@aws-sdk/client-pca-connector-ad 3.403.0

package/dist-types/commands/CreateDirectoryRegistrationCommand.d.ts

@@ -0,0 +1,104 @@
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
+import { CreateDirectoryRegistrationRequest, CreateDirectoryRegistrationResponse } from "../models/models_0";
+import { PcaConnectorAdClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PcaConnectorAdClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateDirectoryRegistrationCommand}.
+ */
+export interface CreateDirectoryRegistrationCommandInput extends CreateDirectoryRegistrationRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link CreateDirectoryRegistrationCommand}.
+ */
+export interface CreateDirectoryRegistrationCommandOutput extends CreateDirectoryRegistrationResponse, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Creates a directory registration that authorizes communication between Amazon Web Services Private CA and an
+ *          Active Directory</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PcaConnectorAdClient, CreateDirectoryRegistrationCommand } from "@aws-sdk/client-pca-connector-ad"; // ES Modules import
+ * // const { PcaConnectorAdClient, CreateDirectoryRegistrationCommand } = require("@aws-sdk/client-pca-connector-ad"); // CommonJS import
+ * const client = new PcaConnectorAdClient(config);
+ * const input = { // CreateDirectoryRegistrationRequest
+ *   DirectoryId: "STRING_VALUE", // required
+ *   ClientToken: "STRING_VALUE",
+ *   Tags: { // Tags
+ *     "<keys>": "STRING_VALUE",
+ *   },
+ * };
+ * const command = new CreateDirectoryRegistrationCommand(input);
+ * const response = await client.send(command);
+ * // { // CreateDirectoryRegistrationResponse
+ * //   DirectoryRegistrationArn: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param CreateDirectoryRegistrationCommandInput - {@link CreateDirectoryRegistrationCommandInput}
+ * @returns {@link CreateDirectoryRegistrationCommandOutput}
+ * @see {@link CreateDirectoryRegistrationCommandInput} for command's `input` shape.
+ * @see {@link CreateDirectoryRegistrationCommandOutput} for command's `response` shape.
+ * @see {@link PcaConnectorAdClientResolvedConfig | config} for PcaConnectorAdClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You can receive this error if you attempt to create a resource share when you don't have
+ *          the required permissions. This can be caused by insufficient permissions in policies
+ *          attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen
+ *          because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP)
+ *          that affects your Amazon Web Services account. </p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request cannot be completed for one of the following reasons because the requested
+ *          resource was being concurrently modified by another request.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception or failure with
+ *          an internal server. </p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The operation tried to access a nonexistent resource. The resource might not be
+ *          specified correctly, or its status might not be ACTIVE.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The limit on the number of requests per second was exceeded. </p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>An input validation error occurred. For example, invalid characters in a template name,
+ *          or if a pagination token is invalid. </p>
+ *
+ * @throws {@link PcaConnectorAdServiceException}
+ * <p>Base exception class for all service exceptions from PcaConnectorAd service.</p>
+ *
+ */
+export declare class CreateDirectoryRegistrationCommand extends $Command<CreateDirectoryRegistrationCommandInput, CreateDirectoryRegistrationCommandOutput, PcaConnectorAdClientResolvedConfig> {
+    readonly input: CreateDirectoryRegistrationCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: CreateDirectoryRegistrationCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PcaConnectorAdClientResolvedConfig, options?: __HttpHandlerOptions): Handler<CreateDirectoryRegistrationCommandInput, CreateDirectoryRegistrationCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/CreateServicePrincipalNameCommand.d.ts

@@ -0,0 +1,101 @@
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
+import { CreateServicePrincipalNameRequest } from "../models/models_0";
+import { PcaConnectorAdClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PcaConnectorAdClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateServicePrincipalNameCommand}.
+ */
+export interface CreateServicePrincipalNameCommandInput extends CreateServicePrincipalNameRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link CreateServicePrincipalNameCommand}.
