aws-sdk-acmpca 1.30.0 → 1.31.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-acmpca.rb +1 -1
- data/lib/aws-sdk-acmpca/client.rb +173 -39
- data/lib/aws-sdk-acmpca/client_api.rb +56 -0
- data/lib/aws-sdk-acmpca/types.rb +550 -11
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e9248de24e8f0650decb902183ab1be075185fcbd936d73fa01d60288195baab
|
4
|
+
data.tar.gz: c97ad717942496ed6dd1b9210872f51ee89c5db7795612d43215ab4306ddd8a5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb1c7a2154501ecdb1a26f5402da4239c8667255169d172f42a7a7f0f215cff3d08d116a39a0fab7c7efe35b1c57321ecb598d03fc163f43541d6d87e0e44114
|
7
|
+
data.tar.gz: b21951246a975ef7d3a62d4e92ad64775760f60c4297d12382c4510faac8b8c422ccd0ed4ae21d632e1f5c5e3dd3f04fd9210dc395022778c295246d57236ea2
|
data/lib/aws-sdk-acmpca.rb
CHANGED
@@ -428,6 +428,58 @@ module Aws::ACMPCA
|
|
428
428
|
# pseudonym: "String128",
|
429
429
|
# generation_qualifier: "String3",
|
430
430
|
# },
|
431
|
+
# csr_extensions: {
|
432
|
+
# key_usage: {
|
433
|
+
# digital_signature: false,
|
434
|
+
# non_repudiation: false,
|
435
|
+
# key_encipherment: false,
|
436
|
+
# data_encipherment: false,
|
437
|
+
# key_agreement: false,
|
438
|
+
# key_cert_sign: false,
|
439
|
+
# crl_sign: false,
|
440
|
+
# encipher_only: false,
|
441
|
+
# decipher_only: false,
|
442
|
+
# },
|
443
|
+
# subject_information_access: [
|
444
|
+
# {
|
445
|
+
# access_method: { # required
|
446
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
447
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
448
|
+
# },
|
449
|
+
# access_location: { # required
|
450
|
+
# other_name: {
|
451
|
+
# type_id: "CustomObjectIdentifier", # required
|
452
|
+
# value: "String256", # required
|
453
|
+
# },
|
454
|
+
# rfc_822_name: "String256",
|
455
|
+
# dns_name: "String253",
|
456
|
+
# directory_name: {
|
457
|
+
# country: "CountryCodeString",
|
458
|
+
# organization: "String64",
|
459
|
+
# organizational_unit: "String64",
|
460
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
461
|
+
# state: "String128",
|
462
|
+
# common_name: "String64",
|
463
|
+
# serial_number: "ASN1PrintableString64",
|
464
|
+
# locality: "String128",
|
465
|
+
# title: "String64",
|
466
|
+
# surname: "String40",
|
467
|
+
# given_name: "String16",
|
468
|
+
# initials: "String5",
|
469
|
+
# pseudonym: "String128",
|
470
|
+
# generation_qualifier: "String3",
|
471
|
+
# },
|
472
|
+
# edi_party_name: {
|
473
|
+
# party_name: "String256", # required
|
474
|
+
# name_assigner: "String256",
|
475
|
+
# },
|
476
|
+
# uniform_resource_identifier: "String253",
|
477
|
+
# ip_address: "String39",
|
478
|
+
# registered_id: "CustomObjectIdentifier",
|
479
|
+
# },
|
480
|
+
# },
|
481
|
+
# ],
|
482
|
+
# },
|
431
483
|
# },
|
432
484
|
# revocation_configuration: {
|
433
485
|
# crl_configuration: {
|
@@ -547,12 +599,13 @@ module Aws::ACMPCA
|
|
547
599
|
# renewals. Instead, the ACM certificate owner must set up a
|
548
600
|
# resource-based policy to enable cross-account issuance and renewals.
|
549
601
|
# For more information, see [Using a Resource Based Policy with ACM
|
550
|
-
# Private CA]
|
602
|
+
# Private CA][3].
|
551
603
|
#
|
552
604
|
#
|
553
605
|
#
|
554
606
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
|
555
607
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
|
608
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
556
609
|
#
|
557
610
|
# @option params [required, String] :certificate_authority_arn
|
558
611
|
# The Amazon Resource Name (ARN) of the CA that grants the permissions.
|
@@ -695,12 +748,13 @@ module Aws::ACMPCA
|
|
695
748
|
# renewals. Instead, the ACM certificate owner must set up a
|
696
749
|
# resource-based policy to enable cross-account issuance and renewals.
|
697
750
|
# For more information, see [Using a Resource Based Policy with ACM
|
698
|
-
# Private CA]
|
751
|
+
# Private CA][3].
|
699
752
|
#
|
700
753
|
#
|
701
754
|
#
|
702
755
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
|
703
756
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
|
757
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
704
758
|
#
|
705
759
|
# @option params [required, String] :certificate_authority_arn
|
706
760
|
# The Amazon Resource Number (ARN) of the private CA that issued the
|
@@ -760,8 +814,7 @@ module Aws::ACMPCA
|
|
760
814
|
# * A policy grants access on a private CA to an AWS customer account,
|
761
815
|
# to AWS Organizations, or to an AWS Organizations unit. Policies are
|
762
816
|
# under the control of a CA administrator. For more information, see
|
763
|
-
# [Using a Resource Based Policy with ACM Private
|
764
|
-
# CA](acm-pca/latest/userguide/pca-rbp.html).
|
817
|
+
# [Using a Resource Based Policy with ACM Private CA][3].
|
765
818
|
#
|
766
819
|
# * A policy permits a user of AWS Certificate Manager (ACM) to issue
|
767
820
|
# ACM certificates signed by a CA in another account.
|
@@ -770,18 +823,19 @@ module Aws::ACMPCA
|
|
770
823
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
771
824
|
# ACM service to assume the identity of the user, subject to
|
772
825
|
# confirmation against the ACM Private CA policy. For more
|
773
|
-
# information, see [Using a Service Linked Role with ACM][
|
826
|
+
# information, see [Using a Service Linked Role with ACM][4].
|
774
827
|
#
|
775
828
|
# * Updates made in AWS Resource Manager (RAM) are reflected in
|
776
|
-
# policies. For more information, see [
|
777
|
-
#
|
778
|
-
# CA](acm-pca/latest/userguide/pca-ram.html).
|
829
|
+
# policies. For more information, see [Attach a Policy for
|
830
|
+
# Cross-Account Access][5].
|
779
831
|
#
|
780
832
|
#
|
781
833
|
#
|
782
834
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
|
783
835
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
|
784
|
-
# [3]: https://docs.aws.amazon.com/acm/latest/userguide/
|
836
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
837
|
+
# [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
|
838
|
+
# [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
|
785
839
|
#
|
786
840
|
# @option params [required, String] :resource_arn
|
787
841
|
# The Amazon Resource Number (ARN) of the private CA that will have its
|
@@ -887,6 +941,41 @@ module Aws::ACMPCA
|
|
887
941
|
# resp.certificate_authority.certificate_authority_configuration.subject.initials #=> String
|
888
942
|
# resp.certificate_authority.certificate_authority_configuration.subject.pseudonym #=> String
|
889
943
|
# resp.certificate_authority.certificate_authority_configuration.subject.generation_qualifier #=> String
|
944
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
945
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
946
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
947
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.data_encipherment #=> Boolean
|
948
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_agreement #=> Boolean
|
949
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_cert_sign #=> Boolean
|
950
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.crl_sign #=> Boolean
|
951
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.encipher_only #=> Boolean
|
952
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.decipher_only #=> Boolean
|
953
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access #=> Array
|
954
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.custom_object_identifier #=> String
|
955
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.access_method_type #=> String, one of "CA_REPOSITORY", "RESOURCE_PKI_MANIFEST", "RESOURCE_PKI_NOTIFY"
|
956
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.type_id #=> String
|
957
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.value #=> String
|
958
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.rfc_822_name #=> String
|
959
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.dns_name #=> String
|
960
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.country #=> String
|
961
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organization #=> String
|
962
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organizational_unit #=> String
|
963
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.distinguished_name_qualifier #=> String
