v1alpha1

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 18, 2024 License: Apache-2.0 Imports: 6 Imported by: 2

Documentation

Overview

+k8s:deepcopy-gen=package Package v1alpha1 is the v1alpha1 version of the acmpca.services.k8s.aws API. +groupName=acmpca.services.k8s.aws

Index

Constants

This section is empty.

Variables

View Source
var (
	// GroupVersion is the API Group Version used to register the objects
	GroupVersion = schema.GroupVersion{Group: "acmpca.services.k8s.aws", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type APIPassthrough

type APIPassthrough struct {
	// Contains X.509 extension information for a certificate.
	Extensions *Extensions `json:"extensions,omitempty"`
	// Contains information about the certificate subject. The Subject field in
	// the certificate identifies the entity that owns or controls the public key
	// in the certificate. The entity can be a user, computer, device, or service.
	// The Subject must contain an X.500 distinguished name (DN). A DN is a sequence
	// of relative distinguished names (RDNs). The RDNs are separated by commas
	// in the certificate.
	Subject *ASN1Subject `json:"subject,omitempty"`
}

Contains X.509 certificate information to be placed in an issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.

If conflicting or duplicate certificate information is supplied from other sources, Amazon Web Services Private CA applies order of operation rules (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used.

func (*APIPassthrough) DeepCopy

func (in *APIPassthrough) DeepCopy() *APIPassthrough

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIPassthrough.

func (*APIPassthrough) DeepCopyInto

func (in *APIPassthrough) DeepCopyInto(out *APIPassthrough)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ASN1Subject

type ASN1Subject struct {
	CommonName                 *string            `json:"commonName,omitempty"`
	Country                    *string            `json:"country,omitempty"`
	CustomAttributes           []*CustomAttribute `json:"customAttributes,omitempty"`
	DistinguishedNameQualifier *string            `json:"distinguishedNameQualifier,omitempty"`
	GenerationQualifier        *string            `json:"generationQualifier,omitempty"`
	GivenName                  *string            `json:"givenName,omitempty"`
	Initials                   *string            `json:"initials,omitempty"`
	Locality                   *string            `json:"locality,omitempty"`
	Organization               *string            `json:"organization,omitempty"`
	OrganizationalUnit         *string            `json:"organizationalUnit,omitempty"`
	Pseudonym                  *string            `json:"pseudonym,omitempty"`
	SerialNumber               *string            `json:"serialNumber,omitempty"`
	State                      *string            `json:"state,omitempty"`
	Surname                    *string            `json:"surname,omitempty"`
	Title                      *string            `json:"title,omitempty"`
}

Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

func (*ASN1Subject) DeepCopy

func (in *ASN1Subject) DeepCopy() *ASN1Subject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ASN1Subject.

func (*ASN1Subject) DeepCopyInto

func (in *ASN1Subject) DeepCopyInto(out *ASN1Subject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessDescription

type AccessDescription struct {
	// Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280).
	// Only one of the following naming options should be provided. Providing more
	// than one option results in an InvalidArgsException error.
	AccessLocation *GeneralName `json:"accessLocation,omitempty"`
	// Describes the type and format of extension access. Only one of CustomObjectIdentifier
	// or AccessMethodType may be provided. Providing both results in InvalidArgsException.
	AccessMethod *AccessMethod `json:"accessMethod,omitempty"`
}

Provides access information used by the authorityInfoAccess and subjectInfoAccess extensions described in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280).

func (*AccessDescription) DeepCopy

func (in *AccessDescription) DeepCopy() *AccessDescription

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessDescription.

func (*AccessDescription) DeepCopyInto

func (in *AccessDescription) DeepCopyInto(out *AccessDescription)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessMethod

type AccessMethod struct {
	AccessMethodType       *string `json:"accessMethodType,omitempty"`
	CustomObjectIdentifier *string `json:"customObjectIdentifier,omitempty"`
}

Describes the type and format of extension access. Only one of CustomObjectIdentifier or AccessMethodType may be provided. Providing both results in InvalidArgsException.

func (*AccessMethod) DeepCopy

func (in *AccessMethod) DeepCopy() *AccessMethod

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessMethod.

func (*AccessMethod) DeepCopyInto

func (in *AccessMethod) DeepCopyInto(out *AccessMethod)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessMethodType

type AccessMethodType string
const (
	AccessMethodType_CA_REPOSITORY         AccessMethodType = "CA_REPOSITORY"
	AccessMethodType_RESOURCE_PKI_MANIFEST AccessMethodType = "RESOURCE_PKI_MANIFEST"
	AccessMethodType_RESOURCE_PKI_NOTIFY   AccessMethodType = "RESOURCE_PKI_NOTIFY"
)

type ActionType

type ActionType string
const (
	ActionType_IssueCertificate ActionType = "IssueCertificate"
	ActionType_GetCertificate   ActionType = "GetCertificate"
	ActionType_ListPermissions  ActionType = "ListPermissions"
)

type AuditReportResponseFormat

type AuditReportResponseFormat string
const (
	AuditReportResponseFormat_JSON AuditReportResponseFormat = "JSON"
	AuditReportResponseFormat_CSV  AuditReportResponseFormat = "CSV"
)

type AuditReportStatus

type AuditReportStatus string
const (
	AuditReportStatus_CREATING AuditReportStatus = "CREATING"
	AuditReportStatus_SUCCESS  AuditReportStatus = "SUCCESS"
	AuditReportStatus_FAILED   AuditReportStatus = "FAILED"
)

type CRLConfiguration

type CRLConfiguration struct {
	CustomCNAME      *string `json:"customCNAME,omitempty"`
	Enabled          *bool   `json:"enabled,omitempty"`
	ExpirationInDays *int64  `json:"expirationInDays,omitempty"`
	S3BucketName     *string `json:"s3BucketName,omitempty"`
	S3ObjectACL      *string `json:"s3ObjectACL,omitempty"`
}

Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the Enabled parameter to true. Your private CA writes CRLs to an S3 bucket that you specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the CustomCname parameter. Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution Points extension of each certificate it issues. Your S3 bucket policy must give write permission to Amazon Web Services Private CA.

Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption).