+ */
+export interface CreateServicePrincipalNameCommandOutput extends __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Creates a service principal name (SPN) for the service account in Active Directory. Kerberos
+ *          authentication uses SPNs to associate a service instance with a service sign-in
+ *          account.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PcaConnectorAdClient, CreateServicePrincipalNameCommand } from "@aws-sdk/client-pca-connector-ad"; // ES Modules import
+ * // const { PcaConnectorAdClient, CreateServicePrincipalNameCommand } = require("@aws-sdk/client-pca-connector-ad"); // CommonJS import
+ * const client = new PcaConnectorAdClient(config);
+ * const input = { // CreateServicePrincipalNameRequest
+ *   DirectoryRegistrationArn: "STRING_VALUE", // required
+ *   ConnectorArn: "STRING_VALUE", // required
+ *   ClientToken: "STRING_VALUE",
+ * };
+ * const command = new CreateServicePrincipalNameCommand(input);
+ * const response = await client.send(command);
+ * // {};
+ *
+ * ```
+ *
+ * @param CreateServicePrincipalNameCommandInput - {@link CreateServicePrincipalNameCommandInput}
+ * @returns {@link CreateServicePrincipalNameCommandOutput}
+ * @see {@link CreateServicePrincipalNameCommandInput} for command's `input` shape.
+ * @see {@link CreateServicePrincipalNameCommandOutput} for command's `response` shape.
+ * @see {@link PcaConnectorAdClientResolvedConfig | config} for PcaConnectorAdClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You can receive this error if you attempt to create a resource share when you don't have
+ *          the required permissions. This can be caused by insufficient permissions in policies
+ *          attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen
+ *          because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP)
+ *          that affects your Amazon Web Services account. </p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request cannot be completed for one of the following reasons because the requested
+ *          resource was being concurrently modified by another request.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception or failure with
+ *          an internal server. </p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The operation tried to access a nonexistent resource. The resource might not be
+ *          specified correctly, or its status might not be ACTIVE.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The limit on the number of requests per second was exceeded. </p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>An input validation error occurred. For example, invalid characters in a template name,
+ *          or if a pagination token is invalid. </p>
+ *
+ * @throws {@link PcaConnectorAdServiceException}
+ * <p>Base exception class for all service exceptions from PcaConnectorAd service.</p>
+ *
+ */
+export declare class CreateServicePrincipalNameCommand extends $Command<CreateServicePrincipalNameCommandInput, CreateServicePrincipalNameCommandOutput, PcaConnectorAdClientResolvedConfig> {
+    readonly input: CreateServicePrincipalNameCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: CreateServicePrincipalNameCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PcaConnectorAdClientResolvedConfig, options?: __HttpHandlerOptions): Handler<CreateServicePrincipalNameCommandInput, CreateServicePrincipalNameCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/CreateTemplateCommand.d.ts

@@ -0,0 +1,344 @@
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
+import { CreateTemplateRequest, CreateTemplateResponse } from "../models/models_0";
+import { PcaConnectorAdClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PcaConnectorAdClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateTemplateCommand}.
+ */
+export interface CreateTemplateCommandInput extends CreateTemplateRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link CreateTemplateCommand}.
+ */
+export interface CreateTemplateCommandOutput extends CreateTemplateResponse, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Creates an Active Directory compatible certificate template. The connectors issues certificates
+ *          using these templates based on the requester’s Active Directory group membership.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PcaConnectorAdClient, CreateTemplateCommand } from "@aws-sdk/client-pca-connector-ad"; // ES Modules import
+ * // const { PcaConnectorAdClient, CreateTemplateCommand } = require("@aws-sdk/client-pca-connector-ad"); // CommonJS import
+ * const client = new PcaConnectorAdClient(config);
+ * const input = { // CreateTemplateRequest
+ *   ConnectorArn: "STRING_VALUE", // required
+ *   Name: "STRING_VALUE", // required
+ *   Definition: { // TemplateDefinition Union: only one key present
+ *     TemplateV2: { // TemplateV2
+ *       CertificateValidity: { // CertificateValidity
+ *         ValidityPeriod: { // ValidityPeriod
+ *           PeriodType: "HOURS" || "DAYS" || "WEEKS" || "MONTHS" || "YEARS", // required
+ *           Period: Number("long"), // required
+ *         },
+ *         RenewalPeriod: {
+ *           PeriodType: "HOURS" || "DAYS" || "WEEKS" || "MONTHS" || "YEARS", // required
+ *           Period: Number("long"), // required
+ *         },
+ *       },
+ *       SupersededTemplates: [ // TemplateNameList
+ *         "STRING_VALUE",
+ *       ],
+ *       PrivateKeyAttributes: { // PrivateKeyAttributesV2
+ *         MinimalKeyLength: Number("int"), // required
+ *         KeySpec: "KEY_EXCHANGE" || "SIGNATURE", // required
+ *         CryptoProviders: [ // CryptoProvidersList
+ *           "STRING_VALUE",
+ *         ],
+ *       },
+ *       PrivateKeyFlags: { // PrivateKeyFlagsV2
+ *         ExportableKey: true || false,
+ *         StrongKeyProtectionRequired: true || false,
+ *         ClientVersion: "WINDOWS_SERVER_2003" || "WINDOWS_SERVER_2008" || "WINDOWS_SERVER_2008_R2" || "WINDOWS_SERVER_2012" || "WINDOWS_SERVER_2012_R2" || "WINDOWS_SERVER_2016", // required
+ *       },
+ *       EnrollmentFlags: { // EnrollmentFlagsV2
+ *         IncludeSymmetricAlgorithms: true || false,
+ *         UserInteractionRequired: true || false,
+ *         RemoveInvalidCertificateFromPersonalStore: true || false,
+ *         NoSecurityExtension: true || false,
+ *         EnableKeyReuseOnNtTokenKeysetStorageFull: true || false,
+ *       },
+ *       SubjectNameFlags: { // SubjectNameFlagsV2
+ *         SanRequireDomainDns: true || false,
+ *         SanRequireSpn: true || false,
+ *         SanRequireDirectoryGuid: true || false,
+ *         SanRequireUpn: true || false,
+ *         SanRequireEmail: true || false,
+ *         SanRequireDns: true || false,
+ *         RequireDnsAsCn: true || false,
+ *         RequireEmail: true || false,
+ *         RequireCommonName: true || false,
+ *         RequireDirectoryPath: true || false,
+ *       },
+ *       GeneralFlags: { // GeneralFlagsV2
+ *         AutoEnrollment: true || false,
+ *         MachineType: true || false,
+ *       },
+ *       Extensions: { // ExtensionsV2
+ *         KeyUsage: { // KeyUsage
+ *           Critical: true || false,
+ *           UsageFlags: { // KeyUsageFlags
+ *             DigitalSignature: true || false,
+ *             NonRepudiation: true || false,
+ *             KeyEncipherment: true || false,
+ *             DataEncipherment: true || false,
+ *             KeyAgreement: true || false,
+ *           },
+ *         },
+ *         ApplicationPolicies: { // ApplicationPolicies
+ *           Critical: true || false,
+ *           Policies: [ // ApplicationPolicyList // required
+ *             { // ApplicationPolicy Union: only one key present
