RubyGems - aws-sdk-acmpca - Versions diffs - 1.81.0 → 1.83.0 - Mend

aws-sdk-acmpca 1.81.0 → 1.83.0

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -0
data/VERSION +1 -1
data/lib/aws-sdk-acmpca/client.rb +53 -47
data/lib/aws-sdk-acmpca/types.rb +26 -17
data/lib/aws-sdk-acmpca.rb +3 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e4a1446b889652492a501e46be7c6b98e4a8df69d7c9f80aab6c07bcc6aa7b0
-  data.tar.gz: df1dc203bf6f3f30d757a7eba310081e699d08c8ebaf4cf9eee3c22f0cba6125
+  metadata.gz: 429a2f288f3039a5e94259084db9f6edfd66bf05f8d62e3b010789415b85d14c
+  data.tar.gz: 4f1db4c4fa17d89dfe292c2e4c55d6ff148285a56b94a1d0c11f4c90e9600f12
 SHA512:
-  metadata.gz: a027fb746d30384e3ab59bce994d65ed05d2512026b8ce7140c157a8c510e5cb7667991d5168262532aa491fa371e264e1fceb0e1bd97dbe6a427cbab3193e8c
-  data.tar.gz: 6c2cef86d8c26eddbdeeb6b43d8291c4d59a4046559749124c52839c8d1e6b550f28883571a14b3d3fc0c453ef4c5a5eb8a7235ee793eb6342106503e8ce06e1
+  metadata.gz: 444541707b4c4feed78211ae44f27ec083ce4f442ad22cb025faa78615445b4e8aa0cc2bdc8e08ecb0d83dc6d4037ce9a8b92ceb93e4ef33ed803e2b27e8a4ee
+  data.tar.gz: db26b0a2861dd6572c1536b9474fcbc8b75106b1e24df37eddd67ca88e1db5dc06b4b577bca6fda868e720e63d34ac737cd96473bb73f414a8ae725cc2aa0739

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
+1.83.0 (2024-10-10)
+------------------
+* Feature - Documentation updates for AWS Private CA.
+1.82.0 (2024-09-24)
+------------------
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
 1.81.0 (2024-09-23)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.81.0
1	+ 1.83.0

data/lib/aws-sdk-acmpca/client.rb CHANGED Viewed

@@ -36,8 +36,6 @@ require 'aws-sdk-core/plugins/telemetry.rb'
 require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
-Aws::Plugins::GlobalConfiguration.add_identifier(:acmpca)
 module Aws::ACMPCA
   # An API client for ACMPCA.  To construct a client, you need to configure a `:region` and `:credentials`.
   #
@@ -493,14 +491,14 @@ module Aws::ACMPCA
     #   signing algorithm, and X.500 certificate subject information.
     #
     # @option params [Types::RevocationConfiguration] :revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. The default is for both certificate
-    #   validation mechanisms to be disabled.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols, or
+    #   neither. By default, both certificate validation mechanisms are
+    #   disabled.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such as
     #     `CustomCname` or `ExpirationInDays` are included.
     #
@@ -514,8 +512,6 @@ module Aws::ACMPCA
     #   * In a CRL or OCSP configuration, the value of a CNAME parameter must
     #     not include a protocol prefix such as "http://" or "https://".
     #
-    #    </note>
-    #
     #   For more information, see the [OcspConfiguration][3] and
     #   [CrlConfiguration][4] types.
     #
@@ -715,17 +711,13 @@ module Aws::ACMPCA
     end
     # Creates an audit report that lists every time that your CA private key
-    # is used. The report is saved in the Amazon S3 bucket that you specify
-    # on input. The [IssueCertificate][1] and [RevokeCertificate][2] actions
-    # use the private key.
-    #
-    # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
-    # permission to write to the S3 bucket that you specify. If the IAM
-    # principal making the call does not have permission to write to the
-    # bucket, then an exception is thrown. For more information, see [Access
-    # policies for CRLs in Amazon S3][3].
+    # is used to issue a certificate. The [IssueCertificate][1] and
+    # [RevokeCertificate][2] actions use the private key.
     #
-    #  </note>
+    # To save the audit report to your designated Amazon S3 bucket, you must
+    # create a bucket policy that grants Amazon Web Services Private CA
+    # permission to access and write to it. For an example policy, see
+    # [Prepare an Amazon S3 bucket for audit reports][3].
     #
     # Amazon Web Services Private CA assets that are stored in Amazon S3 can
     # be protected with encryption. For more information, see [Encrypting
@@ -739,7 +731,7 @@ module Aws::ACMPCA
     #
     # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
     # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
-    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#s3-access
     # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption
     #
     # @option params [required, String] :certificate_authority_arn
@@ -1551,44 +1543,46 @@ module Aws::ACMPCA
     # Amazon Web Services Private CA allows the following extensions to be
     # marked critical in the imported CA certificate or chain.
     #
-    # * Basic constraints (*must* be marked critical)
+    # * Authority key identifier
     #
-    # * Subject alternative names
+    # * Basic constraints (*must* be marked critical)
     #
-    # * Key usage
+    # * Certificate policies
     #
     # * Extended key usage
     #
-    # * Authority key identifier
-    #
-    # * Subject key identifier
+    # * Inhibit anyPolicy
     #
     # * Issuer alternative name
     #
-    # * Subject directory attributes
-    #
-    # * Subject information access
+    # * Key usage
     #
-    # * Certificate policies
+    # * Name constraints
     #
     # * Policy mappings
     #
-    # * Inhibit anyPolicy
+    # * Subject alternative name
     #
-    # Amazon Web Services Private CA rejects the following extensions when
-    # they are marked critical in an imported CA certificate or chain.
+    # * Subject directory attributes
     #
-    # * Name constraints
+    # * Subject key identifier
     #
-    # * Policy constraints
+    # * Subject information access
     #
-    # * CRL distribution points
+    # Amazon Web Services Private CA rejects the following extensions when
+    # they are marked critical in an imported CA certificate or chain.
     #
     # * Authority information access
     #
+    # * CRL distribution points
+    #
     # * Freshest CRL
     #
-    # * Any other extension
+    # * Policy constraints
+    #
+    # Amazon Web Services Private Certificate Authority will also reject any
+    # other extension marked as critical not contained on the preceding list
+    # of allowed extensions.
     #
     #
     #
@@ -2574,15 +2568,15 @@ module Aws::ACMPCA
     #   `
     #
     # @option params [Types::RevocationConfiguration] :revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. If this parameter is not supplied,
-    #   existing capibilites remain unchanged. For more information, see the
-    #   [OcspConfiguration][1] and [CrlConfiguration][2] types.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols, or
+    #   neither. If you don't supply this parameter, existing capibilites
+    #   remain unchanged. For more information, see the [OcspConfiguration][1]
+    #   and [CrlConfiguration][2] types.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such as
     #     `CustomCname` or `ExpirationInDays` are included.
     #
@@ -2596,7 +2590,17 @@ module Aws::ACMPCA
     #   * In a CRL or OCSP configuration, the value of a CNAME parameter must
     #     not include a protocol prefix such as "http://" or "https://".
     #
-    #    </note>
+    #   If you update the `S3BucketName` of [CrlConfiguration][2], you can
+    #   break revocation for existing certificates. In other words, if you
+    #   call [UpdateCertificateAuthority][5] to update the CRL
+    #   configuration's S3 bucket name, Amazon Web Services Private CA only
+    #   writes CRLs to the new S3 bucket. Certificates issued prior to this
+    #   point will have the old S3 bucket name in your CRL Distribution Point
+    #   (CDP) extension, essentially breaking revocation. If you must update
+    #   the S3 bucket, you'll need to reissue old certificates to keep the
+    #   revocation working. Alternatively, you can use a [CustomCname][6] in
+    #   your CRL configuration if you might need to change the S3 bucket name
+    #   in the future.
     #
     #
     #
@@ -2604,6 +2608,8 @@ module Aws::ACMPCA
     #   [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
     #   [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
     #   [4]: https://www.ietf.org/rfc/rfc2396.txt
+    #   [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
+    #   [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
     #
     # @option params [String] :status
     #   Status of your private CA.
@@ -2660,7 +2666,7 @@ module Aws::ACMPCA
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.81.0'
+      context[:gem_version] = '1.83.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-acmpca/types.rb CHANGED Viewed

@@ -466,14 +466,14 @@ module Aws::ACMPCA
     #   @return [Types::CertificateAuthorityConfiguration]
     #
     # @!attribute [rw] revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. The default is for both
-    #   certificate validation mechanisms to be disabled.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols,
+    #   or neither. By default, both certificate validation mechanisms are
+    #   disabled.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such
     #     as `CustomCname` or `ExpirationInDays` are included.
     #
@@ -488,8 +488,6 @@ module Aws::ACMPCA
     #     must not include a protocol prefix such as "http://" or
     #     "https://".
     #
-    #    </note>
-    #
     #   For more information, see the [OcspConfiguration][3] and
     #   [CrlConfiguration][4] types.
     #
@@ -2518,16 +2516,15 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. If this parameter is not
-    #   supplied, existing capibilites remain unchanged. For more
-    #   information, see the [OcspConfiguration][1] and
-    #   [CrlConfiguration][2] types.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols,
+    #   or neither. If you don't supply this parameter, existing
+    #   capibilites remain unchanged. For more information, see the
+    #   [OcspConfiguration][1] and [CrlConfiguration][2] types.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such
     #     as `CustomCname` or `ExpirationInDays` are included.
     #
@@ -2542,7 +2539,17 @@ module Aws::ACMPCA
     #     must not include a protocol prefix such as "http://" or
     #     "https://".
     #
-    #    </note>
+    #   If you update the `S3BucketName` of [CrlConfiguration][2], you can
+    #   break revocation for existing certificates. In other words, if you
+    #   call [UpdateCertificateAuthority][5] to update the CRL
+    #   configuration's S3 bucket name, Amazon Web Services Private CA only
+    #   writes CRLs to the new S3 bucket. Certificates issued prior to this
+    #   point will have the old S3 bucket name in your CRL Distribution
+    #   Point (CDP) extension, essentially breaking revocation. If you must
+    #   update the S3 bucket, you'll need to reissue old certificates to
+    #   keep the revocation working. Alternatively, you can use a
+    #   [CustomCname][6] in your CRL configuration if you might need to
+    #   change the S3 bucket name in the future.
     #
     #
     #
@@ -2550,6 +2557,8 @@ module Aws::ACMPCA
     #   [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
     #   [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
     #   [4]: https://www.ietf.org/rfc/rfc2396.txt
+    #   [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
+    #   [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
     #   @return [Types::RevocationConfiguration]
     #
     # @!attribute [rw] status

data/lib/aws-sdk-acmpca.rb CHANGED Viewed

@@ -11,6 +11,8 @@
 require 'aws-sdk-core'
 require 'aws-sigv4'
+Aws::Plugins::GlobalConfiguration.add_identifier(:acmpca)
 # This module provides support for AWS Certificate Manager Private Certificate Authority. This module is available in the
 # `aws-sdk-acmpca` gem.
 #
@@ -53,7 +55,7 @@ module Aws::ACMPCA
   autoload :EndpointProvider, 'aws-sdk-acmpca/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-acmpca/endpoints'
-  GEM_VERSION = '1.81.0'
+  GEM_VERSION = '1.83.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.81.0
+  version: 1.83.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-23 00:00:00.000000000 Z
+date: 2024-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core