aws-sdk-acmpca 1.9.0 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 255f8255e48189e6258183211e654045ea9ae59d
-  data.tar.gz: 699c3b342362cb50e5d20c14636302ac9d0a1bb1
+  metadata.gz: 2caca51db3b49877b410170d10a09e8771fd25e7
+  data.tar.gz: 680a3f0d764147f42019a04aedd9a325fc4980c9
 SHA512:
-  metadata.gz: 5d533489e002c4599f3366ac7beb47c03173c07684bd418aad4331e7daf88a5888484d8807b37af2aa9b1c96d3743726380be3b3914fbcec1472862495a69660
-  data.tar.gz: 99693219dfb7fb577d9af9f6c595af088cc803c8d369df5bbcdde506fd71903a30c903975bb913430d6feb47eeb52ba9c75ccddea191934d1011bd4e564bc3ea
+  metadata.gz: a91d14a29e13387387937a46f8211d83b427de04852566e5e91110ee221161e9784d22475d13900188b6649137b90f4a29de476e9e85ddbbc93c5f0a7d121ab1
+  data.tar.gz: f840e4f8e3a49fccfb1383f0dba93ace0c1c9a3923590bbc29b0073373a2a1d64fbcad36b8dd04d0fc9493a45736ec67fe862a0044200132952d2854fe6c8089

data/lib/aws-sdk-acmpca.rb

@@ -43,6 +43,6 @@ require_relative 'aws-sdk-acmpca/customizations'
 # @service
 module Aws::ACMPCA
 
-  GEM_VERSION = '1.9.0'
+  GEM_VERSION = '1.10.0'
 
