RubyGems - aws-sdk-acmpca - Versions diffs - 1.45.0 → 1.48.0 - Mend

aws-sdk-acmpca 1.45.0 → 1.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/VERSION +1 -1
data/lib/aws-sdk-acmpca/client.rb +136 -76
data/lib/aws-sdk-acmpca/client_api.rb +21 -0
data/lib/aws-sdk-acmpca/types.rb +265 -49
data/lib/aws-sdk-acmpca.rb +1 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2d692548862d12c5768e812f12ab63031ce63e2248b98f2e389de7f6614fcf3
-  data.tar.gz: 07d15d9935add510fe9157737b63dc0ba3fdb88398ada6e68a06f6c1801981b9
+  metadata.gz: 9d5e73b72e120fe6f31fdb18760aa8a128be5cc432116ce6084da30f9e8d3140
+  data.tar.gz: 85d9985fb896de12f98b252e9ed8608a056bd4dd98faf9b7f80530dc2e6049d4
 SHA512:
-  metadata.gz: d9ff8fdbc02a3dc06f65b1e1093170ceeb0c7f752cdd8324970909b5b340eb27ba63dcd710fe6e0c63f6e545f0102415360f25ef3c34800474ca9fd4c48c5c4a
-  data.tar.gz: 103ad32731011b73d12a7de30c44ec4740d17f972d3d144953a61d78b2d1dc1b10a8a0367d8e291c0cb648d7988e841926f5db0d236d6d8837ab9b2a13d23c4a
+  metadata.gz: a7f3210122e4e950a70270cdc69afa4f776e9ef3f73e5fbc7cb863d1e27910818bf909b461af3de8d3f574b9629d5c8d36563211e3d4f0f40f44ce053b71046d
+  data.tar.gz: 2d2e4e53f928df205f5c5624c502d17af55bf3c2d798ac821575380fb12dd59ece4369e7cff091183e2ebbc8bb271e3fb17ff92c74a6cbbce5d2bf12a343df57

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,21 @@
 Unreleased Changes
 ------------------
+1.48.0 (2022-03-28)
+------------------
+* Feature - Updating service name entities
+1.47.0 (2022-03-16)
+------------------
+* Feature - AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports customizable certificate subject names and extensions.
+1.46.0 (2022-02-24)
+------------------
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
 1.45.0 (2022-02-03)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.45.0
1	+ 1.48.0

data/lib/aws-sdk-acmpca/client.rb CHANGED Viewed

@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
@@ -75,6 +76,7 @@ module Aws::ACMPCA
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
     add_plugin(Aws::Plugins::SignatureV4)
@@ -380,14 +382,14 @@ module Aws::ACMPCA
     # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
     # bucket that you specify. If the IAM principal making the call does not
     # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Configure Access to ACM Private CA][2].
+    # For more information, see [Access policies for CRLs in Amazon S3][2].
     #
     #  </note>
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html
+    # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
     #
     # @option params [required, Types::CertificateAuthorityConfiguration] :certificate_authority_configuration
     #   Name and bit size of the private key algorithm, the name of the
@@ -467,6 +469,12 @@ module Aws::ACMPCA
     #         initials: "String5",
     #         pseudonym: "String128",
     #         generation_qualifier: "String3",
+    #         custom_attributes: [
+    #           {
+    #             object_identifier: "CustomObjectIdentifier", # required
+    #             value: "String1To256", # required
+    #           },
+    #         ],
     #       },
     #       csr_extensions: {
     #         key_usage: {
@@ -508,6 +516,12 @@ module Aws::ACMPCA
     #                 initials: "String5",
     #                 pseudonym: "String128",
     #                 generation_qualifier: "String3",
+    #                 custom_attributes: [
+    #                   {
+    #                     object_identifier: "CustomObjectIdentifier", # required
+    #                     value: "String1To256", # required
+    #                   },
+    #                 ],
     #               },
     #               edi_party_name: {
     #                 party_name: "String256", # required
@@ -566,7 +580,7 @@ module Aws::ACMPCA
     # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
     # bucket that you specify. If the IAM principal making the call does not
     # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Configure Access to ACM Private CA][3].
+    # For more information, see [Access policies for CRLs in Amazon S3][3].
     #
     #  </note>
     #
@@ -574,11 +588,15 @@ module Aws::ACMPCA
     # with encryption. For more information, see [Encrypting Your Audit
     # Reports][4].
     #
+    # <note markdown="1"> You can generate a maximum of one report every 30 minutes.
+    #
+    #  </note>
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
     # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html
+    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
     # [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption
     #
     # @option params [required, String] :certificate_authority_arn
@@ -622,10 +640,10 @@ module Aws::ACMPCA
       req.send_request(options)
     end
-    # Grants one or more permissions on a private CA to the AWS Certificate
+    # Grants one or more permissions on a private CA to the Certificate
     # Manager (ACM) service principal (`acm.amazonaws.com`). These
     # permissions allow ACM to issue and renew ACM certificates that reside
-    # in the same AWS account as the CA.
+    # in the same Amazon Web Services account as the CA.
     #
     # You can list current permissions with the [ListPermissions][1] action
     # and revoke them with the [DeletePermission][2] action.
@@ -666,15 +684,17 @@ module Aws::ACMPCA
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
     #
     # @option params [required, String] :principal
-    #   The AWS service or identity that receives the permission. At this
-    #   time, the only valid principal is `acm.amazonaws.com`.
+    #   The Amazon Web Services service or identity that receives the
+    #   permission. At this time, the only valid principal is
+    #   `acm.amazonaws.com`.
     #
     # @option params [String] :source_account
     #   The ID of the calling account.
     #
     # @option params [required, Array<String>] :actions
-    #   The actions that the specified AWS service principal can use. These
-    #   include `IssueCertificate`, `GetCertificate`, and `ListPermissions`.
