aws-sdk-acmpca 1.9.0 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-acmpca.rb +1 -1
- data/lib/aws-sdk-acmpca/client.rb +161 -13
- data/lib/aws-sdk-acmpca/client_api.rb +94 -0
- data/lib/aws-sdk-acmpca/types.rb +198 -9
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2caca51db3b49877b410170d10a09e8771fd25e7
|
4
|
+
data.tar.gz: 680a3f0d764147f42019a04aedd9a325fc4980c9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a91d14a29e13387387937a46f8211d83b427de04852566e5e91110ee221161e9784d22475d13900188b6649137b90f4a29de476e9e85ddbbc93c5f0a7d121ab1
|
7
|
+
data.tar.gz: f840e4f8e3a49fccfb1383f0dba93ace0c1c9a3923590bbc29b0073373a2a1d64fbcad36b8dd04d0fc9493a45736ec67fe862a0044200132952d2854fe6c8089
|
data/lib/aws-sdk-acmpca.rb
CHANGED
@@ -315,25 +315,24 @@ module Aws::ACMPCA
|
|
315
315
|
req.send_request(options)
|
316
316
|
end
|
317
317
|
|
318
|
-
# Creates an audit report that lists every time that
|
319
|
-
#
|
320
|
-
#
|
321
|
-
#
|
322
|
-
# minutes.
|
318
|
+
# Creates an audit report that lists every time that your CA private key
|
319
|
+
# is used. The report is saved in the Amazon S3 bucket that you specify
|
320
|
+
# on input. The IssueCertificate and RevokeCertificate operations use
|
321
|
+
# the private key. You can generate a new report every 30 minutes.
|
323
322
|
#
|
324
323
|
# @option params [required, String] :certificate_authority_arn
|
325
|
-
# Amazon Resource Name (ARN) of the CA to be audited. This is of the
|
324
|
+
# The Amazon Resource Name (ARN) of the CA to be audited. This is of the
|
326
325
|
# form:
|
327
326
|
#
|
328
327
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
329
328
|
# `.
|
330
329
|
#
|
331
330
|
# @option params [required, String] :s3_bucket_name
|
332
|
-
#
|
331
|
+
# The name of the S3 bucket that will contain the audit report.
|
333
332
|
#
|
334
333
|
# @option params [required, String] :audit_report_response_format
|
335
|
-
#
|
336
|
-
# **CSV**.
|
334
|
+
# The format in which to create the report. This can be either **JSON**
|
335
|
+
# or **CSV**.
|
337
336
|
#
|
338
337
|
# @return [Types::CreateCertificateAuthorityAuditReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
339
338
|
#
|
@@ -362,6 +361,58 @@ module Aws::ACMPCA
|
|
362
361
|
req.send_request(options)
|
363
362
|
end
|
364
363
|
|
364
|
+
# Assigns permissions from a private CA to a designated AWS service.
|
365
|
+
# Services are specified by their service principals and can be given
|
366
|
+
# permission to create and retrieve certificates on a private CA.
|
367
|
+
# Services can also be given permission to list the active permissions
|
368
|
+
# that the private CA has granted. For ACM to automatically renew your
|
369
|
+
# private CA's certificates, you must assign all possible permissions
|
370
|
+
# from the CA to the ACM service principal.
|
371
|
+
#
|
372
|
+
# At this time, you can only assign permissions to ACM
|
373
|
+
# (`acm.amazonaws.com`). Permissions can be revoked with the
|
374
|
+
# DeletePermission operation and listed with the ListPermissions
|
375
|
+
# operation.
|
376
|
+
#
|
377
|
+
# @option params [required, String] :certificate_authority_arn
|
378
|
+
# The Amazon Resource Name (ARN) of the CA that grants the permissions.
|
379
|
+
# You can find the ARN by calling the ListCertificateAuthorities
|
380
|
+
# operation. This must have the following form:
|
381
|
+
#
|
382
|
+
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
383
|
+
# `.
|
384
|
+
#
|
385
|
+
# @option params [required, String] :principal
|
386
|
+
# The AWS service or identity that receives the permission. At this
|
387
|
+
# time, the only valid principal is `acm.amazonaws.com`.
|
388
|
+
#
|
389
|
+
# @option params [String] :source_account
|
390
|
+
# The ID of the calling account.
|
391
|
+
#
|
392
|
+
# @option params [required, Array<String>] :actions
|
393
|
+
# The actions that the specified AWS service principal can use. These
|
394
|
+
# include `IssueCertificate`, `GetCertificate`, and `ListPermissions`.
|
395
|
+
#
|
396
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
397
|
+
#
|
398
|
+
# @example Request syntax with placeholder values
|
399
|
+
#
|
400
|
+
# resp = client.create_permission({
|
401
|
+
# certificate_authority_arn: "Arn", # required
|
402
|
+
# principal: "Principal", # required
|
403
|
+
# source_account: "AccountId",
|
404
|
+
# actions: ["IssueCertificate"], # required, accepts IssueCertificate, GetCertificate, ListPermissions
|
405
|
+
# })
|
406
|
+
#
|
407
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission AWS API Documentation
|
408
|
+
#
|
409
|
+
# @overload create_permission(params = {})
|
410
|
+
# @param [Hash] params ({})
|
411
|
+
def create_permission(params = {}, options = {})
|
412
|
+
req = build_request(:create_permission, params)
|
413
|
+
req.send_request(options)
|
414
|
+
end
|
415
|
+
|
365
416
|
# Deletes a private certificate authority (CA). You must provide the ARN
|
366
417
|
# (Amazon Resource Name) of the private CA that you want to delete. You
|
367
418
|
# can find the ARN by calling the ListCertificateAuthorities operation.
|
@@ -375,15 +426,15 @@ module Aws::ACMPCA
|
|
375
426
|
# haven't yet imported the signed certificate (the **Status** is
|
376
427
|
# `PENDING_CERTIFICATE`) into ACM PCA.
|
377
428
|
#
|
378
|
-
# If the CA is in one of the
|
429
|
+
# If the CA is in one of the previously mentioned states and you call
|
379
430
|
# DeleteCertificateAuthority, the CA's status changes to `DELETED`.
|
380
|
-
# However, the CA won't be
|
431
|
+
# However, the CA won't be permanently deleted until the restoration
|
381
432
|
# period has passed. By default, if you do not set the
|
382
433
|
# `PermanentDeletionTimeInDays` parameter, the CA remains restorable for
|
383
434
|
# 30 days. You can set the parameter from 7 to 30 days. The
|
384
435
|
# DescribeCertificateAuthority operation returns the time remaining in
|
385
436
|
# the restoration window of a Private CA in the `DELETED` state. To
|
386
|
-
# restore an
|
437
|
+
# restore an eligible CA, call the RestoreCertificateAuthority
|
387
438
|
# operation.
|
388
439
|
#
|
389
440
|
# @option params [required, String] :certificate_authority_arn
|
@@ -415,6 +466,45 @@ module Aws::ACMPCA
|
|
415
466
|
req.send_request(options)
|
416
467
|
end
|
417
468
|
|
469
|
+
# Revokes permissions that a private CA assigned to a designated AWS
|
470
|
+
# service. Permissions can be created with the CreatePermission
|
471
|
+
# operation and listed with the ListPermissions operation.
|
472
|
+
#
|
473
|
+
# @option params [required, String] :certificate_authority_arn
|
474
|
+
# The Amazon Resource Number (ARN) of the private CA that issued the
|
475
|
+
# permissions. You can find the CA's ARN by calling the
|
476
|
+
# ListCertificateAuthorities operation. This must have the following
|
477
|
+
# form:
|
478
|
+
#
|
479
|
+
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
480
|
+
# `.
|
481
|
+
#
|
482
|
+
# @option params [required, String] :principal
|
483
|
+
# The AWS service or identity that will have its CA permissions revoked.
|
484
|
+
# At this time, the only valid service principal is `acm.amazonaws.com`
|
485
|
+
#
|
486
|
+
# @option params [String] :source_account
|
487
|
+
# The AWS account that calls this operation.
|
488
|
+
#
|
489
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
490
|
+
#
|
491
|
+
# @example Request syntax with placeholder values
|
492
|
+
#
|
493
|
+
# resp = client.delete_permission({
|
494
|
+
# certificate_authority_arn: "Arn", # required
|
495
|
+
# principal: "Principal", # required
|
496
|
+
# source_account: "AccountId",
|
497
|
+
# })
|
498
|
+
#
|
499
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission AWS API Documentation
|
500
|
+
#
|
501
|
+
# @overload delete_permission(params = {})
|
502
|
+
# @param [Hash] params ({})
|
503
|
+
def delete_permission(params = {}, options = {})
|
504
|
+
req = build_request(:delete_permission, params)
|
505
|
+
req.send_request(options)
|
506
|
+
end
|
507
|
+
|
418
508
|
# Lists information about your private certificate authority (CA). You
|
419
509
|
# specify the private CA on input by its ARN (Amazon Resource Name). The
|
420
510
|
# output contains the status of your CA. This can be any of the
|
@@ -885,6 +975,64 @@ module Aws::ACMPCA
|
|
885
975
|
req.send_request(options)
|
886
976
|
end
|
887
977
|
|
978
|
+
# Lists all the permissions, if any, that have been assigned by a
|
979
|
+
# private CA. Permissions can be granted with the CreatePermission
|
980
|
+
# operation and revoked with the DeletePermission operation.
|
981
|
+
#
|
982
|
+
# @option params [required, String] :certificate_authority_arn
|
983
|
+
# The Amazon Resource Number (ARN) of the private CA to inspect. You can
|
984
|
+
# find the ARN by calling the ListCertificateAuthorities operation. This
|
985
|
+
# must be of the form:
|
986
|
+
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012`
|
987
|
+
# You can get a private CA's ARN by running the
|
988
|
+
# ListCertificateAuthorities operation.
|
989
|
+
#
|
990
|
+
# @option params [String] :next_token
|
991
|
+
# When paginating results, use this parameter in a subsequent request
|
992
|
+
# after you receive a response with truncated results. Set it to the
|
993
|
+
# value of **NextToken** from the response you just received.
|
994
|
+
#
|
995
|
+
# @option params [Integer] :max_results
|
996
|
+
# When paginating results, use this parameter to specify the maximum
|
997
|
+
# number of items to return in the response. If additional items exist
|
998
|
+
# beyond the number you specify, the **NextToken** element is sent in
|
999
|
+
# the response. Use this **NextToken** value in a subsequent request to
|
1000
|
+
# retrieve additional items.
|
1001
|
+
#
|
1002
|
+
# @return [Types::ListPermissionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1003
|
+
#
|
1004
|
+
# * {Types::ListPermissionsResponse#permissions #permissions} => Array<Types::Permission>
|
1005
|
+
# * {Types::ListPermissionsResponse#next_token #next_token} => String
|
1006
|
+
#
|
1007
|
+
# @example Request syntax with placeholder values
|
1008
|
+
#
|
1009
|
+
# resp = client.list_permissions({
|
1010
|
+
# certificate_authority_arn: "Arn", # required
|
1011
|
+
# next_token: "NextToken",
|
1012
|
+
# max_results: 1,
|
1013
|
+
# })
|
1014
|
+
#
|
1015
|
+
# @example Response structure
|
1016
|
+
#
|
1017
|
+
# resp.permissions #=> Array
|
1018
|
+
# resp.permissions[0].certificate_authority_arn #=> String
|
1019
|
+
# resp.permissions[0].created_at #=> Time
|
1020
|
+
# resp.permissions[0].principal #=> String
|
1021
|
+
# resp.permissions[0].source_account #=> String
|
1022
|
+
# resp.permissions[0].actions #=> Array
|
1023
|
+
# resp.permissions[0].actions[0] #=> String, one of "IssueCertificate", "GetCertificate", "ListPermissions"
|
1024
|
+
# resp.permissions[0].policy #=> String
|
1025
|
+
# resp.next_token #=> String
|
1026
|
+
#
|
1027
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions AWS API Documentation
|
1028
|
+
#
|
1029
|
+
# @overload list_permissions(params = {})
|
1030
|
+
# @param [Hash] params ({})
|
1031
|
+
def list_permissions(params = {}, options = {})
|
1032
|
+
req = build_request(:list_permissions, params)
|
1033
|
+
req.send_request(options)
|
1034
|
+
end
|
1035
|
+
|
888
1036
|
# Lists the tags, if any, that are associated with your private CA. Tags
|
889
1037
|
# are labels that you can use to identify and organize your CAs. Each
|
890
1038
|
# tag consists of a key and an optional value. Call the
|
@@ -1181,7 +1329,7 @@ module Aws::ACMPCA
|
|
1181
1329
|
params: params,
|
1182
1330
|
config: config)
|
1183
1331
|
context[:gem_name] = 'aws-sdk-acmpca'
|
1184
|
-
context[:gem_version] = '1.
|
1332
|
+
context[:gem_version] = '1.10.0'
|
1185
1333
|
Seahorse::Client::Request.new(handlers, context)
|
1186
1334
|
end
|
1187
1335
|
|
@@ -12,6 +12,9 @@ module Aws::ACMPCA
|
|
12
12
|
include Seahorse::Model
|
13
13
|
|
14
14
|
ASN1Subject = Shapes::StructureShape.new(name: 'ASN1Subject')
|
15
|
+
AccountId = Shapes::StringShape.new(name: 'AccountId')
|
16
|
+
ActionList = Shapes::ListShape.new(name: 'ActionList')
|
17
|
+
ActionType = Shapes::StringShape.new(name: 'ActionType')
|
15
18
|
Arn = Shapes::StringShape.new(name: 'Arn')
|
16
19
|
AuditReportId = Shapes::StringShape.new(name: 'AuditReportId')
|
17
20
|
AuditReportResponseFormat = Shapes::StringShape.new(name: 'AuditReportResponseFormat')
|
@@ -33,10 +36,12 @@ module Aws::ACMPCA
|
|
33
36
|
CreateCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityAuditReportResponse')
|
34
37
|
CreateCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityRequest')
|
35
38
|
CreateCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityResponse')
|
39
|
+
CreatePermissionRequest = Shapes::StructureShape.new(name: 'CreatePermissionRequest')
|
36
40
|
CrlConfiguration = Shapes::StructureShape.new(name: 'CrlConfiguration')
|
37
41
|
CsrBlob = Shapes::BlobShape.new(name: 'CsrBlob')
|
38
42
|
CsrBody = Shapes::StringShape.new(name: 'CsrBody')
|
39
43
|
DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
|
44
|
+
DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
|
40
45
|
DescribeCertificateAuthorityAuditReportRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportRequest')
|
41
46
|
DescribeCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportResponse')
|
42
47
|
DescribeCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityRequest')
|
@@ -64,6 +69,8 @@ module Aws::ACMPCA
|
|
64
69
|
LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
|
65
70
|
ListCertificateAuthoritiesRequest = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesRequest')
|
66
71
|
ListCertificateAuthoritiesResponse = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesResponse')
|
72
|
+
ListPermissionsRequest = Shapes::StructureShape.new(name: 'ListPermissionsRequest')
|
73
|
+
ListPermissionsResponse = Shapes::StructureShape.new(name: 'ListPermissionsResponse')
|
67
74
|
ListTagsRequest = Shapes::StructureShape.new(name: 'ListTagsRequest')
|
68
75
|
ListTagsResponse = Shapes::StructureShape.new(name: 'ListTagsResponse')
|
69
76
|
MalformedCSRException = Shapes::StructureShape.new(name: 'MalformedCSRException')
|
@@ -71,7 +78,11 @@ module Aws::ACMPCA
|
|
71
78
|
MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
|
72
79
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
73
80
|
PermanentDeletionTimeInDays = Shapes::IntegerShape.new(name: 'PermanentDeletionTimeInDays')
|
81
|
+
Permission = Shapes::StructureShape.new(name: 'Permission')
|
82
|
+
PermissionAlreadyExistsException = Shapes::StructureShape.new(name: 'PermissionAlreadyExistsException')
|
83
|
+
PermissionList = Shapes::ListShape.new(name: 'PermissionList')
|
74
84
|
PositiveLong = Shapes::IntegerShape.new(name: 'PositiveLong')
|
85
|
+
Principal = Shapes::StringShape.new(name: 'Principal')
|
75
86
|
RequestAlreadyProcessedException = Shapes::StructureShape.new(name: 'RequestAlreadyProcessedException')
|
76
87
|
RequestFailedException = Shapes::StructureShape.new(name: 'RequestFailedException')
|
77
88
|
RequestInProgressException = Shapes::StructureShape.new(name: 'RequestInProgressException')
|
@@ -118,6 +129,8 @@ module Aws::ACMPCA
|
|
118
129
|
ASN1Subject.add_member(:generation_qualifier, Shapes::ShapeRef.new(shape: String3, location_name: "GenerationQualifier"))
|
119
130
|
ASN1Subject.struct_class = Types::ASN1Subject
|
120
131
|
|
132
|
+
ActionList.member = Shapes::ShapeRef.new(shape: ActionType)
|
133
|
+
|
121
134
|
CertificateAuthorities.member = Shapes::ShapeRef.new(shape: CertificateAuthority)
|
122
135
|
|
123
136
|
CertificateAuthority.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
|
@@ -158,6 +171,12 @@ module Aws::ACMPCA
|
|
158
171
|
CreateCertificateAuthorityResponse.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
|
159
172
|
CreateCertificateAuthorityResponse.struct_class = Types::CreateCertificateAuthorityResponse
|
160
173
|
|
174
|
+
CreatePermissionRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
175
|
+
CreatePermissionRequest.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, required: true, location_name: "Principal"))
|
176
|
+
CreatePermissionRequest.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
|
177
|
+
CreatePermissionRequest.add_member(:actions, Shapes::ShapeRef.new(shape: ActionList, required: true, location_name: "Actions"))
|
178
|
+
CreatePermissionRequest.struct_class = Types::CreatePermissionRequest
|
179
|
+
|
161
180
|
CrlConfiguration.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "Enabled", metadata: {"box"=>true}))
|
162
181
|
CrlConfiguration.add_member(:expiration_in_days, Shapes::ShapeRef.new(shape: Integer1To5000, location_name: "ExpirationInDays", metadata: {"box"=>true}))
|
163
182
|
CrlConfiguration.add_member(:custom_cname, Shapes::ShapeRef.new(shape: String253, location_name: "CustomCname"))
|
@@ -168,6 +187,11 @@ module Aws::ACMPCA
|
|
168
187
|
DeleteCertificateAuthorityRequest.add_member(:permanent_deletion_time_in_days, Shapes::ShapeRef.new(shape: PermanentDeletionTimeInDays, location_name: "PermanentDeletionTimeInDays"))
|
169
188
|
DeleteCertificateAuthorityRequest.struct_class = Types::DeleteCertificateAuthorityRequest
|
170
189
|
|
190
|
+
DeletePermissionRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
191
|
+
DeletePermissionRequest.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, required: true, location_name: "Principal"))
|
192
|
+
DeletePermissionRequest.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
|
193
|
+
DeletePermissionRequest.struct_class = Types::DeletePermissionRequest
|
194
|
+
|
171
195
|
DescribeCertificateAuthorityAuditReportRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
172
196
|
DescribeCertificateAuthorityAuditReportRequest.add_member(:audit_report_id, Shapes::ShapeRef.new(shape: AuditReportId, required: true, location_name: "AuditReportId"))
|
173
197
|
DescribeCertificateAuthorityAuditReportRequest.struct_class = Types::DescribeCertificateAuthorityAuditReportRequest
|
@@ -228,6 +252,15 @@ module Aws::ACMPCA
|
|
228
252
|
ListCertificateAuthoritiesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
229
253
|
ListCertificateAuthoritiesResponse.struct_class = Types::ListCertificateAuthoritiesResponse
|
230
254
|
|
255
|
+
ListPermissionsRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
256
|
+
ListPermissionsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
257
|
+
ListPermissionsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
258
|
+
ListPermissionsRequest.struct_class = Types::ListPermissionsRequest
|
259
|
+
|
260
|
+
ListPermissionsResponse.add_member(:permissions, Shapes::ShapeRef.new(shape: PermissionList, location_name: "Permissions"))
|
261
|
+
ListPermissionsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
262
|
+
ListPermissionsResponse.struct_class = Types::ListPermissionsResponse
|
263
|
+
|
231
264
|
ListTagsRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
232
265
|
ListTagsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
233
266
|
ListTagsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
|
@@ -237,6 +270,16 @@ module Aws::ACMPCA
|
|
237
270
|
ListTagsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
|
238
271
|
ListTagsResponse.struct_class = Types::ListTagsResponse
|
239
272
|
|
273
|
+
Permission.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
|
274
|
+
Permission.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
|
275
|
+
Permission.add_member(:principal, Shapes::ShapeRef.new(shape: String, location_name: "Principal"))
|
276
|
+
Permission.add_member(:source_account, Shapes::ShapeRef.new(shape: String, location_name: "SourceAccount"))
|
277
|
+
Permission.add_member(:actions, Shapes::ShapeRef.new(shape: ActionList, location_name: "Actions"))
|
278
|
+
Permission.add_member(:policy, Shapes::ShapeRef.new(shape: String, location_name: "Policy"))
|
279
|
+
Permission.struct_class = Types::Permission
|
280
|
+
|
281
|
+
PermissionList.member = Shapes::ShapeRef.new(shape: Permission)
|
282
|
+
|
240
283
|
RestoreCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
241
284
|
RestoreCertificateAuthorityRequest.struct_class = Types::RestoreCertificateAuthorityRequest
|
242
285
|
|
@@ -316,6 +359,20 @@ module Aws::ACMPCA
|
|
316
359
|
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
317
360
|
end)
|
318
361
|
|
362
|
+
api.add_operation(:create_permission, Seahorse::Model::Operation.new.tap do |o|
|
363
|
+
o.name = "CreatePermission"
|
364
|
+
o.http_method = "POST"
|
365
|
+
o.http_request_uri = "/"
|
366
|
+
o.input = Shapes::ShapeRef.new(shape: CreatePermissionRequest)
|
367
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
368
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
369
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
370
|
+
o.errors << Shapes::ShapeRef.new(shape: PermissionAlreadyExistsException)
|
371
|
+
o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
|
372
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
373
|
+
o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
|
374
|
+
end)
|
375
|
+
|
319
376
|
api.add_operation(:delete_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
|
320
377
|
o.name = "DeleteCertificateAuthority"
|
321
378
|
o.http_method = "POST"
|
@@ -328,6 +385,18 @@ module Aws::ACMPCA
|
|
328
385
|
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
329
386
|
end)
|
330
387
|
|
388
|
+
api.add_operation(:delete_permission, Seahorse::Model::Operation.new.tap do |o|
|
389
|
+
o.name = "DeletePermission"
|
390
|
+
o.http_method = "POST"
|
391
|
+
o.http_request_uri = "/"
|
392
|
+
o.input = Shapes::ShapeRef.new(shape: DeletePermissionRequest)
|
393
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
394
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
395
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
396
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
397
|
+
o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
|
398
|
+
end)
|
399
|
+
|
331
400
|
api.add_operation(:describe_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
|
332
401
|
o.name = "DescribeCertificateAuthority"
|
333
402
|
o.http_method = "POST"
|
@@ -431,6 +500,25 @@ module Aws::ACMPCA
|
|
431
500
|
)
|
432
501
|
end)
|
433
502
|
|
503
|
+
api.add_operation(:list_permissions, Seahorse::Model::Operation.new.tap do |o|
|
504
|
+
o.name = "ListPermissions"
|
505
|
+
o.http_method = "POST"
|
506
|
+
o.http_request_uri = "/"
|
507
|
+
o.input = Shapes::ShapeRef.new(shape: ListPermissionsRequest)
|
508
|
+
o.output = Shapes::ShapeRef.new(shape: ListPermissionsResponse)
|
509
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
510
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
511
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
|
512
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
|
513
|
+
o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
|
514
|
+
o[:pager] = Aws::Pager.new(
|
515
|
+
limit_key: "max_results",
|
516
|
+
tokens: {
|
517
|
+
"next_token" => "next_token"
|
518
|
+
}
|
519
|
+
)
|
520
|
+
end)
|
521
|
+
|
434
522
|
api.add_operation(:list_tags, Seahorse::Model::Operation.new.tap do |o|
|
435
523
|
o.name = "ListTags"
|
436
524
|
o.http_method = "POST"
|
@@ -439,6 +527,12 @@ module Aws::ACMPCA
|
|
439
527
|
o.output = Shapes::ShapeRef.new(shape: ListTagsResponse)
|
440
528
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
441
529
|
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
530
|
+
o[:pager] = Aws::Pager.new(
|
531
|
+
limit_key: "max_results",
|
532
|
+
tokens: {
|
533
|
+
"next_token" => "next_token"
|
534
|
+
}
|
535
|
+
)
|
442
536
|
end)
|
443
537
|
|
444
538
|
api.add_operation(:restore_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -213,10 +213,10 @@ module Aws::ACMPCA
|
|
213
213
|
# Contains configuration information for your private certificate
|
214
214
|
# authority (CA). This includes information about the class of public
|
215
215
|
# key algorithm and the key pair that your private CA creates when it
|
216
|
-
# issues a certificate
|
217
|
-
# issuing certificates, and its X.500 distinguished name. You
|
218
|
-
# specify this information when you call the
|
219
|
-
# operation.
|
216
|
+
# issues a certificate. It also includes the signature algorithm that it
|
217
|
+
# uses when issuing certificates, and its X.500 distinguished name. You
|
218
|
+
# must specify this information when you call the
|
219
|
+
# CreateCertificateAuthority operation.
|
220
220
|
#
|
221
221
|
# @note When making an API call, you may pass CertificateAuthorityConfiguration
|
222
222
|
# data as a hash:
|
@@ -276,20 +276,20 @@ module Aws::ACMPCA
|
|
276
276
|
# }
|
277
277
|
#
|
278
278
|
# @!attribute [rw] certificate_authority_arn
|
279
|
-
# Amazon Resource Name (ARN) of the CA to be audited. This is of
|
280
|
-
# form:
|
279
|
+
# The Amazon Resource Name (ARN) of the CA to be audited. This is of
|
280
|
+
# the form:
|
281
281
|
#
|
282
282
|
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
283
283
|
# `.
|
284
284
|
# @return [String]
|
285
285
|
#
|
286
286
|
# @!attribute [rw] s3_bucket_name
|
287
|
-
#
|
287
|
+
# The name of the S3 bucket that will contain the audit report.
|
288
288
|
# @return [String]
|
289
289
|
#
|
290
290
|
# @!attribute [rw] audit_report_response_format
|
291
|
-
#
|
292
|
-
# **CSV**.
|
291
|
+
# The format in which to create the report. This can be either
|
292
|
+
# **JSON** or **CSV**.
|
293
293
|
# @return [String]
|
294
294
|
#
|
295
295
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReportRequest AWS API Documentation
|
@@ -421,6 +421,50 @@ module Aws::ACMPCA
|
|
421
421
|
include Aws::Structure
|
422
422
|
end
|
423
423
|
|
424
|
+
# @note When making an API call, you may pass CreatePermissionRequest
|
425
|
+
# data as a hash:
|
426
|
+
#
|
427
|
+
# {
|
428
|
+
# certificate_authority_arn: "Arn", # required
|
429
|
+
# principal: "Principal", # required
|
430
|
+
# source_account: "AccountId",
|
431
|
+
# actions: ["IssueCertificate"], # required, accepts IssueCertificate, GetCertificate, ListPermissions
|
432
|
+
# }
|
433
|
+
#
|
434
|
+
# @!attribute [rw] certificate_authority_arn
|
435
|
+
# The Amazon Resource Name (ARN) of the CA that grants the
|
436
|
+
# permissions. You can find the ARN by calling the
|
437
|
+
# ListCertificateAuthorities operation. This must have the following
|
438
|
+
# form:
|
439
|
+
#
|
440
|
+
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
441
|
+
# `.
|
442
|
+
# @return [String]
|
443
|
+
#
|
444
|
+
# @!attribute [rw] principal
|
445
|
+
# The AWS service or identity that receives the permission. At this
|
446
|
+
# time, the only valid principal is `acm.amazonaws.com`.
|
447
|
+
# @return [String]
|
448
|
+
#
|
449
|
+
# @!attribute [rw] source_account
|
450
|
+
# The ID of the calling account.
|
451
|
+
# @return [String]
|
452
|
+
#
|
453
|
+
# @!attribute [rw] actions
|
454
|
+
# The actions that the specified AWS service principal can use. These
|
455
|
+
# include `IssueCertificate`, `GetCertificate`, and `ListPermissions`.
|
456
|
+
# @return [Array<String>]
|
457
|
+
#
|
458
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermissionRequest AWS API Documentation
|
459
|
+
#
|
460
|
+
class CreatePermissionRequest < Struct.new(
|
461
|
+
:certificate_authority_arn,
|
462
|
+
:principal,
|
463
|
+
:source_account,
|
464
|
+
:actions)
|
465
|
+
include Aws::Structure
|
466
|
+
end
|
467
|
+
|
424
468
|
# Contains configuration information for a certificate revocation list
|
425
469
|
# (CRL). Your private certificate authority (CA) creates base CRLs.
|
426
470
|
# Delta CRLs are not supported. You can enable CRLs for your new or an
|
@@ -564,6 +608,44 @@ module Aws::ACMPCA
|
|
564
608
|
include Aws::Structure
|
565
609
|
end
|
566
610
|
|
611
|
+
# @note When making an API call, you may pass DeletePermissionRequest
|
612
|
+
# data as a hash:
|
613
|
+
#
|
614
|
+
# {
|
615
|
+
# certificate_authority_arn: "Arn", # required
|
616
|
+
# principal: "Principal", # required
|
617
|
+
# source_account: "AccountId",
|
618
|
+
# }
|
619
|
+
#
|
620
|
+
# @!attribute [rw] certificate_authority_arn
|
621
|
+
# The Amazon Resource Number (ARN) of the private CA that issued the
|
622
|
+
# permissions. You can find the CA's ARN by calling the
|
623
|
+
# ListCertificateAuthorities operation. This must have the following
|
624
|
+
# form:
|
625
|
+
#
|
626
|
+
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
|
627
|
+
# `.
|
628
|
+
# @return [String]
|
629
|
+
#
|
630
|
+
# @!attribute [rw] principal
|
631
|
+
# The AWS service or identity that will have its CA permissions
|
632
|
+
# revoked. At this time, the only valid service principal is
|
633
|
+
# `acm.amazonaws.com`
|
634
|
+
# @return [String]
|
635
|
+
#
|
636
|
+
# @!attribute [rw] source_account
|
637
|
+
# The AWS account that calls this operation.
|
638
|
+
# @return [String]
|
639
|
+
#
|
640
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermissionRequest AWS API Documentation
|
641
|
+
#
|
642
|
+
class DeletePermissionRequest < Struct.new(
|
643
|
+
:certificate_authority_arn,
|
644
|
+
:principal,
|
645
|
+
:source_account)
|
646
|
+
include Aws::Structure
|
647
|
+
end
|
648
|
+
|
567
649
|
# @note When making an API call, you may pass DescribeCertificateAuthorityAuditReportRequest
|
568
650
|
# data as a hash:
|
569
651
|
#
|
@@ -952,6 +1034,66 @@ module Aws::ACMPCA
|
|
952
1034
|
include Aws::Structure
|
953
1035
|
end
|
954
1036
|
|
1037
|
+
# @note When making an API call, you may pass ListPermissionsRequest
|
1038
|
+
# data as a hash:
|
1039
|
+
#
|
1040
|
+
# {
|
1041
|
+
# certificate_authority_arn: "Arn", # required
|
1042
|
+
# next_token: "NextToken",
|
1043
|
+
# max_results: 1,
|
1044
|
+
# }
|
1045
|
+
#
|
1046
|
+
# @!attribute [rw] certificate_authority_arn
|
1047
|
+
# The Amazon Resource Number (ARN) of the private CA to inspect. You
|
1048
|
+
# can find the ARN by calling the ListCertificateAuthorities
|
1049
|
+
# operation. This must be of the form:
|
1050
|
+
# `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012`
|
1051
|
+
# You can get a private CA's ARN by running the
|
1052
|
+
# ListCertificateAuthorities operation.
|
1053
|
+
# @return [String]
|
1054
|
+
#
|
1055
|
+
# @!attribute [rw] next_token
|
1056
|
+
# When paginating results, use this parameter in a subsequent request
|
1057
|
+
# after you receive a response with truncated results. Set it to the
|
1058
|
+
# value of **NextToken** from the response you just received.
|
1059
|
+
# @return [String]
|
1060
|
+
#
|
1061
|
+
# @!attribute [rw] max_results
|
1062
|
+
# When paginating results, use this parameter to specify the maximum
|
1063
|
+
# number of items to return in the response. If additional items exist
|
1064
|
+
# beyond the number you specify, the **NextToken** element is sent in
|
1065
|
+
# the response. Use this **NextToken** value in a subsequent request
|
1066
|
+
# to retrieve additional items.
|
1067
|
+
# @return [Integer]
|
1068
|
+
#
|
1069
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissionsRequest AWS API Documentation
|
1070
|
+
#
|
1071
|
+
class ListPermissionsRequest < Struct.new(
|
1072
|
+
:certificate_authority_arn,
|
1073
|
+
:next_token,
|
1074
|
+
:max_results)
|
1075
|
+
include Aws::Structure
|
1076
|
+
end
|
1077
|
+
|
1078
|
+
# @!attribute [rw] permissions
|
1079
|
+
# Summary information about each permission assigned by the specified
|
1080
|
+
# private CA, including the action enabled, the policy provided, and
|
1081
|
+
# the time of creation.
|
1082
|
+
# @return [Array<Types::Permission>]
|
1083
|
+
#
|
1084
|
+
# @!attribute [rw] next_token
|
1085
|
+
# When the list is truncated, this value is present and should be used
|
1086
|
+
# for the **NextToken** parameter in a subsequent pagination request.
|
1087
|
+
# @return [String]
|
1088
|
+
#
|
1089
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissionsResponse AWS API Documentation
|
1090
|
+
#
|
1091
|
+
class ListPermissionsResponse < Struct.new(
|
1092
|
+
:permissions,
|
1093
|
+
:next_token)
|
1094
|
+
include Aws::Structure
|
1095
|
+
end
|
1096
|
+
|
955
1097
|
# @note When making an API call, you may pass ListTagsRequest
|
956
1098
|
# data as a hash:
|
957
1099
|
#
|
@@ -1009,6 +1151,53 @@ module Aws::ACMPCA
|
|
1009
1151
|
include Aws::Structure
|
1010
1152
|
end
|
1011
1153
|
|
1154
|
+
# Permissions designate which private CA operations can be performed by
|
1155
|
+
# an AWS service or entity. In order for ACM to automatically renew
|
1156
|
+
# private certificates, you must give the ACM service principal all
|
1157
|
+
# available permissions (`IssueCertificate`, `GetCertificate`, and
|
1158
|
+
# `ListPermissions`). Permissions can be assigned with the
|
1159
|
+
# CreatePermission operation, removed with the DeletePermission
|
1160
|
+
# operation, and listed with the ListPermissions operation.
|
1161
|
+
#
|
1162
|
+
# @!attribute [rw] certificate_authority_arn
|
1163
|
+
# The Amazon Resource Number (ARN) of the private CA from which the
|
1164
|
+
# permission was issued.
|
1165
|
+
# @return [String]
|
1166
|
+
#
|
1167
|
+
# @!attribute [rw] created_at
|
1168
|
+
# The time at which the permission was created.
|
1169
|
+
# @return [Time]
|
1170
|
+
#
|
1171
|
+
# @!attribute [rw] principal
|
1172
|
+
# The AWS service or entity that holds the permission. At this time,
|
1173
|
+
# the only valid principal is `acm.amazonaws.com`.
|
1174
|
+
# @return [String]
|
1175
|
+
#
|
1176
|
+
# @!attribute [rw] source_account
|
1177
|
+
# The ID of the account that assigned the permission.
|
1178
|
+
# @return [String]
|
1179
|
+
#
|
1180
|
+
# @!attribute [rw] actions
|
1181
|
+
# The private CA operations that can be performed by the designated
|
1182
|
+
# AWS service.
|
1183
|
+
# @return [Array<String>]
|
1184
|
+
#
|
1185
|
+
# @!attribute [rw] policy
|
1186
|
+
# The name of the policy that is associated with the permission.
|
1187
|
+
# @return [String]
|
1188
|
+
#
|
1189
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Permission AWS API Documentation
|
1190
|
+
#
|
1191
|
+
class Permission < Struct.new(
|
1192
|
+
:certificate_authority_arn,
|
1193
|
+
:created_at,
|
1194
|
+
:principal,
|
1195
|
+
:source_account,
|
1196
|
+
:actions,
|
1197
|
+
:policy)
|
1198
|
+
include Aws::Structure
|
1199
|
+
end
|
1200
|
+
|
1012
1201
|
# @note When making an API call, you may pass RestoreCertificateAuthorityRequest
|
1013
1202
|
# data as a hash:
|
1014
1203
|
#
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-acmpca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.47.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,21 +29,21 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.47.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
36
36
|
requirements:
|
37
37
|
- - "~>"
|
38
38
|
- !ruby/object:Gem::Version
|
39
|
-
version: '1.
|
39
|
+
version: '1.1'
|
40
40
|
type: :runtime
|
41
41
|
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - "~>"
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version: '1.
|
46
|
+
version: '1.1'
|
47
47
|
description: Official AWS Ruby gem for AWS Certificate Manager Private Certificate
|
48
48
|
Authority (ACM-PCA). This gem is part of the AWS SDK for Ruby.
|
49
49
|
email:
|