aws-sdk-acmpca 1.63.0 → 1.64.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3020abde437c5bb3d473197d6b45c58a99a74612d2b54031cdef3cf8a459dc96
-  data.tar.gz: cb7e96e1a028f8b92ef988114c476cc015e7fe954f28c84562c22a0dcdf6ffb7
+  metadata.gz: 9c2dc1b13bf72b27110239fe9f1704a041676797a636eaf06eb2cebebf2c1242
+  data.tar.gz: 125ad485e426592f322f07e6e2402c9e276bd0d4fdf7a81ac01f6fbc195c761e
 SHA512:
-  metadata.gz: f567b97dd308ee0dc023745625511e3cbdbe3c87f20c51c39eb61ce7c877699849f6eb27b1cda7ee6c603c87d050f671a01d957a50473ac919cdc32793220a50
-  data.tar.gz: 48693a8ab8a6e5a7c6c90c619c3fd6c68bec6645015c83c75ce4ea3cb7bbe9294604b6fdb1b92137c84573c1a1b6ffdb916586fd9a420e8f89ef5c8908851f30
+  metadata.gz: 8f79074de0527480c20e9e24cfc247eb65cc6b4230410be6d7e0aeff760fa7bf0c5a7fec2e0048bffad19b99f01301b0b04c3c1b4ad3869ec646de5592096067
+  data.tar.gz: 7706bb871ff81f60f28c51de191cdf6f793c95a688f77107b434b3057a1a0517850f06597205b4380dea07d9c0b3f1f0807169bddc76e895a55ebbbb7b076cdf

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.64.0 (2024-01-25)
+------------------
+
+* Feature - AWS Private CA now supports an option to omit the CDP extension from issued certificates, when CRL revocation is enabled.
+
 1.63.0 (2023-11-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.63.0
+1.64.0

data/lib/aws-sdk-acmpca/client.rb

@@ -622,6 +622,9 @@ module Aws::ACMPCA
     #         custom_cname: "CnameString",
     #         s3_bucket_name: "S3BucketName3To255",
     #         s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
+    #         crl_distribution_point_extension_configuration: {
+    #           omit_extension: false, # required
+    #         },
     #       },
     #       ocsp_configuration: {
     #         enabled: false, # required
@@ -1138,6 +1141,7 @@ module Aws::ACMPCA
     #   resp.certificate_authority.revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authority.revocation_configuration.crl_configuration.s3_bucket_name #=> String
     #   resp.certificate_authority.revocation_configuration.crl_configuration.s3_object_acl #=> String, one of "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL"
+    #   resp.certificate_authority.revocation_configuration.crl_configuration.crl_distribution_point_extension_configuration.omit_extension #=> Boolean
     #   resp.certificate_authority.revocation_configuration.ocsp_configuration.enabled #=> Boolean
     #   resp.certificate_authority.revocation_configuration.ocsp_configuration.ocsp_custom_cname #=> String
     #   resp.certificate_authority.restorable_until #=> Time
@@ -1886,6 +1890,9 @@ module Aws::ACMPCA
     #   sent in the response. Use this `NextToken` value in a subsequent
     #   request to retrieve additional items.
     #
+    #   Although the maximum value is 1000, the action only returns a maximum
+    #   of 100 items.
+    #
     # @option params [String] :resource_owner
     #   Use this parameter to filter the returned set of certificate
     #   authorities based on their owner. The default is SELF.
@@ -1980,6 +1987,7 @@ module Aws::ACMPCA
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_bucket_name #=> String
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_object_acl #=> String, one of "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL"
+    #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.crl_distribution_point_extension_configuration.omit_extension #=> Boolean
     #   resp.certificate_authorities[0].revocation_configuration.ocsp_configuration.enabled #=> Boolean
     #   resp.certificate_authorities[0].revocation_configuration.ocsp_configuration.ocsp_custom_cname #=> String
     #   resp.certificate_authorities[0].restorable_until #=> Time
@@ -2555,6 +2563,9 @@ module Aws::ACMPCA
     #         custom_cname: "CnameString",
     #         s3_bucket_name: "S3BucketName3To255",
     #         s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
+    #         crl_distribution_point_extension_configuration: {
+    #           omit_extension: false, # required
+    #         },
     #       },
     #       ocsp_configuration: {
     #         enabled: false, # required
@@ -2586,7 +2597,7 @@ module Aws::ACMPCA
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.63.0'
+      context[:gem_version] = '1.64.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 
@@ -2656,7 +2667,7 @@ module Aws::ACMPCA
     # | --------------------------------- | ---------------------------------------------------- | -------- | ------------- |
     # | audit_report_created              | {Client#describe_certificate_authority_audit_report} | 3        | 60            |
     # | certificate_authority_csr_created | {Client#get_certificate_authority_csr}               | 3        | 60            |
-    # | certificate_issued                | {Client#get_certificate}                             | 3        | 60            |
+    # | certificate_issued                | {Client#get_certificate}                             | 1        | 60            |
     #
     # @raise [Errors::FailureStateError] Raised when the waiter terminates
     #   because the waiter has entered a state that it will not transition

data/lib/aws-sdk-acmpca/client_api.rb

@@ -51,6 +51,7 @@ module Aws::ACMPCA
     CreateCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityResponse')
     CreatePermissionRequest = Shapes::StructureShape.new(name: 'CreatePermissionRequest')
     CrlConfiguration = Shapes::StructureShape.new(name: 'CrlConfiguration')
+    CrlDistributionPointExtensionConfiguration = Shapes::StructureShape.new(name: 'CrlDistributionPointExtensionConfiguration')
     CsrBlob = Shapes::BlobShape.new(name: 'CsrBlob')
     CsrBody = Shapes::StringShape.new(name: 'CsrBody')
     CsrExtensions = Shapes::StructureShape.new(name: 'CsrExtensions')
@@ -258,8 +259,12 @@ module Aws::ACMPCA
     CrlConfiguration.add_member(:custom_cname, Shapes::ShapeRef.new(shape: CnameString, location_name: "CustomCname"))
     CrlConfiguration.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: S3BucketName3To255, location_name: "S3BucketName"))
     CrlConfiguration.add_member(:s3_object_acl, Shapes::ShapeRef.new(shape: S3ObjectAcl, location_name: "S3ObjectAcl"))
+    CrlConfiguration.add_member(:crl_distribution_point_extension_configuration, Shapes::ShapeRef.new(shape: CrlDistributionPointExtensionConfiguration, location_name: "CrlDistributionPointExtensionConfiguration"))
     CrlConfiguration.struct_class = Types::CrlConfiguration
 
+    CrlDistributionPointExtensionConfiguration.add_member(:omit_extension, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "OmitExtension", metadata: {"box"=>true}))
+    CrlDistributionPointExtensionConfiguration.struct_class = Types::CrlDistributionPointExtensionConfiguration
+
     CsrExtensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
     CsrExtensions.add_member(:subject_information_access, Shapes::ShapeRef.new(shape: AccessDescriptionList, location_name: "SubjectInformationAccess"))
     CsrExtensions.struct_class = Types::CsrExtensions

data/lib/aws-sdk-acmpca/endpoint_provider.rb

@@ -32,8 +32,8 @@ module Aws::ACMPCA
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-              if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
+              if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
                 return Aws::Endpoints::Endpoint.new(url: "https://acm-pca.#{region}.amazonaws.com", headers: {}, properties: {})
               end
               return Aws::Endpoints::Endpoint.new(url: "https://acm-pca-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})

data/lib/aws-sdk-acmpca/types.rb

@@ -640,9 +640,12 @@ module Aws::ACMPCA
     # Your private CA writes CRLs to an S3 bucket that you specify in the
     # **S3BucketName** parameter. You can hide the name of your bucket by
     # specifying a value for the **CustomCname** parameter. Your private CA
-    # copies the CNAME or the S3 bucket name to the **CRL Distribution
-    # Points** extension of each certificate it issues. Your S3 bucket
-    # policy must give write permission to Amazon Web Services Private CA.
+    # by default copies the CNAME or the S3 bucket name to the **CRL
+    # Distribution Points** extension of each certificate it issues. If you
+    # want to configure this default behavior to be something different, you
+    # can set the **CrlDistributionPointExtensionConfiguration** parameter.
+    # Your S3 bucket policy must give write permission to Amazon Web
+    # Services Private CA.
     #
     # Amazon Web Services Private CA assets that are stored in Amazon S3 can
     # be protected with encryption. For more information, see [Encrypting
@@ -798,6 +801,13 @@ module Aws::ACMPCA
     #   [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa
     #   @return [String]
     #
+    # @!attribute [rw] crl_distribution_point_extension_configuration
+    #   Configures the behavior of the CRL Distribution Point extension for
+    #   certificates issued by your certificate authority. If this field is
+    #   not provided, then the CRl Distribution Point Extension will be
+    #   present and contain the default CRL URL.
+    #   @return [Types::CrlDistributionPointExtensionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
     #
     class CrlConfiguration < Struct.new(
@@ -805,7 +815,38 @@ module Aws::ACMPCA
       :expiration_in_days,
       :custom_cname,
       :s3_bucket_name,
-      :s3_object_acl)
+      :s3_object_acl,
+      :crl_distribution_point_extension_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains configuration information for the default behavior of the CRL
+    # Distribution Point (CDP) extension in certificates issued by your CA.
+    # This extension contains a link to download the CRL, so you can check
+    # whether a certificate has been revoked. To choose whether you want
+    # this extension omitted or not in certificates issued by your CA, you
+    # can set the **OmitExtension** parameter.
+    #
+    # @!attribute [rw] omit_extension
+    #   Configures whether the CRL Distribution Point extension should be
+    #   populated with the default URL to the CRL. If set to `true`, then
+    #   the CDP extension will not be present in any certificates issued by
+    #   that CA unless otherwise specified through CSR or API passthrough.
+    #
+    #   <note markdown="1"> Only set this if you have another way to distribute the CRL
+    #   Distribution Points ffor certificates issued by your CA, such as the
+    #   Matter Distributed Compliance Ledger
+    #
+    #    This configuration cannot be enabled with a custom CNAME set.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlDistributionPointExtensionConfiguration AWS API Documentation
+    #
+    class CrlDistributionPointExtensionConfiguration < Struct.new(
+      :omit_extension)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1785,6 +1826,9 @@ module Aws::ACMPCA
     #   additional items exist beyond the number you specify, the
     #   `NextToken` element is sent in the response. Use this `NextToken`
     #   value in a subsequent request to retrieve additional items.
+    #
+    #   Although the maximum value is 1000, the action only returns a
+    #   maximum of 100 items.
     #   @return [Integer]
     #
     # @!attribute [rw] resource_owner

data/lib/aws-sdk-acmpca/waiters.rb

@@ -71,7 +71,7 @@ module Aws::ACMPCA
   # | --------------------------------- | ---------------------------------------------------- | -------- | ------------- |
   # | audit_report_created              | {Client#describe_certificate_authority_audit_report} | 3        | 60            |
   # | certificate_authority_csr_created | {Client#get_certificate_authority_csr}               | 3        | 60            |
-  # | certificate_issued                | {Client#get_certificate}                             | 3        | 60            |
+  # | certificate_issued                | {Client#get_certificate}                             | 1        | 60            |
   #
   module Waiters
 
@@ -169,14 +169,14 @@ module Aws::ACMPCA
       # @param [Hash] options
       # @option options [required, Client] :client
       # @option options [Integer] :max_attempts (60)
-      # @option options [Integer] :delay (3)
+      # @option options [Integer] :delay (1)
       # @option options [Proc] :before_attempt
       # @option options [Proc] :before_wait
       def initialize(options)
         @client = options.fetch(:client)
         @waiter = Aws::Waiters::Waiter.new({
           max_attempts: 60,
-          delay: 3,
+          delay: 1,
           poller: Aws::Waiters::Poller.new(
             operation_name: :get_certificate,
             acceptors: [

data/lib/aws-sdk-acmpca.rb

@@ -53,6 +53,6 @@ require_relative 'aws-sdk-acmpca/customizations'
 # @!group service
 module Aws::ACMPCA
 
-  GEM_VERSION = '1.63.0'
+  GEM_VERSION = '1.64.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.63.0
+  version: 1.64.0
 platform: ruby
 authors:
 - Amazon Web Services
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-28 00:00:00.000000000 Z
+date: 2024-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -73,7 +73,7 @@ licenses:
 metadata:
   source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-acmpca
   changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-acmpca/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -88,8 +88,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: AWS SDK for Ruby - ACM-PCA
 test_files: []