+    #   The actions that the specified Amazon Web Services service principal
+    #   can use. These include `IssueCertificate`, `GetCertificate`, and
+    #   `ListPermissions`.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -768,13 +788,13 @@ module Aws::ACMPCA
       req.send_request(options)
     end
-    # Revokes permissions on a private CA granted to the AWS Certificate
-    # Manager (ACM) service principal (acm.amazonaws.com).
+    # Revokes permissions on a private CA granted to the Certificate Manager
+    # (ACM) service principal (acm.amazonaws.com).
     #
     # These permissions allow ACM to issue and renew ACM certificates that
-    # reside in the same AWS account as the CA. If you revoke these
-    # permissions, ACM will no longer renew the affected certificates
-    # automatically.
+    # reside in the same Amazon Web Services account as the CA. If you
+    # revoke these permissions, ACM will no longer renew the affected
+    # certificates automatically.
     #
     # Permissions can be granted with the [CreatePermission][1] action and
     # listed with the [ListPermissions][2] action.
@@ -816,11 +836,12 @@ module Aws::ACMPCA
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
     #
     # @option params [required, String] :principal
-    #   The AWS service or identity that will have its CA permissions revoked.
-    #   At this time, the only valid service principal is `acm.amazonaws.com`
+    #   The Amazon Web Services service or identity that will have its CA
+    #   permissions revoked. At this time, the only valid service principal is
+    #   `acm.amazonaws.com`
     #
     # @option params [String] :source_account
-    #   The AWS account that calls this action.
+    #   The Amazon Web Services account that calls this action.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -845,25 +866,26 @@ module Aws::ACMPCA
     # will remove any access that the policy has granted. If there is no
     # policy attached to the private CA, this action will return successful.
     #
-    # If you delete a policy that was applied through AWS Resource Access
-    # Manager (RAM), the CA will be removed from all shares in which it was
-    # included.
+    # If you delete a policy that was applied through Amazon Web Services
+    # Resource Access Manager (RAM), the CA will be removed from all shares
+    # in which it was included.
     #
-    # The AWS Certificate Manager Service Linked Role that the policy
-    # supports is not affected when you delete the policy.
+    # The Certificate Manager Service Linked Role that the policy supports
+    # is not affected when you delete the policy.
     #
     # The current policy can be shown with [GetPolicy][1] and updated with
     # [PutPolicy][2].
     #
     # **About Policies**
     #
-    # * A policy grants access on a private CA to an AWS customer account,
-    #   to AWS Organizations, or to an AWS Organizations unit. Policies are
-    #   under the control of a CA administrator. For more information, see
-    #   [Using a Resource Based Policy with ACM Private CA][3].
+    # * A policy grants access on a private CA to an Amazon Web Services
+    #   customer account, to Amazon Web Services Organizations, or to an
+    #   Amazon Web Services Organizations unit. Policies are under the
+    #   control of a CA administrator. For more information, see [Using a
+    #   Resource Based Policy with ACM Private CA][3].
     #
-    # * A policy permits a user of AWS Certificate Manager (ACM) to issue
-    #   ACM certificates signed by a CA in another account.
+    # * A policy permits a user of Certificate Manager (ACM) to issue ACM
+    #   certificates signed by a CA in another account.
     #
     # * For ACM to manage automatic renewal of these certificates, the ACM
     #   user must configure a Service Linked Role (SLR). The SLR allows the
@@ -871,9 +893,9 @@ module Aws::ACMPCA
     #   confirmation against the ACM Private CA policy. For more
     #   information, see [Using a Service Linked Role with ACM][4].
     #
-    # * Updates made in AWS Resource Manager (RAM) are reflected in
-    #   policies. For more information, see [Attach a Policy for
-    #   Cross-Account Access][5].
+    # * Updates made in Amazon Web Services Resource Manager (RAM) are
+    #   reflected in policies. For more information, see [Attach a Policy
+    #   for Cross-Account Access][5].
     #
     #
     #
@@ -930,9 +952,9 @@ module Aws::ACMPCA
     # * `EXPIRED` - Your private CA certificate has expired.
     #
     # * `FAILED` - Your private CA has failed. Your CA can fail because of
-    #   problems such a network outage or back-end AWS failure or other
-    #   errors. A failed CA can never return to the pending state. You must
-    #   create a new CA.
+    #   problems such a network outage or back-end Amazon Web Services
+    #   failure or other errors. A failed CA can never return to the pending
+    #   state. You must create a new CA.
     #
     # * `DELETED` - Your private CA is within the restoration period, after
     #   which it is permanently deleted. The length of time remaining in the
@@ -987,6 +1009,9 @@ module Aws::ACMPCA
     #   resp.certificate_authority.certificate_authority_configuration.subject.initials #=> String
     #   resp.certificate_authority.certificate_authority_configuration.subject.pseudonym #=> String
     #   resp.certificate_authority.certificate_authority_configuration.subject.generation_qualifier #=> String
+    #   resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes #=> Array
+    #   resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes[0].object_identifier #=> String
+    #   resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes[0].value #=> String
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
@@ -1017,6 +1042,9 @@ module Aws::ACMPCA
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
+    #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes #=> Array
+    #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].object_identifier #=> String
+    #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].value #=> String
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
     #   resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
@@ -1266,13 +1294,14 @@ module Aws::ACMPCA
     #
     # **About Policies**
     #
-    # * A policy grants access on a private CA to an AWS customer account,
-    #   to AWS Organizations, or to an AWS Organizations unit. Policies are
-    #   under the control of a CA administrator. For more information, see
-    #   [Using a Resource Based Policy with ACM Private CA][3].