 end

data/lib/aws-sdk-acmpca/client.rb

@@ -315,25 +315,24 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
-    # Creates an audit report that lists every time that the your CA private
-    # key is used. The report is saved in the Amazon S3 bucket that you
-    # specify on input. The IssueCertificate and RevokeCertificate
-    # operations use the private key. You can generate a new report every 30
-    # minutes.
+    # Creates an audit report that lists every time that your CA private key
+    # is used. The report is saved in the Amazon S3 bucket that you specify
+    # on input. The IssueCertificate and RevokeCertificate operations use
+    # the private key. You can generate a new report every 30 minutes.
     #
     # @option params [required, String] :certificate_authority_arn
-    #   Amazon Resource Name (ARN) of the CA to be audited. This is of the
+    #   The Amazon Resource Name (ARN) of the CA to be audited. This is of the
     #   form:
     #
     #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #
     # @option params [required, String] :s3_bucket_name
-    #   Name of the S3 bucket that will contain the audit report.
+    #   The name of the S3 bucket that will contain the audit report.
     #
     # @option params [required, String] :audit_report_response_format
-    #   Format in which to create the report. This can be either **JSON** or
-    #   **CSV**.
+    #   The format in which to create the report. This can be either **JSON**
+    #   or **CSV**.
     #
     # @return [Types::CreateCertificateAuthorityAuditReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -362,6 +361,58 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
+    # Assigns permissions from a private CA to a designated AWS service.
+    # Services are specified by their service principals and can be given
+    # permission to create and retrieve certificates on a private CA.
+    # Services can also be given permission to list the active permissions
+    # that the private CA has granted. For ACM to automatically renew your
+    # private CA's certificates, you must assign all possible permissions
+    # from the CA to the ACM service principal.
+    #
+    # At this time, you can only assign permissions to ACM
+    # (`acm.amazonaws.com`). Permissions can be revoked with the
+    # DeletePermission operation and listed with the ListPermissions
+    # operation.
+    #
+    # @option params [required, String] :certificate_authority_arn
+    #   The Amazon Resource Name (ARN) of the CA that grants the permissions.
+    #   You can find the ARN by calling the ListCertificateAuthorities
+    #   operation. This must have the following form:
+    #
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `.
+    #
+    # @option params [required, String] :principal
+    #   The AWS service or identity that receives the permission. At this
+    #   time, the only valid principal is `acm.amazonaws.com`.
+    #
+    # @option params [String] :source_account
+    #   The ID of the calling account.
+    #
+    # @option params [required, Array<String>] :actions
+    #   The actions that the specified AWS service principal can use. These
+    #   include `IssueCertificate`, `GetCertificate`, and `ListPermissions`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_permission({
+    #     certificate_authority_arn: "Arn", # required
+    #     principal: "Principal", # required
+    #     source_account: "AccountId",
+    #     actions: ["IssueCertificate"], # required, accepts IssueCertificate, GetCertificate, ListPermissions
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission AWS API Documentation
+    #
+    # @overload create_permission(params = {})
+    # @param [Hash] params ({})
+    def create_permission(params = {}, options = {})
+      req = build_request(:create_permission, params)
+      req.send_request(options)
+    end
+
     # Deletes a private certificate authority (CA). You must provide the ARN
     # (Amazon Resource Name) of the private CA that you want to delete. You
     # can find the ARN by calling the ListCertificateAuthorities operation.
@@ -375,15 +426,15 @@ module Aws::ACMPCA
     # haven't yet imported the signed certificate (the **Status** is
     # `PENDING_CERTIFICATE`) into ACM PCA.
     #
-    # If the CA is in one of the aforementioned states and you call
+    # If the CA is in one of the previously mentioned states and you call
     # DeleteCertificateAuthority, the CA's status changes to `DELETED`.
-    # However, the CA won't be permentantly deleted until the restoration
+    # However, the CA won't be permanently deleted until the restoration
     # period has passed. By default, if you do not set the
     # `PermanentDeletionTimeInDays` parameter, the CA remains restorable for
     # 30 days. You can set the parameter from 7 to 30 days. The
     # DescribeCertificateAuthority operation returns the time remaining in
     # the restoration window of a Private CA in the `DELETED` state. To
-    # restore an eligable CA, call the RestoreCertificateAuthority
+    # restore an eligible CA, call the RestoreCertificateAuthority
     # operation.
     #
     # @option params [required, String] :certificate_authority_arn
@@ -415,6 +466,45 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
+    # Revokes permissions that a private CA assigned to a designated AWS
+    # service. Permissions can be created with the CreatePermission
+    # operation and listed with the ListPermissions operation.
+    #
+    # @option params [required, String] :certificate_authority_arn
+    #   The Amazon Resource Number (ARN) of the private CA that issued the
+    #   permissions. You can find the CA's ARN by calling the
+    #   ListCertificateAuthorities operation. This must have the following
+    #   form:
+    #
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `.
+    #
+    # @option params [required, String] :principal
+    #   The AWS service or identity that will have its CA permissions revoked.
+    #   At this time, the only valid service principal is `acm.amazonaws.com`
+    #
+    # @option params [String] :source_account
+    #   The AWS account that calls this operation.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_permission({
+    #     certificate_authority_arn: "Arn", # required
+    #     principal: "Principal", # required
+    #     source_account: "AccountId",
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission AWS API Documentation
+    #
+    # @overload delete_permission(params = {})
+    # @param [Hash] params ({})
+    def delete_permission(params = {}, options = {})
+      req = build_request(:delete_permission, params)
+      req.send_request(options)
+    end
+
     # Lists information about your private certificate authority (CA). You
     # specify the private CA on input by its ARN (Amazon Resource Name). The
     # output contains the status of your CA. This can be any of the
@@ -885,6 +975,64 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
+    # Lists all the permissions, if any, that have been assigned by a
+    # private CA. Permissions can be granted with the CreatePermission
+    # operation and revoked with the DeletePermission operation.
+    #
+    # @option params [required, String] :certificate_authority_arn
+    #   The Amazon Resource Number (ARN) of the private CA to inspect. You can
+    #   find the ARN by calling the ListCertificateAuthorities operation. This
+    #   must be of the form:
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012`
+    #   You can get a private CA's ARN by running the
+    #   ListCertificateAuthorities operation.
+    #
+    # @option params [String] :next_token
+    #   When paginating results, use this parameter in a subsequent request
+    #   after you receive a response with truncated results. Set it to the
+    #   value of **NextToken** from the response you just received.
+    #
+    # @option params [Integer] :max_results
+    #   When paginating results, use this parameter to specify the maximum
+    #   number of items to return in the response. If additional items exist
+    #   beyond the number you specify, the **NextToken** element is sent in
+    #   the response. Use this **NextToken** value in a subsequent request to
+    #   retrieve additional items.
+    #
+    # @return [Types::ListPermissionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPermissionsResponse#permissions #permissions} => Array&lt;Types::Permission&gt;
+    #   * {Types::ListPermissionsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_permissions({
+    #     certificate_authority_arn: "Arn", # required
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.permissions #=> Array
+    #   resp.permissions[0].certificate_authority_arn #=> String
+    #   resp.permissions[0].created_at #=> Time
+    #   resp.permissions[0].principal #=> String
+    #   resp.permissions[0].source_account #=> String
+    #   resp.permissions[0].actions #=> Array
+    #   resp.permissions[0].actions[0] #=> String, one of "IssueCertificate", "GetCertificate", "ListPermissions"
+    #   resp.permissions[0].policy #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions AWS API Documentation
+    #
+    # @overload list_permissions(params = {})
+    # @param [Hash] params ({})
+    def list_permissions(params = {}, options = {})
+      req = build_request(:list_permissions, params)
+      req.send_request(options)
+    end
+
     # Lists the tags, if any, that are associated with your private CA. Tags
     # are labels that you can use to identify and organize your CAs. Each
     # tag consists of a key and an optional value. Call the
@@ -1181,7 +1329,7 @@ module Aws::ACMPCA
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.9.0'
+      context[:gem_version] = '1.10.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-acmpca/client_api.rb

