aws-sdk-acmpca 1.39.0 → 1.43.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-acmpca/client.rb +53 -19
- data/lib/aws-sdk-acmpca/client_api.rb +6 -0
- data/lib/aws-sdk-acmpca/types.rb +113 -18
- data/lib/aws-sdk-acmpca.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a2158c06d62bec565b12f966fa487aa40f321f33ce4010d64a330185953d2c8f
|
4
|
+
data.tar.gz: 5294ae33fdd33144b2984f3483be951575e4b65b7910dbc29f75dfe1f69f5a32
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f33766c2771a453c311b6a3c3c4edbf9d087a242c2dc265db7de4fd05195dad0b4755ffc6737156f0cc12efc9dd600c56583518d3b5f3e47f3536e7ca682cf0
|
7
|
+
data.tar.gz: 4e81c7f5c107096f3afefdf71599b838c74e6c42ab94a6a8f38fa35727f2bdb63c9e7661ff6161cb1a7d6c3b1485bd21332fcf9146327688c5349fb0d48f92e1
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.43.0 (2021-11-30)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.42.0 (2021-11-04)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.41.0 (2021-10-18)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
19
|
+
1.40.0 (2021-09-02)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Private Certificate Authority Service now allows customers to enable an online certificate status protocol (OCSP) responder service on their private certificate authorities. Customers can also optionally configure a custom CNAME for their OCSP responder.
|
23
|
+
|
4
24
|
1.39.0 (2021-09-01)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.43.0
|
@@ -119,7 +119,9 @@ module Aws::ACMPCA
|
|
119
119
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
120
|
# are very aggressive. Construct and pass an instance of
|
121
121
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
-
# enable retries and extended timeouts.
|
122
|
+
# enable retries and extended timeouts. Instance profile credential
|
123
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
124
|
+
# to true.
|
123
125
|
#
|
124
126
|
# @option options [required, String] :region
|
125
127
|
# The AWS region to connect to. The configured `:region` is
|
@@ -285,6 +287,15 @@ module Aws::ACMPCA
|
|
285
287
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
286
288
|
# requests are made, and retries are disabled.
|
287
289
|
#
|
290
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
291
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
292
|
+
# will be used if available.
|
293
|
+
#
|
294
|
+
# @option options [Boolean] :use_fips_endpoint
|
295
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
296
|
+
# When a `fips` region is used, the region is normalized and this config
|
297
|
+
# is set to `true`.
|
298
|
+
#
|
288
299
|
# @option options [Boolean] :validate_params (true)
|
289
300
|
# When `true`, request parameters are validated before
|
290
301
|
# sending the request.
|
@@ -338,17 +349,19 @@ module Aws::ACMPCA
|
|
338
349
|
# @!group API Operations
|
339
350
|
|
340
351
|
# Creates a root or subordinate private certificate authority (CA). You
|
341
|
-
# must specify the CA configuration,
|
342
|
-
#
|
343
|
-
#
|
352
|
+
# must specify the CA configuration, an optional configuration for
|
353
|
+
# Online Certificate Status Protocol (OCSP) and/or a certificate
|
354
|
+
# revocation list (CRL), the CA type, and an optional idempotency token
|
355
|
+
# to avoid accidental creation of multiple CAs. The CA configuration
|
344
356
|
# specifies the name of the algorithm and key size to be used to create
|
345
357
|
# the CA private key, the type of signing algorithm that the CA uses,
|
346
|
-
# and X.500 subject information. The
|
347
|
-
#
|
348
|
-
#
|
349
|
-
#
|
350
|
-
#
|
351
|
-
# CA.
|
358
|
+
# and X.500 subject information. The OCSP configuration can optionally
|
359
|
+
# specify a custom URL for the OCSP responder. The CRL configuration
|
360
|
+
# specifies the CRL expiration period in days (the validity period of
|
361
|
+
# the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME
|
362
|
+
# alias for the S3 bucket that is included in certificates issued by the
|
363
|
+
# CA. If successful, this action returns the Amazon Resource Name (ARN)
|
364
|
+
# of the CA.
|
352
365
|
#
|
353
366
|
# ACM Private CA assets that are stored in Amazon S3 can be protected
|
354
367
|
# with encryption. For more information, see [Encrypting Your CRLs][1].
|
@@ -370,16 +383,16 @@ module Aws::ACMPCA
|
|
370
383
|
# signing algorithm, and X.500 certificate subject information.
|
371
384
|
#
|
372
385
|
# @option params [Types::RevocationConfiguration] :revocation_configuration
|
373
|
-
# Contains
|
374
|
-
#
|
375
|
-
#
|
376
|
-
#
|
377
|
-
#
|
378
|
-
# the [CrlConfiguration][1] structure.
|
386
|
+
# Contains information to enable Online Certificate Status Protocol
|
387
|
+
# (OCSP) support, to enable a certificate revocation list (CRL), to
|
388
|
+
# enable both, or to enable neither. The default is for both certificate
|
389
|
+
# validation mechanisms to be disabled. For more information, see the
|
390
|
+
# [OcspConfiguration][1] and [CrlConfiguration][2] types.
|
379
391
|
#
|
380
392
|
#
|
381
393
|
#
|
382
|
-
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/
|
394
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
|
395
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
|
383
396
|
#
|
384
397
|
# @option params [required, String] :certificate_authority_type
|
385
398
|
# The type of the certificate authority.
|
@@ -505,6 +518,10 @@ module Aws::ACMPCA
|
|
505
518
|
# s3_bucket_name: "String3To255",
|
506
519
|
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
507
520
|
# },
|
521
|
+
# ocsp_configuration: {
|
522
|
+
# enabled: false, # required
|
523
|
+
# ocsp_custom_cname: "String253",
|
524
|
+
# },
|
508
525
|
# },
|
509
526
|
# certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
|
510
527
|
# idempotency_token: "IdempotencyToken",
|
@@ -999,6 +1016,8 @@ module Aws::ACMPCA
|
|
999
1016
|
# resp.certificate_authority.revocation_configuration.crl_configuration.custom_cname #=> String
|
1000
1017
|
# resp.certificate_authority.revocation_configuration.crl_configuration.s3_bucket_name #=> String
|
1001
1018
|
# resp.certificate_authority.revocation_configuration.crl_configuration.s3_object_acl #=> String, one of "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL"
|
1019
|
+
# resp.certificate_authority.revocation_configuration.ocsp_configuration.enabled #=> Boolean
|
1020
|
+
# resp.certificate_authority.revocation_configuration.ocsp_configuration.ocsp_custom_cname #=> String
|
1002
1021
|
# resp.certificate_authority.restorable_until #=> Time
|
1003
1022
|
# resp.certificate_authority.key_storage_security_standard #=> String, one of "FIPS_140_2_LEVEL_2_OR_HIGHER", "FIPS_140_2_LEVEL_3_OR_HIGHER"
|
1004
1023
|
#
|
@@ -1805,6 +1824,8 @@ module Aws::ACMPCA
|
|
1805
1824
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.custom_cname #=> String
|
1806
1825
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_bucket_name #=> String
|
1807
1826
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_object_acl #=> String, one of "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL"
|
1827
|
+
# resp.certificate_authorities[0].revocation_configuration.ocsp_configuration.enabled #=> Boolean
|
1828
|
+
# resp.certificate_authorities[0].revocation_configuration.ocsp_configuration.ocsp_custom_cname #=> String
|
1808
1829
|
# resp.certificate_authorities[0].restorable_until #=> Time
|
1809
1830
|
# resp.certificate_authorities[0].key_storage_security_standard #=> String, one of "FIPS_140_2_LEVEL_2_OR_HIGHER", "FIPS_140_2_LEVEL_3_OR_HIGHER"
|
1810
1831
|
# resp.next_token #=> String
|
@@ -2316,7 +2337,16 @@ module Aws::ACMPCA
|
|
2316
2337
|
# `
|
2317
2338
|
#
|
2318
2339
|
# @option params [Types::RevocationConfiguration] :revocation_configuration
|
2319
|
-
#
|
2340
|
+
# Contains information to enable Online Certificate Status Protocol
|
2341
|
+
# (OCSP) support, to enable a certificate revocation list (CRL), to
|
2342
|
+
# enable both, or to enable neither. If this parameter is not supplied,
|
2343
|
+
# existing capibilites remain unchanged. For more information, see the
|
2344
|
+
# [OcspConfiguration][1] and [CrlConfiguration][2] types.
|
2345
|
+
#
|
2346
|
+
#
|
2347
|
+
#
|
2348
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
|
2349
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
|
2320
2350
|
#
|
2321
2351
|
# @option params [String] :status
|
2322
2352
|
# Status of your private CA.
|
@@ -2335,6 +2365,10 @@ module Aws::ACMPCA
|
|
2335
2365
|
# s3_bucket_name: "String3To255",
|
2336
2366
|
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
2337
2367
|
# },
|
2368
|
+
# ocsp_configuration: {
|
2369
|
+
# enabled: false, # required
|
2370
|
+
# ocsp_custom_cname: "String253",
|
2371
|
+
# },
|
2338
2372
|
# },
|
2339
2373
|
# status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
|
2340
2374
|
# })
|
@@ -2361,7 +2395,7 @@ module Aws::ACMPCA
|
|
2361
2395
|
params: params,
|
2362
2396
|
config: config)
|
2363
2397
|
context[:gem_name] = 'aws-sdk-acmpca'
|
2364
|
-
context[:gem_version] = '1.
|
2398
|
+
context[:gem_version] = '1.43.0'
|
2365
2399
|
Seahorse::Client::Request.new(handlers, context)
|
2366
2400
|
end
|
2367
2401
|
|
@@ -102,6 +102,7 @@ module Aws::ACMPCA
|
|
102
102
|
MalformedCertificateException = Shapes::StructureShape.new(name: 'MalformedCertificateException')
|
103
103
|
MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
|
104
104
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
105
|
+
OcspConfiguration = Shapes::StructureShape.new(name: 'OcspConfiguration')
|
105
106
|
OtherName = Shapes::StructureShape.new(name: 'OtherName')
|
106
107
|
PermanentDeletionTimeInDays = Shapes::IntegerShape.new(name: 'PermanentDeletionTimeInDays')
|
107
108
|
Permission = Shapes::StructureShape.new(name: 'Permission')
|
@@ -424,6 +425,10 @@ module Aws::ACMPCA
|
|
424
425
|
MalformedCertificateException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
425
426
|
MalformedCertificateException.struct_class = Types::MalformedCertificateException
|
426
427
|
|
428
|
+
OcspConfiguration.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "Enabled", metadata: {"box"=>true}))
|
429
|
+
OcspConfiguration.add_member(:ocsp_custom_cname, Shapes::ShapeRef.new(shape: String253, location_name: "OcspCustomCname"))
|
430
|
+
OcspConfiguration.struct_class = Types::OcspConfiguration
|
431
|
+
|
427
432
|
OtherName.add_member(:type_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "TypeId"))
|
428
433
|
OtherName.add_member(:value, Shapes::ShapeRef.new(shape: String256, required: true, location_name: "Value"))
|
429
434
|
OtherName.struct_class = Types::OtherName
|
@@ -474,6 +479,7 @@ module Aws::ACMPCA
|
|
474
479
|
RestoreCertificateAuthorityRequest.struct_class = Types::RestoreCertificateAuthorityRequest
|
475
480
|
|
476
481
|
RevocationConfiguration.add_member(:crl_configuration, Shapes::ShapeRef.new(shape: CrlConfiguration, location_name: "CrlConfiguration"))
|
482
|
+
RevocationConfiguration.add_member(:ocsp_configuration, Shapes::ShapeRef.new(shape: OcspConfiguration, location_name: "OcspConfiguration"))
|
477
483
|
RevocationConfiguration.struct_class = Types::RevocationConfiguration
|
478
484
|
|
479
485
|
RevokeCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -418,7 +418,8 @@ module Aws::ACMPCA
