aws-sdk-acmpca 1.81.0 → 1.83.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-acmpca/client.rb +53 -47
- data/lib/aws-sdk-acmpca/types.rb +26 -17
- data/lib/aws-sdk-acmpca.rb +3 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 429a2f288f3039a5e94259084db9f6edfd66bf05f8d62e3b010789415b85d14c
|
|
4
|
+
data.tar.gz: 4f1db4c4fa17d89dfe292c2e4c55d6ff148285a56b94a1d0c11f4c90e9600f12
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 444541707b4c4feed78211ae44f27ec083ce4f442ad22cb025faa78615445b4e8aa0cc2bdc8e08ecb0d83dc6d4037ce9a8b92ceb93e4ef33ed803e2b27e8a4ee
|
|
7
|
+
data.tar.gz: db26b0a2861dd6572c1536b9474fcbc8b75106b1e24df37eddd67ca88e1db5dc06b4b577bca6fda868e720e63d34ac737cd96473bb73f414a8ae725cc2aa0739
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.83.0 (2024-10-10)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Documentation updates for AWS Private CA.
|
|
8
|
+
|
|
9
|
+
1.82.0 (2024-09-24)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
|
13
|
+
|
|
4
14
|
1.81.0 (2024-09-23)
|
|
5
15
|
------------------
|
|
6
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.83.0
|
|
@@ -36,8 +36,6 @@ require 'aws-sdk-core/plugins/telemetry.rb'
|
|
|
36
36
|
require 'aws-sdk-core/plugins/sign.rb'
|
|
37
37
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
|
38
38
|
|
|
39
|
-
Aws::Plugins::GlobalConfiguration.add_identifier(:acmpca)
|
|
40
|
-
|
|
41
39
|
module Aws::ACMPCA
|
|
42
40
|
# An API client for ACMPCA. To construct a client, you need to configure a `:region` and `:credentials`.
|
|
43
41
|
#
|
|
@@ -493,14 +491,14 @@ module Aws::ACMPCA
|
|
|
493
491
|
# signing algorithm, and X.500 certificate subject information.
|
|
494
492
|
#
|
|
495
493
|
# @option params [Types::RevocationConfiguration] :revocation_configuration
|
|
496
|
-
# Contains information to enable Online Certificate Status
|
|
497
|
-
# (OCSP)
|
|
498
|
-
#
|
|
499
|
-
#
|
|
494
|
+
# Contains information to enable support for Online Certificate Status
|
|
495
|
+
# Protocol (OCSP), certificate revocation list (CRL), both protocols, or
|
|
496
|
+
# neither. By default, both certificate validation mechanisms are
|
|
497
|
+
# disabled.
|
|
500
498
|
#
|
|
501
|
-
#
|
|
499
|
+
# The following requirements apply to revocation configurations.
|
|
502
500
|
#
|
|
503
|
-
#
|
|
501
|
+
# * A configuration disabling CRLs or OCSP must contain only the
|
|
504
502
|
# `Enabled=False` parameter, and will fail if other parameters such as
|
|
505
503
|
# `CustomCname` or `ExpirationInDays` are included.
|
|
506
504
|
#
|
|
@@ -514,8 +512,6 @@ module Aws::ACMPCA
|
|
|
514
512
|
# * In a CRL or OCSP configuration, the value of a CNAME parameter must
|
|
515
513
|
# not include a protocol prefix such as "http://" or "https://".
|
|
516
514
|
#
|
|
517
|
-
# </note>
|
|
518
|
-
#
|
|
519
515
|
# For more information, see the [OcspConfiguration][3] and
|
|
520
516
|
# [CrlConfiguration][4] types.
|
|
521
517
|
#
|
|
@@ -715,17 +711,13 @@ module Aws::ACMPCA
|
|
|
715
711
|
end
|
|
716
712
|
|
|
717
713
|
# Creates an audit report that lists every time that your CA private key
|
|
718
|
-
# is used
|
|
719
|
-
#
|
|
720
|
-
# use the private key.
|
|
721
|
-
#
|
|
722
|
-
# <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
|
|
723
|
-
# permission to write to the S3 bucket that you specify. If the IAM
|
|
724
|
-
# principal making the call does not have permission to write to the
|
|
725
|
-
# bucket, then an exception is thrown. For more information, see [Access
|
|
726
|
-
# policies for CRLs in Amazon S3][3].
|
|
714
|
+
# is used to issue a certificate. The [IssueCertificate][1] and
|
|
715
|
+
# [RevokeCertificate][2] actions use the private key.
|
|
727
716
|
#
|
|
728
|
-
#
|
|
717
|
+
# To save the audit report to your designated Amazon S3 bucket, you must
|
|
718
|
+
# create a bucket policy that grants Amazon Web Services Private CA
|
|
719
|
+
# permission to access and write to it. For an example policy, see
|
|
720
|
+
# [Prepare an Amazon S3 bucket for audit reports][3].
|
|
729
721
|
#
|
|
730
722
|
# Amazon Web Services Private CA assets that are stored in Amazon S3 can
|
|
731
723
|
# be protected with encryption. For more information, see [Encrypting
|
|
@@ -739,7 +731,7 @@ module Aws::ACMPCA
|
|
|
739
731
|
#
|
|
740
732
|
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
|
|
741
733
|
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
|
|
742
|
-
# [3]: https://docs.aws.amazon.com/privateca/latest/userguide/
|
|
734
|
+
# [3]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#s3-access
|
|
743
735
|
# [4]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption
|
|
744
736
|
#
|
|
745
737
|
# @option params [required, String] :certificate_authority_arn
|
|
@@ -1551,44 +1543,46 @@ module Aws::ACMPCA
|
|
|
1551
1543
|
# Amazon Web Services Private CA allows the following extensions to be
|
|
1552
1544
|
# marked critical in the imported CA certificate or chain.
|
|
1553
1545
|
#
|
|
1554
|
-
# *
|
|
1546
|
+
# * Authority key identifier
|
|
1555
1547
|
#
|
|
1556
|
-
# *
|
|
1548
|
+
# * Basic constraints (*must* be marked critical)
|
|
1557
1549
|
#
|
|
1558
|
-
# *
|
|
1550
|
+
# * Certificate policies
|
|
1559
1551
|
#
|
|
1560
1552
|
# * Extended key usage
|
|
1561
1553
|
#
|
|
1562
|
-
# *
|
|
1563
|
-
#
|
|
1564
|
-
# * Subject key identifier
|
|
1554
|
+
# * Inhibit anyPolicy
|
|
1565
1555
|
#
|
|
1566
1556
|
# * Issuer alternative name
|
|
1567
1557
|
#
|
|
1568
|
-
# *
|
|
1569
|
-
#
|
|
1570
|
-
# * Subject information access
|
|
1558
|
+
# * Key usage
|
|
1571
1559
|
#
|
|
1572
|
-
# *
|
|
1560
|
+
# * Name constraints
|
|
1573
1561
|
#
|
|
1574
1562
|
# * Policy mappings
|
|
1575
1563
|
#
|
|
1576
|
-
# *
|
|
1564
|
+
# * Subject alternative name
|
|
1577
1565
|
#
|
|
1578
|
-
#
|
|
1579
|
-
# they are marked critical in an imported CA certificate or chain.
|
|
1566
|
+
# * Subject directory attributes
|
|
1580
1567
|
#
|
|
1581
|
-
# *
|
|
1568
|
+
# * Subject key identifier
|
|
1582
1569
|
#
|
|
1583
|
-
# *
|
|
1570
|
+
# * Subject information access
|
|
1584
1571
|
#
|
|
1585
|
-
#
|
|
1572
|
+
# Amazon Web Services Private CA rejects the following extensions when
|
|
1573
|
+
# they are marked critical in an imported CA certificate or chain.
|
|
1586
1574
|
#
|
|
1587
1575
|
# * Authority information access
|
|
1588
1576
|
#
|
|
1577
|
+
# * CRL distribution points
|
|
1578
|
+
#
|
|
1589
1579
|
# * Freshest CRL
|
|
1590
1580
|
#
|
|
1591
|
-
# *
|
|
1581
|
+
# * Policy constraints
|
|
1582
|
+
#
|
|
1583
|
+
# Amazon Web Services Private Certificate Authority will also reject any
|
|
1584
|
+
# other extension marked as critical not contained on the preceding list
|
|
1585
|
+
# of allowed extensions.
|
|
1592
1586
|
#
|
|
1593
1587
|
#
|
|
1594
1588
|
#
|
|
@@ -2574,15 +2568,15 @@ module Aws::ACMPCA
|
|
|
2574
2568
|
# `
|
|
2575
2569
|
#
|
|
2576
2570
|
# @option params [Types::RevocationConfiguration] :revocation_configuration
|
|
2577
|
-
# Contains information to enable Online Certificate Status
|
|
2578
|
-
# (OCSP)
|
|
2579
|
-
#
|
|
2580
|
-
#
|
|
2581
|
-
#
|
|
2571
|
+
# Contains information to enable support for Online Certificate Status
|
|
2572
|
+
# Protocol (OCSP), certificate revocation list (CRL), both protocols, or
|
|
2573
|
+
# neither. If you don't supply this parameter, existing capibilites
|
|
2574
|
+
# remain unchanged. For more information, see the [OcspConfiguration][1]
|
|
2575
|
+
# and [CrlConfiguration][2] types.
|
|
2582
2576
|
#
|
|
2583
|
-
#
|
|
2577
|
+
# The following requirements apply to revocation configurations.
|
|
2584
2578
|
#
|
|
2585
|
-
#
|
|
2579
|
+
# * A configuration disabling CRLs or OCSP must contain only the
|
|
2586
2580
|
# `Enabled=False` parameter, and will fail if other parameters such as
|
|
2587
2581
|
# `CustomCname` or `ExpirationInDays` are included.
|
|
2588
2582
|
#
|
|
@@ -2596,7 +2590,17 @@ module Aws::ACMPCA
|
|
|
2596
2590
|
# * In a CRL or OCSP configuration, the value of a CNAME parameter must
|
|
2597
2591
|
# not include a protocol prefix such as "http://" or "https://".
|
|
2598
2592
|
#
|
|
2599
|
-
#
|
|
2593
|
+
# If you update the `S3BucketName` of [CrlConfiguration][2], you can
|
|
2594
|
+
# break revocation for existing certificates. In other words, if you
|
|
2595
|
+
# call [UpdateCertificateAuthority][5] to update the CRL
|
|
2596
|
+
# configuration's S3 bucket name, Amazon Web Services Private CA only
|
|
2597
|
+
# writes CRLs to the new S3 bucket. Certificates issued prior to this
|
|
2598
|
+
# point will have the old S3 bucket name in your CRL Distribution Point
|
|
2599
|
+
# (CDP) extension, essentially breaking revocation. If you must update
|
|
2600
|
+
# the S3 bucket, you'll need to reissue old certificates to keep the
|
|
2601
|
+
# revocation working. Alternatively, you can use a [CustomCname][6] in
|
|
2602
|
+
# your CRL configuration if you might need to change the S3 bucket name
|
|
2603
|
+
# in the future.
|
|
2600
2604
|
#
|
|
2601
2605
|
#
|
|
2602
2606
|
#
|
|
@@ -2604,6 +2608,8 @@ module Aws::ACMPCA
|
|
|
2604
2608
|
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
|
|
2605
2609
|
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
|
|
2606
2610
|
# [4]: https://www.ietf.org/rfc/rfc2396.txt
|
|
2611
|
+
# [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
|
|
2612
|
+
# [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
|
|
2607
2613
|
#
|
|
2608
2614
|
# @option params [String] :status
|
|
2609
2615
|
# Status of your private CA.
|
|
@@ -2660,7 +2666,7 @@ module Aws::ACMPCA
|
|
|
2660
2666
|
tracer: tracer
|
|
2661
2667
|
)
|
|
2662
2668
|
context[:gem_name] = 'aws-sdk-acmpca'
|
|
2663
|
-
context[:gem_version] = '1.
|
|
2669
|
+
context[:gem_version] = '1.83.0'
|
|
2664
2670
|
Seahorse::Client::Request.new(handlers, context)