+ *               PolicyType: "ALL_APPLICATION_POLICIES" || "ANY_PURPOSE" || "ATTESTATION_IDENTITY_KEY_CERTIFICATE" || "CERTIFICATE_REQUEST_AGENT" || "CLIENT_AUTHENTICATION" || "CODE_SIGNING" || "CTL_USAGE" || "DIGITAL_RIGHTS" || "DIRECTORY_SERVICE_EMAIL_REPLICATION" || "DISALLOWED_LIST" || "DNS_SERVER_TRUST" || "DOCUMENT_ENCRYPTION" || "DOCUMENT_SIGNING" || "DYNAMIC_CODE_GENERATOR" || "EARLY_LAUNCH_ANTIMALWARE_DRIVER" || "EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "ENCLAVE" || "ENCRYPTING_FILE_SYSTEM" || "ENDORSEMENT_KEY_CERTIFICATE" || "FILE_RECOVERY" || "HAL_EXTENSION" || "IP_SECURITY_END_SYSTEM" || "IP_SECURITY_IKE_INTERMEDIATE" || "IP_SECURITY_TUNNEL_TERMINATION" || "IP_SECURITY_USER" || "ISOLATED_USER_MODE" || "KDC_AUTHENTICATION" || "KERNEL_MODE_CODE_SIGNING" || "KEY_PACK_LICENSES" || "KEY_RECOVERY" || "KEY_RECOVERY_AGENT" || "LICENSE_SERVER_VERIFICATION" || "LIFETIME_SIGNING" || "MICROSOFT_PUBLISHER" || "MICROSOFT_TIME_STAMPING" || "MICROSOFT_TRUST_LIST_SIGNING" || "OCSP_SIGNING" || "OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "PLATFORM_CERTIFICATE" || "PREVIEW_BUILD_SIGNING" || "PRIVATE_KEY_ARCHIVAL" || "PROTECTED_PROCESS_LIGHT_VERIFICATION" || "PROTECTED_PROCESS_VERIFICATION" || "QUALIFIED_SUBORDINATION" || "REVOKED_LIST_SIGNER" || "ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION" || "ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION" || "ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL" || "ROOT_LIST_SIGNER" || "SECURE_EMAIL" || "SERVER_AUTHENTICATION" || "SMART_CARD_LOGIN" || "SPC_ENCRYPTED_DIGEST_RETRY_COUNT" || "SPC_RELAXED_PE_MARKER_CHECK" || "TIME_STAMPING" || "WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION" || "WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION" || "WINDOWS_HARDWARE_DRIVER_VERIFICATION" || "WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION" || "WINDOWS_KITS_COMPONENT" || "WINDOWS_RT_VERIFICATION" || "WINDOWS_SOFTWARE_EXTENSION_VERIFICATION" || "WINDOWS_STORE" || "WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "WINDOWS_TCB_COMPONENT" || "WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT" || "WINDOWS_UPDATE",
+ *               PolicyObjectIdentifier: "STRING_VALUE",
+ *             },
+ *           ],
+ *         },
+ *       },
+ *     },
+ *     TemplateV3: { // TemplateV3
+ *       CertificateValidity: {
+ *         ValidityPeriod: {
+ *           PeriodType: "HOURS" || "DAYS" || "WEEKS" || "MONTHS" || "YEARS", // required
+ *           Period: Number("long"), // required
+ *         },
+ *         RenewalPeriod: {
+ *           PeriodType: "HOURS" || "DAYS" || "WEEKS" || "MONTHS" || "YEARS", // required
+ *           Period: Number("long"), // required
+ *         },
+ *       },
+ *       SupersededTemplates: [
+ *         "STRING_VALUE",
+ *       ],
+ *       PrivateKeyAttributes: { // PrivateKeyAttributesV3
+ *         MinimalKeyLength: Number("int"), // required
+ *         KeySpec: "KEY_EXCHANGE" || "SIGNATURE", // required
+ *         CryptoProviders: [
+ *           "STRING_VALUE",
+ *         ],
+ *         KeyUsageProperty: { // KeyUsageProperty Union: only one key present
+ *           PropertyType: "ALL",
+ *           PropertyFlags: { // KeyUsagePropertyFlags
+ *             Decrypt: true || false,
+ *             KeyAgreement: true || false,
+ *             Sign: true || false,
+ *           },
+ *         },
+ *         Algorithm: "RSA" || "ECDH_P256" || "ECDH_P384" || "ECDH_P521", // required
+ *       },
+ *       PrivateKeyFlags: { // PrivateKeyFlagsV3
+ *         ExportableKey: true || false,
+ *         StrongKeyProtectionRequired: true || false,
+ *         RequireAlternateSignatureAlgorithm: true || false,
+ *         ClientVersion: "WINDOWS_SERVER_2008" || "WINDOWS_SERVER_2008_R2" || "WINDOWS_SERVER_2012" || "WINDOWS_SERVER_2012_R2" || "WINDOWS_SERVER_2016", // required
+ *       },
+ *       EnrollmentFlags: { // EnrollmentFlagsV3
+ *         IncludeSymmetricAlgorithms: true || false,
+ *         UserInteractionRequired: true || false,
+ *         RemoveInvalidCertificateFromPersonalStore: true || false,
+ *         NoSecurityExtension: true || false,
+ *         EnableKeyReuseOnNtTokenKeysetStorageFull: true || false,
+ *       },
+ *       SubjectNameFlags: { // SubjectNameFlagsV3