@@ -12,6 +12,9 @@ module Aws::ACMPCA
     include Seahorse::Model
 
     ASN1Subject = Shapes::StructureShape.new(name: 'ASN1Subject')
+    AccountId = Shapes::StringShape.new(name: 'AccountId')
+    ActionList = Shapes::ListShape.new(name: 'ActionList')
+    ActionType = Shapes::StringShape.new(name: 'ActionType')
     Arn = Shapes::StringShape.new(name: 'Arn')
     AuditReportId = Shapes::StringShape.new(name: 'AuditReportId')
     AuditReportResponseFormat = Shapes::StringShape.new(name: 'AuditReportResponseFormat')
@@ -33,10 +36,12 @@ module Aws::ACMPCA
     CreateCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityAuditReportResponse')
     CreateCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityRequest')
     CreateCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityResponse')
+    CreatePermissionRequest = Shapes::StructureShape.new(name: 'CreatePermissionRequest')
     CrlConfiguration = Shapes::StructureShape.new(name: 'CrlConfiguration')
     CsrBlob = Shapes::BlobShape.new(name: 'CsrBlob')
     CsrBody = Shapes::StringShape.new(name: 'CsrBody')
     DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
+    DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
     DescribeCertificateAuthorityAuditReportRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportRequest')
     DescribeCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportResponse')
     DescribeCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityRequest')
@@ -64,6 +69,8 @@ module Aws::ACMPCA
     LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
     ListCertificateAuthoritiesRequest = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesRequest')
     ListCertificateAuthoritiesResponse = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesResponse')
+    ListPermissionsRequest = Shapes::StructureShape.new(name: 'ListPermissionsRequest')
+    ListPermissionsResponse = Shapes::StructureShape.new(name: 'ListPermissionsResponse')
     ListTagsRequest = Shapes::StructureShape.new(name: 'ListTagsRequest')
     ListTagsResponse = Shapes::StructureShape.new(name: 'ListTagsResponse')
     MalformedCSRException = Shapes::StructureShape.new(name: 'MalformedCSRException')
@@ -71,7 +78,11 @@ module Aws::ACMPCA
     MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
     NextToken = Shapes::StringShape.new(name: 'NextToken')
     PermanentDeletionTimeInDays = Shapes::IntegerShape.new(name: 'PermanentDeletionTimeInDays')
+    Permission = Shapes::StructureShape.new(name: 'Permission')
+    PermissionAlreadyExistsException = Shapes::StructureShape.new(name: 'PermissionAlreadyExistsException')
+    PermissionList = Shapes::ListShape.new(name: 'PermissionList')
     PositiveLong = Shapes::IntegerShape.new(name: 'PositiveLong')
+    Principal = Shapes::StringShape.new(name: 'Principal')
     RequestAlreadyProcessedException = Shapes::StructureShape.new(name: 'RequestAlreadyProcessedException')
     RequestFailedException = Shapes::StructureShape.new(name: 'RequestFailedException')
     RequestInProgressException = Shapes::StructureShape.new(name: 'RequestInProgressException')
@@ -118,6 +129,8 @@ module Aws::ACMPCA
     ASN1Subject.add_member(:generation_qualifier, Shapes::ShapeRef.new(shape: String3, location_name: "GenerationQualifier"))
     ASN1Subject.struct_class = Types::ASN1Subject
 
+    ActionList.member = Shapes::ShapeRef.new(shape: ActionType)
+
     CertificateAuthorities.member = Shapes::ShapeRef.new(shape: CertificateAuthority)
 
     CertificateAuthority.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
@@ -158,6 +171,12 @@ module Aws::ACMPCA
     CreateCertificateAuthorityResponse.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
     CreateCertificateAuthorityResponse.struct_class = Types::CreateCertificateAuthorityResponse
 
+    CreatePermissionRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
+    CreatePermissionRequest.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, required: true, location_name: "Principal"))
+    CreatePermissionRequest.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
+    CreatePermissionRequest.add_member(:actions, Shapes::ShapeRef.new(shape: ActionList, required: true, location_name: "Actions"))
+    CreatePermissionRequest.struct_class = Types::CreatePermissionRequest
+
     CrlConfiguration.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "Enabled", metadata: {"box"=>true}))
     CrlConfiguration.add_member(:expiration_in_days, Shapes::ShapeRef.new(shape: Integer1To5000, location_name: "ExpirationInDays", metadata: {"box"=>true}))
     CrlConfiguration.add_member(:custom_cname, Shapes::ShapeRef.new(shape: String253, location_name: "CustomCname"))
@@ -168,6 +187,11 @@ module Aws::ACMPCA
     DeleteCertificateAuthorityRequest.add_member(:permanent_deletion_time_in_days, Shapes::ShapeRef.new(shape: PermanentDeletionTimeInDays, location_name: "PermanentDeletionTimeInDays"))
     DeleteCertificateAuthorityRequest.struct_class = Types::DeleteCertificateAuthorityRequest
 
+    DeletePermissionRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
+    DeletePermissionRequest.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, required: true, location_name: "Principal"))
+    DeletePermissionRequest.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
+    DeletePermissionRequest.struct_class = Types::DeletePermissionRequest
+
     DescribeCertificateAuthorityAuditReportRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
     DescribeCertificateAuthorityAuditReportRequest.add_member(:audit_report_id, Shapes::ShapeRef.new(shape: AuditReportId, required: true, location_name: "AuditReportId"))
     DescribeCertificateAuthorityAuditReportRequest.struct_class = Types::DescribeCertificateAuthorityAuditReportRequest
@@ -228,6 +252,15 @@ module Aws::ACMPCA
     ListCertificateAuthoritiesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     ListCertificateAuthoritiesResponse.struct_class = Types::ListCertificateAuthoritiesResponse
 
+    ListPermissionsRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
+    ListPermissionsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
+    ListPermissionsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
+    ListPermissionsRequest.struct_class = Types::ListPermissionsRequest
+
+    ListPermissionsResponse.add_member(:permissions, Shapes::ShapeRef.new(shape: PermissionList, location_name: "Permissions"))
+    ListPermissionsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
+    ListPermissionsResponse.struct_class = Types::ListPermissionsResponse
+
     ListTagsRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
     ListTagsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     ListTagsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
@@ -237,6 +270,16 @@ module Aws::ACMPCA
     ListTagsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     ListTagsResponse.struct_class = Types::ListTagsResponse
 
+    Permission.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
+    Permission.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
+    Permission.add_member(:principal, Shapes::ShapeRef.new(shape: String, location_name: "Principal"))
+    Permission.add_member(:source_account, Shapes::ShapeRef.new(shape: String, location_name: "SourceAccount"))
+    Permission.add_member(:actions, Shapes::ShapeRef.new(shape: ActionList, location_name: "Actions"))
+    Permission.add_member(:policy, Shapes::ShapeRef.new(shape: String, location_name: "Policy"))
+    Permission.struct_class = Types::Permission
+
+    PermissionList.member = Shapes::ShapeRef.new(shape: Permission)
+
     RestoreCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
     RestoreCertificateAuthorityRequest.struct_class = Types::RestoreCertificateAuthorityRequest
 
@@ -316,6 +359,20 @@ module Aws::ACMPCA
         o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
       end)
 
+      api.add_operation(:create_permission, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreatePermission"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: CreatePermissionRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: PermissionAlreadyExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
+      end)
+
       api.add_operation(:delete_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteCertificateAuthority"
         o.http_method = "POST"
@@ -328,6 +385,18 @@ module Aws::ACMPCA
         o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
       end)
 
+      api.add_operation(:delete_permission, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeletePermission"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeletePermissionRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
+      end)
+
       api.add_operation(:describe_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeCertificateAuthority"
         o.http_method = "POST"
@@ -431,6 +500,25 @@ module Aws::ACMPCA
         )
       end)
 
+      api.add_operation(:list_permissions, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListPermissions"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListPermissionsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListPermissionsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_tags, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListTags"
         o.http_method = "POST"
@@ -439,6 +527,12 @@ module Aws::ACMPCA
         o.output = Shapes::ShapeRef.new(shape: ListTagsResponse)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
       end)
 
       api.add_operation(:restore_certificate_authority, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-acmpca/types.rb

@@ -213,10 +213,10 @@ module Aws::ACMPCA
     # Contains configuration information for your private certificate
     # authority (CA). This includes information about the class of public
     # key algorithm and the key pair that your private CA creates when it
-    # issues a certificate, the signature algorithm it uses used when
-    # issuing certificates, and its X.500 distinguished name. You must
-    # specify this information when you call the CreateCertificateAuthority
-    # operation.
+    # issues a certificate. It also includes the signature algorithm that it
+    # uses when issuing certificates, and its X.500 distinguished name. You
+    # must specify this information when you call the
+    # CreateCertificateAuthority operation.
     #
     # @note When making an API call, you may pass CertificateAuthorityConfiguration
     #   data as a hash:
@@ -276,20 +276,20 @@ module Aws::ACMPCA
     #       }
     #
     # @!attribute [rw] certificate_authority_arn
-    #   Amazon Resource Name (ARN) of the CA to be audited. This is of the
-    #   form:
+    #   The Amazon Resource Name (ARN) of the CA to be audited. This is of
+    #   the form:
     #
     #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
     # @!attribute [rw] s3_bucket_name
-    #   Name of the S3 bucket that will contain the audit report.
+    #   The name of the S3 bucket that will contain the audit report.
     #   @return [String]
     #
     # @!attribute [rw] audit_report_response_format
-    #   Format in which to create the report. This can be either **JSON** or
-    #   **CSV**.
+    #   The format in which to create the report. This can be either
+    #   **JSON** or **CSV**.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReportRequest AWS API Documentation
@@ -421,6 +421,50 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreatePermissionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_authority_arn: "Arn", # required
+    #         principal: "Principal", # required
+    #         source_account: "AccountId",
+    #         actions: ["IssueCertificate"], # required, accepts IssueCertificate, GetCertificate, ListPermissions
+    #       }
+    #
+    # @!attribute [rw] certificate_authority_arn
+    #   The Amazon Resource Name (ARN) of the CA that grants the
+    #   permissions. You can find the ARN by calling the
+    #   ListCertificateAuthorities operation. This must have the following
+    #   form:
+    #
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal
+    #   The AWS service or identity that receives the permission. At this
+    #   time, the only valid principal is `acm.amazonaws.com`.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_account
+    #   The ID of the calling account.
+    #   @return [String]
+    #
+    # @!attribute [rw] actions
+    #   The actions that the specified AWS service principal can use. These
+    #   include `IssueCertificate`, `GetCertificate`, and `ListPermissions`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermissionRequest AWS API Documentation
+    #
+    class CreatePermissionRequest < Struct.new(
+      :certificate_authority_arn,
+      :principal,
+      :source_account,
+      :actions)
+      include Aws::Structure
+    end
+
     # Contains configuration information for a certificate revocation list
     # (CRL). Your private certificate authority (CA) creates base CRLs.
     # Delta CRLs are not supported. You can enable CRLs for your new or an
@@ -564,6 +608,44 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeletePermissionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_authority_arn: "Arn", # required
+    #         principal: "Principal", # required
+    #         source_account: "AccountId",
+    #       }
+    #
+    # @!attribute [rw] certificate_authority_arn
+    #   The Amazon Resource Number (ARN) of the private CA that issued the
+    #   permissions. You can find the CA's ARN by calling the
+    #   ListCertificateAuthorities operation. This must have the following
+    #   form:
+    #
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal
+    #   The AWS service or identity that will have its CA permissions
+    #   revoked. At this time, the only valid service principal is
+    #   `acm.amazonaws.com`
+    #   @return [String]
+    #
+    # @!attribute [rw] source_account
+    #   The AWS account that calls this operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermissionRequest AWS API Documentation
+    #
+    class DeletePermissionRequest < Struct.new(
+      :certificate_authority_arn,
+      :principal,
+      :source_account)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeCertificateAuthorityAuditReportRequest
     #   data as a hash:
     #
@@ -952,6 +1034,66 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListPermissionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_authority_arn: "Arn", # required
+    #         next_token: "NextToken",
+    #         max_results: 1,
+    #       }
+    #
+    # @!attribute [rw] certificate_authority_arn
+    #   The Amazon Resource Number (ARN) of the private CA to inspect. You
+    #   can find the ARN by calling the ListCertificateAuthorities
+    #   operation. This must be of the form:
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012`
+    #   You can get a private CA's ARN by running the
+    #   ListCertificateAuthorities operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   When paginating results, use this parameter in a subsequent request
+    #   after you receive a response with truncated results. Set it to the
+    #   value of **NextToken** from the response you just received.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   When paginating results, use this parameter to specify the maximum
+    #   number of items to return in the response. If additional items exist
+    #   beyond the number you specify, the **NextToken** element is sent in
+    #   the response. Use this **NextToken** value in a subsequent request
+    #   to retrieve additional items.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissionsRequest AWS API Documentation
+    #
+    class ListPermissionsRequest < Struct.new(
+      :certificate_authority_arn,
+      :next_token,
+      :max_results)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] permissions
+    #   Summary information about each permission assigned by the specified
+    #   private CA, including the action enabled, the policy provided, and
+    #   the time of creation.
+    #   @return [Array<Types::Permission>]
+    #
+    # @!attribute [rw] next_token
+    #   When the list is truncated, this value is present and should be used
+    #   for the **NextToken** parameter in a subsequent pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissionsResponse AWS API Documentation
+    #
+    class ListPermissionsResponse < Struct.new(
+      :permissions,
+      :next_token)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListTagsRequest
     #   data as a hash:
     #
@@ -1009,6 +1151,53 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
+    # Permissions designate which private CA operations can be performed by
+    # an AWS service or entity. In order for ACM to automatically renew
+    # private certificates, you must give the ACM service principal all
+    # available permissions (`IssueCertificate`, `GetCertificate`, and
+    # `ListPermissions`). Permissions can be assigned with the
+    # CreatePermission operation, removed with the DeletePermission
+    # operation, and listed with the ListPermissions operation.
+    #
+    # @!attribute [rw] certificate_authority_arn
+    #   The Amazon Resource Number (ARN) of the private CA from which the
+    #   permission was issued.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The time at which the permission was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] principal
+    #   The AWS service or entity that holds the permission. At this time,
+    #   the only valid principal is `acm.amazonaws.com`.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_account
+    #   The ID of the account that assigned the permission.
+    #   @return [String]
+    #
+    # @!attribute [rw] actions
+    #   The private CA operations that can be performed by the designated
+    #   AWS service.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] policy
+    #   The name of the policy that is associated with the permission.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Permission AWS API Documentation
+    #
+    class Permission < Struct.new(
+      :certificate_authority_arn,
+      :created_at,
+      :principal,
+      :source_account,
+      :actions,
+      :policy)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass RestoreCertificateAuthorityRequest
     #   data as a hash:
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.10.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-23 00:00:00.000000000 Z
+date: 2019-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.39.0
+        version: 3.47.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,21 +29,21 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.39.0
+        version: 3.47.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.1'
 description: Official AWS Ruby gem for AWS Certificate Manager Private Certificate
   Authority (ACM-PCA). This gem is part of the AWS SDK for Ruby.
 email: