acmpca – github.com/aws/aws-sdk-go-v2/service/acmpca Index | Files | Directories

package acmpca

import "github.com/aws/aws-sdk-go-v2/service/acmpca"

Index

Constants 

const ServiceAPIVersion = "2017-08-22"
const ServiceID = "ACM PCA"

Functions

func AddResolveEndpointMiddleware 

func AddResolveEndpointMiddleware(stack *middleware.Stack, options ResolveEndpointMiddlewareOptions)

func NewDefaultEndpointResolver 

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

func RemoveResolveEndpointMiddleware 

func RemoveResolveEndpointMiddleware(stack *middleware.Stack) error

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

This is the ACM Private CA API Reference. It provides descriptions, syntax, and usage examples for each of the actions and data types involved in creating and managing private certificate authorities (CA) for your organization. The documentation for each action shows the Query API request parameters and the XML response. Alternatively, you can use one of the AWS SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see AWS SDKs (https://aws.amazon.com/tools/#SDKs). Each ACM Private CA API action has a throttling limit which determines the number of times the action can be called per second. For more information, see API Rate Limits in ACM Private CA (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaLimits.html#PcaLimits-api) in the ACM Private CA user guide.

func New 

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig 

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) CreateCertificateAuthority 

func (c *Client) CreateCertificateAuthority(ctx context.Context, params *CreateCertificateAuthorityInput, optFns ...func(*Options)) (*CreateCertificateAuthorityOutput, error)

Creates a root or subordinate private certificate authority (CA). You must specify the CA configuration, the certificate revocation list (CRL) configuration, the CA type, and an optional idempotency token to avoid accidental creation of multiple CAs. The CA configuration specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing algorithm that the CA uses, and X.500 subject information. The CRL configuration specifies the CRL expiration period in days (the validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is included in certificates issued by the CA. If successful, this action returns the Amazon Resource Name (ARN) of the CA.

func (*Client) CreateCertificateAuthorityAuditReport 

func (c *Client) CreateCertificateAuthorityAuditReport(ctx context.Context, params *CreateCertificateAuthorityAuditReportInput, optFns ...func(*Options)) (*CreateCertificateAuthorityAuditReportOutput, error)

Creates an audit report that lists every time that your CA private key is used. The report is saved in the Amazon S3 bucket that you specify on input. The IssueCertificate () and RevokeCertificate () actions use the private key.

func (*Client) CreatePermission 

func (c *Client) CreatePermission(ctx context.Context, params *CreatePermissionInput, optFns ...func(*Options)) (*CreatePermissionOutput, error)

Assigns permissions from a private CA to a designated AWS service. Services are specified by their service principals and can be given permission to create and retrieve certificates on a private CA. Services can also be given permission to list the active permissions that the private CA has granted. For ACM to automatically renew your private CA's certificates, you must assign all possible permissions from the CA to the ACM service principal. At this time, you can only assign permissions to ACM (acm.amazonaws.com). Permissions can be revoked with the DeletePermission () action and listed with the ListPermissions () action.

func (*Client) DeleteCertificateAuthority 

func (c *Client) DeleteCertificateAuthority(ctx context.Context, params *DeleteCertificateAuthorityInput, optFns ...func(*Options)) (*DeleteCertificateAuthorityOutput, error)

Deletes a private certificate authority (CA). You must provide the Amazon Resource Name (ARN) of the private CA that you want to delete. You can find the ARN by calling the ListCertificateAuthorities () action. Deleting a CA will invalidate other CAs and certificates below it in your CA hierarchy. Before you can delete a CA that you have created and activated, you must disable it. To do this, call the UpdateCertificateAuthority () action and set the CertificateAuthorityStatus parameter to DISABLED. Additionally, you can delete a CA if you are waiting for it to be created (that is, the status of the CA is CREATING). You can also delete it if the CA has been created but you haven't yet imported the signed certificate into ACM Private CA (that is, the status of the CA is PENDING_CERTIFICATE). When you successfully call DeleteCertificateAuthority (), the CA's status changes to DELETED. However, the CA won't be permanently deleted until the restoration period has passed. By default, if you do not set the PermanentDeletionTimeInDays parameter, the CA remains restorable for 30 days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority () action returns the time remaining in the restoration window of a private CA in the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority () action.