|
964
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.state #=> String
|
965
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.common_name #=> String
|
966
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.serial_number #=> String
|
967
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.locality #=> String
|
968
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.title #=> String
|
969
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.surname #=> String
|
970
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.given_name #=> String
|
971
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
972
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
973
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
974
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
975
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
976
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
977
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.ip_address #=> String
|
978
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.registered_id #=> String
|
890
979
|
# resp.certificate_authority.revocation_configuration.crl_configuration.enabled #=> Boolean
|
891
980
|
# resp.certificate_authority.revocation_configuration.crl_configuration.expiration_in_days #=> Integer
|
892
981
|
# resp.certificate_authority.revocation_configuration.crl_configuration.custom_cname #=> String
|
@@ -1123,16 +1212,14 @@ module Aws::ACMPCA
|
|
1123
1212
|
# action returns a `ResourceNotFoundException`.
|
1124
1213
|
#
|
1125
1214
|
# The policy can be attached or updated with [PutPolicy][1] and removed
|
1126
|
-
# with
|
1127
|
-
# [DeletePolicy](acm-pca/latest/APIReference/API_DeletePolicy.html).
|
1215
|
+
# with [DeletePolicy][2].
|
1128
1216
|
#
|
1129
1217
|
# **About Policies**
|
1130
1218
|
#
|
1131
1219
|
# * A policy grants access on a private CA to an AWS customer account,
|
1132
1220
|
# to AWS Organizations, or to an AWS Organizations unit. Policies are
|
1133
1221
|
# under the control of a CA administrator. For more information, see
|
1134
|
-
# [Using a Resource Based Policy with ACM Private
|
1135
|
-
# CA](acm-pca/latest/userguide/pca-rbp.html).
|
1222
|
+
# [Using a Resource Based Policy with ACM Private CA][3].
|
1136
1223
|
#
|
1137
1224
|
# * A policy permits a user of AWS Certificate Manager (ACM) to issue
|
1138
1225
|
# ACM certificates signed by a CA in another account.
|
@@ -1141,17 +1228,19 @@ module Aws::ACMPCA
|
|
1141
1228
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
1142
1229
|
# ACM service to assume the identity of the user, subject to
|
1143
1230
|
# confirmation against the ACM Private CA policy. For more
|
1144
|
-
# information, see [Using a Service Linked Role with ACM][
|
1231
|
+
# information, see [Using a Service Linked Role with ACM][4].
|
1145
1232
|
#
|
1146
1233
|
# * Updates made in AWS Resource Manager (RAM) are reflected in
|
1147
|
-
# policies. For more information, see [
|
1148
|
-
#
|
1149
|
-
# CA](acm-pca/latest/userguide/pca-ram.html).
|
1234
|
+
# policies. For more information, see [Attach a Policy for
|
1235
|
+
# Cross-Account Access][5].
|
1150
1236
|
#
|
1151
1237
|
#
|
1152
1238
|
#
|
1153
1239
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
|
1154
|
-
# [2]: https://docs.aws.amazon.com/acm/latest/
|
1240
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
|
1241
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
1242
|
+
# [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
|
1243
|
+
# [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
|
1155
1244
|
#
|
1156
1245
|
# @option params [required, String] :resource_arn
|
1157
1246
|
# The Amazon Resource Number (ARN) of the private CA that will have its
|
@@ -1199,22 +1288,31 @@ module Aws::ACMPCA
|
|
1199
1288
|
# 4. Create a certificate chain and copy the signed certificate and the
|
1200
1289
|
# certificate chain to your working directory.
|
1201
1290
|
#
|
1202
|
-
#
|
1291
|
+
# ACM Private CA supports three scenarios for installing a CA
|
1292
|
+
# certificate:
|
1293
|
+
#
|
1294
|
+
# * Installing a certificate for a root CA hosted by ACM Private CA.
|
1203
1295
|
#
|
1204
|
-
# *
|
1205
|
-
# CA.
|
1296
|
+
# * Installing a subordinate CA certificate whose parent authority is
|
1297
|
+
# hosted by ACM Private CA.
|
1206
1298
|
#
|
1207
|
-
# *
|
1208
|
-
#
|
1299
|
+
# * Installing a subordinate CA certificate whose parent authority is
|
1300
|
+
# externally hosted.
|
1301
|
+
#
|
1302
|
+
# The following addtitional requirements apply when you import a CA
|
1303
|
+
# certificate.
|
1304
|
+
#
|
1305
|
+
# * Only a self-signed certificate can be imported as a root CA.
|
1306
|
+
#
|
1307
|
+
# * A self-signed certificate cannot be imported as a subordinate CA.
|
1209
1308
|
#
|
1210
1309
|
# * Your certificate chain must not include the private CA certificate
|
1211
1310
|
# that you are importing.
|
1212
1311
|
#
|
1213
|
-
# * Your
|
1214
|
-
#
|
1215
|
-
#
|
1216
|
-
#
|
1217
|
-
# and so on until your chain is built.
|
1312
|
+
# * Your root CA must be the last certificate in your chain. The
|
1313
|
+
# subordinate certificate, if any, that your root CA signed must be
|
1314
|
+
# next to last. The subordinate certificate signed by the preceding
|
1315
|
+
# subordinate CA must come next, and so on until your chain is built.
|
1218
1316
|
#
|
1219
1317
|
# * The chain must be PEM-encoded.
|
1220
1318
|
#
|
@@ -1538,6 +1636,41 @@ module Aws::ACMPCA
|
|
1538
1636
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.initials #=> String
|
1539
1637
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.pseudonym #=> String
|
1540
1638
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.generation_qualifier #=> String
|
1639
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
1640
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
1641
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
1642
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.data_encipherment #=> Boolean
|
1643
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_agreement #=> Boolean
|
1644
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_cert_sign #=> Boolean
|
1645
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.crl_sign #=> Boolean
|
1646
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.encipher_only #=> Boolean
|
1647
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.decipher_only #=> Boolean
|
1648
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access #=> Array
|
1649
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.custom_object_identifier #=> String
|
1650
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.access_method_type #=> String, one of "CA_REPOSITORY", "RESOURCE_PKI_MANIFEST", "RESOURCE_PKI_NOTIFY"
|
1651
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.type_id #=> String
|
1652
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.value #=> String
|
1653
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.rfc_822_name #=> String
|
1654
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.dns_name #=> String
|
1655
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.country #=> String
|
1656
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organization #=> String
|
1657
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organizational_unit #=> String
|
1658
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.distinguished_name_qualifier #=> String
|
1659
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.state #=> String
|
1660
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.common_name #=> String
|
1661
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.serial_number #=> String
|
1662
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.locality #=> String
|
1663
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.title #=> String
|
1664
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.surname #=> String
|
1665
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.given_name #=> String
|
1666
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
1667
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
1668
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
1669
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
1670
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
1671
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
1672
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.ip_address #=> String
|
1673
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.registered_id #=> String
|
1541
1674
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.enabled #=> Boolean
|
1542
1675
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.expiration_in_days #=> Integer