+ *         SanRequireDomainDns: true || false,
+ *         SanRequireSpn: true || false,
+ *         SanRequireDirectoryGuid: true || false,
+ *         SanRequireUpn: true || false,
+ *         SanRequireEmail: true || false,
+ *         SanRequireDns: true || false,
+ *         RequireDnsAsCn: true || false,
+ *         RequireEmail: true || false,
+ *         RequireCommonName: true || false,
+ *         RequireDirectoryPath: true || false,
+ *       },
+ *       GeneralFlags: { // GeneralFlagsV3
+ *         AutoEnrollment: true || false,
+ *         MachineType: true || false,
+ *       },
+ *       HashAlgorithm: "SHA256" || "SHA384" || "SHA512", // required
+ *       Extensions: { // ExtensionsV3
+ *         KeyUsage: {
+ *           Critical: true || false,
+ *           UsageFlags: {
+ *             DigitalSignature: true || false,
+ *             NonRepudiation: true || false,
+ *             KeyEncipherment: true || false,
+ *             DataEncipherment: true || false,
+ *             KeyAgreement: true || false,
+ *           },
+ *         },
+ *         ApplicationPolicies: {
+ *           Critical: true || false,
+ *           Policies: [ // required
+ *             {//  Union: only one key present
+ *               PolicyType: "ALL_APPLICATION_POLICIES" || "ANY_PURPOSE" || "ATTESTATION_IDENTITY_KEY_CERTIFICATE" || "CERTIFICATE_REQUEST_AGENT" || "CLIENT_AUTHENTICATION" || "CODE_SIGNING" || "CTL_USAGE" || "DIGITAL_RIGHTS" || "DIRECTORY_SERVICE_EMAIL_REPLICATION" || "DISALLOWED_LIST" || "DNS_SERVER_TRUST" || "DOCUMENT_ENCRYPTION" || "DOCUMENT_SIGNING" || "DYNAMIC_CODE_GENERATOR" || "EARLY_LAUNCH_ANTIMALWARE_DRIVER" || "EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "ENCLAVE" || "ENCRYPTING_FILE_SYSTEM" || "ENDORSEMENT_KEY_CERTIFICATE" || "FILE_RECOVERY" || "HAL_EXTENSION" || "IP_SECURITY_END_SYSTEM" || "IP_SECURITY_IKE_INTERMEDIATE" || "IP_SECURITY_TUNNEL_TERMINATION" || "IP_SECURITY_USER" || "ISOLATED_USER_MODE" || "KDC_AUTHENTICATION" || "KERNEL_MODE_CODE_SIGNING" || "KEY_PACK_LICENSES" || "KEY_RECOVERY" || "KEY_RECOVERY_AGENT" || "LICENSE_SERVER_VERIFICATION" || "LIFETIME_SIGNING" || "MICROSOFT_PUBLISHER" || "MICROSOFT_TIME_STAMPING" || "MICROSOFT_TRUST_LIST_SIGNING" || "OCSP_SIGNING" || "OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "PLATFORM_CERTIFICATE" || "PREVIEW_BUILD_SIGNING" || "PRIVATE_KEY_ARCHIVAL" || "PROTECTED_PROCESS_LIGHT_VERIFICATION" || "PROTECTED_PROCESS_VERIFICATION" || "QUALIFIED_SUBORDINATION" || "REVOKED_LIST_SIGNER" || "ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION" || "ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION" || "ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL" || "ROOT_LIST_SIGNER" || "SECURE_EMAIL" || "SERVER_AUTHENTICATION" || "SMART_CARD_LOGIN" || "SPC_ENCRYPTED_DIGEST_RETRY_COUNT" || "SPC_RELAXED_PE_MARKER_CHECK" || "TIME_STAMPING" || "WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION" || "WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION" || "WINDOWS_HARDWARE_DRIVER_VERIFICATION" || "WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION" || "WINDOWS_KITS_COMPONENT" || "WINDOWS_RT_VERIFICATION" || "WINDOWS_SOFTWARE_EXTENSION_VERIFICATION" || "WINDOWS_STORE" || "WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "WINDOWS_TCB_COMPONENT" || "WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT" || "WINDOWS_UPDATE",
+ *               PolicyObjectIdentifier: "STRING_VALUE",
+ *             },
+ *           ],
+ *         },
+ *       },
+ *     },
+ *     TemplateV4: { // TemplateV4
+ *       CertificateValidity: {
+ *         ValidityPeriod: {
+ *           PeriodType: "HOURS" || "DAYS" || "WEEKS" || "MONTHS" || "YEARS", // required
+ *           Period: Number("long"), // required
+ *         },
+ *         RenewalPeriod: "<ValidityPeriod>", // required
+ *       },
+ *       SupersededTemplates: [
+ *         "STRING_VALUE",
+ *       ],
+ *       PrivateKeyAttributes: { // PrivateKeyAttributesV4
+ *         MinimalKeyLength: Number("int"), // required
+ *         KeySpec: "KEY_EXCHANGE" || "SIGNATURE", // required
+ *         CryptoProviders: [
+ *           "STRING_VALUE",
+ *         ],
+ *         KeyUsageProperty: {//  Union: only one key present
+ *           PropertyType: "ALL",
+ *           PropertyFlags: {
+ *             Decrypt: true || false,
+ *             KeyAgreement: true || false,
+ *             Sign: true || false,
+ *           },
+ *         },
+ *         Algorithm: "RSA" || "ECDH_P256" || "ECDH_P384" || "ECDH_P521",
+ *       },
+ *       PrivateKeyFlags: { // PrivateKeyFlagsV4
+ *         ExportableKey: true || false,
+ *         StrongKeyProtectionRequired: true || false,
+ *         RequireAlternateSignatureAlgorithm: true || false,
+ *         RequireSameKeyRenewal: true || false,
+ *         UseLegacyProvider: true || false,
+ *         ClientVersion: "WINDOWS_SERVER_2012" || "WINDOWS_SERVER_2012_R2" || "WINDOWS_SERVER_2016", // required
+ *       },
+ *       EnrollmentFlags: { // EnrollmentFlagsV4
+ *         IncludeSymmetricAlgorithms: true || false,
+ *         UserInteractionRequired: true || false,
+ *         RemoveInvalidCertificateFromPersonalStore: true || false,
+ *         NoSecurityExtension: true || false,
+ *         EnableKeyReuseOnNtTokenKeysetStorageFull: true || false,
+ *       },
+ *       SubjectNameFlags: { // SubjectNameFlagsV4
+ *         SanRequireDomainDns: true || false,
+ *         SanRequireSpn: true || false,
+ *         SanRequireDirectoryGuid: true || false,
+ *         SanRequireUpn: true || false,
+ *         SanRequireEmail: true || false,
+ *         SanRequireDns: true || false,
+ *         RequireDnsAsCn: true || false,
+ *         RequireEmail: true || false,
+ *         RequireCommonName: true || false,
+ *         RequireDirectoryPath: true || false,
+ *       },
+ *       GeneralFlags: { // GeneralFlagsV4
+ *         AutoEnrollment: true || false,
+ *         MachineType: true || false,
+ *       },
+ *       HashAlgorithm: "SHA256" || "SHA384" || "SHA512",
+ *       Extensions: { // ExtensionsV4
+ *         KeyUsage: {
+ *           Critical: true || false,
+ *           UsageFlags: {
+ *             DigitalSignature: true || false,
+ *             NonRepudiation: true || false,
+ *             KeyEncipherment: true || false,
+ *             DataEncipherment: true || false,
+ *             KeyAgreement: true || false,
+ *           },
+ *         },
+ *         ApplicationPolicies: {
+ *           Critical: true || false,
+ *           Policies: [ // required
+ *             {//  Union: only one key present
+ *               PolicyType: "ALL_APPLICATION_POLICIES" || "ANY_PURPOSE" || "ATTESTATION_IDENTITY_KEY_CERTIFICATE" || "CERTIFICATE_REQUEST_AGENT" || "CLIENT_AUTHENTICATION" || "CODE_SIGNING" || "CTL_USAGE" || "DIGITAL_RIGHTS" || "DIRECTORY_SERVICE_EMAIL_REPLICATION" || "DISALLOWED_LIST" || "DNS_SERVER_TRUST" || "DOCUMENT_ENCRYPTION" || "DOCUMENT_SIGNING" || "DYNAMIC_CODE_GENERATOR" || "EARLY_LAUNCH_ANTIMALWARE_DRIVER" || "EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "ENCLAVE" || "ENCRYPTING_FILE_SYSTEM" || "ENDORSEMENT_KEY_CERTIFICATE" || "FILE_RECOVERY" || "HAL_EXTENSION" || "IP_SECURITY_END_SYSTEM" || "IP_SECURITY_IKE_INTERMEDIATE" || "IP_SECURITY_TUNNEL_TERMINATION" || "IP_SECURITY_USER" || "ISOLATED_USER_MODE" || "KDC_AUTHENTICATION" || "KERNEL_MODE_CODE_SIGNING" || "KEY_PACK_LICENSES" || "KEY_RECOVERY" || "KEY_RECOVERY_AGENT" || "LICENSE_SERVER_VERIFICATION" || "LIFETIME_SIGNING" || "MICROSOFT_PUBLISHER" || "MICROSOFT_TIME_STAMPING" || "MICROSOFT_TRUST_LIST_SIGNING" || "OCSP_SIGNING" || "OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "PLATFORM_CERTIFICATE" || "PREVIEW_BUILD_SIGNING" || "PRIVATE_KEY_ARCHIVAL" || "PROTECTED_PROCESS_LIGHT_VERIFICATION" || "PROTECTED_PROCESS_VERIFICATION" || "QUALIFIED_SUBORDINATION" || "REVOKED_LIST_SIGNER" || "ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION" || "ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION" || "ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL" || "ROOT_LIST_SIGNER" || "SECURE_EMAIL" || "SERVER_AUTHENTICATION" || "SMART_CARD_LOGIN" || "SPC_ENCRYPTED_DIGEST_RETRY_COUNT" || "SPC_RELAXED_PE_MARKER_CHECK" || "TIME_STAMPING" || "WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION" || "WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION" || "WINDOWS_HARDWARE_DRIVER_VERIFICATION" || "WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION" || "WINDOWS_KITS_COMPONENT" || "WINDOWS_RT_VERIFICATION" || "WINDOWS_SOFTWARE_EXTENSION_VERIFICATION" || "WINDOWS_STORE" || "WINDOWS_SYSTEM_COMPONENT_VERIFICATION" || "WINDOWS_TCB_COMPONENT" || "WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT" || "WINDOWS_UPDATE",
+ *               PolicyObjectIdentifier: "STRING_VALUE",
+ *             },
+ *           ],
+ *         },
+ *       },
+ *     },
+ *   },
+ *   ClientToken: "STRING_VALUE",
+ *   Tags: { // Tags
+ *     "<keys>": "STRING_VALUE",
+ *   },
+ * };
+ * const command = new CreateTemplateCommand(input);
+ * const response = await client.send(command);
+ * // { // CreateTemplateResponse
+ * //   TemplateArn: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param CreateTemplateCommandInput - {@link CreateTemplateCommandInput}
+ * @returns {@link CreateTemplateCommandOutput}
+ * @see {@link CreateTemplateCommandInput} for command's `input` shape.
+ * @see {@link CreateTemplateCommandOutput} for command's `response` shape.
+ * @see {@link PcaConnectorAdClientResolvedConfig | config} for PcaConnectorAdClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You can receive this error if you attempt to create a resource share when you don't have
+ *          the required permissions. This can be caused by insufficient permissions in policies
+ *          attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen
+ *          because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP)
+ *          that affects your Amazon Web Services account. </p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request cannot be completed for one of the following reasons because the requested
+ *          resource was being concurrently modified by another request.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception or failure with
+ *          an internal server. </p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The operation tried to access a nonexistent resource. The resource might not be
+ *          specified correctly, or its status might not be ACTIVE.</p>
+ *
+ * @throws {@link ServiceQuotaExceededException} (client fault)
+ *  <p>Request would cause a service quota to be exceeded.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The limit on the number of requests per second was exceeded. </p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>An input validation error occurred. For example, invalid characters in a template name,
+ *          or if a pagination token is invalid. </p>
+ *
+ * @throws {@link PcaConnectorAdServiceException}
+ * <p>Base exception class for all service exceptions from PcaConnectorAd service.</p>
+ *
+ */
+export declare class CreateTemplateCommand extends $Command<CreateTemplateCommandInput, CreateTemplateCommandOutput, PcaConnectorAdClientResolvedConfig> {
+    readonly input: CreateTemplateCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: CreateTemplateCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PcaConnectorAdClientResolvedConfig, options?: __HttpHandlerOptions): Handler<CreateTemplateCommandInput, CreateTemplateCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/CreateTemplateGroupAccessControlEntryCommand.d.ts

@@ -0,0 +1,108 @@
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
+import { CreateTemplateGroupAccessControlEntryRequest } from "../models/models_0";
+import { PcaConnectorAdClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PcaConnectorAdClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateTemplateGroupAccessControlEntryCommand}.