|
|
2665
2671
|
end
|
|
2666
2672
|
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
|
@@ -466,14 +466,14 @@ module Aws::ACMPCA
|
|
|
466
466
|
# @return [Types::CertificateAuthorityConfiguration]
|
|
467
467
|
#
|
|
468
468
|
# @!attribute [rw] revocation_configuration
|
|
469
|
-
# Contains information to enable Online Certificate Status
|
|
470
|
-
# (OCSP)
|
|
471
|
-
#
|
|
472
|
-
#
|
|
469
|
+
# Contains information to enable support for Online Certificate Status
|
|
470
|
+
# Protocol (OCSP), certificate revocation list (CRL), both protocols,
|
|
471
|
+
# or neither. By default, both certificate validation mechanisms are
|
|
472
|
+
# disabled.
|
|
473
473
|
#
|
|
474
|
-
#
|
|
474
|
+
# The following requirements apply to revocation configurations.
|
|
475
475
|
#
|
|
476
|
-
#
|
|
476
|
+
# * A configuration disabling CRLs or OCSP must contain only the
|
|
477
477
|
# `Enabled=False` parameter, and will fail if other parameters such
|
|
478
478
|
# as `CustomCname` or `ExpirationInDays` are included.
|
|
479
479
|
#
|
|
@@ -488,8 +488,6 @@ module Aws::ACMPCA
|
|
|
488
488
|
# must not include a protocol prefix such as "http://" or
|
|
489
489
|
# "https://".
|
|
490
490
|
#
|
|
491
|
-
# </note>
|
|
492
|
-
#
|
|
493
491
|
# For more information, see the [OcspConfiguration][3] and
|
|
494
492
|
# [CrlConfiguration][4] types.
|
|
495
493
|
#
|
|
@@ -2518,16 +2516,15 @@ module Aws::ACMPCA
|
|
|
2518
2516
|
# @return [String]
|
|
2519
2517
|
#
|
|
2520
2518
|
# @!attribute [rw] revocation_configuration
|
|
2521
|
-
# Contains information to enable Online Certificate Status
|
|
2522
|
-
# (OCSP)
|
|
2523
|
-
#
|
|
2524
|
-
#
|
|
2525
|
-
#
|
|
2526
|
-
# [CrlConfiguration][2] types.
|
|
2519
|
+
# Contains information to enable support for Online Certificate Status
|
|
2520
|
+
# Protocol (OCSP), certificate revocation list (CRL), both protocols,
|
|
2521
|
+
# or neither. If you don't supply this parameter, existing
|
|
2522
|
+
# capibilites remain unchanged. For more information, see the
|
|
2523
|
+
# [OcspConfiguration][1] and [CrlConfiguration][2] types.
|
|
2527
2524
|
#
|
|
2528
|
-
#
|
|
2525
|
+
# The following requirements apply to revocation configurations.
|
|
2529
2526
|
#
|
|
2530
|
-
#
|
|
2527
|
+
# * A configuration disabling CRLs or OCSP must contain only the
|
|
2531
2528
|
# `Enabled=False` parameter, and will fail if other parameters such
|
|
2532
2529
|
# as `CustomCname` or `ExpirationInDays` are included.
|
|
2533
2530
|
#
|
|
@@ -2542,7 +2539,17 @@ module Aws::ACMPCA
|
|
|
2542
2539
|
# must not include a protocol prefix such as "http://" or
|
|
2543
2540
|
# "https://".
|
|
2544
2541
|
#
|
|
2545
|
-
#
|
|
2542
|
+
# If you update the `S3BucketName` of [CrlConfiguration][2], you can
|
|
2543
|
+
# break revocation for existing certificates. In other words, if you
|
|
2544
|
+
# call [UpdateCertificateAuthority][5] to update the CRL
|
|
2545
|
+
# configuration's S3 bucket name, Amazon Web Services Private CA only
|
|
2546
|
+
# writes CRLs to the new S3 bucket. Certificates issued prior to this
|
|
2547
|
+
# point will have the old S3 bucket name in your CRL Distribution
|
|
2548
|
+
# Point (CDP) extension, essentially breaking revocation. If you must
|
|
2549
|
+
# update the S3 bucket, you'll need to reissue old certificates to
|
|
2550
|
+
# keep the revocation working. Alternatively, you can use a
|
|
2551
|
+
# [CustomCname][6] in your CRL configuration if you might need to
|
|
2552
|
+
# change the S3 bucket name in the future.
|
|
2546
2553
|
#
|
|
2547
2554
|
#
|
|
2548
2555
|
#
|
|
@@ -2550,6 +2557,8 @@ module Aws::ACMPCA
|
|
|
2550
2557
|
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
|
|
2551
2558
|
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
|
|
2552
2559
|
# [4]: https://www.ietf.org/rfc/rfc2396.txt
|
|
2560
|
+
# [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
|
|
2561
|
+
# [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
|
|
2553
2562
|
# @return [Types::RevocationConfiguration]
|
|
2554
2563
|
#
|
|
2555
2564
|
# @!attribute [rw] status
|
data/lib/aws-sdk-acmpca.rb
CHANGED
|
@@ -11,6 +11,8 @@
|
|
|
11
11
|
require 'aws-sdk-core'
|
|
12
12
|
require 'aws-sigv4'
|
|
13
13
|
|
|
14
|
+
Aws::Plugins::GlobalConfiguration.add_identifier(:acmpca)
|
|
15
|
+
|
|
14
16
|
# This module provides support for AWS Certificate Manager Private Certificate Authority. This module is available in the
|
|
15
17
|
# `aws-sdk-acmpca` gem.
|
|
16
18
|
#
|
|
@@ -53,7 +55,7 @@ module Aws::ACMPCA
|
|
|
53
55
|
autoload :EndpointProvider, 'aws-sdk-acmpca/endpoint_provider'
|
|
54
56
|
autoload :Endpoints, 'aws-sdk-acmpca/endpoints'
|
|
55
57
|
|
|
56
|
-
GEM_VERSION = '1.
|
|
58
|
+
GEM_VERSION = '1.83.0'
|
|
57
59
|
|
|
58
60
|
end
|
|
59
61
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-acmpca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.83.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-10-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|