|
|
418
418
|
# @return [Types::CertificateAuthorityConfiguration]
|
419
419
|
#
|
420
420
|
# @!attribute [rw] revocation_configuration
|
421
|
-
# Information about the
|
421
|
+
# Information about the Online Certificate Status Protocol (OCSP)
|
422
|
+
# configuration or certificate revocation list (CRL) created and
|
422
423
|
# maintained by your private CA.
|
423
424
|
# @return [Types::RevocationConfiguration]
|
424
425
|
#
|
@@ -756,6 +757,10 @@ module Aws::ACMPCA
|
|
756
757
|
# s3_bucket_name: "String3To255",
|
757
758
|
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
758
759
|
# },
|
760
|
+
# ocsp_configuration: {
|
761
|
+
# enabled: false, # required
|
762
|
+
# ocsp_custom_cname: "String253",
|
763
|
+
# },
|
759
764
|
# },
|
760
765
|
# certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
|
761
766
|
# idempotency_token: "IdempotencyToken",
|
@@ -774,16 +779,17 @@ module Aws::ACMPCA
|
|
774
779
|
# @return [Types::CertificateAuthorityConfiguration]
|
775
780
|
#
|
776
781
|
# @!attribute [rw] revocation_configuration
|
777
|
-
# Contains
|
778
|
-
#
|
779
|
-
#
|
780
|
-
#
|
781
|
-
#
|
782
|
-
#
|
782
|
+
# Contains information to enable Online Certificate Status Protocol
|
783
|
+
# (OCSP) support, to enable a certificate revocation list (CRL), to
|
784
|
+
# enable both, or to enable neither. The default is for both
|
785
|
+
# certificate validation mechanisms to be disabled. For more
|
786
|
+
# information, see the [OcspConfiguration][1] and
|
787
|
+
# [CrlConfiguration][2] types.
|
783
788
|
#
|
784
789
|
#
|
785
790
|
#
|
786
|
-
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/
|
791
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
|
792
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
|
787
793
|
# @return [Types::RevocationConfiguration]
|
788
794
|
#
|
789
795
|
# @!attribute [rw] certificate_authority_type
|
@@ -927,6 +933,10 @@ module Aws::ACMPCA
|
|
927
933
|
# generated and in the next audit report. Only time valid certificates
|
928
934
|
# are listed in the CRL. Expired certificates are not included.
|
929
935
|
#
|
936
|
+
# A CRL is typically updated approximately 30 minutes after a
|
937
|
+
# certificate is revoked. If for any reason a CRL update fails, ACM
|
938
|
+
# Private CA makes further attempts every 15 minutes.
|
939
|
+
#
|
930
940
|
# CRLs contain the following fields:
|
931
941
|
#
|
932
942
|
# * **Version**\: The current version number defined in RFC 5280 is V2.
|
@@ -974,9 +984,14 @@ module Aws::ACMPCA
|
|
974
984
|
#
|
975
985
|
# `openssl crl -inform DER -text -in crl_path -noout`
|
976
986
|
#
|
987
|
+
# For more information, see [Planning a certificate revocation list
|
988
|
+
# (CRL)][2] in the *AWS Certificate Manager Private Certificate
|
989
|
+
# Authority (PCA) User Guide*
|
990
|
+
#
|
977
991
|
#
|
978
992
|
#
|
979
993
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
|
994
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html
|
980
995
|
#
|
981
996
|
# @note When making an API call, you may pass CrlConfiguration
|
982
997
|
# data as a hash:
|
@@ -1018,9 +1033,9 @@ module Aws::ACMPCA
|
|
1018
1033
|
# value for the **CustomCname** argument, the name of your S3 bucket
|
1019
1034
|
# is placed into the **CRL Distribution Points** extension of the
|
1020
1035
|
# issued certificate. You can change the name of your bucket by
|
1021
|
-
# calling the [UpdateCertificateAuthority][1]
|
1022
|
-
# a [bucket policy][2] that allows ACM Private CA to write the
|
1023
|
-
# your bucket.
|
1036
|
+
# calling the [UpdateCertificateAuthority][1] operation. You must
|
1037
|
+
# specify a [bucket policy][2] that allows ACM Private CA to write the
|
1038
|
+
# CRL to your bucket.
|
1024
1039
|
#
|
1025
1040
|
#
|
1026
1041
|
#
|
@@ -2553,6 +2568,52 @@ module Aws::ACMPCA
|
|
2553
2568
|
include Aws::Structure
|
2554
2569
|
end
|
2555
2570
|
|
2571
|
+
# Contains information to enable and configure Online Certificate Status
|
2572
|
+
# Protocol (OCSP) for validating certificate revocation status.
|
2573
|
+
#
|
2574
|
+
# When you revoke a certificate, OCSP responses may take up to 60
|
2575
|
+
# minutes to reflect the new status.
|
2576
|
+
#
|
2577
|
+
# @note When making an API call, you may pass OcspConfiguration
|
2578
|
+
# data as a hash:
|
2579
|
+
#
|
2580
|
+
# {
|
2581
|
+
# enabled: false, # required
|
2582
|
+
# ocsp_custom_cname: "String253",
|
2583
|
+
# }
|
2584
|
+
#
|
2585
|
+
# @!attribute [rw] enabled
|
2586
|
+
# Flag enabling use of the Online Certificate Status Protocol (OCSP)
|
2587
|
+
# for validating certificate revocation status.
|
2588
|
+
# @return [Boolean]
|
2589
|
+
#
|
2590
|
+
# @!attribute [rw] ocsp_custom_cname
|
2591
|
+
# By default, ACM Private CA injects an AWS domain into certificates
|
2592
|
+
# being validated by the Online Certificate Status Protocol (OCSP). A
|
2593
|
+
# customer can alternatively use this object to define a CNAME
|
2594
|
+
# specifying a customized OCSP domain.
|
2595
|
+
#
|
2596
|
+
# Note: The value of the CNAME must not include a protocol prefix such
|
2597
|
+
# as "http://" or "https://".
|
2598
|
+
#
|
2599
|
+
# For more information, see [Customizing Online Certificate Status
|
2600
|
+
# Protocol (OCSP) ][1] in the *AWS Certificate Manager Private
|
2601
|
+
# Certificate Authority (PCA) User Guide*.
|
2602
|
+
#
|
2603
|
+
#
|
2604
|
+
#
|
2605
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/ocsp-customize.html
|
2606
|
+
# @return [String]
|
2607
|
+
#
|
2608
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/OcspConfiguration AWS API Documentation
|
2609
|
+
#
|
2610
|
+
class OcspConfiguration < Struct.new(
|
2611
|
+
:enabled,
|
2612
|
+
:ocsp_custom_cname)
|
2613
|
+
SENSITIVE = []
|
2614
|
+
include Aws::Structure
|
2615
|
+
end
|
2616
|
+
|
2556
2617
|
# Defines a custom ASN.1 X.400 `GeneralName` using an object identifier
|
2557
2618
|
# (OID) and value. The OID must satisfy the regular expression shown
|
2558
2619
|
# below. For more information, see NIST's definition of [Object
|
@@ -2879,16 +2940,21 @@ module Aws::ACMPCA
|
|
2879
2940
|
|
2880
2941
|
# Certificate revocation information used by the
|
2881
2942
|
# [CreateCertificateAuthority][1] and [UpdateCertificateAuthority][2]
|
2882
|
-
# actions. Your private certificate authority (CA) can
|
2883
|
-
#
|
2884
|
-
#
|
2885
|
-
#
|
2943
|
+
# actions. Your private certificate authority (CA) can configure Online
|
2944
|
+
# Certificate Status Protocol (OCSP) support and/or maintain a
|
2945
|
+
# certificate revocation list (CRL). OCSP returns validation information
|
2946
|
+
# about certificates as requested by clients, and a CRL contains an
|
2947
|
+
# updated list of certificates revoked by your CA. For more information,
|
2948
|
+
# see [RevokeCertificate][3] and [Setting up a certificate revocation
|
2949
|
+
# method][4] in the *AWS Certificate Manager Private Certificate
|
2950
|
+
# Authority (PCA) User Guide*.
|
2886
2951
|
#
|
2887
2952
|
#
|
2888
2953
|
#
|
2889
2954
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
2890
2955
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
|
2891
2956
|
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
|
2957
|
+
# [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html
|
2892
2958
|
#
|
2893
2959
|
# @note When making an API call, you may pass RevocationConfiguration
|
2894
2960
|
# data as a hash:
|
@@ -2901,17 +2967,32 @@ module Aws::ACMPCA
|
|
2901
2967
|
# s3_bucket_name: "String3To255",
|
2902
2968
|
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
2903
2969
|
# },
|
2970
|
+
# ocsp_configuration: {
|
2971
|
+
# enabled: false, # required
|
2972
|
+
# ocsp_custom_cname: "String253",
|
2973
|
+
# },
|
2904
2974
|
# }
|
2905
2975
|
#
|
2906
2976
|
# @!attribute [rw] crl_configuration
|
2907
2977
|
# Configuration of the certificate revocation list (CRL), if any,
|
2908
|
-
# maintained by your private CA.
|
2978
|
+
# maintained by your private CA. A CRL is typically updated
|
2979
|
+
# approximately 30 minutes after a certificate is revoked. If for any
|
2980
|
+
# reason a CRL update fails, ACM Private CA makes further attempts
|
2981
|
+
# every 15 minutes.
|
2909
2982
|
# @return [Types::CrlConfiguration]
|
2910
2983
|
#
|
2984
|
+
# @!attribute [rw] ocsp_configuration
|
2985
|
+
# Configuration of Online Certificate Status Protocol (OCSP) support,
|
2986
|
+
# if any, maintained by your private CA. When you revoke a
|
2987
|
+
# certificate, OCSP responses may take up to 60 minutes to reflect the
|
2988
|
+
# new status.
|
2989
|
+
# @return [Types::OcspConfiguration]
|
2990
|
+
#
|
2911
2991
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevocationConfiguration AWS API Documentation
|
2912
2992
|
#
|
2913
2993
|
class RevocationConfiguration < Struct.new(
|
2914
|
-
:crl_configuration
|
2994
|
+
:crl_configuration,
|
2995
|
+
:ocsp_configuration)
|
2915
2996
|
SENSITIVE = []
|
2916
2997
|
include Aws::Structure
|
2917
2998
|
end
|
@@ -3107,6 +3188,10 @@ module Aws::ACMPCA
|
|
3107
3188
|
# s3_bucket_name: "String3To255",
|
3108
3189
|
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
3109
3190
|
# },
|
3191
|
+
# ocsp_configuration: {
|
3192
|
+
# enabled: false, # required
|
3193
|
+
# ocsp_custom_cname: "String253",
|
3194
|
+
# },
|
3110
3195
|
# },
|
3111
3196
|
# status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
|
3112
3197
|
# }
|
@@ -3120,7 +3205,17 @@ module Aws::ACMPCA
|
|
3120
3205
|
# @return [String]
|
3121
3206
|
#
|
3122
3207
|
# @!attribute [rw] revocation_configuration
|
3123
|
-
#
|
3208
|
+
# Contains information to enable Online Certificate Status Protocol
|
3209
|
+
# (OCSP) support, to enable a certificate revocation list (CRL), to
|
3210
|
+
# enable both, or to enable neither. If this parameter is not
|
3211
|
+
# supplied, existing capibilites remain unchanged. For more
|
3212
|
+
# information, see the [OcspConfiguration][1] and
|
3213
|
+
# [CrlConfiguration][2] types.
|
3214
|
+
#
|
3215
|
+
#
|
3216
|
+
#
|
3217
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
|
3218
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
|
3124
3219
|
# @return [Types::RevocationConfiguration]
|
3125
3220
|
#
|
3126
3221
|
# @!attribute [rw] status
|
data/lib/aws-sdk-acmpca.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-acmpca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.43.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.122.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.122.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|