Your private CA uses the value in the ExpirationInDays parameter to calculate the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's expiration date or when a certificate is revoked. When a certificate is revoked, it appears in the CRL until the certificate expires, and then in one additional CRL after expiration, and it always appears in the audit report.

A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, Amazon Web Services Private CA makes further attempts every 15 minutes.

CRLs contain the following fields:

  • Version: The current version number defined in RFC 5280 is V2. The integer value is 0x1.

  • Signature Algorithm: The name of the algorithm used to sign the CRL.

  • Issuer: The X.500 distinguished name of your private CA that issued the CRL.

  • Last Update: The issue date and time of this CRL.

  • Next Update: The day and time by which the next CRL will be issued.

  • Revoked Certificates: List of revoked certificates. Each list item contains the following information. Serial Number: The serial number, in hexadecimal format, of the revoked certificate. Revocation Date: Date and time the certificate was revoked. CRL Entry Extensions: Optional extensions for the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked.

  • CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key Identifier: Identifies the public key associated with the private key used to sign the certificate. X509v3 CRL Number:: Decimal sequence number for the CRL.

  • Signature Algorithm: Algorithm used by your private CA to sign the CRL.

  • Signature Value: Signature computed over the CRL.

Certificate revocation lists created by Amazon Web Services Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL.

openssl crl -inform DER -text -in crl_path -noout

For more information, see Planning a certificate revocation list (CRL) (https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html) in the Amazon Web Services Private Certificate Authority User Guide

func (*CRLConfiguration) DeepCopy

func (in *CRLConfiguration) DeepCopy() *CRLConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRLConfiguration.

func (*CRLConfiguration) DeepCopyInto

func (in *CRLConfiguration) DeepCopyInto(out *CRLConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CSRExtensions

type CSRExtensions struct {
	// Defines one or more purposes for which the key contained in the certificate
	// can be used. Default value for each option is false.
	KeyUsage                 *KeyUsage            `json:"keyUsage,omitempty"`
	SubjectInformationAccess []*AccessDescription `json:"subjectInformationAccess,omitempty"`
}

Describes the certificate extensions to be added to the certificate signing request (CSR).

func (*CSRExtensions) DeepCopy

func (in *CSRExtensions) DeepCopy() *CSRExtensions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSRExtensions.

func (*CSRExtensions) DeepCopyInto

func (in *CSRExtensions) DeepCopyInto(out *CSRExtensions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Certificate added in v0.0.3

type Certificate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateSpec   `json:"spec,omitempty"`
	Status            CertificateStatus `json:"status,omitempty"`
}

Certificate is the Schema for the Certificates API +kubebuilder:object:root=true +kubebuilder:subresource:status

func (*Certificate) DeepCopy added in v0.0.3

func (in *Certificate) DeepCopy() *Certificate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.

func (*Certificate) DeepCopyInto added in v0.0.3

func (in *Certificate) DeepCopyInto(out *Certificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Certificate) DeepCopyObject added in v0.0.3

func (in *Certificate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateAuthority

type CertificateAuthority struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateAuthoritySpec   `json:"spec,omitempty"`
	Status            CertificateAuthorityStatus `json:"status,omitempty"`
}

CertificateAuthority is the Schema for the CertificateAuthorities API +kubebuilder:object:root=true +kubebuilder:subresource:status

func (*CertificateAuthority) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthority.

func (*CertificateAuthority) DeepCopyInto

func (in *CertificateAuthority) DeepCopyInto(out *CertificateAuthority)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateAuthority) DeepCopyObject

func (in *CertificateAuthority) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateAuthorityActivation added in v0.0.4

type CertificateAuthorityActivation struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              CertificateAuthorityActivationSpec   `json:"spec,omitempty"`
	Status            CertificateAuthorityActivationStatus `json:"status,omitempty"`
}

CertificateAuthorityActivation is the Schema for the CertificateAuthorityActivations API +kubebuilder:object:root=true +kubebuilder:subresource:status

func (*CertificateAuthorityActivation) DeepCopy added in v0.0.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivation.

func (*CertificateAuthorityActivation) DeepCopyInto added in v0.0.4

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateAuthorityActivation) DeepCopyObject added in v0.0.4

func (in *CertificateAuthorityActivation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateAuthorityActivationList added in v0.0.4

type CertificateAuthorityActivationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CertificateAuthorityActivation `json:"items"`
}

CertificateAuthorityActivationList contains a list of CertificateAuthorityActivation +kubebuilder:object:root=true

func (*CertificateAuthorityActivationList) DeepCopy added in v0.0.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivationList.

func (*CertificateAuthorityActivationList) DeepCopyInto added in v0.0.4

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateAuthorityActivationList) DeepCopyObject added in v0.0.4

func (in *CertificateAuthorityActivationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateAuthorityActivationSpec added in v0.0.4

type CertificateAuthorityActivationSpec struct {

	// +kubebuilder:validation:Required
	Certificate *ackv1alpha1.SecretKeyReference `json:"certificate"`
	// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority
	// (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html).
	// This must be of the form:
	//
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	CertificateAuthorityARN        *string                                  `json:"certificateAuthorityARN,omitempty"`
	CertificateAuthorityRef        *ackv1alpha1.AWSResourceReferenceWrapper `json:"certificateAuthorityRef,omitempty"`
	CertificateChain               *ackv1alpha1.SecretKeyReference          `json:"certificateChain,omitempty"`
	CompleteCertificateChainOutput *ackv1alpha1.SecretKeyReference          `json:"completeCertificateChainOutput,omitempty"`
	Status                         *string                                  `json:"status,omitempty"`
}

CertificateAuthorityActivationSpec defines the desired state of CertificateAuthorityActivation.

func (*CertificateAuthorityActivationSpec) DeepCopy added in v0.0.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivationSpec.

func (*CertificateAuthorityActivationSpec) DeepCopyInto added in v0.0.4

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateAuthorityActivationStatus added in v0.0.4

type CertificateAuthorityActivationStatus struct {
	// All CRs managed by ACK have a common `Status.ACKResourceMetadata` member
	// that is used to contain resource sync state, account ownership,
	// constructed ARN for the resource
	// +kubebuilder:validation:Optional
	ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"`
	// All CRS managed by ACK have a common `Status.Conditions` member that
	// contains a collection of `ackv1alpha1.Condition` objects that describe
	// the various terminal states of the CR and its backend AWS service API
	// resource
	// +kubebuilder:validation:Optional
	Conditions []*ackv1alpha1.Condition `json:"conditions"`
}

CertificateAuthorityActivationStatus defines the observed state of CertificateAuthorityActivation

func (*CertificateAuthorityActivationStatus) DeepCopy added in v0.0.4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivationStatus.

func (*CertificateAuthorityActivationStatus) DeepCopyInto added in v0.0.4

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateAuthorityConfiguration

type CertificateAuthorityConfiguration struct {
	// Describes the certificate extensions to be added to the certificate signing
	// request (CSR).
	CSRExtensions    *CSRExtensions `json:"csrExtensions,omitempty"`
	KeyAlgorithm     *string        `json:"keyAlgorithm,omitempty"`
	SigningAlgorithm *string        `json:"signingAlgorithm,omitempty"`
	// Contains information about the certificate subject. The Subject field in
	// the certificate identifies the entity that owns or controls the public key
	// in the certificate. The entity can be a user, computer, device, or service.
	// The Subject must contain an X.500 distinguished name (DN). A DN is a sequence
	// of relative distinguished names (RDNs). The RDNs are separated by commas
	// in the certificate.
	Subject *ASN1Subject `json:"subject,omitempty"`
}

Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate. It also includes the signature algorithm that it uses when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) action.

func (*CertificateAuthorityConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityConfiguration.

func (*CertificateAuthorityConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateAuthorityList

type CertificateAuthorityList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CertificateAuthority `json:"items"`
}

CertificateAuthorityList contains a list of CertificateAuthority +kubebuilder:object:root=true

func (*CertificateAuthorityList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityList.

func (*CertificateAuthorityList) DeepCopyInto

func (in *CertificateAuthorityList) DeepCopyInto(out *CertificateAuthorityList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateAuthorityList) DeepCopyObject

func (in *CertificateAuthorityList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateAuthoritySpec

type CertificateAuthoritySpec struct {

	// Name and bit size of the private key algorithm, the name of the signing algorithm,
	// and X.500 certificate subject information.
	// +kubebuilder:validation:Required
	CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `json:"certificateAuthorityConfiguration"`
	// Specifies a cryptographic key management compliance standard used for handling
	// CA keys.
	//
	// Default: FIPS_140_2_LEVEL_3_OR_HIGHER
	//
	// Some Amazon Web Services Regions do not support the default. When creating
	// a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the
	// argument for KeyStorageSecurityStandard. Failure to do this results in an
	// InvalidArgsException with the message, "A certificate authority cannot be
	// created in this region with the specified security standard."
	//
	// For information about security standard support in various Regions, see Storage
	// and security compliance of Amazon Web Services Private CA private keys (https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).
	KeyStorageSecurityStandard *string `json:"keyStorageSecurityStandard,omitempty"`
	// Contains information to enable Online Certificate Status Protocol (OCSP)
	// support, to enable a certificate revocation list (CRL), to enable both, or
	// to enable neither. The default is for both certificate validation mechanisms
	// to be disabled.
	//
	// The following requirements apply to revocation configurations.
	//
	//   - A configuration disabling CRLs or OCSP must contain only the Enabled=False
	//     parameter, and will fail if other parameters such as CustomCname or ExpirationInDays
	//     are included.
	//
	//   - In a CRL configuration, the S3BucketName parameter must conform to Amazon
	//     S3 bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html).
	//
	//   - A configuration containing a custom Canonical Name (CNAME) parameter
	//     for CRLs or OCSP must conform to RFC2396 (https://www.ietf.org/rfc/rfc2396.txt)
	//     restrictions on the use of special characters in a CNAME.
	//
	//   - In a CRL or OCSP configuration, the value of a CNAME parameter must
	//     not include a protocol prefix such as "http://" or "https://".
	//
	// For more information, see the OcspConfiguration (https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html)
	// and CrlConfiguration (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html)
	// types.
	RevocationConfiguration *RevocationConfiguration `json:"revocationConfiguration,omitempty"`
	// Key-value pairs that will be attached to the new private CA. You can associate
	// up to 50 tags with a private CA. For information using tags with IAM to manage
	// permissions, see Controlling Access Using IAM Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html).
	Tags []*Tag `json:"tags,omitempty"`
	// The type of the certificate authority.
	// +kubebuilder:validation:Required
	Type *string `json:"type,omitempty"`
	// Specifies whether the CA issues general-purpose certificates that typically
	// require a revocation mechanism, or short-lived certificates that may optionally
	// omit revocation because they expire quickly. Short-lived certificate validity
	// is limited to seven days.
	//
	// The default value is GENERAL_PURPOSE.
	UsageMode *string `json:"usageMode,omitempty"`
}

CertificateAuthoritySpec defines the desired state of CertificateAuthority.

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) action to create your private CA. You must then call the GetCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) action to import the signed certificate into Certificate Manager (ACM).

func (*CertificateAuthoritySpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthoritySpec.

func (*CertificateAuthoritySpec) DeepCopyInto

func (in *CertificateAuthoritySpec) DeepCopyInto(out *CertificateAuthoritySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateAuthorityStatus

type CertificateAuthorityStatus struct {
	// All CRs managed by ACK have a common `Status.ACKResourceMetadata` member
	// that is used to contain resource sync state, account ownership,
	// constructed ARN for the resource
	// +kubebuilder:validation:Optional
	ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"`
	// All CRS managed by ACK have a common `Status.Conditions` member that
	// contains a collection of `ackv1alpha1.Condition` objects that describe
	// the various terminal states of the CR and its backend AWS service API
	// resource
	// +kubebuilder:validation:Optional
	Conditions []*ackv1alpha1.Condition `json:"conditions"`
	// The base64 PEM-encoded certificate signing request (CSR) for your private
	// CA certificate.
	// +kubebuilder:validation:Optional
	CertificateSigningRequest *string `json:"certificateSigningRequest,omitempty"`
	// Date and time at which your private CA was created.
	// +kubebuilder:validation:Optional
	CreatedAt *metav1.Time `json:"createdAt,omitempty"`
	// Reason the request to create your private CA failed.
	// +kubebuilder:validation:Optional
	FailureReason *string `json:"failureReason,omitempty"`
	// Date and time at which your private CA was last updated.
	// +kubebuilder:validation:Optional
	LastStateChangeAt *metav1.Time `json:"lastStateChangeAt,omitempty"`
	// Date and time after which your private CA certificate is not valid.
	// +kubebuilder:validation:Optional
	NotAfter *metav1.Time `json:"notAfter,omitempty"`
	// Date and time before which your private CA certificate is not valid.
	// +kubebuilder:validation:Optional
	NotBefore *metav1.Time `json:"notBefore,omitempty"`
	// The Amazon Web Services account ID that owns the certificate authority.
	// +kubebuilder:validation:Optional
	OwnerAccount *string `json:"ownerAccount,omitempty"`
	// The period during which a deleted CA can be restored. For more information,
	// see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest
	// (https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html)
	// action.
	// +kubebuilder:validation:Optional
	RestorableUntil *metav1.Time `json:"restorableUntil,omitempty"`
	// Serial number of your private CA.
	// +kubebuilder:validation:Optional
	Serial *string `json:"serial,omitempty"`
	// Status of your private CA.
	// +kubebuilder:validation:Optional
	Status *string `json:"status,omitempty"`
}

CertificateAuthorityStatus defines the observed state of CertificateAuthority

func (*CertificateAuthorityStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityStatus.

func (*CertificateAuthorityStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateAuthorityStatus_SDK

type CertificateAuthorityStatus_SDK string
const (
	CertificateAuthorityStatus_SDK_CREATING            CertificateAuthorityStatus_SDK = "CREATING"
	CertificateAuthorityStatus_SDK_PENDING_CERTIFICATE CertificateAuthorityStatus_SDK = "PENDING_CERTIFICATE"
	CertificateAuthorityStatus_SDK_ACTIVE              CertificateAuthorityStatus_SDK = "ACTIVE"
	CertificateAuthorityStatus_SDK_DELETED             CertificateAuthorityStatus_SDK = "DELETED"
	CertificateAuthorityStatus_SDK_DISABLED            CertificateAuthorityStatus_SDK = "DISABLED"
	CertificateAuthorityStatus_SDK_EXPIRED             CertificateAuthorityStatus_SDK = "EXPIRED"
	CertificateAuthorityStatus_SDK_FAILED              CertificateAuthorityStatus_SDK = "FAILED"
)

type CertificateAuthorityType

type CertificateAuthorityType string
const (
	CertificateAuthorityType_ROOT        CertificateAuthorityType = "ROOT"
	CertificateAuthorityType_SUBORDINATE CertificateAuthorityType = "SUBORDINATE"
)

type CertificateAuthorityUsageMode

type CertificateAuthorityUsageMode string
const (
	CertificateAuthorityUsageMode_GENERAL_PURPOSE         CertificateAuthorityUsageMode = "GENERAL_PURPOSE"
	CertificateAuthorityUsageMode_SHORT_LIVED_CERTIFICATE CertificateAuthorityUsageMode = "SHORT_LIVED_CERTIFICATE"
)

type CertificateAuthority_SDK

type CertificateAuthority_SDK struct {
	ARN *string `json:"arn,omitempty"`
	// Contains configuration information for your private certificate authority
	// (CA). This includes information about the class of public key algorithm and
	// the key pair that your private CA creates when it issues a certificate. It
	// also includes the signature algorithm that it uses when issuing certificates,
	// and its X.500 distinguished name. You must specify this information when
	// you call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html)
	// action.
	CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `json:"certificateAuthorityConfiguration,omitempty"`
	CreatedAt                         *metav1.Time                       `json:"createdAt,omitempty"`
	FailureReason                     *string                            `json:"failureReason,omitempty"`
	KeyStorageSecurityStandard        *string                            `json:"keyStorageSecurityStandard,omitempty"`
	LastStateChangeAt                 *metav1.Time                       `json:"lastStateChangeAt,omitempty"`
	NotAfter                          *metav1.Time                       `json:"notAfter,omitempty"`
	NotBefore                         *metav1.Time                       `json:"notBefore,omitempty"`
	OwnerAccount                      *string                            `json:"ownerAccount,omitempty"`
	RestorableUntil                   *metav1.Time                       `json:"restorableUntil,omitempty"`
	// Certificate revocation information used by the CreateCertificateAuthority
	// (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html)
	// and UpdateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html)
	// actions. Your private certificate authority (CA) can configure Online Certificate
	// Status Protocol (OCSP) support and/or maintain a certificate revocation list
	// (CRL). OCSP returns validation information about certificates as requested
	// by clients, and a CRL contains an updated list of certificates revoked by
	// your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html)
	// and Setting up a certificate revocation method (https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html)
	// in the Amazon Web Services Private Certificate Authority User Guide.
	RevocationConfiguration *RevocationConfiguration `json:"revocationConfiguration,omitempty"`
	Serial                  *string                  `json:"serial,omitempty"`
	Status                  *string                  `json:"status,omitempty"`
	Type                    *string                  `json:"type_,omitempty"`
	UsageMode               *string                  `json:"usageMode,omitempty"`
}

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) action to create your private CA. You must then call the GetCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) action to import the signed certificate into Certificate Manager (ACM).

func (*CertificateAuthority_SDK) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthority_SDK.

func (*CertificateAuthority_SDK) DeepCopyInto

func (in *CertificateAuthority_SDK) DeepCopyInto(out *CertificateAuthority_SDK)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateList added in v0.0.3

type CertificateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Certificate `json:"items"`
}

CertificateList contains a list of Certificate +kubebuilder:object:root=true

func (*CertificateList) DeepCopy added in v0.0.3

func (in *CertificateList) DeepCopy() *CertificateList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.

func (*CertificateList) DeepCopyInto added in v0.0.3

func (in *CertificateList) DeepCopyInto(out *CertificateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CertificateList) DeepCopyObject added in v0.0.3

func (in *CertificateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type CertificateSpec added in v0.0.3

type CertificateSpec struct {

	// Specifies X.509 certificate information to be included in the issued certificate.
	// An APIPassthrough or APICSRPassthrough template variant must be selected,
	// or else this parameter is ignored. For more information about using these
	// templates, see Understanding Certificate Templates (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html).
	//
	// If conflicting or duplicate certificate information is supplied during certificate
	// issuance, Amazon Web Services Private CA applies order of operation rules
	// (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations)
	// to determine what information is used.
	APIPassthrough *APIPassthrough `json:"apiPassthrough,omitempty"`
	// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority
	// (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html).
	// This must be of the form:
	//
	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	CertificateAuthorityARN      *string                                  `json:"certificateAuthorityARN,omitempty"`
	CertificateAuthorityRef      *ackv1alpha1.AWSResourceReferenceWrapper `json:"certificateAuthorityRef,omitempty"`
	CertificateOutput            *ackv1alpha1.SecretKeyReference          `json:"certificateOutput,omitempty"`
	CertificateSigningRequest    *string                                  `json:"certificateSigningRequest,omitempty"`
	CertificateSigningRequestRef *ackv1alpha1.AWSResourceReferenceWrapper `json:"certificateSigningRequestRef,omitempty"`
	// The name of the algorithm that will be used to sign the certificate to be
	// issued.
	//
	// This parameter should not be confused with the SigningAlgorithm parameter
	// used to sign a CSR in the CreateCertificateAuthority action.
	//
	// The specified signing algorithm family (RSA or ECDSA) must match the algorithm
	// family of the CA's secret key.
	// +kubebuilder:validation:Required
	SigningAlgorithm *string `json:"signingAlgorithm"`
	// Specifies a custom configuration template to use when issuing a certificate.
	// If this parameter is not provided, Amazon Web Services Private CA defaults
	// to the EndEntityCertificate/V1 template. For CA certificates, you should
	// choose the shortest path length that meets your needs. The path length is
	// indicated by the PathLenN portion of the ARN, where N is the CA depth (https://docs.aws.amazon.com/privateca/latest/userguide/PcaTerms.html#terms-cadepth).
	//
	// Note: The CA depth configured on a subordinate CA certificate must not exceed
	// the limit set by its parents in the CA hierarchy.
	//
	// For a list of TemplateArn values supported by Amazon Web Services Private
	// CA, see Understanding Certificate Templates (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html).
	TemplateARN *string `json:"templateARN,omitempty"`
	// Information describing the end of the validity period of the certificate.
	// This parameter sets the “Not After” date for the certificate.
	//
	// Certificate validity is the period of time during which a certificate is
	// valid. Validity can be expressed as an explicit date and time when the certificate
	// expires, or as a span of time after issuance, stated in days, months, or
	// years. For more information, see Validity (https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5)
	// in RFC 5280.
	//
	// This value is unaffected when ValidityNotBefore is also specified. For example,
	// if Validity is set to 20 days in the future, the certificate will expire
	// 20 days from issuance time regardless of the ValidityNotBefore value.
	//
	// The end of the validity period configured on a certificate must not exceed
	// the limit set on its parents in the CA hierarchy.
	// +kubebuilder:validation:Required
	Validity *Validity `json:"validity"`
	// Information describing the start of the validity period of the certificate.
	// This parameter sets the “Not Before" date for the certificate.
	//
	// By default, when issuing a certificate, Amazon Web Services Private CA sets
	// the "Not Before" date to the issuance time minus 60 minutes. This compensates
	// for clock inconsistencies across computer systems. The ValidityNotBefore
	// parameter can be used to customize the “Not Before” value.
	//
	// Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
	//
	// The ValidityNotBefore value is expressed as an explicit date and time, using
	// the Validity type value ABSOLUTE. For more information, see Validity (https://docs.aws.amazon.com/privateca/latest/APIReference/API_Validity.html)
	// in this API reference and Validity (https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5)
	// in RFC 5280.
	ValidityNotBefore *Validity `json:"validityNotBefore,omitempty"`
}

CertificateSpec defines the desired state of Certificate.

func (*CertificateSpec) DeepCopy added in v0.0.3

func (in *CertificateSpec) DeepCopy() *CertificateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.

func (*CertificateSpec) DeepCopyInto added in v0.0.3

func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateStatus added in v0.0.3

type CertificateStatus struct {
	// All CRs managed by ACK have a common `Status.ACKResourceMetadata` member
	// that is used to contain resource sync state, account ownership,
	// constructed ARN for the resource
	// +kubebuilder:validation:Optional
	ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"`
	// All CRS managed by ACK have a common `Status.Conditions` member that
	// contains a collection of `ackv1alpha1.Condition` objects that describe
	// the various terminal states of the CR and its backend AWS service API
	// resource
	// +kubebuilder:validation:Optional
	Conditions []*ackv1alpha1.Condition `json:"conditions"`
}

CertificateStatus defines the observed state of Certificate

func (*CertificateStatus) DeepCopy added in v0.0.3

func (in *CertificateStatus) DeepCopy() *CertificateStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.

func (*CertificateStatus) DeepCopyInto added in v0.0.3

func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomAttribute

type CustomAttribute struct {
	ObjectIdentifier *string `json:"objectIdentifier,omitempty"`
	Value            *string `json:"value,omitempty"`
}

Defines the X.500 relative distinguished name (RDN).

func (*CustomAttribute) DeepCopy

func (in *CustomAttribute) DeepCopy() *CustomAttribute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomAttribute.

func (*CustomAttribute) DeepCopyInto

func (in *CustomAttribute) DeepCopyInto(out *CustomAttribute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomExtension

type CustomExtension struct {
	Critical         *bool   `json:"critical,omitempty"`
	ObjectIdentifier *string `json:"objectIdentifier,omitempty"`
	Value            *string `json:"value,omitempty"`
}

Specifies the X.509 extension information for a certificate.

Extensions present in CustomExtensions follow the ApiPassthrough template rules (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).

func (*CustomExtension) DeepCopy

func (in *CustomExtension) DeepCopy() *CustomExtension

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomExtension.

func (*CustomExtension) DeepCopyInto

func (in *CustomExtension) DeepCopyInto(out *CustomExtension)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EDIPartyName

type EDIPartyName struct {
	NameAssigner *string `json:"nameAssigner,omitempty"`
	PartyName    *string `json:"partyName,omitempty"`
}

Describes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name (https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.

func (*EDIPartyName) DeepCopy

func (in *EDIPartyName) DeepCopy() *EDIPartyName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EDIPartyName.

func (*EDIPartyName) DeepCopyInto

func (in *EDIPartyName) DeepCopyInto(out *EDIPartyName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtendedKeyUsage

type ExtendedKeyUsage struct {
	ExtendedKeyUsageObjectIdentifier *string `json:"extendedKeyUsageObjectIdentifier,omitempty"`
	ExtendedKeyUsageType             *string `json:"extendedKeyUsageType,omitempty"`
}

Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.

func (*ExtendedKeyUsage) DeepCopy

func (in *ExtendedKeyUsage) DeepCopy() *ExtendedKeyUsage

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtendedKeyUsage.

func (*ExtendedKeyUsage) DeepCopyInto

func (in *ExtendedKeyUsage) DeepCopyInto(out *ExtendedKeyUsage)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtendedKeyUsageType

type ExtendedKeyUsageType string
const (
	ExtendedKeyUsageType_SERVER_AUTH              ExtendedKeyUsageType = "SERVER_AUTH"
	ExtendedKeyUsageType_CLIENT_AUTH              ExtendedKeyUsageType = "CLIENT_AUTH"
	ExtendedKeyUsageType_CODE_SIGNING             ExtendedKeyUsageType = "CODE_SIGNING"
	ExtendedKeyUsageType_EMAIL_PROTECTION         ExtendedKeyUsageType = "EMAIL_PROTECTION"
	ExtendedKeyUsageType_TIME_STAMPING            ExtendedKeyUsageType = "TIME_STAMPING"
	ExtendedKeyUsageType_OCSP_SIGNING             ExtendedKeyUsageType = "OCSP_SIGNING"
	ExtendedKeyUsageType_SMART_CARD_LOGIN         ExtendedKeyUsageType = "SMART_CARD_LOGIN"
	ExtendedKeyUsageType_DOCUMENT_SIGNING         ExtendedKeyUsageType = "DOCUMENT_SIGNING"
	ExtendedKeyUsageType_CERTIFICATE_TRANSPARENCY ExtendedKeyUsageType = "CERTIFICATE_TRANSPARENCY"
)

type Extensions

type Extensions struct {
	CertificatePolicies []*PolicyInformation `json:"certificatePolicies,omitempty"`
	CustomExtensions    []*CustomExtension   `json:"customExtensions,omitempty"`
	ExtendedKeyUsage    []*ExtendedKeyUsage  `json:"extendedKeyUsage,omitempty"`
	// Defines one or more purposes for which the key contained in the certificate
	// can be used. Default value for each option is false.
	KeyUsage                *KeyUsage      `json:"keyUsage,omitempty"`
	SubjectAlternativeNames []*GeneralName `json:"subjectAlternativeNames,omitempty"`
}

Contains X.509 extension information for a certificate.

func (*Extensions) DeepCopy

func (in *Extensions) DeepCopy() *Extensions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Extensions.

func (*Extensions) DeepCopyInto

func (in *Extensions) DeepCopyInto(out *Extensions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FailureReason

type FailureReason string
const (
	FailureReason_REQUEST_TIMED_OUT     FailureReason = "REQUEST_TIMED_OUT"
	FailureReason_UNSUPPORTED_ALGORITHM FailureReason = "UNSUPPORTED_ALGORITHM"
	FailureReason_OTHER                 FailureReason = "OTHER"
)

type GeneralName

type GeneralName struct {
	// Contains information about the certificate subject. The Subject field in
	// the certificate identifies the entity that owns or controls the public key
	// in the certificate. The entity can be a user, computer, device, or service.
	// The Subject must contain an X.500 distinguished name (DN). A DN is a sequence
	// of relative distinguished names (RDNs). The RDNs are separated by commas
	// in the certificate.
	DirectoryName *ASN1Subject `json:"directoryName,omitempty"`
	DNSName       *string      `json:"dnsName,omitempty"`
	// Describes an Electronic Data Interchange (EDI) entity as described in as
	// defined in Subject Alternative Name (https://datatracker.ietf.org/doc/html/rfc5280)
	// in RFC 5280.
	EDIPartyName *EDIPartyName `json:"ediPartyName,omitempty"`
	IPAddress    *string       `json:"ipAddress,omitempty"`
	// Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID)
	// and value. The OID must satisfy the regular expression shown below. For more
	// information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier).
	OtherName                 *OtherName `json:"otherName,omitempty"`
	RegisteredID              *string    `json:"registeredID,omitempty"`
	RFC822Name                *string    `json:"rfc822Name,omitempty"`
	UniformResourceIdentifier *string    `json:"uniformResourceIdentifier,omitempty"`
}

Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280). Only one of the following naming options should be provided. Providing more than one option results in an InvalidArgsException error.

func (*GeneralName) DeepCopy

func (in *GeneralName) DeepCopy() *GeneralName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GeneralName.

func (*GeneralName) DeepCopyInto

func (in *GeneralName) DeepCopyInto(out *GeneralName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KeyAlgorithm

type KeyAlgorithm string
const (
	KeyAlgorithm_RSA_2048      KeyAlgorithm = "RSA_2048"
	KeyAlgorithm_RSA_4096      KeyAlgorithm = "RSA_4096"
	KeyAlgorithm_EC_prime256v1 KeyAlgorithm = "EC_prime256v1"
	KeyAlgorithm_EC_secp384r1  KeyAlgorithm = "EC_secp384r1"
)

type KeyStorageSecurityStandard

type KeyStorageSecurityStandard string
const (
	KeyStorageSecurityStandard_FIPS_140_2_LEVEL_2_OR_HIGHER KeyStorageSecurityStandard = "FIPS_140_2_LEVEL_2_OR_HIGHER"
	KeyStorageSecurityStandard_FIPS_140_2_LEVEL_3_OR_HIGHER KeyStorageSecurityStandard = "FIPS_140_2_LEVEL_3_OR_HIGHER"
)

type KeyUsage

type KeyUsage struct {
	CRLSign          *bool `json:"crlSign,omitempty"`
	DataEncipherment *bool `json:"dataEncipherment,omitempty"`
	DecipherOnly     *bool `json:"decipherOnly,omitempty"`
	DigitalSignature *bool `json:"digitalSignature,omitempty"`
	EncipherOnly     *bool `json:"encipherOnly,omitempty"`
	KeyAgreement     *bool `json:"keyAgreement,omitempty"`
	KeyCertSign      *bool `json:"keyCertSign,omitempty"`
	KeyEncipherment  *bool `json:"keyEncipherment,omitempty"`
	NonRepudiation   *bool `json:"nonRepudiation,omitempty"`
}

Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.

func (*KeyUsage) DeepCopy

func (in *KeyUsage) DeepCopy() *KeyUsage

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsage.

func (*KeyUsage) DeepCopyInto

func (in *KeyUsage) DeepCopyInto(out *KeyUsage)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OCSPConfiguration

type OCSPConfiguration struct {
	Enabled         *bool   `json:"enabled,omitempty"`
	OCSPCustomCNAME *string `json:"ocspCustomCNAME,omitempty"`
}

Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.

func (*OCSPConfiguration) DeepCopy

func (in *OCSPConfiguration) DeepCopy() *OCSPConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCSPConfiguration.

func (*OCSPConfiguration) DeepCopyInto

func (in *OCSPConfiguration) DeepCopyInto(out *OCSPConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OtherName

type OtherName struct {
	TypeID *string `json:"typeID,omitempty"`
	Value  *string `json:"value,omitempty"`
}

Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier).

func (*OtherName) DeepCopy

func (in *OtherName) DeepCopy() *OtherName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherName.

func (*OtherName) DeepCopyInto

func (in *OtherName) DeepCopyInto(out *OtherName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Permission

type Permission struct {
	CertificateAuthorityARN *string      `json:"certificateAuthorityARN,omitempty"`
	CreatedAt               *metav1.Time `json:"createdAt,omitempty"`
	SourceAccount           *string      `json:"sourceAccount,omitempty"`
}

Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html) action, removed with the DeletePermission (https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html) action, and listed with the ListPermissions (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html) action.

func (*Permission) DeepCopy

func (in *Permission) DeepCopy() *Permission

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Permission.

func (*Permission) DeepCopyInto

func (in *Permission) DeepCopyInto(out *Permission)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyInformation

type PolicyInformation struct {
	CertPolicyID     *string                `json:"certPolicyID,omitempty"`
	PolicyQualifiers []*PolicyQualifierInfo `json:"policyQualifiers,omitempty"`
}

Defines the X.509 CertificatePolicies extension.

func (*PolicyInformation) DeepCopy

func (in *PolicyInformation) DeepCopy() *PolicyInformation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyInformation.

func (*PolicyInformation) DeepCopyInto

func (in *PolicyInformation) DeepCopyInto(out *PolicyInformation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyQualifierID

type PolicyQualifierID string
const (
	PolicyQualifierID_CPS PolicyQualifierID = "CPS"
)

type PolicyQualifierInfo added in v0.0.3

type PolicyQualifierInfo struct {
	PolicyQualifierID *string `json:"policyQualifierID,omitempty"`
	// Defines a PolicyInformation qualifier. Amazon Web Services Private CA supports
	// the certification practice statement (CPS) qualifier (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4)
	// defined in RFC 5280.
	Qualifier *Qualifier `json:"qualifier,omitempty"`
}

Modifies the CertPolicyId of a PolicyInformation object with a qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifier.

func (*PolicyQualifierInfo) DeepCopy added in v0.0.3

func (in *PolicyQualifierInfo) DeepCopy() *PolicyQualifierInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyQualifierInfo.

func (*PolicyQualifierInfo) DeepCopyInto added in v0.0.3

func (in *PolicyQualifierInfo) DeepCopyInto(out *PolicyQualifierInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Qualifier

type Qualifier struct {
	CPSURI *string `json:"cpsURI,omitempty"`
}

Defines a PolicyInformation qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifier (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) defined in RFC 5280.

func (*Qualifier) DeepCopy

func (in *Qualifier) DeepCopy() *Qualifier

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Qualifier.

func (*Qualifier) DeepCopyInto

func (in *Qualifier) DeepCopyInto(out *Qualifier)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceOwner

type ResourceOwner string
const (
	ResourceOwner_SELF           ResourceOwner = "SELF"
	ResourceOwner_OTHER_ACCOUNTS ResourceOwner = "OTHER_ACCOUNTS"
)

type RevocationConfiguration

type RevocationConfiguration struct {
	// Contains configuration information for a certificate revocation list (CRL).
	// Your private certificate authority (CA) creates base CRLs. Delta CRLs are
	// not supported. You can enable CRLs for your new or an existing private CA
	// by setting the Enabled parameter to true. Your private CA writes CRLs to
	// an S3 bucket that you specify in the S3BucketName parameter. You can hide
	// the name of your bucket by specifying a value for the CustomCname parameter.
	// Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution
	// Points extension of each certificate it issues. Your S3 bucket policy must
	// give write permission to Amazon Web Services Private CA.
	//
	// Amazon Web Services Private CA assets that are stored in Amazon S3 can be
	// protected with encryption. For more information, see Encrypting Your CRLs
	// (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption).
	//
	// Your private CA uses the value in the ExpirationInDays parameter to calculate
	// the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's
	// expiration date or when a certificate is revoked. When a certificate is revoked,
	// it appears in the CRL until the certificate expires, and then in one additional
	// CRL after expiration, and it always appears in the audit report.
	//
	// A CRL is typically updated approximately 30 minutes after a certificate is
	// revoked. If for any reason a CRL update fails, Amazon Web Services Private
	// CA makes further attempts every 15 minutes.
	//
	// CRLs contain the following fields:
	//
	//    * Version: The current version number defined in RFC 5280 is V2. The integer
	//    value is 0x1.
	//
	//    * Signature Algorithm: The name of the algorithm used to sign the CRL.
	//
	//    * Issuer: The X.500 distinguished name of your private CA that issued
	//    the CRL.
	//
	//    * Last Update: The issue date and time of this CRL.
	//
	//    * Next Update: The day and time by which the next CRL will be issued.
	//
	//    * Revoked Certificates: List of revoked certificates. Each list item contains
	//    the following information. Serial Number: The serial number, in hexadecimal
	//    format, of the revoked certificate. Revocation Date: Date and time the
	//    certificate was revoked. CRL Entry Extensions: Optional extensions for
	//    the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked.
	//
	//    * CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key
	//    Identifier: Identifies the public key associated with the private key
	//    used to sign the certificate. X509v3 CRL Number:: Decimal sequence number
	//    for the CRL.
	//
	//    * Signature Algorithm: Algorithm used by your private CA to sign the CRL.
	//
	//    * Signature Value: Signature computed over the CRL.
	//
	// Certificate revocation lists created by Amazon Web Services Private CA are
	// DER-encoded. You can use the following OpenSSL command to list a CRL.
	//
	// openssl crl -inform DER -text -in crl_path -noout
	//
	// For more information, see Planning a certificate revocation list (CRL) (https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html)
	// in the Amazon Web Services Private Certificate Authority User Guide
	CRLConfiguration *CRLConfiguration `json:"crlConfiguration,omitempty"`
	// Contains information to enable and configure Online Certificate Status Protocol
	// (OCSP) for validating certificate revocation status.
	//
	// When you revoke a certificate, OCSP responses may take up to 60 minutes to
	// reflect the new status.
	OCSPConfiguration *OCSPConfiguration `json:"ocspConfiguration,omitempty"`
}

Certificate revocation information used by the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and UpdateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) and Setting up a certificate revocation method (https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the Amazon Web Services Private Certificate Authority User Guide.

func (*RevocationConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RevocationConfiguration.

func (*RevocationConfiguration) DeepCopyInto

func (in *RevocationConfiguration) DeepCopyInto(out *RevocationConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RevocationReason

type RevocationReason string
const (
	RevocationReason_UNSPECIFIED                      RevocationReason = "UNSPECIFIED"
	RevocationReason_KEY_COMPROMISE                   RevocationReason = "KEY_COMPROMISE"
	RevocationReason_CERTIFICATE_AUTHORITY_COMPROMISE RevocationReason = "CERTIFICATE_AUTHORITY_COMPROMISE"
	RevocationReason_AFFILIATION_CHANGED              RevocationReason = "AFFILIATION_CHANGED"
	RevocationReason_SUPERSEDED                       RevocationReason = "SUPERSEDED"
	RevocationReason_CESSATION_OF_OPERATION           RevocationReason = "CESSATION_OF_OPERATION"
	RevocationReason_PRIVILEGE_WITHDRAWN              RevocationReason = "PRIVILEGE_WITHDRAWN"
	RevocationReason_A_A_COMPROMISE                   RevocationReason = "A_A_COMPROMISE"
)

type S3ObjectACL

type S3ObjectACL string
const (
	S3ObjectACL_PUBLIC_READ               S3ObjectACL = "PUBLIC_READ"
	S3ObjectACL_BUCKET_OWNER_FULL_CONTROL S3ObjectACL = "BUCKET_OWNER_FULL_CONTROL"
)

type SigningAlgorithm

type SigningAlgorithm string
const (
	SigningAlgorithm_SHA256WITHECDSA SigningAlgorithm = "SHA256WITHECDSA"
	SigningAlgorithm_SHA384WITHECDSA SigningAlgorithm = "SHA384WITHECDSA"
	SigningAlgorithm_SHA512WITHECDSA SigningAlgorithm = "SHA512WITHECDSA"
	SigningAlgorithm_SHA256WITHRSA   SigningAlgorithm = "SHA256WITHRSA"
	SigningAlgorithm_SHA384WITHRSA   SigningAlgorithm = "SHA384WITHRSA"
	SigningAlgorithm_SHA512WITHRSA   SigningAlgorithm = "SHA512WITHRSA"
)

type Tag

type Tag struct {
	Key   *string `json:"key,omitempty"`
	Value *string `json:"value,omitempty"`
}

Tags are labels that you can use to identify and organize your private CAs. Each tag consists of a key and an optional value. You can associate up to 50 tags with a private CA. To add one or more tags to a private CA, call the TagCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html) action. To remove a tag, call the UntagCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html) action.

func (*Tag) DeepCopy

func (in *Tag) DeepCopy() *Tag

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.

func (*Tag) DeepCopyInto

func (in *Tag) DeepCopyInto(out *Tag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Validity added in v0.0.3

type Validity struct {
	Type  *string `json:"type,omitempty"`
	Value *int64  `json:"value,omitempty"`
}

Validity specifies the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the validity of a certificate starts or expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) in RFC 5280.

Amazon Web Services Private CA API consumes the Validity data type differently in two distinct parameters of the IssueCertificate action. The required parameter IssueCertificate:Validity specifies the end of a certificate's validity period. The optional parameter IssueCertificate:ValidityNotBefore specifies a customized starting time for the validity period.

func (*Validity) DeepCopy added in v0.0.3

func (in *Validity) DeepCopy() *Validity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validity.

func (*Validity) DeepCopyInto added in v0.0.3

func (in *Validity) DeepCopyInto(out *Validity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValidityPeriodType

type ValidityPeriodType string
const (
	ValidityPeriodType_END_DATE ValidityPeriodType = "END_DATE"
	ValidityPeriodType_ABSOLUTE ValidityPeriodType = "ABSOLUTE"
	ValidityPeriodType_DAYS     ValidityPeriodType = "DAYS"
	ValidityPeriodType_MONTHS   ValidityPeriodType = "MONTHS"
	ValidityPeriodType_YEARS    ValidityPeriodType = "YEARS"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL