+
super(context, message, data)
|
213
|
+
end
|
214
|
+
|
215
|
+
# @return [String]
|
216
|
+
def message
|
217
|
+
@message || @data[:message]
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
203
221
|
class MalformedCSRException < ServiceError
|
204
222
|
|
205
223
|
# @param [Seahorse::Client::RequestContext] context
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# WARNING ABOUT GENERATED CODE
|
2
4
|
#
|
3
5
|
# This file is generated. See the contributing guide for more information:
|
@@ -26,10 +28,10 @@ module Aws::ACMPCA
|
|
26
28
|
# country: "CountryCodeString",
|
27
29
|
# organization: "String64",
|
28
30
|
# organizational_unit: "String64",
|
29
|
-
# distinguished_name_qualifier: "
|
31
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
30
32
|
# state: "String128",
|
31
33
|
# common_name: "String64",
|
32
|
-
# serial_number: "
|
34
|
+
# serial_number: "ASN1PrintableString64",
|
33
35
|
# locality: "String128",
|
34
36
|
# title: "String64",
|
35
37
|
# surname: "String40",
|
@@ -125,6 +127,7 @@ module Aws::ACMPCA
|
|
125
127
|
:initials,
|
126
128
|
:pseudonym,
|
127
129
|
:generation_qualifier)
|
130
|
+
SENSITIVE = []
|
128
131
|
include Aws::Structure
|
129
132
|
end
|
130
133
|
|
@@ -132,19 +135,30 @@ module Aws::ACMPCA
|
|
132
135
|
# Your private CA can issue and revoke X.509 digital certificates.
|
133
136
|
# Digital certificates verify that the entity named in the certificate
|
134
137
|
# **Subject** field owns or controls the public key contained in the
|
135
|
-
# **Subject Public Key Info** field. Call the
|
136
|
-
# action to create your private CA. You
|
137
|
-
#
|
138
|
-
# certificate signing request (CSR). Sign the CSR
|
139
|
-
# CA-hosted or on-premises root or subordinate CA
|
140
|
-
#
|
141
|
-
# certificate into AWS Certificate Manager
|
138
|
+
# **Subject Public Key Info** field. Call the
|
139
|
+
# [CreateCertificateAuthority][1] action to create your private CA. You
|
140
|
+
# must then call the [GetCertificateAuthorityCertificate][2] action to
|
141
|
+
# retrieve a private CA certificate signing request (CSR). Sign the CSR
|
142
|
+
# with your ACM Private CA-hosted or on-premises root or subordinate CA
|
143
|
+
# certificate. Call the [ImportCertificateAuthorityCertificate][3]
|
144
|
+
# action to import the signed certificate into AWS Certificate Manager
|
145
|
+
# (ACM).
|
146
|
+
#
|
147
|
+
#
|
148
|
+
#
|
149
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
150
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html
|
151
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
|
142
152
|
#
|
143
153
|
# @!attribute [rw] arn
|
144
154
|
# Amazon Resource Name (ARN) for your private certificate authority
|
145
155
|
# (CA). The format is ` 12345678-1234-1234-1234-123456789012 `.
|
146
156
|
# @return [String]
|
147
157
|
#
|
158
|
+
# @!attribute [rw] owner_account
|
159
|
+
# The AWS account ID that owns the certificate authority.
|
160
|
+
# @return [String]
|
161
|
+
#
|
148
162
|
# @!attribute [rw] created_at
|
149
163
|
# Date and time at which your private CA was created.
|
150
164
|
# @return [Time]
|
@@ -189,13 +203,18 @@ module Aws::ACMPCA
|
|
189
203
|
# @!attribute [rw] restorable_until
|
190
204
|
# The period during which a deleted CA can be restored. For more
|
191
205
|
# information, see the `PermanentDeletionTimeInDays` parameter of the
|
192
|
-
# DeleteCertificateAuthorityRequest action.
|
206
|
+
# [DeleteCertificateAuthorityRequest][1] action.
|
207
|
+
#
|
208
|
+
#
|
209
|
+
#
|
210
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
|
193
211
|
# @return [Time]
|
194
212
|
#
|
195
213
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthority AWS API Documentation
|
196
214
|
#
|
197
215
|
class CertificateAuthority < Struct.new(
|
198
216
|
:arn,
|
217
|
+
:owner_account,
|
199
218
|
:created_at,
|
200
219
|
:last_state_change_at,
|
201
220
|
:type,
|
@@ -207,6 +226,7 @@ module Aws::ACMPCA
|
|
207
226
|
:certificate_authority_configuration,
|
208
227
|
:revocation_configuration,
|
209
228
|
:restorable_until)
|
229
|
+
SENSITIVE = []