+ */
+export interface CreateTemplateGroupAccessControlEntryCommandInput extends CreateTemplateGroupAccessControlEntryRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link CreateTemplateGroupAccessControlEntryCommand}.
+ */
+export interface CreateTemplateGroupAccessControlEntryCommandOutput extends __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or
+ *          autoenrolling with the template based on the group security identifiers (SIDs).</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PcaConnectorAdClient, CreateTemplateGroupAccessControlEntryCommand } from "@aws-sdk/client-pca-connector-ad"; // ES Modules import
+ * // const { PcaConnectorAdClient, CreateTemplateGroupAccessControlEntryCommand } = require("@aws-sdk/client-pca-connector-ad"); // CommonJS import
+ * const client = new PcaConnectorAdClient(config);
+ * const input = { // CreateTemplateGroupAccessControlEntryRequest
+ *   TemplateArn: "STRING_VALUE", // required
+ *   GroupSecurityIdentifier: "STRING_VALUE", // required
+ *   GroupDisplayName: "STRING_VALUE", // required
+ *   AccessRights: { // AccessRights
+ *     Enroll: "ALLOW" || "DENY",
+ *     AutoEnroll: "ALLOW" || "DENY",
+ *   },
+ *   ClientToken: "STRING_VALUE",
+ * };
+ * const command = new CreateTemplateGroupAccessControlEntryCommand(input);
+ * const response = await client.send(command);
+ * // {};
+ *
+ * ```
+ *
+ * @param CreateTemplateGroupAccessControlEntryCommandInput - {@link CreateTemplateGroupAccessControlEntryCommandInput}
+ * @returns {@link CreateTemplateGroupAccessControlEntryCommandOutput}
+ * @see {@link CreateTemplateGroupAccessControlEntryCommandInput} for command's `input` shape.
+ * @see {@link CreateTemplateGroupAccessControlEntryCommandOutput} for command's `response` shape.
+ * @see {@link PcaConnectorAdClientResolvedConfig | config} for PcaConnectorAdClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You can receive this error if you attempt to create a resource share when you don't have
+ *          the required permissions. This can be caused by insufficient permissions in policies
+ *          attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen
+ *          because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP)
+ *          that affects your Amazon Web Services account. </p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request cannot be completed for one of the following reasons because the requested
+ *          resource was being concurrently modified by another request.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception or failure with
+ *          an internal server. </p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The operation tried to access a nonexistent resource. The resource might not be
+ *          specified correctly, or its status might not be ACTIVE.</p>
+ *
+ * @throws {@link ServiceQuotaExceededException} (client fault)
+ *  <p>Request would cause a service quota to be exceeded.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The limit on the number of requests per second was exceeded. </p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>An input validation error occurred. For example, invalid characters in a template name,
+ *          or if a pagination token is invalid. </p>
+ *
+ * @throws {@link PcaConnectorAdServiceException}
+ * <p>Base exception class for all service exceptions from PcaConnectorAd service.</p>
+ *
+ */
+export declare class CreateTemplateGroupAccessControlEntryCommand extends $Command<CreateTemplateGroupAccessControlEntryCommandInput, CreateTemplateGroupAccessControlEntryCommandOutput, PcaConnectorAdClientResolvedConfig> {
+    readonly input: CreateTemplateGroupAccessControlEntryCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: CreateTemplateGroupAccessControlEntryCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PcaConnectorAdClientResolvedConfig, options?: __HttpHandlerOptions): Handler<CreateTemplateGroupAccessControlEntryCommandInput, CreateTemplateGroupAccessControlEntryCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}