|
1543
1676
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.custom_cname #=> String
|
@@ -1578,12 +1711,13 @@ module Aws::ACMPCA
|
|
1578
1711
|
# renewals. Instead, the ACM certificate owner must set up a
|
1579
1712
|
# resource-based policy to enable cross-account issuance and renewals.
|
1580
1713
|
# For more information, see [Using a Resource Based Policy with ACM
|
1581
|
-
# Private CA]
|
1714
|
+
# Private CA][3].
|
1582
1715
|
#
|
1583
1716
|
#
|
1584
1717
|
#
|
1585
1718
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
|
1586
1719
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
|
1720
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
1587
1721
|
#
|
1588
1722
|
# @option params [required, String] :certificate_authority_arn
|
1589
1723
|
# The Amazon Resource Number (ARN) of the private CA to inspect. You can
|
@@ -1713,8 +1847,9 @@ module Aws::ACMPCA
|
|
1713
1847
|
|
1714
1848
|
# Attaches a resource-based policy to a private CA.
|
1715
1849
|
#
|
1716
|
-
# A policy can also be applied by
|
1717
|
-
# Resource Access Manager (RAM).
|
1850
|
+
# A policy can also be applied by sharing a private CA through AWS
|
1851
|
+
# Resource Access Manager (RAM). For more information, see [Attach a
|
1852
|
+
# Policy for Cross-Account Access][1].
|
1718
1853
|
#
|
1719
1854
|
# The policy can be displayed with [GetPolicy][2] and removed with
|
1720
1855
|
# [DeletePolicy][3].
|
@@ -1724,8 +1859,7 @@ module Aws::ACMPCA
|
|
1724
1859
|
# * A policy grants access on a private CA to an AWS customer account,
|
1725
1860
|
# to AWS Organizations, or to an AWS Organizations unit. Policies are
|
1726
1861
|
# under the control of a CA administrator. For more information, see
|
1727
|
-
# [Using a Resource Based Policy with ACM Private
|
1728
|
-
# CA](acm-pca/latest/userguide/pca-rbp.html).
|
1862
|
+
# [Using a Resource Based Policy with ACM Private CA][4].
|
1729
1863
|
#
|
1730
1864
|
# * A policy permits a user of AWS Certificate Manager (ACM) to issue
|
1731
1865
|
# ACM certificates signed by a CA in another account.
|
@@ -1734,19 +1868,19 @@ module Aws::ACMPCA
|
|
1734
1868
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
1735
1869
|
# ACM service to assume the identity of the user, subject to
|
1736
1870
|
# confirmation against the ACM Private CA policy. For more
|
1737
|
-
# information, see [Using a Service Linked Role with ACM][
|
1871
|
+
# information, see [Using a Service Linked Role with ACM][5].
|
1738
1872
|
#
|
1739
1873
|
# * Updates made in AWS Resource Manager (RAM) are reflected in
|
1740
|
-
# policies. For more information, see [
|
1741
|
-
#
|
1742
|
-
# CA](acm-pca/latest/userguide/pca-ram.html).
|
1874
|
+
# policies. For more information, see [Attach a Policy for
|
1875
|
+
# Cross-Account Access][1].
|
1743
1876
|
#
|
1744
1877
|
#
|
1745
1878
|
#
|
1746
1879
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
|
1747
1880
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
|
1748
1881
|
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
|
1749
|
-
# [4]: https://docs.aws.amazon.com/acm/latest/userguide/
|
1882
|
+
# [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
1883
|
+
# [5]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
|
1750
1884
|
#
|
1751
1885
|
# @option params [required, String] :resource_arn
|
1752
1886
|
# The Amazon Resource Number (ARN) of the private CA to associate with
|
@@ -2095,7 +2229,7 @@ module Aws::ACMPCA
|
|
2095
2229
|
params: params,
|
2096
2230
|
config: config)
|
2097
2231
|
context[:gem_name] = 'aws-sdk-acmpca'
|
2098
|
-
context[:gem_version] = '1.
|
2232
|
+
context[:gem_version] = '1.31.0'
|
2099
2233
|
Seahorse::Client::Request.new(handlers, context)
|
2100
2234
|
end
|
2101
2235
|
|
@@ -16,6 +16,10 @@ module Aws::ACMPCA
|
|
16
16
|
ASN1PrintableString64 = Shapes::StringShape.new(name: 'ASN1PrintableString64')
|
17
17
|
ASN1Subject = Shapes::StructureShape.new(name: 'ASN1Subject')
|
18
18
|
AWSPolicy = Shapes::StringShape.new(name: 'AWSPolicy')
|
19
|
+
AccessDescription = Shapes::StructureShape.new(name: 'AccessDescription')
|
20
|
+
AccessDescriptionList = Shapes::ListShape.new(name: 'AccessDescriptionList')
|
21
|
+
AccessMethod = Shapes::StructureShape.new(name: 'AccessMethod')
|
22
|
+
AccessMethodType = Shapes::StringShape.new(name: 'AccessMethodType')
|
19
23
|
AccountId = Shapes::StringShape.new(name: 'AccountId')
|
20
24
|
ActionList = Shapes::ListShape.new(name: 'ActionList')
|
21
25
|
ActionType = Shapes::StringShape.new(name: 'ActionType')
|
@@ -44,6 +48,8 @@ module Aws::ACMPCA
|
|
44
48
|
CrlConfiguration = Shapes::StructureShape.new(name: 'CrlConfiguration')
|
45
49
|
CsrBlob = Shapes::BlobShape.new(name: 'CsrBlob')
|
46
50
|
CsrBody = Shapes::StringShape.new(name: 'CsrBody')
|
51
|
+
CsrExtensions = Shapes::StructureShape.new(name: 'CsrExtensions')
|
52
|
+
CustomObjectIdentifier = Shapes::StringShape.new(name: 'CustomObjectIdentifier')
|
47
53
|
DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
|
48
54
|
DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
|
49
55
|
DeletePolicyRequest = Shapes::StructureShape.new(name: 'DeletePolicyRequest')
|
@@ -51,7 +57,9 @@ module Aws::ACMPCA
|
|
51
57
|
DescribeCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportResponse')
|
52
58
|
DescribeCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityRequest')
|
53
59
|
DescribeCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityResponse')
|
60
|
+
EdiPartyName = Shapes::StructureShape.new(name: 'EdiPartyName')
|
54
61
|
FailureReason = Shapes::StringShape.new(name: 'FailureReason')
|
62
|
+
GeneralName = Shapes::StructureShape.new(name: 'GeneralName')
|
55
63
|
GetCertificateAuthorityCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateRequest')
|
56
64
|
GetCertificateAuthorityCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateResponse')
|
57
65
|
GetCertificateAuthorityCsrRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCsrRequest')
|
@@ -73,6 +81,7 @@ module Aws::ACMPCA
|
|
73
81
|
IssueCertificateRequest = Shapes::StructureShape.new(name: 'IssueCertificateRequest')
|
74
82
|
IssueCertificateResponse = Shapes::StructureShape.new(name: 'IssueCertificateResponse')
|
75
83
|
KeyAlgorithm = Shapes::StringShape.new(name: 'KeyAlgorithm')
|
84
|
+
KeyUsage = Shapes::StructureShape.new(name: 'KeyUsage')
|
76
85
|
LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
|
77
86
|
ListCertificateAuthoritiesRequest = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesRequest')
|
78
87
|
ListCertificateAuthoritiesResponse = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesResponse')
|
@@ -85,6 +94,7 @@ module Aws::ACMPCA
|
|
85
94
|
MalformedCertificateException = Shapes::StructureShape.new(name: 'MalformedCertificateException')
|
86
95
|
MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
|
87
96
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
97
|
+
OtherName = Shapes::StructureShape.new(name: 'OtherName')
|
88
98
|
PermanentDeletionTimeInDays = Shapes::IntegerShape.new(name: 'PermanentDeletionTimeInDays')
|
89
99
|
Permission = Shapes::StructureShape.new(name: 'Permission')
|
90
100
|
PermissionAlreadyExistsException = Shapes::StructureShape.new(name: 'PermissionAlreadyExistsException')
|
@@ -108,7 +118,9 @@ module Aws::ACMPCA
|
|
108
118
|
String128 = Shapes::StringShape.new(name: 'String128')
|
109
119
|
String16 = Shapes::StringShape.new(name: 'String16')
|
110
120
|
String253 = Shapes::StringShape.new(name: 'String253')
|
121
|
+
String256 = Shapes::StringShape.new(name: 'String256')
|
111
122
|
String3 = Shapes::StringShape.new(name: 'String3')
|
123
|
+
String39 = Shapes::StringShape.new(name: 'String39')
|
112
124
|
String3To255 = Shapes::StringShape.new(name: 'String3To255')
|
113
125
|
String40 = Shapes::StringShape.new(name: 'String40')
|
114
126
|
String5 = Shapes::StringShape.new(name: 'String5')
|
@@ -141,6 +153,16 @@ module Aws::ACMPCA
|
|
141
153
|
ASN1Subject.add_member(:generation_qualifier, Shapes::ShapeRef.new(shape: String3, location_name: "GenerationQualifier"))
|
142
154
|
ASN1Subject.struct_class = Types::ASN1Subject
|
143
155
|
|
156
|
+
AccessDescription.add_member(:access_method, Shapes::ShapeRef.new(shape: AccessMethod, required: true, location_name: "AccessMethod"))
|
157
|
+
AccessDescription.add_member(:access_location, Shapes::ShapeRef.new(shape: GeneralName, required: true, location_name: "AccessLocation"))
|
158
|
+
AccessDescription.struct_class = Types::AccessDescription
|
159
|
+
|
160
|
+
AccessDescriptionList.member = Shapes::ShapeRef.new(shape: AccessDescription)
|
161
|
+
|
162
|
+
AccessMethod.add_member(:custom_object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, location_name: "CustomObjectIdentifier"))
|
163
|
+
AccessMethod.add_member(:access_method_type, Shapes::ShapeRef.new(shape: AccessMethodType, location_name: "AccessMethodType"))
|
164
|
+
AccessMethod.struct_class = Types::AccessMethod
|
165
|
+
|
144
166
|
ActionList.member = Shapes::ShapeRef.new(shape: ActionType)
|
145
167
|
|
146
168
|
CertificateAuthorities.member = Shapes::ShapeRef.new(shape: CertificateAuthority)
|
@@ -163,6 +185,7 @@ module Aws::ACMPCA
|
|
163
185
|
CertificateAuthorityConfiguration.add_member(:key_algorithm, Shapes::ShapeRef.new(shape: KeyAlgorithm, required: true, location_name: "KeyAlgorithm"))
|
164
186
|
CertificateAuthorityConfiguration.add_member(:signing_algorithm, Shapes::ShapeRef.new(shape: SigningAlgorithm, required: true, location_name: "SigningAlgorithm"))
|
165
187
|
CertificateAuthorityConfiguration.add_member(:subject, Shapes::ShapeRef.new(shape: ASN1Subject, required: true, location_name: "Subject"))
|
188
|
+
CertificateAuthorityConfiguration.add_member(:csr_extensions, Shapes::ShapeRef.new(shape: CsrExtensions, location_name: "CsrExtensions"))
|
166
189
|
CertificateAuthorityConfiguration.struct_class = Types::CertificateAuthorityConfiguration
|
167
190
|
|
168
191
|
CertificateMismatchException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
@@ -202,6 +225,10 @@ module Aws::ACMPCA
|
|
202
225
|
CrlConfiguration.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: String3To255, location_name: "S3BucketName"))
|
203
226
|
CrlConfiguration.struct_class = Types::CrlConfiguration
|
204
227
|
|
228
|
+
CsrExtensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
|
229
|
+
CsrExtensions.add_member(:subject_information_access, Shapes::ShapeRef.new(shape: AccessDescriptionList, location_name: "SubjectInformationAccess"))
|
230
|
+
CsrExtensions.struct_class = Types::CsrExtensions
|
231
|
+
|
205
232
|
DeleteCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
206
233
|
DeleteCertificateAuthorityRequest.add_member(:permanent_deletion_time_in_days, Shapes::ShapeRef.new(shape: PermanentDeletionTimeInDays, location_name: "PermanentDeletionTimeInDays"))
|
207
234
|
DeleteCertificateAuthorityRequest.struct_class = Types::DeleteCertificateAuthorityRequest
|
@@ -230,6 +257,20 @@ module Aws::ACMPCA
|
|
230
257
|
DescribeCertificateAuthorityResponse.add_member(:certificate_authority, Shapes::ShapeRef.new(shape: CertificateAuthority, location_name: "CertificateAuthority"))
|
231
258
|
DescribeCertificateAuthorityResponse.struct_class = Types::DescribeCertificateAuthorityResponse
|
232
259
|
|
260
|
+
EdiPartyName.add_member(:party_name, Shapes::ShapeRef.new(shape: String256, required: true, location_name: "PartyName"))
|
261
|
+
EdiPartyName.add_member(:name_assigner, Shapes::ShapeRef.new(shape: String256, location_name: "NameAssigner"))
|
262
|
+
EdiPartyName.struct_class = Types::EdiPartyName
|
263
|
+
|
264
|
+
GeneralName.add_member(:other_name, Shapes::ShapeRef.new(shape: OtherName, location_name: "OtherName"))
|
265
|
+
GeneralName.add_member(:rfc_822_name, Shapes::ShapeRef.new(shape: String256, location_name: "Rfc822Name"))
|
266
|
+
GeneralName.add_member(:dns_name, Shapes::ShapeRef.new(shape: String253, location_name: "DnsName"))
|
267
|
+
GeneralName.add_member(:directory_name, Shapes::ShapeRef.new(shape: ASN1Subject, location_name: "DirectoryName"))
|
268
|
+
GeneralName.add_member(:edi_party_name, Shapes::ShapeRef.new(shape: EdiPartyName, location_name: "EdiPartyName"))
|
269
|
+
GeneralName.add_member(:uniform_resource_identifier, Shapes::ShapeRef.new(shape: String253, location_name: "UniformResourceIdentifier"))
|
270
|
+
GeneralName.add_member(:ip_address, Shapes::ShapeRef.new(shape: String39, location_name: "IpAddress"))
|
271
|
+
GeneralName.add_member(:registered_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, location_name: "RegisteredId"))
|
272
|
+
GeneralName.struct_class = Types::GeneralName
|
273
|
+
|
233
274
|
GetCertificateAuthorityCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
234
275
|
GetCertificateAuthorityCertificateRequest.struct_class = Types::GetCertificateAuthorityCertificateRequest
|
235
276
|
|
@@ -294,6 +335,17 @@ module Aws::ACMPCA
|
|
294
335
|
IssueCertificateResponse.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateArn"))
|
295
336
|
IssueCertificateResponse.struct_class = Types::IssueCertificateResponse
|
296
337
|
|
338
|
+
KeyUsage.add_member(:digital_signature, Shapes::ShapeRef.new(shape: Boolean, location_name: "DigitalSignature"))
|
339
|
+
KeyUsage.add_member(:non_repudiation, Shapes::ShapeRef.new(shape: Boolean, location_name: "NonRepudiation"))
|
340
|
+
KeyUsage.add_member(:key_encipherment, Shapes::ShapeRef.new(shape: Boolean, location_name: "KeyEncipherment"))
|
341
|
+
KeyUsage.add_member(:data_encipherment, Shapes::ShapeRef.new(shape: Boolean, location_name: "DataEncipherment"))
|
342
|
+
KeyUsage.add_member(:key_agreement, Shapes::ShapeRef.new(shape: Boolean, location_name: "KeyAgreement"))
|
343
|
+
KeyUsage.add_member(:key_cert_sign, Shapes::ShapeRef.new(shape: Boolean, location_name: "KeyCertSign"))
|
344
|
+
KeyUsage.add_member(:crl_sign, Shapes::ShapeRef.new(shape: Boolean, location_name: "CRLSign"))
|
345
|
+
KeyUsage.add_member(:encipher_only, Shapes::ShapeRef.new(shape: Boolean, location_name: "EncipherOnly"))
|
346
|
+
KeyUsage.add_member(:decipher_only, Shapes::ShapeRef.new(shape: Boolean, location_name: "DecipherOnly"))
|
347
|
+
KeyUsage.struct_class = Types::KeyUsage
|
348
|
+
|
297
349
|
LimitExceededException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
298
350
|
LimitExceededException.struct_class = Types::LimitExceededException
|
299
351
|
|
@@ -333,6 +385,10 @@ module Aws::ACMPCA
|
|
333
385
|
MalformedCertificateException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
334
386
|
MalformedCertificateException.struct_class = Types::MalformedCertificateException
|
335
387
|
|
388
|
+
OtherName.add_member(:type_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "TypeId"))
|
389
|
+
OtherName.add_member(:value, Shapes::ShapeRef.new(shape: String256, required: true, location_name: "Value"))
|
390
|
+
OtherName.struct_class = Types::OtherName
|
391
|
+
|
336
392
|
Permission.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
|
337
393
|
Permission.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
|
338
394
|
Permission.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, location_name: "Principal"))
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -65,7 +65,11 @@ module Aws::ACMPCA
|
|
65
65
|
# @return [String]
|
66
66
|
#
|
67
67
|
# @!attribute [rw] common_name
|
68
|
-
#
|
68
|
+
# For CA and end-entity certificates in a private PKI, the common name
|
69
|
+
# (CN) can be any string within the length limit.
|
70
|
+
#
|
71
|
+
# Note: In publicly trusted certificates, the common name must be a
|
72
|
+
# fully qualified domain name (FQDN) associated with the certificate
|
69
73
|
# subject.
|
70
74
|
# @return [String]
|
71
75
|
#
|
@@ -131,6 +135,106 @@ module Aws::ACMPCA
|
|
131
135
|
include Aws::Structure
|
132
136
|
end
|
133
137
|
|
138
|
+
# Provides access information used by the `authorityInfoAccess` and
|
139
|
+
# `subjectInfoAccess` extensions described in [RFC 5280][1].
|
140
|
+
#
|
141
|
+
#
|
142
|
+
#
|
143
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
144
|
+
#
|
145
|
+
# @note When making an API call, you may pass AccessDescription
|
146
|
+
# data as a hash:
|
147
|
+
#
|
148
|
+
# {
|
149
|
+
# access_method: { # required
|
150
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
151
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
152
|
+
# },
|
153
|
+
# access_location: { # required
|
154
|
+
# other_name: {
|
155
|
+
# type_id: "CustomObjectIdentifier", # required
|
156
|
+
# value: "String256", # required
|
157
|
+
# },
|
158
|
+
# rfc_822_name: "String256",
|
159
|
+
# dns_name: "String253",
|
160
|
+
# directory_name: {
|
161
|
+
# country: "CountryCodeString",
|
162
|
+
# organization: "String64",
|
163
|
+
# organizational_unit: "String64",
|
164
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
165
|
+
# state: "String128",
|
166
|
+
# common_name: "String64",
|
167
|
+
# serial_number: "ASN1PrintableString64",
|
168
|
+
# locality: "String128",
|
169
|
+
# title: "String64",
|
170
|
+
# surname: "String40",
|
171
|
+
# given_name: "String16",
|
172
|
+
# initials: "String5",
|
173
|
+
# pseudonym: "String128",
|
174
|
+
# generation_qualifier: "String3",
|
175
|
+
# },
|
176
|
+
# edi_party_name: {
|
177
|
+
# party_name: "String256", # required
|
178
|
+
# name_assigner: "String256",
|
179
|
+
# },
|
180
|
+
# uniform_resource_identifier: "String253",
|
181
|
+
# ip_address: "String39",
|
182
|
+
# registered_id: "CustomObjectIdentifier",
|
183
|
+
# },
|
184
|
+
# }
|
185
|
+
#
|
186
|
+
# @!attribute [rw] access_method
|
187
|
+
# The type and format of `AccessDescription` information.
|
188
|
+
# @return [Types::AccessMethod]
|
189
|
+
#
|
190
|
+
# @!attribute [rw] access_location
|
191
|
+
# The location of `AccessDescription` information.
|
192
|
+
# @return [Types::GeneralName]
|
193
|
+
#
|
194
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/AccessDescription AWS API Documentation
|
195
|
+
#
|
196
|
+
class AccessDescription < Struct.new(
|
197
|
+
:access_method,
|
198
|
+
:access_location)
|
199
|
+
SENSITIVE = []
|
200
|
+
include Aws::Structure
|
201
|
+
end
|
202
|
+
|
203
|
+
# Describes the type and format of extension access. Only one of
|
204
|
+
# `CustomObjectIdentifier` or `AccessMethodType` may be provided.
|
205
|
+
# Providing both results in `InvalidArgsException`.
|
206
|
+
#
|
207
|
+
# @note When making an API call, you may pass AccessMethod
|
208
|
+
# data as a hash:
|
209
|
+
#
|
210
|
+
# {
|
211
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
212
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
213
|
+
# }
|
214
|
+
#
|
215
|
+
# @!attribute [rw] custom_object_identifier
|
216
|
+
# An object identifier (OID) specifying the `AccessMethod`. The OID
|
217
|
+
# must satisfy the regular expression shown below. For more
|
218
|
+
# information, see NIST's definition of [Object Identifier (OID)][1].
|
219
|
+
#
|
220
|
+
#
|
221
|
+
#
|
222
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
223
|
+
# @return [String]
|
224
|
+
#
|
225
|
+
# @!attribute [rw] access_method_type
|
226
|
+
# Specifies the `AccessMethod`.
|
227
|
+
# @return [String]
|
228
|
+
#
|
229
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/AccessMethod AWS API Documentation
|
230
|
+
#
|
231
|
+
class AccessMethod < Struct.new(
|
232
|
+
:custom_object_identifier,
|
233
|
+
:access_method_type)
|
234
|
+
SENSITIVE = []
|
235
|
+
include Aws::Structure
|
236
|
+
end
|
237
|
+
|
134
238
|
# Contains information about your private certificate authority (CA).
|
135
239
|
# Your private CA can issue and revoke X.509 digital certificates.
|
136
240
|
# Digital certificates verify that the entity named in the certificate
|
@@ -264,6 +368,58 @@ module Aws::ACMPCA
|
|
264
368
|
# pseudonym: "String128",
|
265
369
|
# generation_qualifier: "String3",
|
266
370
|
# },
|
371
|
+
# csr_extensions: {
|
372
|
+
# key_usage: {
|
373
|
+
# digital_signature: false,
|
374
|
+
# non_repudiation: false,
|
375
|
+
# key_encipherment: false,
|
376
|
+
# data_encipherment: false,
|
377
|
+
# key_agreement: false,
|
378
|
+
# key_cert_sign: false,
|
379
|
+
# crl_sign: false,
|
380
|
+
# encipher_only: false,
|
381
|
+
# decipher_only: false,
|
382
|
+
# },
|
383
|
+
# subject_information_access: [
|
384
|
+
# {
|
385
|
+
# access_method: { # required
|
386
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
387
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
388
|
+
# },
|
389
|
+
# access_location: { # required
|
390
|
+
# other_name: {
|
391
|
+
# type_id: "CustomObjectIdentifier", # required
|
392
|
+
# value: "String256", # required
|
393
|
+
# },
|
394
|
+
# rfc_822_name: "String256",
|
395
|
+
# dns_name: "String253",
|
396
|
+
# directory_name: {
|
397
|
+
# country: "CountryCodeString",
|
398
|
+
# organization: "String64",
|
399
|
+
# organizational_unit: "String64",
|
400
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
401
|
+
# state: "String128",
|
402
|
+
# common_name: "String64",
|
403
|
+
# serial_number: "ASN1PrintableString64",
|
404
|
+
# locality: "String128",
|
405
|
+
# title: "String64",
|
406
|
+
# surname: "String40",
|
407
|
+
# given_name: "String16",
|
408
|
+
# initials: "String5",
|
409
|
+
# pseudonym: "String128",
|
410
|
+
# generation_qualifier: "String3",
|
411
|
+
# },
|
412
|
+
# edi_party_name: {
|
413
|
+
# party_name: "String256", # required
|
414
|
+
# name_assigner: "String256",
|
415
|
+
# },
|
416
|
+
# uniform_resource_identifier: "String253",
|
417
|
+
# ip_address: "String39",
|
418
|
+
# registered_id: "CustomObjectIdentifier",
|
419
|
+
# },
|
420
|
+
# },
|
421
|
+
# ],
|
422
|
+
# },
|
267
423
|
# }
|
268
424
|
#
|
269
425
|
# @!attribute [rw] key_algorithm
|
@@ -286,12 +442,18 @@ module Aws::ACMPCA
|
|
286
442
|
# your private CA.
|
287
443
|
# @return [Types::ASN1Subject]
|
288
444
|
#
|
445
|
+
# @!attribute [rw] csr_extensions
|
446
|
+
# Specifies information to be added to the extension section of the
|
447
|
+
# certificate signing request (CSR).
|
448
|
+
# @return [Types::CsrExtensions]
|
449
|
+
#
|
289
450
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthorityConfiguration AWS API Documentation
|
290
451
|
#
|
291
452
|
class CertificateAuthorityConfiguration < Struct.new(
|
292
453
|
:key_algorithm,
|
293
454
|
:signing_algorithm,
|
294
|
-
:subject
|
455
|
+
:subject,
|
456
|
+
:csr_extensions)
|
295
457
|
SENSITIVE = []
|
296
458
|
include Aws::Structure
|
297
459
|
end
|
@@ -400,6 +562,58 @@ module Aws::ACMPCA
|
|
400
562
|
# pseudonym: "String128",
|
401
563
|
# generation_qualifier: "String3",
|
402
564
|
# },
|
565
|
+
# csr_extensions: {
|
566
|
+
# key_usage: {
|
567
|
+
# digital_signature: false,
|
568
|
+
# non_repudiation: false,
|
569
|
+
# key_encipherment: false,
|
570
|
+
# data_encipherment: false,
|
571
|
+
# key_agreement: false,
|
572
|
+
# key_cert_sign: false,
|
573
|
+
# crl_sign: false,
|
574
|
+
# encipher_only: false,
|
575
|
+
# decipher_only: false,
|
576
|
+
# },
|
577
|
+
# subject_information_access: [
|
578
|
+
# {
|
579
|
+
# access_method: { # required
|
580
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
581
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
582
|
+
# },
|
583
|
+
# access_location: { # required
|
584
|
+
# other_name: {
|
585
|
+
# type_id: "CustomObjectIdentifier", # required
|
586
|
+
# value: "String256", # required
|
587
|
+
# },
|
588
|
+
# rfc_822_name: "String256",
|
589
|
+
# dns_name: "String253",
|
590
|
+
# directory_name: {
|
591
|
+
# country: "CountryCodeString",
|
592
|
+
# organization: "String64",
|
593
|
+
# organizational_unit: "String64",
|
594
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
595
|
+
# state: "String128",
|
596
|
+
# common_name: "String64",
|
597
|
+
# serial_number: "ASN1PrintableString64",
|
598
|
+
# locality: "String128",
|
599
|
+
# title: "String64",
|
600
|
+
# surname: "String40",
|
601
|
+
# given_name: "String16",
|
602
|
+
# initials: "String5",
|
603
|
+
# pseudonym: "String128",
|
604
|
+
# generation_qualifier: "String3",
|
605
|
+
# },
|
606
|
+
# edi_party_name: {
|
607
|
+
# party_name: "String256", # required
|
608
|
+
# name_assigner: "String256",
|
609
|
+
# },
|
610
|
+
# uniform_resource_identifier: "String253",
|
611
|
+
# ip_address: "String39",
|
612
|
+
# registered_id: "CustomObjectIdentifier",
|
613
|
+
# },
|
614
|
+
# },
|
615
|
+
# ],
|
616
|
+
# },
|
403
617
|
# },
|
404
618
|
# revocation_configuration: {
|
405
619
|
# crl_configuration: {
|
@@ -635,7 +849,7 @@ module Aws::ACMPCA
|
|
635
849
|
# @return [Boolean]
|
636
850
|
#
|
637
851
|
# @!attribute [rw] expiration_in_days
|
638
|
-
#
|
852
|
+
# Validity period of the CRL in days.
|
639
853
|
# @return [Integer]
|
640
854
|
#
|
641
855
|
# @!attribute [rw] custom_cname
|
@@ -670,6 +884,89 @@ module Aws::ACMPCA
|
|
670
884
|
include Aws::Structure
|
671
885
|
end
|
672
886
|
|
887
|
+
# Describes the certificate extensions to be added to the certificate
|
888
|
+
# signing request (CSR).
|
889
|
+
#
|
890
|
+
# @note When making an API call, you may pass CsrExtensions
|
891
|
+
# data as a hash:
|
892
|
+
#
|
893
|
+
# {
|
894
|
+
# key_usage: {
|
895
|
+
# digital_signature: false,
|
896
|
+
# non_repudiation: false,
|
897
|
+
# key_encipherment: false,
|
898
|
+
# data_encipherment: false,
|
899
|
+
# key_agreement: false,
|
900
|
+
# key_cert_sign: false,
|
901
|
+
# crl_sign: false,
|
902
|
+
# encipher_only: false,
|
903
|
+
# decipher_only: false,
|
904
|
+
# },
|
905
|
+
# subject_information_access: [
|
906
|
+
# {
|
907
|
+
# access_method: { # required
|
908
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
909
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
910
|
+
# },
|
911
|
+
# access_location: { # required
|
912
|
+
# other_name: {
|
913
|
+
# type_id: "CustomObjectIdentifier", # required
|
914
|
+
# value: "String256", # required
|
915
|
+
# },
|
916
|
+
# rfc_822_name: "String256",
|
917
|
+
# dns_name: "String253",
|
918
|
+
# directory_name: {
|
919
|
+
# country: "CountryCodeString",
|
920
|
+
# organization: "String64",
|
921
|
+
# organizational_unit: "String64",
|
922
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
923
|
+
# state: "String128",
|
924
|
+
# common_name: "String64",
|
925
|
+
# serial_number: "ASN1PrintableString64",
|
926
|
+
# locality: "String128",
|
927
|
+
# title: "String64",
|
928
|
+
# surname: "String40",
|
929
|
+
# given_name: "String16",
|
930
|
+
# initials: "String5",
|
931
|
+
# pseudonym: "String128",
|
932
|
+
# generation_qualifier: "String3",
|
933
|
+
# },
|
934
|
+
# edi_party_name: {
|
935
|
+
# party_name: "String256", # required
|
936
|
+
# name_assigner: "String256",
|
937
|
+
# },
|
938
|
+
# uniform_resource_identifier: "String253",
|
939
|
+
# ip_address: "String39",
|
940
|
+
# registered_id: "CustomObjectIdentifier",
|
941
|
+
# },
|
942
|
+
# },
|
943
|
+
# ],
|
944
|
+
# }
|
945
|
+
#
|
946
|
+
# @!attribute [rw] key_usage
|
947
|
+
# Indicates the purpose of the certificate and of the key contained in
|
948
|
+
# the certificate.
|
949
|
+
# @return [Types::KeyUsage]
|
950
|
+
#
|
951
|
+
# @!attribute [rw] subject_information_access
|
952
|
+
# For CA certificates, provides a path to additional information
|
953
|
+
# pertaining to the CA, such as revocation and policy. For more
|
954
|
+
# information, see [Subject Information Access][1] in RFC 5280.
|
955
|
+
#
|
956
|
+
#
|
957
|
+
#
|
958
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.2.2
|
959
|
+
# @return [Array<Types::AccessDescription>]
|
960
|
+
#
|
961
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CsrExtensions AWS API Documentation
|
962
|
+
#
|
963
|
+
class CsrExtensions < Struct.new(
|
964
|
+
:key_usage,
|
965
|
+
:subject_information_access)
|
966
|
+
SENSITIVE = []
|
967
|
+
include Aws::Structure
|
968
|
+
end
|
969
|
+
|
673
970
|
# @note When making an API call, you may pass DeleteCertificateAuthorityRequest
|
674
971
|
# data as a hash:
|
675
972
|
#
|
@@ -882,6 +1179,142 @@ module Aws::ACMPCA
|
|
882
1179
|
include Aws::Structure
|
883
1180
|
end
|
884
1181
|
|
1182
|
+
# Describes an Electronic Data Interchange (EDI) entity as described in
|
1183
|
+
# as defined in [Subject Alternative Name][1] in RFC 5280.
|
1184
|
+
#
|
1185
|
+
#
|
1186
|
+
#
|
1187
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
1188
|
+
#
|
1189
|
+
# @note When making an API call, you may pass EdiPartyName
|
1190
|
+
# data as a hash:
|
1191
|
+
#
|
1192
|
+
# {
|
1193
|
+
# party_name: "String256", # required
|
1194
|
+
# name_assigner: "String256",
|
1195
|
+
# }
|
1196
|
+
#
|
1197
|
+
# @!attribute [rw] party_name
|
1198
|
+
# Specifies the party name.
|
1199
|
+
# @return [String]
|
1200
|
+
#
|
1201
|
+
# @!attribute [rw] name_assigner
|
1202
|
+
# Specifies the name assigner.
|
1203
|
+
# @return [String]
|
1204
|
+
#
|
1205
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/EdiPartyName AWS API Documentation
|
1206
|
+
#
|
1207
|
+
class EdiPartyName < Struct.new(
|
1208
|
+
:party_name,
|
1209
|
+
:name_assigner)
|
1210
|
+
SENSITIVE = []
|
1211
|
+
include Aws::Structure
|
1212
|
+
end
|
1213
|
+
|
1214
|
+
# Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280][1].
|
1215
|
+
# Only one of the following naming options should be providied.
|
1216
|
+
# Providing more than one option results in an `InvalidArgsException`
|
1217
|
+
# error.
|
1218
|
+
#
|
1219
|
+
#
|
1220
|
+
#
|
1221
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
1222
|
+
#
|
1223
|
+
# @note When making an API call, you may pass GeneralName
|
1224
|
+
# data as a hash:
|
1225
|
+
#
|
1226
|
+
# {
|
1227
|
+
# other_name: {
|
1228
|
+
# type_id: "CustomObjectIdentifier", # required
|
1229
|
+
# value: "String256", # required
|
1230
|
+
# },
|
1231
|
+
# rfc_822_name: "String256",
|
1232
|
+
# dns_name: "String253",
|
1233
|
+
# directory_name: {
|
1234
|
+
# country: "CountryCodeString",
|
1235
|
+
# organization: "String64",
|
1236
|
+
# organizational_unit: "String64",
|
1237
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1238
|
+
# state: "String128",
|
1239
|
+
# common_name: "String64",
|
1240
|
+
# serial_number: "ASN1PrintableString64",
|
1241
|
+
# locality: "String128",
|
1242
|
+
# title: "String64",
|
1243
|
+
# surname: "String40",
|
1244
|
+
# given_name: "String16",
|
1245
|
+
# initials: "String5",
|
1246
|
+
# pseudonym: "String128",
|
1247
|
+
# generation_qualifier: "String3",
|
1248
|
+
# },
|
1249
|
+
# edi_party_name: {
|
1250
|
+
# party_name: "String256", # required
|
1251
|
+
# name_assigner: "String256",
|
1252
|
+
# },
|
1253
|
+
# uniform_resource_identifier: "String253",
|
1254
|
+
# ip_address: "String39",
|
1255
|
+
# registered_id: "CustomObjectIdentifier",
|
1256
|
+
# }
|
1257
|
+
#
|
1258
|
+
# @!attribute [rw] other_name
|
1259
|
+
# Represents `GeneralName` using an `OtherName` object.
|
1260
|
+
# @return [Types::OtherName]
|
1261
|
+
#
|
1262
|
+
# @!attribute [rw] rfc_822_name
|
1263
|
+
# Represents `GeneralName` as an [RFC 822][1] email address.
|
1264
|
+
#
|
1265
|
+
#
|
1266
|
+
#
|
1267
|
+
# [1]: https://tools.ietf.org/html/rfc822
|
1268
|
+
# @return [String]
|
1269
|
+
#
|
1270
|
+
# @!attribute [rw] dns_name
|
1271
|
+
# Represents `GeneralName` as a DNS name.
|
1272
|
+
# @return [String]
|
1273
|
+
#
|
1274
|
+
# @!attribute [rw] directory_name
|
1275
|
+
# Contains information about the certificate subject. The certificate
|
1276
|
+
# can be one issued by your private certificate authority (CA) or it
|
1277
|
+
# can be your private CA certificate. The **Subject** field in the
|
1278
|
+
# certificate identifies the entity that owns or controls the public
|
1279
|
+
# key in the certificate. The entity can be a user, computer, device,
|
1280
|
+
# or service. The **Subject** must contain an X.500 distinguished name
|
1281
|
+
# (DN). A DN is a sequence of relative distinguished names (RDNs). The
|
1282
|
+
# RDNs are separated by commas in the certificate. The DN must be
|
1283
|
+
# unique for each entity, but your private CA can issue more than one
|
1284
|
+
# certificate with the same DN to the same entity.
|
1285
|
+
# @return [Types::ASN1Subject]
|
1286
|
+
#
|
1287
|
+
# @!attribute [rw] edi_party_name
|
1288
|
+
# Represents `GeneralName` as an `EdiPartyName` object.
|
1289
|
+
# @return [Types::EdiPartyName]
|
1290
|
+
#
|
1291
|
+
# @!attribute [rw] uniform_resource_identifier
|
1292
|
+
# Represents `GeneralName` as a URI.
|
1293
|
+
# @return [String]
|
1294
|
+
#
|
1295
|
+
# @!attribute [rw] ip_address
|
1296
|
+
# Represents `GeneralName` as an IPv4 or IPv6 address.
|
1297
|
+
# @return [String]
|
1298
|
+
#
|
1299
|
+
# @!attribute [rw] registered_id
|
1300
|
+
# Represents `GeneralName` as an object identifier (OID).
|
1301
|
+
# @return [String]
|
1302
|
+
#
|
1303
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GeneralName AWS API Documentation
|
1304
|
+
#
|
1305
|
+
class GeneralName < Struct.new(
|
1306
|
+
:other_name,
|
1307
|
+
:rfc_822_name,
|
1308
|
+
:dns_name,
|
1309
|
+
:directory_name,
|
1310
|
+
:edi_party_name,
|
1311
|
+
:uniform_resource_identifier,
|
1312
|
+
:ip_address,
|
1313
|
+
:registered_id)
|
1314
|
+
SENSITIVE = []
|
1315
|
+
include Aws::Structure
|
1316
|
+
end
|
1317
|
+
|
885
1318
|
# @note When making an API call, you may pass GetCertificateAuthorityCertificateRequest
|
886
1319
|
# data as a hash:
|
887
1320
|
#
|
@@ -911,10 +1344,9 @@ module Aws::ACMPCA
|
|
911
1344
|
#
|
912
1345
|
# @!attribute [rw] certificate_chain
|
913
1346
|
# Base64-encoded certificate chain that includes any intermediate
|
914
|
-
# certificates and chains up to root
|
915
|
-
#
|
916
|
-
#
|
917
|
-
# null.
|
1347
|
+
# certificates and chains up to root certificate that you used to sign
|
1348
|
+
# your private CA certificate. The chain does not include your private
|
1349
|
+
# CA certificate. If this is a root CA, the value will be null.
|
918
1350
|
# @return [String]
|
919
1351
|
#
|
920
1352
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificateResponse AWS API Documentation
|
@@ -1009,9 +1441,8 @@ module Aws::ACMPCA
|
|
1009
1441
|
# @return [String]
|
1010
1442
|
#
|
1011
1443
|
# @!attribute [rw] certificate_chain
|
1012
|
-
# The base64 PEM-encoded certificate chain that chains up to the
|
1013
|
-
#
|
1014
|
-
# CA certificate.
|
1444
|
+
# The base64 PEM-encoded certificate chain that chains up to the root
|
1445
|
+
# CA certificate that you used to sign your private CA certificate.
|
1015
1446
|
# @return [String]
|
1016
1447
|
#
|
1017
1448
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateResponse AWS API Documentation
|
@@ -1156,7 +1587,7 @@ module Aws::ACMPCA
|
|
1156
1587
|
#
|
1157
1588
|
#
|
1158
1589
|
#
|
1159
|
-
# [1]: https://docs.aws.amazon.com/
|
1590
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
|
1160
1591
|
#
|
1161
1592
|
# @!attribute [rw] message
|
1162
1593
|
# @return [String]
|
@@ -1367,6 +1798,76 @@ module Aws::ACMPCA
|
|
1367
1798
|
include Aws::Structure
|
1368
1799
|
end
|
1369
1800
|
|
1801
|
+
# Defines one or more purposes for which the key contained in the
|
1802
|
+
# certificate can be used. Default value for each option is false.
|
1803
|
+
#
|
1804
|
+
# @note When making an API call, you may pass KeyUsage
|
1805
|
+
# data as a hash:
|
1806
|
+
#
|
1807
|
+
# {
|
1808
|
+
# digital_signature: false,
|
1809
|
+
# non_repudiation: false,
|
1810
|
+
# key_encipherment: false,
|
1811
|
+
# data_encipherment: false,
|
1812
|
+
# key_agreement: false,
|
1813
|
+
# key_cert_sign: false,
|
1814
|
+
# crl_sign: false,
|
1815
|
+
# encipher_only: false,
|
1816
|
+
# decipher_only: false,
|
1817
|
+
# }
|
1818
|
+
#
|
1819
|
+
# @!attribute [rw] digital_signature
|
1820
|
+
# Key can be used for digital signing.
|
1821
|
+
# @return [Boolean]
|
1822
|
+
#
|
1823
|
+
# @!attribute [rw] non_repudiation
|
1824
|
+
# Key can be used for non-repudiation.
|
1825
|
+
# @return [Boolean]
|
1826
|
+
#
|
1827
|
+
# @!attribute [rw] key_encipherment
|
1828
|
+
# Key can be used to encipher data.
|
1829
|
+
# @return [Boolean]
|
1830
|
+
#
|
1831
|
+
# @!attribute [rw] data_encipherment
|
1832
|
+
# Key can be used to decipher data.
|
1833
|
+
# @return [Boolean]
|
1834
|
+
#
|
1835
|
+
# @!attribute [rw] key_agreement
|
1836
|
+
# Key can be used in a key-agreement protocol.
|
1837
|
+
# @return [Boolean]
|
1838
|
+
#
|
1839
|
+
# @!attribute [rw] key_cert_sign
|
1840
|
+
# Key can be used to sign certificates.
|
1841
|
+
# @return [Boolean]
|
1842
|
+
#
|
1843
|
+
# @!attribute [rw] crl_sign
|
1844
|
+
# Key can be used to sign CRLs.
|
1845
|
+
# @return [Boolean]
|
1846
|
+
#
|
1847
|
+
# @!attribute [rw] encipher_only
|
1848
|
+
# Key can be used only to encipher data.
|
1849
|
+
# @return [Boolean]
|
1850
|
+
#
|
1851
|
+
# @!attribute [rw] decipher_only
|
1852
|
+
# Key can be used only to decipher data.
|
1853
|
+
# @return [Boolean]
|
1854
|
+
#
|
1855
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/KeyUsage AWS API Documentation
|
1856
|
+
#
|
1857
|
+
class KeyUsage < Struct.new(
|
1858
|
+
:digital_signature,
|
1859
|
+
:non_repudiation,
|
1860
|
+
:key_encipherment,
|
1861
|
+
:data_encipherment,
|
1862
|
+
:key_agreement,
|
1863
|
+
:key_cert_sign,
|
1864
|
+
:crl_sign,
|
1865
|
+
:encipher_only,
|
1866
|
+
:decipher_only)
|
1867
|
+
SENSITIVE = []
|
1868
|
+
include Aws::Structure
|
1869
|
+
end
|
1870
|
+
|
1370
1871
|
# An ACM Private CA quota has been exceeded. See the exception message
|
1371
1872
|
# returned to determine the quota that was exceeded.
|
1372
1873
|
#
|
@@ -1610,6 +2111,40 @@ module Aws::ACMPCA
|
|
1610
2111
|
include Aws::Structure
|
1611
2112
|
end
|
1612
2113
|
|
2114
|
+
# Defines a custom ASN.1 X.400 `GeneralName` using an object identifier
|
2115
|
+
# (OID) and value. The OID must satisfy the regular expression shown
|
2116
|
+
# below. For more information, see NIST's definition of [Object
|
2117
|
+
# Identifier (OID)][1].
|
2118
|
+
#
|
2119
|
+
#
|
2120
|
+
#
|
2121
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
2122
|
+
#
|
2123
|
+
# @note When making an API call, you may pass OtherName
|
2124
|
+
# data as a hash:
|
2125
|
+
#
|
2126
|
+
# {
|
2127
|
+
# type_id: "CustomObjectIdentifier", # required
|
2128
|
+
# value: "String256", # required
|
2129
|
+
# }
|
2130
|
+
#
|
2131
|
+
# @!attribute [rw] type_id
|
2132
|
+
# Specifies an OID.
|
2133
|
+
# @return [String]
|
2134
|
+
#
|
2135
|
+
# @!attribute [rw] value
|
2136
|
+
# Specifies an OID value.
|
2137
|
+
# @return [String]
|
2138
|
+
#
|
2139
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/OtherName AWS API Documentation
|
2140
|
+
#
|
2141
|
+
class OtherName < Struct.new(
|
2142
|
+
:type_id,
|
2143
|
+
:value)
|
2144
|
+
SENSITIVE = []
|
2145
|
+
include Aws::Structure
|
2146
|
+
end
|
2147
|
+
|
1613
2148
|
# Permissions designate which private CA actions can be performed by an
|
1614
2149
|
# AWS service or entity. In order for ACM to automatically renew private
|
1615
2150
|
# certificates, you must give the ACM service principal all available
|
@@ -2116,6 +2651,10 @@ module Aws::ACMPCA
|
|
2116
2651
|
# * Sample input value: 90
|
2117
2652
|
#
|
2118
2653
|
# * Output expiration date: 01/10/2020 12:34:54 UTC
|
2654
|
+
#
|
2655
|
+
# The minimum validity duration for a certificate using relative time
|
2656
|
+
# (`DAYS`) is one day. The minimum validity for a certificate using
|
2657
|
+
# absolute time (`ABSOLUTE` or `END_DATE`) is one second.
|
2119
2658
|
# @return [String]
|
2120
2659
|
#
|
2121
2660
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Validity AWS API Documentation
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-acmpca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.31.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|