func (*Client) DeletePermission 

func (c *Client) DeletePermission(ctx context.Context, params *DeletePermissionInput, optFns ...func(*Options)) (*DeletePermissionOutput, error)

Revokes permissions that a private CA assigned to a designated AWS service. Permissions can be created with the CreatePermission () action and listed with the ListPermissions () action.

func (*Client) DescribeCertificateAuthority 

func (c *Client) DescribeCertificateAuthority(ctx context.Context, params *DescribeCertificateAuthorityInput, optFns ...func(*Options)) (*DescribeCertificateAuthorityOutput, error)

Lists information about your private certificate authority (CA). You specify the private CA on input by its ARN (Amazon Resource Name). The output contains the status of your CA. This can be any of the following:

Private CA is creating your private certificate authority. 

*

PENDING_CERTIFICATE - The certificate is pending. You must use your ACM Private CA-hosted or on-premises root or subordinate CA to sign your private CA CSR and then import it into PCA.

DISABLED - Your private CA has been disabled.

certificate has expired.

fail because of problems such a network outage or backend AWS failure or other errors. A failed CA can never return to the pending state. You must create a new CA.

which it is permanently deleted. The length of time remaining in the CA's restoration period is also included in this action's output.

func (*Client) DescribeCertificateAuthorityAuditReport 

func (c *Client) DescribeCertificateAuthorityAuditReport(ctx context.Context, params *DescribeCertificateAuthorityAuditReportInput, optFns ...func(*Options)) (*DescribeCertificateAuthorityAuditReportOutput, error)

Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport () action. Audit information is created every time the certificate authority (CA) private key is used. The private key is used when you call the IssueCertificate () action or the RevokeCertificate () action.

func (*Client) GetCertificate 

func (c *Client) GetCertificate(ctx context.Context, params *GetCertificateInput, optFns ...func(*Options)) (*GetCertificateOutput, error)

Retrieves a certificate from your private CA. The ARN of the certificate is returned when you call the IssueCertificate () action. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the GetCertificate action. You can retrieve the certificate if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport () action to create a report that contains information about all of the certificates issued and revoked by your private CA.

func (*Client) GetCertificateAuthorityCertificate 

func (c *Client) GetCertificateAuthorityCertificate(ctx context.Context, params *GetCertificateAuthorityCertificateInput, optFns ...func(*Options)) (*GetCertificateAuthorityCertificateOutput, error)

Retrieves the certificate and certificate chain for your private certificate authority (CA). Both the certificate and the chain are base64 PEM-encoded. The chain does not include the CA certificate. Each certificate in the chain signs the one before it.

func (*Client) GetCertificateAuthorityCsr 

func (c *Client) GetCertificateAuthorityCsr(ctx context.Context, params *GetCertificateAuthorityCsrInput, optFns ...func(*Options)) (*GetCertificateAuthorityCsrOutput, error)

Retrieves the certificate signing request (CSR) for your private certificate authority (CA). The CSR is created when you call the CreateCertificateAuthority () action. Sign the CSR with your ACM Private CA-hosted or on-premises root or subordinate CA. Then import the signed certificate back into ACM Private CA by calling the ImportCertificateAuthorityCertificate () action. The CSR is returned as a base64 PEM-encoded string.

func (*Client) ImportCertificateAuthorityCertificate 

func (c *Client) ImportCertificateAuthorityCertificate(ctx context.Context, params *ImportCertificateAuthorityCertificateInput, optFns ...func(*Options)) (*ImportCertificateAuthorityCertificateOutput, error)

Imports a signed private CA certificate into ACM Private CA. This action is used when you are using a chain of trust whose root is located outside ACM Private CA. Before you can call this action, the following preparations must in place: <ol> <li> <p>In ACM Private CA, call the <a>CreateCertificateAuthority</a> action to create the private CA that that you plan to back with the imported certificate.</p> </li> <li> <p>Call the <a>GetCertificateAuthorityCsr</a> action to generate a certificate signing request (CSR).</p> </li> <li> <p>Sign the CSR using a root or intermediate CA hosted either by an on-premises PKI hierarchy or a commercial CA..</p> </li> <li> <p>Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.</p> </li> </ol> <p>The following requirements apply when you import a CA certificate.</p> <ul> <li> <p>You cannot import a non-self-signed certificate for use as a root CA.</p> </li> <li> <p>You cannot import a self-signed certificate for use as a subordinate CA.</p> </li> <li> <p>Your certificate chain must not include the private CA certificate that you are importing.</p> </li> <li> <p>Your ACM Private CA-hosted or on-premises CA certificate must be the last certificate in your chain. The subordinate certificate, if any, that your root CA signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next, and so on until your chain is built. </p> </li> <li> <p>The chain must be PEM-encoded.</p> </li> </ul>

func (*Client) IssueCertificate 

func (c *Client) IssueCertificate(ctx context.Context, params *IssueCertificateInput, optFns ...func(*Options)) (*IssueCertificateOutput, error)

Uses your private certificate authority (CA) to issue a client certificate. This action returns the Amazon Resource Name (ARN) of the certificate. You can retrieve the certificate by calling the GetCertificate () action and specifying the ARN. You cannot use the ACM ListCertificateAuthorities action to retrieve the ARNs of the certificates that you issue by using ACM Private CA.

func (*Client) ListCertificateAuthorities 

func (c *Client) ListCertificateAuthorities(ctx context.Context, params *ListCertificateAuthoritiesInput, optFns ...func(*Options)) (*ListCertificateAuthoritiesOutput, error)

Lists the private certificate authorities that you created by using the CreateCertificateAuthority () action.

func (*Client) ListPermissions 

func (c *Client) ListPermissions(ctx context.Context, params *ListPermissionsInput, optFns ...func(*Options)) (*ListPermissionsOutput, error)

Lists all the permissions, if any, that have been assigned by a private CA. Permissions can be granted with the CreatePermission () action and revoked with the DeletePermission () action.

func (*Client) ListTags 

func (c *Client) ListTags(ctx context.Context, params *ListTagsInput, optFns ...func(*Options)) (*ListTagsOutput, error)

Lists the tags, if any, that are associated with your private CA. Tags are labels that you can use to identify and organize your CAs. Each tag consists of a key and an optional value. Call the TagCertificateAuthority () action to add one or more tags to your CA. Call the UntagCertificateAuthority () action to remove tags.

func (*Client) RestoreCertificateAuthority 

func (c *Client) RestoreCertificateAuthority(ctx context.Context, params *RestoreCertificateAuthorityInput, optFns ...func(*Options)) (*RestoreCertificateAuthorityOutput, error)

Restores a certificate authority (CA) that is in the DELETED state. You can restore a CA during the period that you defined in the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthority () action. Currently, you can specify 7 to 30 days. If you did not specify a PermanentDeletionTimeInDays value, by default you can restore the CA at any time in a 30 day period. You can check the time remaining in the restoration period of a private CA in the DELETED state by calling the DescribeCertificateAuthority () or ListCertificateAuthorities () actions. The status of a restored CA is set to its pre-deletion status when the RestoreCertificateAuthority action returns. To change its status to ACTIVE, call the UpdateCertificateAuthority () action. If the private CA was in the PENDING_CERTIFICATE state at deletion, you must use the ImportCertificateAuthorityCertificate () action to import a certificate authority into the private CA before it can be activated. You cannot restore a CA after the restoration period has ended.

func (*Client) RevokeCertificate 

func (c *Client) RevokeCertificate(ctx context.Context, params *RevokeCertificateInput, optFns ...func(*Options)) (*RevokeCertificateOutput, error)

Revokes a certificate that was issued inside ACM Private CA. If you enable a certificate revocation list (CRL) when you create or update your private CA, information about the revoked certificates will be included in the CRL. ACM Private CA writes the CRL to an S3 bucket that you specify. For more information about revocation, see the CrlConfiguration () structure. ACM Private CA also writes revocation information to the audit report. For more information, see CreateCertificateAuthorityAuditReport (). You cannot revoke a root CA self-signed certificate.

func (*Client) TagCertificateAuthority 

func (c *Client) TagCertificateAuthority(ctx context.Context, params *TagCertificateAuthorityInput, optFns ...func(*Options)) (*TagCertificateAuthorityOutput, error)

Adds one or more tags to your private CA. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. You specify the private CA on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value pair. You can apply a tag to just one private CA if you want to identify a specific characteristic of that CA, or you can apply the same tag to multiple private CAs if you want to filter for a common relationship among those CAs. To remove one or more tags, use the UntagCertificateAuthority () action. Call the ListTags () action to see what tags are associated with your CA.

func (*Client) UntagCertificateAuthority 

func (c *Client) UntagCertificateAuthority(ctx context.Context, params *UntagCertificateAuthorityInput, optFns ...func(*Options)) (*UntagCertificateAuthorityOutput, error)

Remove one or more tags from your private CA. A tag consists of a key-value pair. If you do not specify the value portion of the tag when calling this action, the tag will be removed regardless of value. If you specify a value, the tag is removed only if it is associated with the specified value. To add tags to a private CA, use the TagCertificateAuthority (). Call the ListTags () action to see what tags are associated with your CA.

func (*Client) UpdateCertificateAuthority 

func (c *Client) UpdateCertificateAuthority(ctx context.Context, params *UpdateCertificateAuthorityInput, optFns ...func(*Options)) (*UpdateCertificateAuthorityOutput, error)

Updates the status or configuration of a private certificate authority (CA). Your private CA must be in the ACTIVE or DISABLED state before you can update it. You can disable a private CA that is in the ACTIVE state or make a CA that is in the DISABLED state active again.

type CreateCertificateAuthorityAuditReportInput 

type CreateCertificateAuthorityAuditReportInput struct {

	// The Amazon Resource Name (ARN) of the CA to be audited. This is of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string

	// The format in which to create the report. This can be either JSON or CSV.
	//
	// This member is required.
	AuditReportResponseFormat types.AuditReportResponseFormat

	// The name of the S3 bucket that will contain the audit report.
	//
	// This member is required.
	S3BucketName *string
}

type CreateCertificateAuthorityAuditReportOutput 

type CreateCertificateAuthorityAuditReportOutput struct {

	// An alphanumeric string that contains a report identifier.
	AuditReportId *string

	// The key that uniquely identifies the report file in your S3 bucket.
	S3Key *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type CreateCertificateAuthorityInput 

type CreateCertificateAuthorityInput struct {

	// Contains a Boolean value that you can use to enable a certification revocation
	// list (CRL) for the CA, the name of the S3 bucket to which ACM Private CA will
	// write the CRL, and an optional CNAME alias that you can use to hide the name of
	// your bucket in the CRL Distribution Points extension of your CA certificate. For
	// more information, see the CrlConfiguration () structure.
	RevocationConfiguration *types.RevocationConfiguration

	// The type of the certificate authority.
	//
	// This member is required.
	CertificateAuthorityType types.CertificateAuthorityType

	// Name and bit size of the private key algorithm, the name of the signing
	// algorithm, and X.500 certificate subject information.
	//
	// This member is required.
	CertificateAuthorityConfiguration *types.CertificateAuthorityConfiguration

	// Alphanumeric string that can be used to distinguish between calls to
	// CreateCertificateAuthority. Idempotency tokens time out after five minutes.
	// Therefore, if you call CreateCertificateAuthority multiple times with the same
	// idempotency token within a five minute period, ACM Private CA recognizes that
	// you are requesting only one certificate. As a result, ACM Private CA issues only
	// one. If you change the idempotency token for each call, however, ACM Private CA
	// recognizes that you are requesting multiple certificates.
	IdempotencyToken *string

	// Key-value pairs that will be attached to the new private CA. You can associate
	// up to 50 tags with a private CA. For information using tags with IAM to manage
	// permissions, see Controlling Access Using IAM Tags
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html).
	Tags []*types.Tag
}

type CreateCertificateAuthorityOutput 

type CreateCertificateAuthorityOutput struct {

	// If successful, the Amazon Resource Name (ARN) of the certificate authority (CA).
	// This is of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	CertificateAuthorityArn *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type CreatePermissionInput 

type CreatePermissionInput struct {

	// The actions that the specified AWS service principal can use. These include
	// IssueCertificate, GetCertificate, and ListPermissions.
	//
	// This member is required.
	Actions []types.ActionType

	// The AWS service or identity that receives the permission. At this time, the only
	// valid principal is acm.amazonaws.com.
	//
	// This member is required.
	Principal *string

	// The ID of the calling account.
	SourceAccount *string

	// The Amazon Resource Name (ARN) of the CA that grants the permissions. You can
	// find the ARN by calling the ListCertificateAuthorities () action. This must have
	// the following form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type CreatePermissionOutput 

type CreatePermissionOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type DeleteCertificateAuthorityInput 

type DeleteCertificateAuthorityInput struct {

	// The number of days to make a CA restorable after it has been deleted. This can
	// be anywhere from 7 to 30 days, with 30 being the default.
	PermanentDeletionTimeInDays *int32

	// The Amazon Resource Name (ARN) that was returned when you called
	// CreateCertificateAuthority (). This must have the following form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type DeleteCertificateAuthorityOutput 

type DeleteCertificateAuthorityOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type DeletePermissionInput 

type DeletePermissionInput struct {

	// The Amazon Resource Number (ARN) of the private CA that issued the permissions.
	// You can find the CA's ARN by calling the ListCertificateAuthorities () action.
	// This must have the following form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string

	// The AWS account that calls this action.
	SourceAccount *string

	// The AWS service or identity that will have its CA permissions revoked. At this
	// time, the only valid service principal is acm.amazonaws.com
	//
	// This member is required.
	Principal *string
}

type DeletePermissionOutput 

type DeletePermissionOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type DescribeCertificateAuthorityAuditReportInput 

type DescribeCertificateAuthorityAuditReportInput struct {

	// The report ID returned by calling the CreateCertificateAuthorityAuditReport ()
	// action.
	//
	// This member is required.
	AuditReportId *string

	// The Amazon Resource Name (ARN) of the private CA. This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type DescribeCertificateAuthorityAuditReportOutput 

type DescribeCertificateAuthorityAuditReportOutput struct {

	// Specifies whether report creation is in progress, has succeeded, or has failed.
	AuditReportStatus types.AuditReportStatus

	// Name of the S3 bucket that contains the report.
	S3BucketName *string

	// S3 key that uniquely identifies the report file in your S3 bucket.
	S3Key *string

	// The date and time at which the report was created.
	CreatedAt *time.Time

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type DescribeCertificateAuthorityInput 

type DescribeCertificateAuthorityInput struct {

	// The Amazon Resource Name (ARN) that was returned when you called
	// CreateCertificateAuthority (). This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type DescribeCertificateAuthorityOutput 

type DescribeCertificateAuthorityOutput struct {

	// A CertificateAuthority () structure that contains information about your private
	// CA.
	CertificateAuthority *types.CertificateAuthority

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type EndpointResolver 

type EndpointResolver interface {
	ResolveEndpoint(region string, options ResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func WithEndpointResolver 

func WithEndpointResolver(awsResolver aws.EndpointResolver, fallbackResolver EndpointResolver) EndpointResolver

WithEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver. If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided fallbackResolver for resolution. awsResolver and fallbackResolver must not be nil

type EndpointResolverFunc 

type EndpointResolverFunc func(region string, options ResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint 

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options ResolverOptions) (endpoint aws.Endpoint, err error)

type GetCertificateAuthorityCertificateInput 

type GetCertificateAuthorityCertificateInput struct {

	// The Amazon Resource Name (ARN) of your private CA. This is of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type GetCertificateAuthorityCertificateOutput 

type GetCertificateAuthorityCertificateOutput struct {

	// Base64-encoded certificate chain that includes any intermediate certificates and
	// chains up to root on-premises certificate that you used to sign your private CA
	// certificate. The chain does not include your private CA certificate. If this is
	// a root CA, the value will be null.
	CertificateChain *string

	// Base64-encoded certificate authority (CA) certificate.
	Certificate *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type GetCertificateAuthorityCsrInput 

type GetCertificateAuthorityCsrInput struct {

	// The Amazon Resource Name (ARN) that was returned when you called the
	// CreateCertificateAuthority () action. This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type GetCertificateAuthorityCsrOutput 

type GetCertificateAuthorityCsrOutput struct {

	// The base64 PEM-encoded certificate signing request (CSR) for your private CA
	// certificate.
	Csr *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type GetCertificateInput 

type GetCertificateInput struct {

	// The ARN of the issued certificate. The ARN contains the certificate serial
	// number and must be in the following form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
	//
	// This member is required.
	CertificateArn *string

	// The Amazon Resource Name (ARN) that was returned when you called
	// CreateCertificateAuthority (). This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// .
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type GetCertificateOutput 

type GetCertificateOutput struct {

	// The base64 PEM-encoded certificate chain that chains up to the on-premises root
	// CA certificate that you used to sign your private CA certificate.
	CertificateChain *string

	// The base64 PEM-encoded certificate specified by the CertificateArn parameter.
	Certificate *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type HTTPClient 

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time) error
}

type ImportCertificateAuthorityCertificateInput 

type ImportCertificateAuthorityCertificateInput struct {

	// A PEM-encoded file that contains all of your certificates, other than the
	// certificate you're importing, chaining up to your root CA. Your ACM Private
	// CA-hosted or on-premises root certificate is the last in the chain, and each
	// certificate in the chain signs the one preceding. This parameter must be
	// supplied when you import a subordinate CA. When you import a root CA, there is
	// no chain.
	CertificateChain []byte

	// The Amazon Resource Name (ARN) that was returned when you called
	// CreateCertificateAuthority (). This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string

	// The PEM-encoded certificate for a private CA. This may be a self-signed
	// certificate in the case of a root CA, or it may be signed by another CA that you
	// control.
	//
	// This member is required.
	Certificate []byte
}

type ImportCertificateAuthorityCertificateOutput 

type ImportCertificateAuthorityCertificateOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type IssueCertificateInput 

type IssueCertificateInput struct {

	// The Amazon Resource Name (ARN) that was returned when you called
	// CreateCertificateAuthority (). This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string

	// The certificate signing request (CSR) for the certificate you want to issue. You
	// can use the following OpenSSL command to create the CSR and a 2048 bit RSA
	// private key. openssl req -new -newkey rsa:2048 -days 365 -keyout
	// private/test_cert_priv_key.pem -out csr/test_cert_.csr If you have a
	// configuration file, you can use the following OpenSSL command. The usr_cert
	// block in the configuration file contains your X509 version 3 extensions. openssl
	// req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days
	// -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
	//
	// This member is required.
	Csr []byte

	// Specifies a custom configuration template to use when issuing a certificate. If
	// this parameter is not provided, ACM Private CA defaults to the
	// EndEntityCertificate/V1 template. The following service-owned TemplateArn values
	// are supported by ACM Private CA:
	//
	//     *
	// arn:aws:acm-pca:::template/EndEntityCertificate/V1
	//
	//     *
	// arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1
	//
	//     *
	// arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1
	//
	//     *
	// arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1
	//
	//     *
	// arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1
	//
	//     *
	// arn:aws:acm-pca:::template/RootCACertificate/V1
	//
	// For more information, see Using
	// Templates
	// (https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html).
	TemplateArn *string

	// The type of the validity period.
	//
	// This member is required.
	Validity *types.Validity

	// Custom string that can be used to distinguish between calls to the
	// IssueCertificate action. Idempotency tokens time out after one hour. Therefore,
	// if you call IssueCertificate multiple times with the same idempotency token
	// within 5 minutes, ACM Private CA recognizes that you are requesting only one
	// certificate and will issue only one. If you change the idempotency token for
	// each call, PCA recognizes that you are requesting multiple certificates.
	IdempotencyToken *string

	// The name of the algorithm that will be used to sign the certificate to be
	// issued.
	//
	// This member is required.
	SigningAlgorithm types.SigningAlgorithm
}

type IssueCertificateOutput 

type IssueCertificateOutput struct {

	// The Amazon Resource Name (ARN) of the issued certificate and the certificate
	// serial number. This is of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
	CertificateArn *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ListCertificateAuthoritiesInput 

type ListCertificateAuthoritiesInput struct {

	// Use this parameter when paginating results to specify the maximum number of
	// items to return in the response on each page. If additional items exist beyond
	// the number you specify, the NextToken element is sent in the response. Use this
	// NextToken value in a subsequent request to retrieve additional items.
	MaxResults *int32

	// Use this parameter when paginating results in a subsequent request after you
	// receive a response with truncated results. Set it to the value of the NextToken
	// parameter from the response you just received.
	NextToken *string
}

type ListCertificateAuthoritiesOutput 

type ListCertificateAuthoritiesOutput struct {

	// When the list is truncated, this value is present and should be used for the
	// NextToken parameter in a subsequent pagination request.
	NextToken *string

	// Summary information about each certificate authority you have created.
	CertificateAuthorities []*types.CertificateAuthority

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ListPermissionsInput 

type ListPermissionsInput struct {

	// When paginating results, use this parameter in a subsequent request after you
	// receive a response with truncated results. Set it to the value of NextToken from
	// the response you just received.
	NextToken *string

	// When paginating results, use this parameter to specify the maximum number of
	// items to return in the response. If additional items exist beyond the number you
	// specify, the NextToken element is sent in the response. Use this NextToken value
	// in a subsequent request to retrieve additional items.
	MaxResults *int32

	// The Amazon Resource Number (ARN) of the private CA to inspect. You can find the
	// ARN by calling the ListCertificateAuthorities () action. This must be of the
	// form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	// You can get a private CA's ARN by running the ListCertificateAuthorities ()
	// action.
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type ListPermissionsOutput 

type ListPermissionsOutput struct {

	// Summary information about each permission assigned by the specified private CA,
	// including the action enabled, the policy provided, and the time of creation.
	Permissions []*types.Permission

	// When the list is truncated, this value is present and should be used for the
	// NextToken parameter in a subsequent pagination request.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type ListTagsInput 

type ListTagsInput struct {

	// Use this parameter when paginating results to specify the maximum number of
	// items to return in the response. If additional items exist beyond the number you
	// specify, the NextToken element is sent in the response. Use this NextToken value
	// in a subsequent request to retrieve additional items.
	MaxResults *int32

	// Use this parameter when paginating results in a subsequent request after you
	// receive a response with truncated results. Set it to the value of NextToken from
	// the response you just received.
	NextToken *string

	// The Amazon Resource Name (ARN) that was returned when you called the
	// CreateCertificateAuthority () action. This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type ListTagsOutput 

type ListTagsOutput struct {

	// When the list is truncated, this value is present and should be used for the
	// NextToken parameter in a subsequent pagination request.
	NextToken *string

	// The tags associated with your private CA.
	Tags []*types.Tag

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type Options 

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions ResolverOptions

	// The service endpoint resolver.
	EndpointResolver EndpointResolver

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// The region to send requests to. (Required)
	Region string

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer.
	Retryer retry.Retryer

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient
}

func (Options) Copy 

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

func (Options) GetCredentials 

func (o Options) GetCredentials() aws.CredentialsProvider

func (Options) GetEndpointOptions 

func (o Options) GetEndpointOptions() ResolverOptions

func (Options) GetEndpointResolver 

func (o Options) GetEndpointResolver() EndpointResolver

func (Options) GetHTTPSignerV4 

func (o Options) GetHTTPSignerV4() HTTPSignerV4

func (Options) GetRegion 

func (o Options) GetRegion() string

func (Options) GetRetryer 

func (o Options) GetRetryer() retry.Retryer

type ResolveEndpoint 

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  ResolverOptions
}

func (*ResolveEndpoint) HandleSerialize 

func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
)

func (*ResolveEndpoint) ID 

func (*ResolveEndpoint) ID() string

type ResolveEndpointMiddlewareOptions 

type ResolveEndpointMiddlewareOptions interface {
	GetEndpointResolver() EndpointResolver
	GetEndpointOptions() ResolverOptions
}

type ResolverOptions 

type ResolverOptions = internalendpoints.Options

ResolverOptions is the service endpoint resolver options

type RestoreCertificateAuthorityInput 

type RestoreCertificateAuthorityInput struct {

	// The Amazon Resource Name (ARN) that was returned when you called the
	// CreateCertificateAuthority () action. This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type RestoreCertificateAuthorityOutput 

type RestoreCertificateAuthorityOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type RevokeCertificateInput 

type RevokeCertificateInput struct {

	// Amazon Resource Name (ARN) of the private CA that issued the certificate to be
	// revoked. This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string

	// Specifies why you revoked the certificate.
	//
	// This member is required.
	RevocationReason types.RevocationReason

	// Serial number of the certificate to be revoked. This must be in hexadecimal
	// format. You can retrieve the serial number by calling GetCertificate () with the
	// Amazon Resource Name (ARN) of the certificate you want and the ARN of your
	// private CA. The GetCertificate action retrieves the certificate in the PEM
	// format. You can use the following OpenSSL command to list the certificate in
	// text format and copy the hexadecimal serial number. openssl x509 -in file_path
	// -text -noout You can also copy the serial number from the console or use the
	// DescribeCertificate
	// (https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html)
	// action in the AWS Certificate Manager API Reference.
	//
	// This member is required.
	CertificateSerial *string
}

type RevokeCertificateOutput 

type RevokeCertificateOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type TagCertificateAuthorityInput 

type TagCertificateAuthorityInput struct {

	// The Amazon Resource Name (ARN) that was returned when you called
	// CreateCertificateAuthority (). This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string

	// List of tags to be associated with the CA.
	//
	// This member is required.
	Tags []*types.Tag
}

type TagCertificateAuthorityOutput 

type TagCertificateAuthorityOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type UntagCertificateAuthorityInput 

type UntagCertificateAuthorityInput struct {

	// The Amazon Resource Name (ARN) that was returned when you called
	// CreateCertificateAuthority (). This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string

	// List of tags to be removed from the CA.
	//
	// This member is required.
	Tags []*types.Tag
}

type UntagCertificateAuthorityOutput 

type UntagCertificateAuthorityOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

type UpdateCertificateAuthorityInput 

type UpdateCertificateAuthorityInput struct {

	// Status of your private CA.
	Status types.CertificateAuthorityStatus

	// Revocation information for your private CA.
	RevocationConfiguration *types.RevocationConfiguration

	// Amazon Resource Name (ARN) of the private CA that issued the certificate to be
	// revoked. This must be of the form:
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateAuthorityArn *string
}

type UpdateCertificateAuthorityOutput 

type UpdateCertificateAuthorityOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
}

Source Files

api_client.go api_op_CreateCertificateAuthority.go api_op_CreateCertificateAuthorityAuditReport.go api_op_CreatePermission.go api_op_DeleteCertificateAuthority.go api_op_DeletePermission.go api_op_DescribeCertificateAuthority.go api_op_DescribeCertificateAuthorityAuditReport.go api_op_GetCertificate.go api_op_GetCertificateAuthorityCertificate.go api_op_GetCertificateAuthorityCsr.go api_op_ImportCertificateAuthorityCertificate.go api_op_IssueCertificate.go api_op_ListCertificateAuthorities.go api_op_ListPermissions.go api_op_ListTags.go api_op_RestoreCertificateAuthority.go api_op_RevokeCertificate.go api_op_TagCertificateAuthority.go api_op_UntagCertificateAuthority.go api_op_UpdateCertificateAuthority.go deserializers.go endpoints.go serializers.go validators.go

Directories

PathSynopsis
internal
types
Version
v0.26.0
Published
Oct 1, 2020
Platform
js/wasm
Imports
26 packages
Last checked
1 second ago

Tools for package owners.