|
210
230
|
include Aws::Structure
|
211
231
|
end
|
212
232
|
|
@@ -216,7 +236,11 @@ module Aws::ACMPCA
|
|
216
236
|
# issues a certificate. It also includes the signature algorithm that it
|
217
237
|
# uses when issuing certificates, and its X.500 distinguished name. You
|
218
238
|
# must specify this information when you call the
|
219
|
-
# CreateCertificateAuthority action.
|
239
|
+
# [CreateCertificateAuthority][1] action.
|
240
|
+
#
|
241
|
+
#
|
242
|
+
#
|
243
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
220
244
|
#
|
221
245
|
# @note When making an API call, you may pass CertificateAuthorityConfiguration
|
222
246
|
# data as a hash:
|
@@ -228,10 +252,10 @@ module Aws::ACMPCA
|
|
228
252
|
# country: "CountryCodeString",
|
229
253
|
# organization: "String64",
|
230
254
|
# organizational_unit: "String64",
|
231
|
-
# distinguished_name_qualifier: "
|
255
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
232
256
|
# state: "String128",
|
233
257
|
# common_name: "String64",
|
234
|
-
# serial_number: "
|
258
|
+
# serial_number: "ASN1PrintableString64",
|
235
259
|
# locality: "String128",
|
236
260
|
# title: "String64",
|
237
261
|
# surname: "String40",
|
@@ -252,6 +276,9 @@ module Aws::ACMPCA
|
|
252
276
|
# @!attribute [rw] signing_algorithm
|
253
277
|
# Name of the algorithm your private CA uses to sign certificate
|
254
278
|
# requests.
|
279
|
+
#
|
280
|
+
# This parameter should not be confused with the `SigningAlgorithm`
|
281
|
+
# parameter used to sign certificates when they are issued.
|
255
282
|
# @return [String]
|
256
283
|
#
|
257
284
|
# @!attribute [rw] subject
|
@@ -265,6 +292,7 @@ module Aws::ACMPCA
|
|
265
292
|
:key_algorithm,
|
266
293
|
:signing_algorithm,
|
267
294
|
:subject)
|
295
|
+
SENSITIVE = []
|
268
296
|
include Aws::Structure
|
269
297
|
end
|
270
298
|
|
@@ -278,6 +306,7 @@ module Aws::ACMPCA
|
|
278
306
|
#
|
279
307
|
class CertificateMismatchException < Struct.new(
|
280
308
|
:message)
|
309
|
+
SENSITIVE = []
|
281
310
|
include Aws::Structure
|
282
311
|
end
|
283
312
|
|
@@ -290,6 +319,7 @@ module Aws::ACMPCA
|
|
290
319
|
#
|
291
320
|
class ConcurrentModificationException < Struct.new(
|
292
321
|
:message)
|
322
|
+
SENSITIVE = []
|
293
323
|
include Aws::Structure
|
294
324
|
end
|
295
325
|
|
@@ -298,7 +328,7 @@ module Aws::ACMPCA
|
|
298
328
|
#
|
299
329
|
# {
|
300
330
|
# certificate_authority_arn: "Arn", # required
|
301
|
-
# s3_bucket_name: "
|
331
|
+
# s3_bucket_name: "S3BucketName", # required
|
302
332
|
# audit_report_response_format: "JSON", # required, accepts JSON, CSV
|
303
333
|
# }
|
304
334
|
#
|
@@ -325,6 +355,7 @@ module Aws::ACMPCA
|
|
325
355
|
:certificate_authority_arn,
|
326
356
|
:s3_bucket_name,
|
327
357
|
:audit_report_response_format)
|
358
|
+
SENSITIVE = []
|
328
359
|
include Aws::Structure
|
329
360
|
end
|
330
361
|
|
@@ -342,6 +373,7 @@ module Aws::ACMPCA
|
|
342
373
|
class CreateCertificateAuthorityAuditReportResponse < Struct.new(
|
343
374
|
:audit_report_id,
|
344
375
|
:s3_key)
|
376
|
+
SENSITIVE = []
|
345
377
|
include Aws::Structure
|
346
378
|
end
|
347
379
|
|
@@ -356,10 +388,10 @@ module Aws::ACMPCA
|
|
356
388
|
# country: "CountryCodeString",
|
357
389
|
# organization: "String64",
|
358
390
|
# organizational_unit: "String64",
|
359
|
-
# distinguished_name_qualifier: "
|
391
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
360
392
|
# state: "String128",
|
361
393
|
# common_name: "String64",
|
362
|
-
# serial_number: "
|
394
|
+
# serial_number: "ASN1PrintableString64",
|
363
395
|
# locality: "String128",
|
364
396
|
# title: "String64",
|
365
397
|
# surname: "String40",
|
@@ -398,7 +430,11 @@ module Aws::ACMPCA
|
|
398
430
|
# ACM Private CA will write the CRL, and an optional CNAME alias that
|
399
431
|
# you can use to hide the name of your bucket in the **CRL
|
400
432
|
# Distribution Points** extension of your CA certificate. For more
|
401
|
-
# information, see the CrlConfiguration structure.
|
433
|
+
# information, see the [CrlConfiguration][1] structure.
|
434
|
+
#
|
435
|
+
#
|
436
|
+
#
|
437
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
|
402
438
|
# @return [Types::RevocationConfiguration]
|
403
439
|
#
|
404
440
|
# @!attribute [rw] certificate_authority_type
|
@@ -407,22 +443,19 @@ module Aws::ACMPCA
|
|
407
443
|
#
|
408
444
|
# @!attribute [rw] idempotency_token
|
409
445
|
# Alphanumeric string that can be used to distinguish between calls to
|
410
|
-
# **CreateCertificateAuthority**.
|
411
|
-
#
|
412
|
-
#
|
413
|
-
#
|
414
|
-
#
|
415
|
-
#
|
416
|
-
# recognizes that you are requesting multiple certificates.
|
446
|
+
# **CreateCertificateAuthority**. For a given token, ACM Private CA
|
447
|
+
# creates exactly one CA. If you issue a subsequent call using the
|
448
|
+
# same token, ACM Private CA returns the ARN of the existing CA and
|
449
|
+
# takes no further action. If you change the idempotency token across
|
450
|
+
# multiple calls, ACM Private CA creates a unique CA for each unique
|
451
|
+
# token.
|
417
452
|
# @return [String]
|
418
453
|
#
|
419
454
|
# @!attribute [rw] tags
|
420
455
|
# Key-value pairs that will be attached to the new private CA. You can
|
421
456
|
# associate up to 50 tags with a private CA. For information using
|
422
|
-
# tags with
|
423
|
-
#
|
424
|
-
# IAM to manage permissions, see [Controlling Access Using IAM
|
425
|
-
# Tags][1].
|
457
|
+
# tags with IAM to manage permissions, see [Controlling Access Using
|
458
|
+
# IAM Tags][1].
|
426
459
|
#
|
427
460
|
#
|
428
461
|
#
|
@@ -437,6 +470,7 @@ module Aws::ACMPCA
|
|
437
470
|
:certificate_authority_type,
|
438
471
|
:idempotency_token,
|
439
472
|
:tags)
|
473
|
+
SENSITIVE = []
|
440
474
|
include Aws::Structure
|
441
475
|
end
|
442
476
|
|
@@ -452,6 +486,7 @@ module Aws::ACMPCA
|
|
452
486
|
#
|
453
487
|
class CreateCertificateAuthorityResponse < Struct.new(
|
454
488
|
:certificate_authority_arn)
|
489
|
+
SENSITIVE = []
|
455
490
|
include Aws::Structure
|
456
491
|
end
|
457
492
|
|
@@ -468,11 +503,15 @@ module Aws::ACMPCA
|
|
468
503
|
# @!attribute [rw] certificate_authority_arn
|
469
504
|
# The Amazon Resource Name (ARN) of the CA that grants the
|
470
505
|
# permissions. You can find the ARN by calling the
|
471
|
-
# ListCertificateAuthorities action. This must have the following
|
506
|
+
# [ListCertificateAuthorities][1] action. This must have the following
|
472
507
|
# form:
|
473
508
|
#
|
474
509
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
475
510
|
# `.
|
511
|
+
#
|
512
|
+
#
|
513
|
+
#
|
514
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
476
515
|
# @return [String]
|
477
516
|
#
|
478
517
|
# @!attribute [rw] principal
|
@@ -496,6 +535,7 @@ module Aws::ACMPCA
|
|
496
535
|
:principal,
|
497
536
|
:source_account,
|
498
537
|
:actions)
|
538
|
+
SENSITIVE = []
|
499
539
|
include Aws::Structure
|
500
540
|
end
|
501
541
|
|
@@ -510,6 +550,9 @@ module Aws::ACMPCA
|
|
510
550
|
# Points** extension of each certificate it issues. Your S3 bucket
|
511
551
|
# policy must give write permission to ACM Private CA.
|
512
552
|
#
|
553
|
+
# ACM Private CAA assets that are stored in Amazon S3 can be protected
|
554
|
+
# with encryption. For more information, see [Encrypting Your CRLs][1].
|
555
|
+
#
|
513
556
|
# Your private CA uses the value in the **ExpirationInDays** parameter
|
514
557
|
# to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
|
515
558
|
# at 1/2 the age of next update or when a certificate is revoked. When a
|
@@ -564,6 +607,10 @@ module Aws::ACMPCA
|
|
564
607
|
#
|
565
608
|
# `openssl crl -inform DER -text -in crl_path -noout`
|
566
609
|
#
|
610
|
+
#
|
611
|
+
#
|
612
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
|
613
|
+
#
|
567
614
|
# @note When making an API call, you may pass CrlConfiguration
|
568
615
|
# data as a hash:
|
569
616
|
#
|
@@ -577,9 +624,14 @@ module Aws::ACMPCA
|
|
577
624
|
# @!attribute [rw] enabled
|
578
625
|
# Boolean value that specifies whether certificate revocation lists
|
579
626
|
# (CRLs) are enabled. You can use this value to enable certificate
|
580
|
-
# revocation for a new CA when you call the
|
581
|
-
# action or for an existing CA when
|
582
|
-
# UpdateCertificateAuthority action.
|
627
|
+
# revocation for a new CA when you call the
|
628
|
+
# [CreateCertificateAuthority][1] action or for an existing CA when
|
629
|
+
# you call the [UpdateCertificateAuthority][2] action.
|
630
|
+
#
|
631
|
+
#
|
632
|
+
#
|
633
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
634
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
|
583
635
|
# @return [Boolean]
|
584
636
|
#
|
585
637
|
# @!attribute [rw] expiration_in_days
|
@@ -598,9 +650,13 @@ module Aws::ACMPCA
|
|
598
650
|
# value for the **CustomCname** argument, the name of your S3 bucket
|
599
651
|
# is placed into the **CRL Distribution Points** extension of the
|
600
652
|
# issued certificate. You can change the name of your bucket by
|
601
|
-
# calling the UpdateCertificateAuthority action. You must specify
|
602
|
-
# bucket policy that allows ACM Private CA to write the CRL to your
|
653
|
+
# calling the [UpdateCertificateAuthority][1] action. You must specify
|
654
|
+
# a bucket policy that allows ACM Private CA to write the CRL to your
|
603
655
|
# bucket.
|
656
|
+
#
|
657
|
+
#
|
658
|
+
#
|
659
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
|
604
660
|
# @return [String]
|
605
661
|
#
|
606
662
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
|
@@ -610,6 +666,7 @@ module Aws::ACMPCA
|
|
610
666
|
:expiration_in_days,
|
611
667
|
:custom_cname,
|
612
668
|
:s3_bucket_name)
|
669
|
+
SENSITIVE = []
|
613
670
|
include Aws::Structure
|
614
671
|
end
|
615
672
|
|
@@ -623,10 +680,14 @@ module Aws::ACMPCA
|
|
623
680
|
#
|
624
681
|
# @!attribute [rw] certificate_authority_arn
|
625
682
|
# The Amazon Resource Name (ARN) that was returned when you called
|
626
|
-
# CreateCertificateAuthority. This must have the following form:
|
683
|
+
# [CreateCertificateAuthority][1]. This must have the following form:
|
627
684
|
#
|
628
685
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
629
686
|
# `.
|
687
|
+
#
|
688
|
+
#
|
689
|
+
#
|
690
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
630
691
|
# @return [String]
|
631
692
|
#
|
632
693
|
# @!attribute [rw] permanent_deletion_time_in_days
|
@@ -640,6 +701,7 @@ module Aws::ACMPCA
|
|
640
701
|
class DeleteCertificateAuthorityRequest < Struct.new(
|
641
702
|
:certificate_authority_arn,
|
642
703
|
:permanent_deletion_time_in_days)
|
704
|
+
SENSITIVE = []
|
643
705
|
include Aws::Structure
|
644
706
|
end
|
645
707
|
|
@@ -655,11 +717,15 @@ module Aws::ACMPCA
|
|
655
717
|
# @!attribute [rw] certificate_authority_arn
|
656
718
|
# The Amazon Resource Number (ARN) of the private CA that issued the
|
657
719
|
# permissions. You can find the CA's ARN by calling the
|
658
|
-
# ListCertificateAuthorities action. This must have the following
|
720
|
+
# [ListCertificateAuthorities][1] action. This must have the following
|
659
721
|
# form:
|
660
722
|
#
|
661
723
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
662
724
|
# `.
|
725
|
+
#
|
726
|
+
#
|
727
|
+
#
|
728
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
663
729
|
# @return [String]
|
664
730
|
#
|
665
731
|
# @!attribute [rw] principal
|
@@ -678,6 +744,34 @@ module Aws::ACMPCA
|
|
678
744
|
:certificate_authority_arn,
|
679
745
|
:principal,
|
680
746
|
:source_account)
|
747
|
+
SENSITIVE = []
|
748
|
+
include Aws::Structure
|
749
|
+
end
|
750
|
+
|
751
|
+
# @note When making an API call, you may pass DeletePolicyRequest
|
752
|
+
# data as a hash:
|
753
|
+
#
|
754
|
+
# {
|
755
|
+
# resource_arn: "Arn", # required
|
756
|
+
# }
|
757
|
+
#
|
758
|
+
# @!attribute [rw] resource_arn
|
759
|
+
# The Amazon Resource Number (ARN) of the private CA that will have
|
760
|
+
# its policy deleted. You can find the CA's ARN by calling the
|
761
|
+
# [ListCertificateAuthorities][1] action. The ARN value must have the
|
762
|
+
# form
|
763
|
+
# `arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab`.
|
764
|
+
#
|
765
|
+
#
|
766
|
+
#
|
767
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
768
|
+
# @return [String]
|
769
|
+
#
|
770
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicyRequest AWS API Documentation
|
771
|
+
#
|
772
|
+
class DeletePolicyRequest < Struct.new(
|
773
|
+
:resource_arn)
|
774
|
+
SENSITIVE = []
|
681
775
|
include Aws::Structure
|
682
776
|
end
|
683
777
|
|
@@ -699,7 +793,11 @@ module Aws::ACMPCA
|
|
699
793
|
#
|
700
794
|
# @!attribute [rw] audit_report_id
|
701
795
|
# The report ID returned by calling the
|
702
|
-
# CreateCertificateAuthorityAuditReport action.
|
796
|
+
# [CreateCertificateAuthorityAuditReport][1] action.
|
797
|
+
#
|
798
|
+
#
|
799
|
+
#
|
800
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
|
703
801
|
# @return [String]
|
704
802
|
#
|
705
803
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReportRequest AWS API Documentation
|
@@ -707,6 +805,7 @@ module Aws::ACMPCA
|
|
707
805
|
class DescribeCertificateAuthorityAuditReportRequest < Struct.new(
|
708
806
|
:certificate_authority_arn,
|
709
807
|
:audit_report_id)
|
808
|
+
SENSITIVE = []
|
710
809
|
include Aws::Structure
|
711
810
|
end
|
712
811
|
|
@@ -735,6 +834,7 @@ module Aws::ACMPCA
|
|
735
834
|
:s3_bucket_name,
|
736
835
|
:s3_key,
|
737
836
|
:created_at)
|
837
|
+
SENSITIVE = []
|
738
838
|
include Aws::Structure
|
739
839
|
end
|
740
840
|
|
@@ -747,28 +847,38 @@ module Aws::ACMPCA
|
|
747
847
|
#
|
748
848
|
# @!attribute [rw] certificate_authority_arn
|
749
849
|
# The Amazon Resource Name (ARN) that was returned when you called
|
750
|
-
# CreateCertificateAuthority. This must be of the form:
|
850
|
+
# [CreateCertificateAuthority][1]. This must be of the form:
|
751
851
|
#
|
752
852
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
753
853
|
# `.
|
854
|
+
#
|
855
|
+
#
|
856
|
+
#
|
857
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
754
858
|
# @return [String]
|
755
859
|
#
|
756
860
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityRequest AWS API Documentation
|
757
861
|
#
|
758
862
|
class DescribeCertificateAuthorityRequest < Struct.new(
|
759
863
|
:certificate_authority_arn)
|
864
|
+
SENSITIVE = []
|
760
865
|
include Aws::Structure
|
761
866
|
end
|
762
867
|
|
763
868
|
# @!attribute [rw] certificate_authority
|
764
|
-
# A CertificateAuthority structure that contains information
|
765
|
-
# your private CA.
|
869
|
+
# A [CertificateAuthority][1] structure that contains information
|
870
|
+
# about your private CA.
|
871
|
+
#
|
872
|
+
#
|
873
|
+
#
|
874
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html
|
766
875
|
# @return [Types::CertificateAuthority]
|
767
876
|
#
|
768
877
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityResponse AWS API Documentation
|
769
878
|
#
|
770
879
|
class DescribeCertificateAuthorityResponse < Struct.new(
|
771
880
|
:certificate_authority)
|
881
|
+
SENSITIVE = []
|
772
882
|
include Aws::Structure
|
773
883
|
end
|
774
884
|
|
@@ -791,6 +901,7 @@ module Aws::ACMPCA
|
|
791
901
|
#
|
792
902
|
class GetCertificateAuthorityCertificateRequest < Struct.new(
|
793
903
|
:certificate_authority_arn)
|
904
|
+
SENSITIVE = []
|
794
905
|
include Aws::Structure
|
795
906
|
end
|
796
907
|
|
@@ -811,6 +922,7 @@ module Aws::ACMPCA
|
|
811
922
|
class GetCertificateAuthorityCertificateResponse < Struct.new(
|
812
923
|
:certificate,
|
813
924
|
:certificate_chain)
|
925
|
+
SENSITIVE = []
|
814
926
|
include Aws::Structure
|
815
927
|
end
|
816
928
|
|
@@ -823,16 +935,21 @@ module Aws::ACMPCA
|
|
823
935
|
#
|
824
936
|
# @!attribute [rw] certificate_authority_arn
|
825
937
|
# The Amazon Resource Name (ARN) that was returned when you called the
|
826
|
-
# CreateCertificateAuthority action. This must be of the form:
|
938
|
+
# [CreateCertificateAuthority][1] action. This must be of the form:
|
827
939
|
#
|
828
940
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
829
941
|
# `
|
942
|
+
#
|
943
|
+
#
|
944
|
+
#
|
945
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
830
946
|
# @return [String]
|
831
947
|
#
|
832
948
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsrRequest AWS API Documentation
|
833
949
|
#
|
834
950
|
class GetCertificateAuthorityCsrRequest < Struct.new(
|
835
951
|
:certificate_authority_arn)
|
952
|
+
SENSITIVE = []
|
836
953
|
include Aws::Structure
|
837
954
|
end
|
838
955
|
|
@@ -845,6 +962,7 @@ module Aws::ACMPCA
|
|
845
962
|
#
|
846
963
|
class GetCertificateAuthorityCsrResponse < Struct.new(
|
847
964
|
:csr)
|
965
|
+
SENSITIVE = []
|
848
966
|
include Aws::Structure
|
849
967
|
end
|
850
968
|
|
@@ -858,10 +976,14 @@ module Aws::ACMPCA
|
|
858
976
|
#
|
859
977
|
# @!attribute [rw] certificate_authority_arn
|
860
978
|
# The Amazon Resource Name (ARN) that was returned when you called
|
861
|
-
# CreateCertificateAuthority. This must be of the form:
|
979
|
+
# [CreateCertificateAuthority][1]. This must be of the form:
|
862
980
|
#
|
863
981
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
864
982
|
# `.
|
983
|
+
#
|
984
|
+
#
|
985
|
+
#
|
986
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
865
987
|
# @return [String]
|
866
988
|
#
|
867
989
|
# @!attribute [rw] certificate_arn
|
@@ -877,6 +999,7 @@ module Aws::ACMPCA
|
|
877
999
|
class GetCertificateRequest < Struct.new(
|
878
1000
|
:certificate_authority_arn,
|
879
1001
|
:certificate_arn)
|
1002
|
+
SENSITIVE = []
|
880
1003
|
include Aws::Structure
|
881
1004
|
end
|
882
1005
|
|
@@ -896,6 +1019,40 @@ module Aws::ACMPCA
|
|
896
1019
|
class GetCertificateResponse < Struct.new(
|
897
1020
|
:certificate,
|
898
1021
|
:certificate_chain)
|
1022
|
+
SENSITIVE = []
|
1023
|
+
include Aws::Structure
|
1024
|
+
end
|
1025
|
+
|
1026
|
+
# @note When making an API call, you may pass GetPolicyRequest
|
1027
|
+
# data as a hash:
|
1028
|
+
#
|
1029
|
+
# {
|
1030
|
+
# resource_arn: "Arn", # required
|
1031
|
+
# }
|
1032
|
+
#
|
1033
|
+
# @!attribute [rw] resource_arn
|
1034
|
+
# The Amazon Resource Number (ARN) of the private CA that will have
|
1035
|
+
# its policy retrieved. You can find the CA's ARN by calling the
|
1036
|
+
# ListCertificateAuthorities action.
|
1037
|
+
# @return [String]
|
1038
|
+
#
|
1039
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicyRequest AWS API Documentation
|
1040
|
+
#
|
1041
|
+
class GetPolicyRequest < Struct.new(
|
1042
|
+
:resource_arn)
|
1043
|
+
SENSITIVE = []
|
1044
|
+
include Aws::Structure
|
1045
|
+
end
|
1046
|
+
|
1047
|
+
# @!attribute [rw] policy
|
1048
|
+
# The policy attached to the private CA as a JSON document.
|
1049
|
+
# @return [String]
|
1050
|
+
#
|
1051
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicyResponse AWS API Documentation
|
1052
|
+
#
|
1053
|
+
class GetPolicyResponse < Struct.new(
|
1054
|
+
:policy)
|
1055
|
+
SENSITIVE = []
|
899
1056
|
include Aws::Structure
|
900
1057
|
end
|
901
1058
|
|
@@ -910,10 +1067,14 @@ module Aws::ACMPCA
|
|
910
1067
|
#
|
911
1068
|
# @!attribute [rw] certificate_authority_arn
|
912
1069
|
# The Amazon Resource Name (ARN) that was returned when you called
|
913
|
-
# CreateCertificateAuthority. This must be of the form:
|
1070
|
+
# [CreateCertificateAuthority][1]. This must be of the form:
|
914
1071
|
#
|
915
1072
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
916
1073
|
# `
|
1074
|
+
#
|
1075
|
+
#
|
1076
|
+
#
|
1077
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
917
1078
|
# @return [String]
|
918
1079
|
#
|
919
1080
|
# @!attribute [rw] certificate
|
@@ -939,6 +1100,7 @@ module Aws::ACMPCA
|
|
939
1100
|
:certificate_authority_arn,
|
940
1101
|
:certificate,
|
941
1102
|
:certificate_chain)
|
1103
|
+
SENSITIVE = []
|
942
1104
|
include Aws::Structure
|
943
1105
|
end
|
944
1106
|
|
@@ -951,6 +1113,7 @@ module Aws::ACMPCA
|
|
951
1113
|
#
|
952
1114
|
class InvalidArgsException < Struct.new(
|
953
1115
|
:message)
|
1116
|
+
SENSITIVE = []
|
954
1117
|
include Aws::Structure
|
955
1118
|
end
|
956
1119
|
|
@@ -964,11 +1127,17 @@ module Aws::ACMPCA
|
|
964
1127
|
#
|
965
1128
|
class InvalidArnException < Struct.new(
|
966
1129
|
:message)
|
1130
|
+
SENSITIVE = []
|
967
1131
|
include Aws::Structure
|
968
1132
|
end
|
969
1133
|
|
970
1134
|
# The token specified in the `NextToken` argument is not valid. Use the
|
971
|
-
# token returned from your previous call to
|
1135
|
+
# token returned from your previous call to
|
1136
|
+
# [ListCertificateAuthorities][1].
|
1137
|
+
#
|
1138
|
+
#
|
1139
|
+
#
|
1140
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
972
1141
|
#
|
973
1142
|
# @!attribute [rw] message
|
974
1143
|
# @return [String]
|
@@ -977,12 +1146,17 @@ module Aws::ACMPCA
|
|
977
1146
|
#
|
978
1147
|
class InvalidNextTokenException < Struct.new(
|
979
1148
|
:message)
|
1149
|
+
SENSITIVE = []
|
980
1150
|
include Aws::Structure
|
981
1151
|
end
|
982
1152
|
|
983
|
-
# The
|
984
|
-
#
|
985
|
-
#
|
1153
|
+
# The resource policy is invalid or is missing a required statement. For
|
1154
|
+
# general information about IAM policy and statement structure, see
|
1155
|
+
# [Overview of JSON Policies][1].
|
1156
|
+
#
|
1157
|
+
#
|
1158
|
+
#
|
1159
|
+
# [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
|
986
1160
|
#
|
987
1161
|
# @!attribute [rw] message
|
988
1162
|
# @return [String]
|
@@ -991,6 +1165,7 @@ module Aws::ACMPCA
|
|
991
1165
|
#
|
992
1166
|
class InvalidPolicyException < Struct.new(
|
993
1167
|
:message)
|
1168
|
+
SENSITIVE = []
|
994
1169
|
include Aws::Structure
|
995
1170
|
end
|
996
1171
|
|
@@ -1003,11 +1178,11 @@ module Aws::ACMPCA
|
|
1003
1178
|
#
|
1004
1179
|
class InvalidRequestException < Struct.new(
|
1005
1180
|
:message)
|
1181
|
+
SENSITIVE = []
|
1006
1182
|
include Aws::Structure
|
1007
1183
|
end
|
1008
1184
|
|
1009
|
-
# The
|
1010
|
-
# cannot be generated.
|
1185
|
+
# The state of the private CA does not allow this action to occur.
|
1011
1186
|
#
|
1012
1187
|
# @!attribute [rw] message
|
1013
1188
|
# @return [String]
|
@@ -1016,6 +1191,7 @@ module Aws::ACMPCA
|
|
1016
1191
|
#
|
1017
1192
|
class InvalidStateException < Struct.new(
|
1018
1193
|
:message)
|
1194
|
+
SENSITIVE = []
|
1019
1195
|
include Aws::Structure
|
1020
1196
|
end
|
1021
1197
|
|
@@ -1029,6 +1205,7 @@ module Aws::ACMPCA
|
|
1029
1205
|
#
|
1030
1206
|
class InvalidTagException < Struct.new(
|
1031
1207
|
:message)
|
1208
|
+
SENSITIVE = []
|
1032
1209
|
include Aws::Structure
|
1033
1210
|
end
|
1034
1211
|
|
@@ -1049,10 +1226,14 @@ module Aws::ACMPCA
|
|
1049
1226
|
#
|
1050
1227
|
# @!attribute [rw] certificate_authority_arn
|
1051
1228
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1052
|
-
# CreateCertificateAuthority. This must be of the form:
|
1229
|
+
# [CreateCertificateAuthority][1]. This must be of the form:
|
1053
1230
|
#
|
1054
1231
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
1055
1232
|
# `
|
1233
|
+
#
|
1234
|
+
#
|
1235
|
+
#
|
1236
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
1056
1237
|
# @return [String]
|
1057
1238
|
#
|
1058
1239
|
# @!attribute [rw] csr
|
@@ -1070,23 +1251,55 @@ module Aws::ACMPCA
|
|
1070
1251
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
|
1071
1252
|
# -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem
|
1072
1253
|
# -out csr/test_cert_.csr`
|
1254
|
+
#
|
1255
|
+
# Note: A CSR must provide either a *subject name* or a *subject
|
1256
|
+
# alternative name* or the request will be rejected.
|
1073
1257
|
# @return [String]
|
1074
1258
|
#
|
1075
1259
|
# @!attribute [rw] signing_algorithm
|
1076
1260
|
# The name of the algorithm that will be used to sign the certificate
|
1077
1261
|
# to be issued.
|
1262
|
+
#
|
1263
|
+
# This parameter should not be confused with the `SigningAlgorithm`
|
1264
|
+
# parameter used to sign a CSR.
|
1078
1265
|
# @return [String]
|
1079
1266
|
#
|
1080
1267
|
# @!attribute [rw] template_arn
|
1081
1268
|
# Specifies a custom configuration template to use when issuing a
|
1082
1269
|
# certificate. If this parameter is not provided, ACM Private CA
|
1083
|
-
# defaults to the `EndEntityCertificate/V1` template.
|
1270
|
+
# defaults to the `EndEntityCertificate/V1` template. For CA
|
1271
|
+
# certificates, you should choose the shortest path length that meets
|
1272
|
+
# your needs. The path length is indicated by the PathLen*N* portion
|
1273
|
+
# of the ARN, where *N* is the [CA depth][1].
|
1274
|
+
#
|
1275
|
+
# Note: The CA depth configured on a subordinate CA certificate must
|
1276
|
+
# not exceed the limit set by its parents in the CA hierarchy.
|
1084
1277
|
#
|
1085
1278
|
# The following service-owned `TemplateArn` values are supported by
|
1086
1279
|
# ACM Private CA:
|
1087
1280
|
#
|
1281
|
+
# * arn:aws:acm-pca:::template/CodeSigningCertificate/V1
|
1282
|
+
#
|
1283
|
+
# * arn:aws:acm-pca:::template/CodeSigningCertificate\_CSRPassthrough/V1
|
1284
|
+
#
|
1088
1285
|
# * arn:aws:acm-pca:::template/EndEntityCertificate/V1
|
1089
1286
|
#
|
1287
|
+
# * arn:aws:acm-pca:::template/EndEntityCertificate\_CSRPassthrough/V1
|
1288
|
+
#
|
1289
|
+
# * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1
|
1290
|
+
#
|
1291
|
+
# * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate\_CSRPassthrough/V1
|
1292
|
+
#
|
1293
|
+
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1
|
1294
|
+
#
|
1295
|
+
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate\_CSRPassthrough/V1
|
1296
|
+
#
|
1297
|
+
# * arn:aws:acm-pca:::template/OCSPSigningCertificate/V1
|
1298
|
+
#
|
1299
|
+
# * arn:aws:acm-pca:::template/OCSPSigningCertificate\_CSRPassthrough/V1
|
1300
|
+
#
|
1301
|
+
# * arn:aws:acm-pca:::template/RootCACertificate/V1
|
1302
|
+
#
|
1090
1303
|
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen0/V1
|
1091
1304
|
#
|
1092
1305
|
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen1/V1
|
@@ -1095,17 +1308,24 @@ module Aws::ACMPCA
|
|
1095
1308
|
#
|
1096
1309
|
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen3/V1
|
1097
1310
|
#
|
1098
|
-
#
|
1099
|
-
#
|
1100
|
-
# For more information, see [Using Templates][1].
|
1311
|
+
# For more information, see [Using Templates][2].
|
1101
1312
|
#
|
1102
1313
|
#
|
1103
1314
|
#
|
1104
|
-
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
1315
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
|
1316
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
1105
1317
|
# @return [String]
|
1106
1318
|
#
|
1107
1319
|
# @!attribute [rw] validity
|
1108
|
-
#
|
1320
|
+
# Information describing the validity period of the certificate.
|
1321
|
+
#
|
1322
|
+
# When issuing a certificate, ACM Private CA sets the "Not Before"
|
1323
|
+
# date in the validity field to date and time minus 60 minutes. This
|
1324
|
+
# is intended to compensate for time inconsistencies across systems of
|
1325
|
+
# 60 minutes or less.
|
1326
|
+
#
|
1327
|
+
# The validity period configured on a certificate must not exceed the
|
1328
|
+
# limit set by its parents in the CA hierarchy.
|
1109
1329
|
# @return [Types::Validity]
|
1110
1330
|
#
|
1111
1331
|
# @!attribute [rw] idempotency_token
|
@@ -1127,6 +1347,7 @@ module Aws::ACMPCA
|
|
1127
1347
|
:template_arn,
|
1128
1348
|
:validity,
|
1129
1349
|
:idempotency_token)
|
1350
|
+
SENSITIVE = []
|
1130
1351
|
include Aws::Structure
|
1131
1352
|
end
|
1132
1353
|
|
@@ -1142,11 +1363,12 @@ module Aws::ACMPCA
|
|
1142
1363
|
#
|
1143
1364
|
class IssueCertificateResponse < Struct.new(
|
1144
1365
|
:certificate_arn)
|
1366
|
+
SENSITIVE = []
|
1145
1367
|
include Aws::Structure
|
1146
1368
|
end
|
1147
1369
|
|
1148
|
-
# An ACM Private CA
|
1149
|
-
# returned to determine the
|
1370
|
+
# An ACM Private CA quota has been exceeded. See the exception message
|
1371
|
+
# returned to determine the quota that was exceeded.
|
1150
1372
|
#
|
1151
1373
|
# @!attribute [rw] message
|
1152
1374
|
# @return [String]
|
@@ -1155,6 +1377,7 @@ module Aws::ACMPCA
|
|
1155
1377
|
#
|
1156
1378
|
class LimitExceededException < Struct.new(
|
1157
1379
|
:message)
|
1380
|
+
SENSITIVE = []
|
1158
1381
|
include Aws::Structure
|
1159
1382
|
end
|
1160
1383
|
|
@@ -1164,6 +1387,7 @@ module Aws::ACMPCA
|
|
1164
1387
|
# {
|
1165
1388
|
# next_token: "NextToken",
|
1166
1389
|
# max_results: 1,
|
1390
|
+
# resource_owner: "SELF", # accepts SELF, OTHER_ACCOUNTS
|
1167
1391
|
# }
|
1168
1392
|
#
|
1169
1393
|
# @!attribute [rw] next_token
|
@@ -1181,11 +1405,18 @@ module Aws::ACMPCA
|
|
1181
1405
|
# value in a subsequent request to retrieve additional items.
|
1182
1406
|
# @return [Integer]
|
1183
1407
|
#
|
1408
|
+
# @!attribute [rw] resource_owner
|
1409
|
+
# Use this parameter to filter the returned set of certificate
|
1410
|
+
# authorities based on their owner. The default is SELF.
|
1411
|
+
# @return [String]
|
1412
|
+
#
|
1184
1413
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthoritiesRequest AWS API Documentation
|
1185
1414
|
#
|
1186
1415
|
class ListCertificateAuthoritiesRequest < Struct.new(
|
1187
1416
|
:next_token,
|
1188
|
-
:max_results
|
1417
|
+
:max_results,
|
1418
|
+
:resource_owner)
|
1419
|
+
SENSITIVE = []
|
1189
1420
|
include Aws::Structure
|
1190
1421
|
end
|
1191
1422
|
|
@@ -1204,6 +1435,7 @@ module Aws::ACMPCA
|
|
1204
1435
|
class ListCertificateAuthoritiesResponse < Struct.new(
|
1205
1436
|
:certificate_authorities,
|
1206
1437
|
:next_token)
|
1438
|
+
SENSITIVE = []
|
1207
1439
|
include Aws::Structure
|
1208
1440
|
end
|
1209
1441
|
|
@@ -1218,11 +1450,15 @@ module Aws::ACMPCA
|
|
1218
1450
|
#
|
1219
1451
|
# @!attribute [rw] certificate_authority_arn
|
1220
1452
|
# The Amazon Resource Number (ARN) of the private CA to inspect. You
|
1221
|
-
# can find the ARN by calling the ListCertificateAuthorities
|
1222
|
-
# This must be of the form:
|
1453
|
+
# can find the ARN by calling the [ListCertificateAuthorities][1]
|
1454
|
+
# action. This must be of the form:
|
1223
1455
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012`
|
1224
1456
|
# You can get a private CA's ARN by running the
|
1225
|
-
# ListCertificateAuthorities action.
|
1457
|
+
# [ListCertificateAuthorities][1] action.
|
1458
|
+
#
|
1459
|
+
#
|
1460
|
+
#
|
1461
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
1226
1462
|
# @return [String]
|
1227
1463
|
#
|
1228
1464
|
# @!attribute [rw] next_token
|
@@ -1245,6 +1481,7 @@ module Aws::ACMPCA
|
|
1245
1481
|
:certificate_authority_arn,
|
1246
1482
|
:next_token,
|
1247
1483
|
:max_results)
|
1484
|
+
SENSITIVE = []
|
1248
1485
|
include Aws::Structure
|
1249
1486
|
end
|
1250
1487
|
|
@@ -1264,6 +1501,7 @@ module Aws::ACMPCA
|
|
1264
1501
|
class ListPermissionsResponse < Struct.new(
|
1265
1502
|
:permissions,
|
1266
1503
|
:next_token)
|
1504
|
+
SENSITIVE = []
|
1267
1505
|
include Aws::Structure
|
1268
1506
|
end
|
1269
1507
|
|
@@ -1278,10 +1516,14 @@ module Aws::ACMPCA
|
|
1278
1516
|
#
|
1279
1517
|
# @!attribute [rw] certificate_authority_arn
|
1280
1518
|
# The Amazon Resource Name (ARN) that was returned when you called the
|
1281
|
-
# CreateCertificateAuthority action. This must be of the form:
|
1519
|
+
# [CreateCertificateAuthority][1] action. This must be of the form:
|
1282
1520
|
#
|
1283
1521
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
1284
1522
|
# `
|
1523
|
+
#
|
1524
|
+
#
|
1525
|
+
#
|
1526
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
1285
1527
|
# @return [String]
|
1286
1528
|
#
|
1287
1529
|
# @!attribute [rw] next_token
|
@@ -1304,6 +1546,7 @@ module Aws::ACMPCA
|
|
1304
1546
|
:certificate_authority_arn,
|
1305
1547
|
:next_token,
|
1306
1548
|
:max_results)
|
1549
|
+
SENSITIVE = []
|
1307
1550
|
include Aws::Structure
|
1308
1551
|
end
|
1309
1552
|
|
@@ -1321,6 +1564,23 @@ module Aws::ACMPCA
|
|
1321
1564
|
class ListTagsResponse < Struct.new(
|
1322
1565
|
:tags,
|
1323
1566
|
:next_token)
|
1567
|
+
SENSITIVE = []
|
1568
|
+
include Aws::Structure
|
1569
|
+
end
|
1570
|
+
|
1571
|
+
# The current action was prevented because it would lock the caller out
|
1572
|
+
# from performing subsequent actions. Verify that the specified
|
1573
|
+
# parameters would not result in the caller being denied access to the
|
1574
|
+
# resource.
|
1575
|
+
#
|
1576
|
+
# @!attribute [rw] message
|
1577
|
+
# @return [String]
|
1578
|
+
#
|
1579
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/LockoutPreventedException AWS API Documentation
|
1580
|
+
#
|
1581
|
+
class LockoutPreventedException < Struct.new(
|
1582
|
+
:message)
|
1583
|
+
SENSITIVE = []
|
1324
1584
|
include Aws::Structure
|
1325
1585
|
end
|
1326
1586
|
|
@@ -1333,6 +1593,7 @@ module Aws::ACMPCA
|
|
1333
1593
|
#
|
1334
1594
|
class MalformedCSRException < Struct.new(
|
1335
1595
|
:message)
|
1596
|
+
SENSITIVE = []
|
1336
1597
|
include Aws::Structure
|
1337
1598
|
end
|
1338
1599
|
|
@@ -1345,6 +1606,7 @@ module Aws::ACMPCA
|
|
1345
1606
|
#
|
1346
1607
|
class MalformedCertificateException < Struct.new(
|
1347
1608
|
:message)
|
1609
|
+
SENSITIVE = []
|
1348
1610
|
include Aws::Structure
|
1349
1611
|
end
|
1350
1612
|
|
@@ -1353,8 +1615,14 @@ module Aws::ACMPCA
|
|
1353
1615
|
# certificates, you must give the ACM service principal all available
|
1354
1616
|
# permissions (`IssueCertificate`, `GetCertificate`, and
|
1355
1617
|
# `ListPermissions`). Permissions can be assigned with the
|
1356
|
-
# CreatePermission action, removed with the DeletePermission
|
1357
|
-
# listed with the ListPermissions action.
|
1618
|
+
# [CreatePermission][1] action, removed with the [DeletePermission][2]
|
1619
|
+
# action, and listed with the [ListPermissions][3] action.
|
1620
|
+
#
|
1621
|
+
#
|
1622
|
+
#
|
1623
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
|
1624
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
|
1625
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
|
1358
1626
|
#
|
1359
1627
|
# @!attribute [rw] certificate_authority_arn
|
1360
1628
|
# The Amazon Resource Number (ARN) of the private CA from which the
|
@@ -1392,6 +1660,7 @@ module Aws::ACMPCA
|
|
1392
1660
|
:source_account,
|
1393
1661
|
:actions,
|
1394
1662
|
:policy)
|
1663
|
+
SENSITIVE = []
|
1395
1664
|
include Aws::Structure
|
1396
1665
|
end
|
1397
1666
|
|
@@ -1404,6 +1673,49 @@ module Aws::ACMPCA
|
|
1404
1673
|
#
|
1405
1674
|
class PermissionAlreadyExistsException < Struct.new(
|
1406
1675
|
:message)
|
1676
|
+
SENSITIVE = []
|
1677
|
+
include Aws::Structure
|
1678
|
+
end
|
1679
|
+
|
1680
|
+
# @note When making an API call, you may pass PutPolicyRequest
|
1681
|
+
# data as a hash:
|
1682
|
+
#
|
1683
|
+
# {
|
1684
|
+
# resource_arn: "Arn", # required
|
1685
|
+
# policy: "AWSPolicy", # required
|
1686
|
+
# }
|
1687
|
+
#
|
1688
|
+
# @!attribute [rw] resource_arn
|
1689
|
+
# The Amazon Resource Number (ARN) of the private CA to associate with
|
1690
|
+
# the policy. The ARN of the CA can be found by calling the
|
1691
|
+
# [ListCertificateAuthorities][1] action.
|
1692
|
+
#
|
1693
|
+
#
|
1694
|
+
#
|
1695
|
+
#
|
1696
|
+
#
|
1697
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
1698
|
+
# @return [String]
|
1699
|
+
#
|
1700
|
+
# @!attribute [rw] policy
|
1701
|
+
# The path and filename of a JSON-formatted IAM policy to attach to
|
1702
|
+
# the specified private CA resource. If this policy does not contain
|
1703
|
+
# all required statements or if it includes any statement that is not
|
1704
|
+
# allowed, the `PutPolicy` action returns an `InvalidPolicyException`.
|
1705
|
+
# For information about IAM policy and statement structure, see
|
1706
|
+
# [Overview of JSON Policies][1].
|
1707
|
+
#
|
1708
|
+
#
|
1709
|
+
#
|
1710
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
|
1711
|
+
# @return [String]
|
1712
|
+
#
|
1713
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicyRequest AWS API Documentation
|
1714
|
+
#
|
1715
|
+
class PutPolicyRequest < Struct.new(
|
1716
|
+
:resource_arn,
|
1717
|
+
:policy)
|
1718
|
+
SENSITIVE = []
|
1407
1719
|
include Aws::Structure
|
1408
1720
|
end
|
1409
1721
|
|
@@ -1416,6 +1728,7 @@ module Aws::ACMPCA
|
|
1416
1728
|
#
|
1417
1729
|
class RequestAlreadyProcessedException < Struct.new(
|
1418
1730
|
:message)
|
1731
|
+
SENSITIVE = []
|
1419
1732
|
include Aws::Structure
|
1420
1733
|
end
|
1421
1734
|
|
@@ -1428,6 +1741,7 @@ module Aws::ACMPCA
|
|
1428
1741
|
#
|
1429
1742
|
class RequestFailedException < Struct.new(
|
1430
1743
|
:message)
|
1744
|
+
SENSITIVE = []
|
1431
1745
|
include Aws::Structure
|
1432
1746
|
end
|
1433
1747
|
|
@@ -1440,11 +1754,12 @@ module Aws::ACMPCA
|
|
1440
1754
|
#
|
1441
1755
|
class RequestInProgressException < Struct.new(
|
1442
1756
|
:message)
|
1757
|
+
SENSITIVE = []
|
1443
1758
|
include Aws::Structure
|
1444
1759
|
end
|
1445
1760
|
|
1446
|
-
# A resource such as a private CA, S3 bucket, certificate,
|
1447
|
-
#
|
1761
|
+
# A resource such as a private CA, S3 bucket, certificate, audit report,
|
1762
|
+
# or policy cannot be found.
|
1448
1763
|
#
|
1449
1764
|
# @!attribute [rw] message
|
1450
1765
|
# @return [String]
|
@@ -1453,6 +1768,7 @@ module Aws::ACMPCA
|
|
1453
1768
|
#
|
1454
1769
|
class ResourceNotFoundException < Struct.new(
|
1455
1770
|
:message)
|
1771
|
+
SENSITIVE = []
|
1456
1772
|
include Aws::Structure
|
1457
1773
|
end
|
1458
1774
|
|
@@ -1465,25 +1781,36 @@ module Aws::ACMPCA
|
|
1465
1781
|
#
|
1466
1782
|
# @!attribute [rw] certificate_authority_arn
|
1467
1783
|
# The Amazon Resource Name (ARN) that was returned when you called the
|
1468
|
-
# CreateCertificateAuthority action. This must be of the form:
|
1784
|
+
# [CreateCertificateAuthority][1] action. This must be of the form:
|
1469
1785
|
#
|
1470
1786
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
1471
1787
|
# `
|
1788
|
+
#
|
1789
|
+
#
|
1790
|
+
#
|
1791
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
1472
1792
|
# @return [String]
|
1473
1793
|
#
|
1474
1794
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthorityRequest AWS API Documentation
|
1475
1795
|
#
|
1476
1796
|
class RestoreCertificateAuthorityRequest < Struct.new(
|
1477
1797
|
:certificate_authority_arn)
|
1798
|
+
SENSITIVE = []
|
1478
1799
|
include Aws::Structure
|
1479
1800
|
end
|
1480
1801
|
|
1481
1802
|
# Certificate revocation information used by the
|
1482
|
-
# CreateCertificateAuthority and UpdateCertificateAuthority
|
1483
|
-
# Your private certificate authority (CA) can create and
|
1484
|
-
# certificate revocation list (CRL). A CRL contains
|
1485
|
-
# certificates revoked by your CA. For more
|
1486
|
-
# RevokeCertificate.
|
1803
|
+
# [CreateCertificateAuthority][1] and [UpdateCertificateAuthority][2]
|
1804
|
+
# actions. Your private certificate authority (CA) can create and
|
1805
|
+
# maintain a certificate revocation list (CRL). A CRL contains
|
1806
|
+
# information about certificates revoked by your CA. For more
|
1807
|
+
# information, see [RevokeCertificate][3].
|
1808
|
+
#
|
1809
|
+
#
|
1810
|
+
#
|
1811
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
1812
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
|
1813
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
|
1487
1814
|
#
|
1488
1815
|
# @note When making an API call, you may pass RevocationConfiguration
|
1489
1816
|
# data as a hash:
|
@@ -1506,6 +1833,7 @@ module Aws::ACMPCA
|
|
1506
1833
|
#
|
1507
1834
|
class RevocationConfiguration < Struct.new(
|
1508
1835
|
:crl_configuration)
|
1836
|
+
SENSITIVE = []
|
1509
1837
|
include Aws::Structure
|
1510
1838
|
end
|
1511
1839
|
|
@@ -1529,7 +1857,7 @@ module Aws::ACMPCA
|
|
1529
1857
|
# @!attribute [rw] certificate_serial
|
1530
1858
|
# Serial number of the certificate to be revoked. This must be in
|
1531
1859
|
# hexadecimal format. You can retrieve the serial number by calling
|
1532
|
-
# GetCertificate with the Amazon Resource Name (ARN) of the
|
1860
|
+
# [GetCertificate][1] with the Amazon Resource Name (ARN) of the
|
1533
1861
|
# certificate you want and the ARN of your private CA. The
|
1534
1862
|
# **GetCertificate** action retrieves the certificate in the PEM
|
1535
1863
|
# format. You can use the following OpenSSL command to list the
|
@@ -1538,12 +1866,13 @@ module Aws::ACMPCA
|
|
1538
1866
|
# `openssl x509 -in file_path -text -noout`
|
1539
1867
|
#
|
1540
1868
|
# You can also copy the serial number from the console or use the
|
1541
|
-
# [DescribeCertificate][
|
1869
|
+
# [DescribeCertificate][2] action in the *AWS Certificate Manager API
|
1542
1870
|
# Reference*.
|
1543
1871
|
#
|
1544
1872
|
#
|
1545
1873
|
#
|
1546
|
-
# [1]: https://docs.aws.amazon.com/acm/latest/APIReference/
|
1874
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
|
1875
|
+
# [2]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
|
1547
1876
|
# @return [String]
|
1548
1877
|
#
|
1549
1878
|
# @!attribute [rw] revocation_reason
|
@@ -1556,14 +1885,20 @@ module Aws::ACMPCA
|
|
1556
1885
|
:certificate_authority_arn,
|
1557
1886
|
:certificate_serial,
|
1558
1887
|
:revocation_reason)
|
1888
|
+
SENSITIVE = []
|
1559
1889
|
include Aws::Structure
|
1560
1890
|
end
|
1561
1891
|
|
1562
1892
|
# Tags are labels that you can use to identify and organize your private
|
1563
1893
|
# CAs. Each tag consists of a key and an optional value. You can
|
1564
1894
|
# associate up to 50 tags with a private CA. To add one or more tags to
|
1565
|
-
# a private CA, call the TagCertificateAuthority action. To remove
|
1566
|
-
# tag, call the UntagCertificateAuthority action.
|
1895
|
+
# a private CA, call the [TagCertificateAuthority][1] action. To remove
|
1896
|
+
# a tag, call the [UntagCertificateAuthority][2] action.
|
1897
|
+
#
|
1898
|
+
#
|
1899
|
+
#
|
1900
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
|
1901
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
|
1567
1902
|
#
|
1568
1903
|
# @note When making an API call, you may pass Tag
|
1569
1904
|
# data as a hash:
|
@@ -1586,6 +1921,7 @@ module Aws::ACMPCA
|
|
1586
1921
|
class Tag < Struct.new(
|
1587
1922
|
:key,
|
1588
1923
|
:value)
|
1924
|
+
SENSITIVE = []
|
1589
1925
|
include Aws::Structure
|
1590
1926
|
end
|
1591
1927
|
|
@@ -1604,10 +1940,14 @@ module Aws::ACMPCA
|
|
1604
1940
|
#
|
1605
1941
|
# @!attribute [rw] certificate_authority_arn
|
1606
1942
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1607
|
-
# CreateCertificateAuthority. This must be of the form:
|
1943
|
+
# [CreateCertificateAuthority][1]. This must be of the form:
|
1608
1944
|
#
|
1609
1945
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
1610
1946
|
# `
|
1947
|
+
#
|
1948
|
+
#
|
1949
|
+
#
|
1950
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
1611
1951
|
# @return [String]
|
1612
1952
|
#
|
1613
1953
|
# @!attribute [rw] tags
|
@@ -1619,6 +1959,7 @@ module Aws::ACMPCA
|
|
1619
1959
|
class TagCertificateAuthorityRequest < Struct.new(
|
1620
1960
|
:certificate_authority_arn,
|
1621
1961
|
:tags)
|
1962
|
+
SENSITIVE = []
|
1622
1963
|
include Aws::Structure
|
1623
1964
|
end
|
1624
1965
|
|
@@ -1632,6 +1973,7 @@ module Aws::ACMPCA
|
|
1632
1973
|
#
|
1633
1974
|
class TooManyTagsException < Struct.new(
|
1634
1975
|
:message)
|
1976
|
+
SENSITIVE = []
|
1635
1977
|
include Aws::Structure
|
1636
1978
|
end
|
1637
1979
|
|
@@ -1650,10 +1992,14 @@ module Aws::ACMPCA
|
|
1650
1992
|
#
|
1651
1993
|
# @!attribute [rw] certificate_authority_arn
|
1652
1994
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1653
|
-
# CreateCertificateAuthority. This must be of the form:
|
1995
|
+
# [CreateCertificateAuthority][1]. This must be of the form:
|
1654
1996
|
#
|
1655
1997
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
1656
1998
|
# `
|
1999
|
+
#
|
2000
|
+
#
|
2001
|
+
#
|
2002
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
1657
2003
|
# @return [String]
|
1658
2004
|
#
|
1659
2005
|
# @!attribute [rw] tags
|
@@ -1665,6 +2011,7 @@ module Aws::ACMPCA
|
|
1665
2011
|
class UntagCertificateAuthorityRequest < Struct.new(
|
1666
2012
|
:certificate_authority_arn,
|
1667
2013
|
:tags)
|
2014
|
+
SENSITIVE = []
|
1668
2015
|
include Aws::Structure
|
1669
2016
|
end
|
1670
2017
|
|
@@ -1706,13 +2053,23 @@ module Aws::ACMPCA
|
|
1706
2053
|
:certificate_authority_arn,
|
1707
2054
|
:revocation_configuration,
|
1708
2055
|
:status)
|
2056
|
+
SENSITIVE = []
|
1709
2057
|
include Aws::Structure
|
1710
2058
|
end
|
1711
2059
|
|
1712
|
-
#
|
1713
|
-
#
|
1714
|
-
#
|
1715
|
-
#
|
2060
|
+
# Validity specifies the period of time during which a certificate is
|
2061
|
+
# valid. Validity can be expressed as an explicit date and time when the
|
2062
|
+
# certificate expires, or as a span of time after issuance, stated in
|
2063
|
+
# days, months, or years. For more information, see [Validity][1] in RFC
|
2064
|
+
# 5280.
|
2065
|
+
#
|
2066
|
+
# You can issue a certificate by calling the [IssueCertificate][2]
|
2067
|
+
# action.
|
2068
|
+
#
|
2069
|
+
#
|
2070
|
+
#
|
2071
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
2072
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
|
1716
2073
|
#
|
1717
2074
|
# @note When making an API call, you may pass Validity
|
1718
2075
|
# data as a hash:
|
@@ -1723,12 +2080,42 @@ module Aws::ACMPCA
|
|
1723
2080
|
# }
|
1724
2081
|
#
|
1725
2082
|
# @!attribute [rw] value
|
1726
|
-
#
|
2083
|
+
# A long integer interpreted according to the value of `Type`, below.
|
1727
2084
|
# @return [Integer]
|
1728
2085
|
#
|
1729
2086
|
# @!attribute [rw] type
|
1730
|
-
#
|
1731
|
-
#
|
2087
|
+
# Determines how *ACM Private CA* interprets the `Value` parameter, an
|
2088
|
+
# integer. Supported validity types include those listed below. Type
|
2089
|
+
# definitions with values include a sample input value and the
|
2090
|
+
# resulting output.
|
2091
|
+
#
|
2092
|
+
# `END_DATE`\: The specific date and time when the certificate will
|
2093
|
+
# expire, expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime
|
2094
|
+
# (YYYYMMDDHHMMSS) format. When UTCTime is used, if the year field
|
2095
|
+
# (YY) is greater than or equal to 50, the year is interpreted as
|
2096
|
+
# 19YY. If the year field is less than 50, the year is interpreted as
|
2097
|
+
# 20YY.
|
2098
|
+
#
|
2099
|
+
# * Sample input value: 491231235959 (UTCTime format)
|
2100
|
+
#
|
2101
|
+
# * Output expiration date/time: 12/31/2049 23:59:59
|
2102
|
+
#
|
2103
|
+
# `ABSOLUTE`\: The specific date and time when the certificate will
|
2104
|
+
# expire, expressed in seconds since the Unix Epoch.
|
2105
|
+
#
|
2106
|
+
# * Sample input value: 2524608000
|
2107
|
+
#
|
2108
|
+
# * Output expiration date/time: 01/01/2050 00:00:00
|
2109
|
+
#
|
2110
|
+
# `DAYS`, `MONTHS`, `YEARS`\: The relative time from the moment of
|
2111
|
+
# issuance until the certificate will expire, expressed in days,
|
2112
|
+
# months, or years.
|
2113
|
+
#
|
2114
|
+
# Example if `DAYS`, issued on 10/12/2020 at 12:34:54 UTC:
|
2115
|
+
#
|
2116
|
+
# * Sample input value: 90
|
2117
|
+
#
|
2118
|
+
# * Output expiration date: 01/10/2020 12:34:54 UTC
|
1732
2119
|
# @return [String]
|
1733
2120
|
#
|
1734
2121
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Validity AWS API Documentation
|
@@ -1736,6 +2123,7 @@ module Aws::ACMPCA
|
|
1736
2123
|
class Validity < Struct.new(
|
1737
2124
|
:value,
|
1738
2125
|
:type)
|
2126
|
+
SENSITIVE = []
|
1739
2127
|
include Aws::Structure
|
1740
2128
|
end
|
1741
2129
|
|