+    # * A policy grants access on a private CA to an Amazon Web Services
+    #   customer account, to Amazon Web Services Organizations, or to an
+    #   Amazon Web Services Organizations unit. Policies are under the
+    #   control of a CA administrator. For more information, see [Using a
+    #   Resource Based Policy with ACM Private CA][3].
     #
-    # * A policy permits a user of AWS Certificate Manager (ACM) to issue
-    #   ACM certificates signed by a CA in another account.
+    # * A policy permits a user of Certificate Manager (ACM) to issue ACM
+    #   certificates signed by a CA in another account.
     #
     # * For ACM to manage automatic renewal of these certificates, the ACM
     #   user must configure a Service Linked Role (SLR). The SLR allows the
@@ -1280,9 +1309,9 @@ module Aws::ACMPCA
     #   confirmation against the ACM Private CA policy. For more
     #   information, see [Using a Service Linked Role with ACM][4].
     #
-    # * Updates made in AWS Resource Manager (RAM) are reflected in
-    #   policies. For more information, see [Attach a Policy for
-    #   Cross-Account Access][5].
+    # * Updates made in Amazon Web Services Resource Manager (RAM) are
+    #   reflected in policies. For more information, see [Attach a Policy
+    #   for Cross-Account Access][5].
     #
     #
     #
@@ -1519,7 +1548,7 @@ module Aws::ACMPCA
     #   contains your X509 version 3 extensions.
     #
     #   `openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey
-    #   rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem -out
+    #   rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out
     #   csr/test_cert_.csr`
     #
     #   Note: A CSR must provide either a *subject name* or a *subject
@@ -1533,6 +1562,11 @@ module Aws::ACMPCA
     #   parameter used to sign a CSR in the `CreateCertificateAuthority`
     #   action.
     #
+    #   <note markdown="1"> The specified signing algorithm family (RSA or ECDSA) much match the
+    #   algorithm family of the CA's secret key.
+    #
+    #    </note>
+    #
     # @option params [String] :template_arn
     #   Specifies a custom configuration template to use when issuing a
     #   certificate. If this parameter is not provided, ACM Private CA
@@ -1573,7 +1607,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #
     # @option params [Types::Validity] :validity_not_before
     #   Information describing the start of the validity period of the
@@ -1597,7 +1631,7 @@ module Aws::ACMPCA
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
-    #   [2]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    #   [2]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #
     # @option params [String] :idempotency_token
     #   Alphanumeric string that can be used to distinguish between calls to
@@ -1671,6 +1705,12 @@ module Aws::ACMPCA
     #               initials: "String5",
     #               pseudonym: "String128",
     #               generation_qualifier: "String3",
+    #               custom_attributes: [
+    #                 {
+    #                   object_identifier: "CustomObjectIdentifier", # required
+    #                   value: "String1To256", # required
+    #                 },
+    #               ],
     #             },
     #             edi_party_name: {
     #               party_name: "String256", # required
@@ -1681,6 +1721,13 @@ module Aws::ACMPCA
     #             registered_id: "CustomObjectIdentifier",
     #           },
     #         ],
+    #         custom_extensions: [
+    #           {
+    #             object_identifier: "CustomObjectIdentifier", # required
+    #             value: "Base64String1To4096", # required
+    #             critical: false,
+    #           },
+    #         ],
     #       },
     #       subject: {
     #         country: "CountryCodeString",
@@ -1697,6 +1744,12 @@ module Aws::ACMPCA
     #         initials: "String5",
     #         pseudonym: "String128",
     #         generation_qualifier: "String3",
+    #         custom_attributes: [
+    #           {
+    #             object_identifier: "CustomObjectIdentifier", # required
+    #             value: "String1To256", # required
+    #           },
+    #         ],
     #       },
     #     },
     #     certificate_authority_arn: "Arn", # required
@@ -1795,6 +1848,9 @@ module Aws::ACMPCA
     #   resp.certificate_authorities[0].certificate_authority_configuration.subject.initials #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.subject.pseudonym #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.subject.generation_qualifier #=> String
+    #   resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes #=> Array
+    #   resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes[0].object_identifier #=> String
+    #   resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes[0].value #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
@@ -1825,6 +1881,9 @@ module Aws::ACMPCA
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
+    #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes #=> Array
+    #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].object_identifier #=> String
+    #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].value #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
     #   resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
@@ -1850,11 +1909,11 @@ module Aws::ACMPCA
       req.send_request(options)
     end
-    # List all permissions on a private CA, if any, granted to the AWS
+    # List all permissions on a private CA, if any, granted to the
     # Certificate Manager (ACM) service principal (acm.amazonaws.com).
     #
     # These permissions allow ACM to issue and renew ACM certificates that
-    # reside in the same AWS account as the CA.
+    # reside in the same Amazon Web Services account as the CA.
     #
     # Permissions can be granted with the [CreatePermission][1] action and
     # revoked with the [DeletePermission][2] action.
@@ -2010,22 +2069,23 @@ module Aws::ACMPCA
     # Attaches a resource-based policy to a private CA.
     #
-    # A policy can also be applied by sharing a private CA through AWS
-    # Resource Access Manager (RAM). For more information, see [Attach a
-    # Policy for Cross-Account Access][1].
+    # A policy can also be applied by sharing a private CA through Amazon
+    # Web Services Resource Access Manager (RAM). For more information, see
+    # [Attach a Policy for Cross-Account Access][1].
     #
     # The policy can be displayed with [GetPolicy][2] and removed with
     # [DeletePolicy][3].
     #
     # **About Policies**
     #
-    # * A policy grants access on a private CA to an AWS customer account,
-    #   to AWS Organizations, or to an AWS Organizations unit. Policies are
-    #   under the control of a CA administrator. For more information, see
-    #   [Using a Resource Based Policy with ACM Private CA][4].
+    # * A policy grants access on a private CA to an Amazon Web Services
+    #   customer account, to Amazon Web Services Organizations, or to an
+    #   Amazon Web Services Organizations unit. Policies are under the
+    #   control of a CA administrator. For more information, see [Using a
+    #   Resource Based Policy with ACM Private CA][4].
     #
-    # * A policy permits a user of AWS Certificate Manager (ACM) to issue
-    #   ACM certificates signed by a CA in another account.
+    # * A policy permits a user of Certificate Manager (ACM) to issue ACM
+    #   certificates signed by a CA in another account.
     #
     # * For ACM to manage automatic renewal of these certificates, the ACM
     #   user must configure a Service Linked Role (SLR). The SLR allows the
@@ -2033,9 +2093,9 @@ module Aws::ACMPCA
     #   confirmation against the ACM Private CA policy. For more
     #   information, see [Using a Service Linked Role with ACM][5].
     #
-    # * Updates made in AWS Resource Manager (RAM) are reflected in
-    #   policies. For more information, see [Attach a Policy for
-    #   Cross-Account Access][1].
+    # * Updates made in Amazon Web Services Resource Manager (RAM) are
+    #   reflected in policies. For more information, see [Attach a Policy
+    #   for Cross-Account Access][1].
     #
     #
     #
@@ -2154,7 +2214,7 @@ module Aws::ACMPCA
     # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
     # bucket that you specify. If the IAM principal making the call does not
     # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Configure Access to ACM Private CA][2].
+    # For more information, see [Access policies for CRLs in Amazon S3][2].
     #
     #  </note>
     #
@@ -2168,7 +2228,7 @@ module Aws::ACMPCA
     #
     #
     # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html
+    # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
     # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
     #
     # @option params [required, String] :certificate_authority_arn
@@ -2190,7 +2250,7 @@ module Aws::ACMPCA
     #   `openssl x509 -in file_path -text -noout`
     #
     #   You can also copy the serial number from the console or use the
-    #   [DescribeCertificate][2] action in the *AWS Certificate Manager API
+    #   [DescribeCertificate][2] action in the *Certificate Manager API
     #   Reference*.
     #
     #
@@ -2221,15 +2281,15 @@ module Aws::ACMPCA
     end
     # Adds one or more tags to your private CA. Tags are labels that you can
-    # use to identify and organize your AWS resources. Each tag consists of
-    # a key and an optional value. You specify the private CA on input by
-    # its Amazon Resource Name (ARN). You specify the tag by using a
-    # key-value pair. You can apply a tag to just one private CA if you want
-    # to identify a specific characteristic of that CA, or you can apply the
-    # same tag to multiple private CAs if you want to filter for a common
-    # relationship among those CAs. To remove one or more tags, use the
-    # [UntagCertificateAuthority][1] action. Call the [ListTags][2] action
-    # to see what tags are associated with your CA.
+    # use to identify and organize your Amazon Web Services resources. Each
+    # tag consists of a key and an optional value. You specify the private
+    # CA on input by its Amazon Resource Name (ARN). You specify the tag by
+    # using a key-value pair. You can apply a tag to just one private CA if
+    # you want to identify a specific characteristic of that CA, or you can
+    # apply the same tag to multiple private CAs if you want to filter for a
+    # common relationship among those CAs. To remove one or more tags, use
+    # the [UntagCertificateAuthority][1] action. Call the [ListTags][2]
+    # action to see what tags are associated with your CA.
     #
     #
     #
@@ -2332,13 +2392,13 @@ module Aws::ACMPCA
     # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
     # bucket that you specify. If the IAM principal making the call does not
     # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Configure Access to ACM Private CA][1].
+    # For more information, see [Access policies for CRLs in Amazon S3][1].
     #
     #  </note>
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html
+    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
     #
     # @option params [required, String] :certificate_authority_arn
     #   Amazon Resource Name (ARN) of the private CA that issued the
@@ -2406,7 +2466,7 @@ module Aws::ACMPCA
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.45.0'
+      context[:gem_version] = '1.48.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-acmpca/client_api.rb CHANGED Viewed

@@ -28,6 +28,7 @@ module Aws::ACMPCA
     AuditReportId = Shapes::StringShape.new(name: 'AuditReportId')
     AuditReportResponseFormat = Shapes::StringShape.new(name: 'AuditReportResponseFormat')
     AuditReportStatus = Shapes::StringShape.new(name: 'AuditReportStatus')
+    Base64String1To4096 = Shapes::StringShape.new(name: 'Base64String1To4096')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CertificateAuthorities = Shapes::ListShape.new(name: 'CertificateAuthorities')
     CertificateAuthority = Shapes::StructureShape.new(name: 'CertificateAuthority')
@@ -51,6 +52,10 @@ module Aws::ACMPCA
     CsrBlob = Shapes::BlobShape.new(name: 'CsrBlob')
     CsrBody = Shapes::StringShape.new(name: 'CsrBody')
     CsrExtensions = Shapes::StructureShape.new(name: 'CsrExtensions')
+    CustomAttribute = Shapes::StructureShape.new(name: 'CustomAttribute')
+    CustomAttributeList = Shapes::ListShape.new(name: 'CustomAttributeList')
+    CustomExtension = Shapes::StructureShape.new(name: 'CustomExtension')
+    CustomExtensionList = Shapes::ListShape.new(name: 'CustomExtensionList')
     CustomObjectIdentifier = Shapes::StringShape.new(name: 'CustomObjectIdentifier')
     DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
     DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
@@ -132,6 +137,7 @@ module Aws::ACMPCA
     String = Shapes::StringShape.new(name: 'String')
     String128 = Shapes::StringShape.new(name: 'String128')
     String16 = Shapes::StringShape.new(name: 'String16')
+    String1To256 = Shapes::StringShape.new(name: 'String1To256')
     String253 = Shapes::StringShape.new(name: 'String253')
     String256 = Shapes::StringShape.new(name: 'String256')
     String3 = Shapes::StringShape.new(name: 'String3')
@@ -166,6 +172,7 @@ module Aws::ACMPCA
     ASN1Subject.add_member(:initials, Shapes::ShapeRef.new(shape: String5, location_name: "Initials"))
     ASN1Subject.add_member(:pseudonym, Shapes::ShapeRef.new(shape: String128, location_name: "Pseudonym"))
     ASN1Subject.add_member(:generation_qualifier, Shapes::ShapeRef.new(shape: String3, location_name: "GenerationQualifier"))
+    ASN1Subject.add_member(:custom_attributes, Shapes::ShapeRef.new(shape: CustomAttributeList, location_name: "CustomAttributes"))
     ASN1Subject.struct_class = Types::ASN1Subject
     AccessDescription.add_member(:access_method, Shapes::ShapeRef.new(shape: AccessMethod, required: true, location_name: "AccessMethod"))
@@ -253,6 +260,19 @@ module Aws::ACMPCA
     CsrExtensions.add_member(:subject_information_access, Shapes::ShapeRef.new(shape: AccessDescriptionList, location_name: "SubjectInformationAccess"))
     CsrExtensions.struct_class = Types::CsrExtensions
+    CustomAttribute.add_member(:object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "ObjectIdentifier"))
+    CustomAttribute.add_member(:value, Shapes::ShapeRef.new(shape: String1To256, required: true, location_name: "Value"))
+    CustomAttribute.struct_class = Types::CustomAttribute
+    CustomAttributeList.member = Shapes::ShapeRef.new(shape: CustomAttribute)
+    CustomExtension.add_member(:object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "ObjectIdentifier"))
+    CustomExtension.add_member(:value, Shapes::ShapeRef.new(shape: Base64String1To4096, required: true, location_name: "Value"))
+    CustomExtension.add_member(:critical, Shapes::ShapeRef.new(shape: Boolean, location_name: "Critical", metadata: {"box"=>true}))
+    CustomExtension.struct_class = Types::CustomExtension
+    CustomExtensionList.member = Shapes::ShapeRef.new(shape: CustomExtension)
     DeleteCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
     DeleteCertificateAuthorityRequest.add_member(:permanent_deletion_time_in_days, Shapes::ShapeRef.new(shape: PermanentDeletionTimeInDays, location_name: "PermanentDeletionTimeInDays"))
     DeleteCertificateAuthorityRequest.struct_class = Types::DeleteCertificateAuthorityRequest
@@ -295,6 +315,7 @@ module Aws::ACMPCA
     Extensions.add_member(:extended_key_usage, Shapes::ShapeRef.new(shape: ExtendedKeyUsageList, location_name: "ExtendedKeyUsage"))
     Extensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
     Extensions.add_member(:subject_alternative_names, Shapes::ShapeRef.new(shape: GeneralNameList, location_name: "SubjectAlternativeNames"))
+    Extensions.add_member(:custom_extensions, Shapes::ShapeRef.new(shape: CustomExtensionList, location_name: "CustomExtensions"))
     Extensions.struct_class = Types::Extensions
     GeneralName.add_member(:other_name, Shapes::ShapeRef.new(shape: OtherName, location_name: "OtherName"))

data/lib/aws-sdk-acmpca/types.rb CHANGED Viewed

@@ -35,6 +35,12 @@ module Aws::ACMPCA
     #         initials: "String5",
     #         pseudonym: "String128",
     #         generation_qualifier: "String3",
+    #         custom_attributes: [
+    #           {
+    #             object_identifier: "CustomObjectIdentifier", # required
+    #             value: "String1To256", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] country
@@ -110,6 +116,22 @@ module Aws::ACMPCA
     #   Examples include Jr. for junior, Sr. for senior, and III for third.
     #   @return [String]
     #
+    # @!attribute [rw] custom_attributes
+    #   Contains a sequence of one or more X.500 relative distinguished
+    #   names (RDNs), each of which consists of an object identifier (OID)
+    #   and a value. For more information, see NIST’s definition of [Object
+    #   Identifier (OID)][1].
+    #
+    #   <note markdown="1"> Custom attributes cannot be used in combination with standard
+    #   attributes.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
+    #   @return [Array<Types::CustomAttribute>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ASN1Subject AWS API Documentation
     #
     class ASN1Subject < Struct.new(
@@ -126,7 +148,8 @@ module Aws::ACMPCA
       :given_name,
       :initials,
       :pseudonym,
-      :generation_qualifier)
+      :generation_qualifier,
+      :custom_attributes)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -136,7 +159,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280
     #
     # @note When making an API call, you may pass AccessDescription
     #   data as a hash:
@@ -168,6 +191,12 @@ module Aws::ACMPCA
     #             initials: "String5",
     #             pseudonym: "String128",
     #             generation_qualifier: "String3",
+    #             custom_attributes: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "String1To256", # required
+    #               },
+    #             ],
     #           },
     #           edi_party_name: {
     #             party_name: "String256", # required
@@ -301,6 +330,12 @@ module Aws::ACMPCA
     #                 initials: "String5",
     #                 pseudonym: "String128",
     #                 generation_qualifier: "String3",
+    #                 custom_attributes: [
+    #                   {
+    #                     object_identifier: "CustomObjectIdentifier", # required
+    #                     value: "String1To256", # required
+    #                   },
+    #                 ],
     #               },
     #               edi_party_name: {
     #                 party_name: "String256", # required
@@ -311,6 +346,13 @@ module Aws::ACMPCA
     #               registered_id: "CustomObjectIdentifier",
     #             },
     #           ],
+    #           custom_extensions: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "Base64String1To4096", # required
+    #               critical: false,
+    #             },
+    #           ],
     #         },
     #         subject: {
     #           country: "CountryCodeString",
@@ -327,6 +369,12 @@ module Aws::ACMPCA
     #           initials: "String5",
     #           pseudonym: "String128",
     #           generation_qualifier: "String3",
+    #           custom_attributes: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "String1To256", # required
+    #             },
+    #           ],
     #         },
     #       }
     #
@@ -363,7 +411,7 @@ module Aws::ACMPCA
     # retrieve a private CA certificate signing request (CSR). Sign the CSR
     # with your ACM Private CA-hosted or on-premises root or subordinate CA
     # certificate. Call the [ImportCertificateAuthorityCertificate][3]
-    # action to import the signed certificate into AWS Certificate Manager
+    # action to import the signed certificate into Certificate Manager
     # (ACM).
     #
     #
@@ -378,7 +426,8 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] owner_account
-    #   The AWS account ID that owns the certificate authority.
+    #   The Amazon Web Services account ID that owns the certificate
+    #   authority.
     #   @return [String]
     #
     # @!attribute [rw] created_at
@@ -439,7 +488,7 @@ module Aws::ACMPCA
     #
     #   Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
     #
-    #   Note: AWS Region ap-northeast-3 supports only
+    #   Note: Amazon Web Services Region ap-northeast-3 supports only
     #   FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
     #   parameter and value when creating a CA in that Region. Specifying a
     #   different value (or no value) results in an `InvalidArgsException`
@@ -501,6 +550,12 @@ module Aws::ACMPCA
     #           initials: "String5",
     #           pseudonym: "String128",
     #           generation_qualifier: "String3",
+    #           custom_attributes: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "String1To256", # required
+    #             },
+    #           ],
     #         },
     #         csr_extensions: {
     #           key_usage: {
@@ -542,6 +597,12 @@ module Aws::ACMPCA
     #                   initials: "String5",
     #                   pseudonym: "String128",
     #                   generation_qualifier: "String3",
+    #                   custom_attributes: [
+    #                     {
+    #                       object_identifier: "CustomObjectIdentifier", # required
+    #                       value: "String1To256", # required
+    #                     },
+    #                   ],
     #                 },
     #                 edi_party_name: {
     #                   party_name: "String256", # required
@@ -695,6 +756,12 @@ module Aws::ACMPCA
     #             initials: "String5",
     #             pseudonym: "String128",
     #             generation_qualifier: "String3",
+    #             custom_attributes: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "String1To256", # required
+    #               },
+    #             ],
     #           },
     #           csr_extensions: {
     #             key_usage: {
@@ -736,6 +803,12 @@ module Aws::ACMPCA
     #                     initials: "String5",
     #                     pseudonym: "String128",
     #                     generation_qualifier: "String3",
+    #                     custom_attributes: [
+    #                       {
+    #                         object_identifier: "CustomObjectIdentifier", # required
+    #                         value: "String1To256", # required
+    #                       },
+    #                     ],
     #                   },
     #                   edi_party_name: {
     #                     party_name: "String256", # required
@@ -888,8 +961,9 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] principal
-    #   The AWS service or identity that receives the permission. At this
-    #   time, the only valid principal is `acm.amazonaws.com`.
+    #   The Amazon Web Services service or identity that receives the
+    #   permission. At this time, the only valid principal is
+    #   `acm.amazonaws.com`.
     #   @return [String]
     #
     # @!attribute [rw] source_account
@@ -897,8 +971,9 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] actions
-    #   The actions that the specified AWS service principal can use. These
-    #   include `IssueCertificate`, `GetCertificate`, and `ListPermissions`.
+    #   The actions that the specified Amazon Web Services service principal
+    #   can use. These include `IssueCertificate`, `GetCertificate`, and
+    #   `ListPermissions`.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermissionRequest AWS API Documentation
@@ -928,10 +1003,10 @@ module Aws::ACMPCA
     #
     # Your private CA uses the value in the **ExpirationInDays** parameter
     # to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
-    # at 1/2 the age of next update or when a certificate is revoked. When a
-    # certificate is revoked, it is recorded in the next CRL that is
-    # generated and in the next audit report. Only time valid certificates
-    # are listed in the CRL. Expired certificates are not included.
+    # prior to a certificate's expiration date or when a certificate is
+    # revoked. When a certificate is revoked, it appears in the CRL until
+    # the certificate expires, and then in one additional CRL after
+    # expiration, and it always appears in the audit report.
     #
     # A CRL is typically updated approximately 30 minutes after a
     # certificate is revoked. If for any reason a CRL update fails, ACM
@@ -985,8 +1060,8 @@ module Aws::ACMPCA
     # `openssl crl -inform DER -text -in crl_path -noout`
     #
     # For more information, see [Planning a certificate revocation list
-    # (CRL)][2] in the *AWS Certificate Manager Private Certificate
-    # Authority (PCA) User Guide*
+    # (CRL)][2] in the *Certificate Manager Private Certificate Authority
+    # (PCA) User Guide*
     #
     #
     #
@@ -1127,6 +1202,12 @@ module Aws::ACMPCA
     #                 initials: "String5",
     #                 pseudonym: "String128",
     #                 generation_qualifier: "String3",
+    #                 custom_attributes: [
+    #                   {
+    #                     object_identifier: "CustomObjectIdentifier", # required
+    #                     value: "String1To256", # required
+    #                   },
+    #                 ],
     #               },
     #               edi_party_name: {
     #                 party_name: "String256", # required
@@ -1152,7 +1233,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc5280#section-4.2.2.2
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2
     #   @return [Array<Types::AccessDescription>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CsrExtensions AWS API Documentation
@@ -1164,6 +1245,79 @@ module Aws::ACMPCA
       include Aws::Structure
     end
+    # Defines the X.500 relative distinguished name (RDN).
+    #
+    # @note When making an API call, you may pass CustomAttribute
+    #   data as a hash:
+    #
+    #       {
+    #         object_identifier: "CustomObjectIdentifier", # required
+    #         value: "String1To256", # required
+    #       }
+    #
+    # @!attribute [rw] object_identifier
+    #   Specifies the object identifier (OID) of the attribute type of the
+    #   relative distinguished name (RDN).
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   Specifies the attribute value of relative distinguished name (RDN).
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CustomAttribute AWS API Documentation
+    #
+    class CustomAttribute < Struct.new(
+      :object_identifier,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Specifies the X.509 extension information for a certificate.
+    #
+    # Extensions present in `CustomExtensions` follow the `ApiPassthrough`
+    # [template rules][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
+    #
+    # @note When making an API call, you may pass CustomExtension
+    #   data as a hash:
+    #
+    #       {
+    #         object_identifier: "CustomObjectIdentifier", # required
+    #         value: "Base64String1To4096", # required
+    #         critical: false,
+    #       }
+    #
+    # @!attribute [rw] object_identifier
+    #   Specifies the object identifier (OID) of the X.509 extension. For
+    #   more information, see the [Global OID reference database.][1]
+    #
+    #
+    #
+    #   [1]: https://oidref.com/2.5.29
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   Specifies the base64-encoded value of the X.509 extension.
+    #   @return [String]
+    #
+    # @!attribute [rw] critical
+    #   Specifies the critical flag of the X.509 extension.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CustomExtension AWS API Documentation
+    #
+    class CustomExtension < Struct.new(
+      :object_identifier,
+      :value,
+      :critical)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass DeleteCertificateAuthorityRequest
     #   data as a hash:
     #
@@ -1223,13 +1377,13 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] principal
-    #   The AWS service or identity that will have its CA permissions
-    #   revoked. At this time, the only valid service principal is
-    #   `acm.amazonaws.com`
+    #   The Amazon Web Services service or identity that will have its CA
+    #   permissions revoked. At this time, the only valid service principal
+    #   is `acm.amazonaws.com`
     #   @return [String]
     #
     # @!attribute [rw] source_account
-    #   The AWS account that calls this action.
+    #   The Amazon Web Services account that calls this action.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermissionRequest AWS API Documentation
@@ -1381,7 +1535,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280
     #
     # @note When making an API call, you may pass EdiPartyName
     #   data as a hash:
@@ -1426,7 +1580,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.12
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
     #   @return [String]
     #
     # @!attribute [rw] extended_key_usage_object_identifier
@@ -1502,6 +1656,12 @@ module Aws::ACMPCA
     #               initials: "String5",
     #               pseudonym: "String128",
     #               generation_qualifier: "String3",
+    #               custom_attributes: [
+    #                 {
+    #                   object_identifier: "CustomObjectIdentifier", # required
+    #                   value: "String1To256", # required
+    #                 },
+    #               ],
     #             },
     #             edi_party_name: {
     #               party_name: "String256", # required
@@ -1512,6 +1672,13 @@ module Aws::ACMPCA
     #             registered_id: "CustomObjectIdentifier",
     #           },
     #         ],
+    #         custom_extensions: [
+    #           {
+    #             object_identifier: "CustomObjectIdentifier", # required
+    #             value: "Base64String1To4096", # required
+    #             critical: false,
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] certificate_policies
@@ -1548,13 +1715,31 @@ module Aws::ACMPCA
     #   the certificate.
     #   @return [Array<Types::GeneralName>]
     #
+    # @!attribute [rw] custom_extensions
+    #   Contains a sequence of one or more X.509 extensions, each of which
+    #   consists of an object identifier (OID), a base64-encoded value, and
+    #   the critical flag. For more information, see the [Global OID
+    #   reference database.][1]
+    #
+    #   <note markdown="1"> The OID value of a [CustomExtension][2] must not match the OID of a
+    #   predefined extension.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://oidref.com/2.5.29
+    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CustomExtension.html
+    #   @return [Array<Types::CustomExtension>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Extensions AWS API Documentation
     #
     class Extensions < Struct.new(
       :certificate_policies,
       :extended_key_usage,
       :key_usage,
-      :subject_alternative_names)
+      :subject_alternative_names,
+      :custom_extensions)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1565,7 +1750,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280
     #
     # @note When making an API call, you may pass GeneralName
     #   data as a hash:
@@ -1592,6 +1777,12 @@ module Aws::ACMPCA
     #           initials: "String5",
     #           pseudonym: "String128",
     #           generation_qualifier: "String3",
+    #           custom_attributes: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "String1To256", # required
+    #             },
+    #           ],
     #         },
     #         edi_party_name: {
     #           party_name: "String256", # required
@@ -1611,7 +1802,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc822
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc822
     #   @return [String]
     #
     # @!attribute [rw] dns_name
@@ -2043,6 +2234,12 @@ module Aws::ACMPCA
     #                   initials: "String5",
     #                   pseudonym: "String128",
     #                   generation_qualifier: "String3",
+    #                   custom_attributes: [
+    #                     {
+    #                       object_identifier: "CustomObjectIdentifier", # required
+    #                       value: "String1To256", # required
+    #                     },
+    #                   ],
     #                 },
     #                 edi_party_name: {
     #                   party_name: "String256", # required
@@ -2053,6 +2250,13 @@ module Aws::ACMPCA
     #                 registered_id: "CustomObjectIdentifier",
     #               },
     #             ],
+    #             custom_extensions: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "Base64String1To4096", # required
+    #                 critical: false,
+    #               },
+    #             ],
     #           },
     #           subject: {
     #             country: "CountryCodeString",
@@ -2069,6 +2273,12 @@ module Aws::ACMPCA
     #             initials: "String5",
     #             pseudonym: "String128",
     #             generation_qualifier: "String3",
+    #             custom_attributes: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "String1To256", # required
+    #               },
+    #             ],
     #           },
     #         },
     #         certificate_authority_arn: "Arn", # required
@@ -2128,7 +2338,7 @@ module Aws::ACMPCA
     #   contains your X509 version 3 extensions.
     #
     #   `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
-    #   -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem
+    #   -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem
     #   -out csr/test_cert_.csr`
     #
     #   Note: A CSR must provide either a *subject name* or a *subject
@@ -2142,6 +2352,11 @@ module Aws::ACMPCA
     #   This parameter should not be confused with the `SigningAlgorithm`
     #   parameter used to sign a CSR in the `CreateCertificateAuthority`
     #   action.
+    #
+    #   <note markdown="1"> The specified signing algorithm family (RSA or ECDSA) much match the
+    #   algorithm family of the CA's secret key.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] template_arn
@@ -2185,7 +2400,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #   @return [Types::Validity]
     #
     # @!attribute [rw] validity_not_before
@@ -2210,7 +2425,7 @@ module Aws::ACMPCA
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
-    #   [2]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    #   [2]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #   @return [Types::Validity]
     #
     # @!attribute [rw] idempotency_token
@@ -2588,17 +2803,17 @@ module Aws::ACMPCA
     #   @return [Boolean]
     #
     # @!attribute [rw] ocsp_custom_cname
-    #   By default, ACM Private CA injects an AWS domain into certificates
-    #   being validated by the Online Certificate Status Protocol (OCSP). A
-    #   customer can alternatively use this object to define a CNAME
-    #   specifying a customized OCSP domain.
+    #   By default, ACM Private CA injects an Amazon Web Services domain
+    #   into certificates being validated by the Online Certificate Status
+    #   Protocol (OCSP). A customer can alternatively use this object to
+    #   define a CNAME specifying a customized OCSP domain.
     #
     #   Note: The value of the CNAME must not include a protocol prefix such
     #   as "http://" or "https://".
     #
     #   For more information, see [Customizing Online Certificate Status
-    #   Protocol (OCSP) ][1] in the *AWS Certificate Manager Private
-    #   Certificate Authority (PCA) User Guide*.
+    #   Protocol (OCSP) ][1] in the *Certificate Manager Private Certificate
+    #   Authority (PCA) User Guide*.
     #
     #
     #
@@ -2649,12 +2864,13 @@ module Aws::ACMPCA
     end
     # Permissions designate which private CA actions can be performed by an
-    # AWS service or entity. In order for ACM to automatically renew private
-    # certificates, you must give the ACM service principal all available
-    # permissions (`IssueCertificate`, `GetCertificate`, and
-    # `ListPermissions`). Permissions can be assigned with the
-    # [CreatePermission][1] action, removed with the [DeletePermission][2]
-    # action, and listed with the [ListPermissions][3] action.
+    # Amazon Web Services service or entity. In order for ACM to
+    # automatically renew private certificates, you must give the ACM
+    # service principal all available permissions (`IssueCertificate`,
+    # `GetCertificate`, and `ListPermissions`). Permissions can be assigned
+    # with the [CreatePermission][1] action, removed with the
+    # [DeletePermission][2] action, and listed with the [ListPermissions][3]
+    # action.
     #
     #
     #
@@ -2672,8 +2888,8 @@ module Aws::ACMPCA
     #   @return [Time]
     #
     # @!attribute [rw] principal
-    #   The AWS service or entity that holds the permission. At this time,
-    #   the only valid principal is `acm.amazonaws.com`.
+    #   The Amazon Web Services service or entity that holds the permission.
+    #   At this time, the only valid principal is `acm.amazonaws.com`.
     #   @return [String]
     #
     # @!attribute [rw] source_account
@@ -2681,8 +2897,8 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] actions
-    #   The private CA actions that can be performed by the designated AWS
-    #   service.
+    #   The private CA actions that can be performed by the designated
+    #   Amazon Web Services service.
     #   @return [Array<String>]
     #
     # @!attribute [rw] policy
@@ -2836,7 +3052,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.4
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
     #
     # @note When making an API call, you may pass Qualifier
     #   data as a hash:
@@ -2946,8 +3162,8 @@ module Aws::ACMPCA
     # about certificates as requested by clients, and a CRL contains an
     # updated list of certificates revoked by your CA. For more information,
     # see [RevokeCertificate][3] and [Setting up a certificate revocation
-    # method][4] in the *AWS Certificate Manager Private Certificate
-    # Authority (PCA) User Guide*.
+    # method][4] in the *Certificate Manager Private Certificate Authority
+    # (PCA) User Guide*.
     #
     #
     #
@@ -3026,7 +3242,7 @@ module Aws::ACMPCA
     #   `openssl x509 -in file_path -text -noout`
     #
     #   You can also copy the serial number from the console or use the
-    #   [DescribeCertificate][2] action in the *AWS Certificate Manager API
+    #   [DescribeCertificate][2] action in the *Certificate Manager API
     #   Reference*.
     #
     #
@@ -3247,7 +3463,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #
     # @note When making an API call, you may pass Validity
     #   data as a hash:

data/lib/aws-sdk-acmpca.rb CHANGED Viewed

@@ -49,6 +49,6 @@ require_relative 'aws-sdk-acmpca/customizations'
 # @!group service
 module Aws::ACMPCA
-  GEM_VERSION = '1.45.0'
+  GEM_VERSION = '1.48.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.45.0
+  version: 1.48.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-03 00:00:00.000000000 Z
+date: 2022-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.126.0
+        version: 3.127.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.126.0
+        version: 3.127.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement