Documentation ¶
Overview ¶
+k8s:deepcopy-gen=package Package v1alpha1 is the v1alpha1 version of the acmpca.services.k8s.aws API. +groupName=acmpca.services.k8s.aws
Index ¶
- Variables
- type APIPassthrough
- type ASN1Subject
- type AccessDescription
- type AccessMethod
- type AccessMethodType
- type ActionType
- type AuditReportResponseFormat
- type AuditReportStatus
- type CRLConfiguration
- type CSRExtensions
- type Certificate
- type CertificateAuthority
- type CertificateAuthorityActivation
- type CertificateAuthorityActivationList
- type CertificateAuthorityActivationSpec
- type CertificateAuthorityActivationStatus
- type CertificateAuthorityConfiguration
- type CertificateAuthorityList
- type CertificateAuthoritySpec
- type CertificateAuthorityStatus
- type CertificateAuthorityStatus_SDK
- type CertificateAuthorityType
- type CertificateAuthorityUsageMode
- type CertificateAuthority_SDK
- type CertificateList
- type CertificateSpec
- type CertificateStatus
- type CustomAttribute
- type CustomExtension
- type EDIPartyName
- type ExtendedKeyUsage
- type ExtendedKeyUsageType
- type Extensions
- type FailureReason
- type GeneralName
- type KeyAlgorithm
- type KeyStorageSecurityStandard
- type KeyUsage
- type OCSPConfiguration
- type OtherName
- type Permission
- type PolicyInformation
- type PolicyQualifierID
- type PolicyQualifierInfo
- type Qualifier
- type ResourceOwner
- type RevocationConfiguration
- type RevocationReason
- type S3ObjectACL
- type SigningAlgorithm
- type Tag
- type Validity
- type ValidityPeriodType
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is the API Group Version used to register the objects GroupVersion = schema.GroupVersion{Group: "acmpca.services.k8s.aws", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type APIPassthrough ¶
type APIPassthrough struct { // Contains X.509 extension information for a certificate. Extensions *Extensions `json:"extensions,omitempty"` // Contains information about the certificate subject. The Subject field in // the certificate identifies the entity that owns or controls the public key // in the certificate. The entity can be a user, computer, device, or service. // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence // of relative distinguished names (RDNs). The RDNs are separated by commas // in the certificate. Subject *ASN1Subject `json:"subject,omitempty"` }
Contains X.509 certificate information to be placed in an issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
If conflicting or duplicate certificate information is supplied from other sources, Amazon Web Services Private CA applies order of operation rules (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used.
func (*APIPassthrough) DeepCopy ¶
func (in *APIPassthrough) DeepCopy() *APIPassthrough
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIPassthrough.
func (*APIPassthrough) DeepCopyInto ¶
func (in *APIPassthrough) DeepCopyInto(out *APIPassthrough)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ASN1Subject ¶
type ASN1Subject struct { CommonName *string `json:"commonName,omitempty"` Country *string `json:"country,omitempty"` CustomAttributes []*CustomAttribute `json:"customAttributes,omitempty"` DistinguishedNameQualifier *string `json:"distinguishedNameQualifier,omitempty"` GenerationQualifier *string `json:"generationQualifier,omitempty"` GivenName *string `json:"givenName,omitempty"` Initials *string `json:"initials,omitempty"` Locality *string `json:"locality,omitempty"` Organization *string `json:"organization,omitempty"` OrganizationalUnit *string `json:"organizationalUnit,omitempty"` Pseudonym *string `json:"pseudonym,omitempty"` SerialNumber *string `json:"serialNumber,omitempty"` State *string `json:"state,omitempty"` Surname *string `json:"surname,omitempty"` Title *string `json:"title,omitempty"` }
Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
func (*ASN1Subject) DeepCopy ¶
func (in *ASN1Subject) DeepCopy() *ASN1Subject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ASN1Subject.
func (*ASN1Subject) DeepCopyInto ¶
func (in *ASN1Subject) DeepCopyInto(out *ASN1Subject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessDescription ¶
type AccessDescription struct { // Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280). // Only one of the following naming options should be provided. Providing more // than one option results in an InvalidArgsException error. AccessLocation *GeneralName `json:"accessLocation,omitempty"` // Describes the type and format of extension access. Only one of CustomObjectIdentifier // or AccessMethodType may be provided. Providing both results in InvalidArgsException. AccessMethod *AccessMethod `json:"accessMethod,omitempty"` }
Provides access information used by the authorityInfoAccess and subjectInfoAccess extensions described in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280).
func (*AccessDescription) DeepCopy ¶
func (in *AccessDescription) DeepCopy() *AccessDescription
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessDescription.
func (*AccessDescription) DeepCopyInto ¶
func (in *AccessDescription) DeepCopyInto(out *AccessDescription)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessMethod ¶
type AccessMethod struct { AccessMethodType *string `json:"accessMethodType,omitempty"` CustomObjectIdentifier *string `json:"customObjectIdentifier,omitempty"` }
Describes the type and format of extension access. Only one of CustomObjectIdentifier or AccessMethodType may be provided. Providing both results in InvalidArgsException.
func (*AccessMethod) DeepCopy ¶
func (in *AccessMethod) DeepCopy() *AccessMethod
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessMethod.
func (*AccessMethod) DeepCopyInto ¶
func (in *AccessMethod) DeepCopyInto(out *AccessMethod)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessMethodType ¶
type AccessMethodType string
const ( AccessMethodType_CA_REPOSITORY AccessMethodType = "CA_REPOSITORY" AccessMethodType_RESOURCE_PKI_MANIFEST AccessMethodType = "RESOURCE_PKI_MANIFEST" AccessMethodType_RESOURCE_PKI_NOTIFY AccessMethodType = "RESOURCE_PKI_NOTIFY" )
type ActionType ¶
type ActionType string
const ( ActionType_IssueCertificate ActionType = "IssueCertificate" ActionType_GetCertificate ActionType = "GetCertificate" ActionType_ListPermissions ActionType = "ListPermissions" )
type AuditReportResponseFormat ¶
type AuditReportResponseFormat string
const ( AuditReportResponseFormat_JSON AuditReportResponseFormat = "JSON" AuditReportResponseFormat_CSV AuditReportResponseFormat = "CSV" )
type AuditReportStatus ¶
type AuditReportStatus string
const ( AuditReportStatus_CREATING AuditReportStatus = "CREATING" AuditReportStatus_SUCCESS AuditReportStatus = "SUCCESS" AuditReportStatus_FAILED AuditReportStatus = "FAILED" )
type CRLConfiguration ¶
type CRLConfiguration struct { CustomCNAME *string `json:"customCNAME,omitempty"` Enabled *bool `json:"enabled,omitempty"` ExpirationInDays *int64 `json:"expirationInDays,omitempty"` S3BucketName *string `json:"s3BucketName,omitempty"` S3ObjectACL *string `json:"s3ObjectACL,omitempty"` }
Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the Enabled parameter to true. Your private CA writes CRLs to an S3 bucket that you specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the CustomCname parameter. Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution Points extension of each certificate it issues. Your S3 bucket policy must give write permission to Amazon Web Services Private CA.
Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption).
Your private CA uses the value in the ExpirationInDays parameter to calculate the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's expiration date or when a certificate is revoked. When a certificate is revoked, it appears in the CRL until the certificate expires, and then in one additional CRL after expiration, and it always appears in the audit report.
A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, Amazon Web Services Private CA makes further attempts every 15 minutes.
CRLs contain the following fields:
Version: The current version number defined in RFC 5280 is V2. The integer value is 0x1.
Signature Algorithm: The name of the algorithm used to sign the CRL.
Issuer: The X.500 distinguished name of your private CA that issued the CRL.
Last Update: The issue date and time of this CRL.
Next Update: The day and time by which the next CRL will be issued.
Revoked Certificates: List of revoked certificates. Each list item contains the following information. Serial Number: The serial number, in hexadecimal format, of the revoked certificate. Revocation Date: Date and time the certificate was revoked. CRL Entry Extensions: Optional extensions for the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked.
CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key Identifier: Identifies the public key associated with the private key used to sign the certificate. X509v3 CRL Number:: Decimal sequence number for the CRL.
Signature Algorithm: Algorithm used by your private CA to sign the CRL.
Signature Value: Signature computed over the CRL.
Certificate revocation lists created by Amazon Web Services Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL.
openssl crl -inform DER -text -in crl_path -noout
For more information, see Planning a certificate revocation list (CRL) (https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html) in the Amazon Web Services Private Certificate Authority User Guide
func (*CRLConfiguration) DeepCopy ¶
func (in *CRLConfiguration) DeepCopy() *CRLConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRLConfiguration.
func (*CRLConfiguration) DeepCopyInto ¶
func (in *CRLConfiguration) DeepCopyInto(out *CRLConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CSRExtensions ¶
type CSRExtensions struct { // Defines one or more purposes for which the key contained in the certificate // can be used. Default value for each option is false. KeyUsage *KeyUsage `json:"keyUsage,omitempty"` SubjectInformationAccess []*AccessDescription `json:"subjectInformationAccess,omitempty"` }
Describes the certificate extensions to be added to the certificate signing request (CSR).
func (*CSRExtensions) DeepCopy ¶
func (in *CSRExtensions) DeepCopy() *CSRExtensions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSRExtensions.
func (*CSRExtensions) DeepCopyInto ¶
func (in *CSRExtensions) DeepCopyInto(out *CSRExtensions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Certificate ¶ added in v0.0.3
type Certificate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateSpec `json:"spec,omitempty"` Status CertificateStatus `json:"status,omitempty"` }
Certificate is the Schema for the Certificates API +kubebuilder:object:root=true +kubebuilder:subresource:status
func (*Certificate) DeepCopy ¶ added in v0.0.3
func (in *Certificate) DeepCopy() *Certificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Certificate.
func (*Certificate) DeepCopyInto ¶ added in v0.0.3
func (in *Certificate) DeepCopyInto(out *Certificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Certificate) DeepCopyObject ¶ added in v0.0.3
func (in *Certificate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateAuthority ¶
type CertificateAuthority struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateAuthoritySpec `json:"spec,omitempty"` Status CertificateAuthorityStatus `json:"status,omitempty"` }
CertificateAuthority is the Schema for the CertificateAuthorities API +kubebuilder:object:root=true +kubebuilder:subresource:status
func (*CertificateAuthority) DeepCopy ¶
func (in *CertificateAuthority) DeepCopy() *CertificateAuthority
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthority.
func (*CertificateAuthority) DeepCopyInto ¶
func (in *CertificateAuthority) DeepCopyInto(out *CertificateAuthority)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateAuthority) DeepCopyObject ¶
func (in *CertificateAuthority) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateAuthorityActivation ¶ added in v0.0.4
type CertificateAuthorityActivation struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateAuthorityActivationSpec `json:"spec,omitempty"` Status CertificateAuthorityActivationStatus `json:"status,omitempty"` }
CertificateAuthorityActivation is the Schema for the CertificateAuthorityActivations API +kubebuilder:object:root=true +kubebuilder:subresource:status
func (*CertificateAuthorityActivation) DeepCopy ¶ added in v0.0.4
func (in *CertificateAuthorityActivation) DeepCopy() *CertificateAuthorityActivation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivation.
func (*CertificateAuthorityActivation) DeepCopyInto ¶ added in v0.0.4
func (in *CertificateAuthorityActivation) DeepCopyInto(out *CertificateAuthorityActivation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateAuthorityActivation) DeepCopyObject ¶ added in v0.0.4
func (in *CertificateAuthorityActivation) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateAuthorityActivationList ¶ added in v0.0.4
type CertificateAuthorityActivationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []CertificateAuthorityActivation `json:"items"` }
CertificateAuthorityActivationList contains a list of CertificateAuthorityActivation +kubebuilder:object:root=true
func (*CertificateAuthorityActivationList) DeepCopy ¶ added in v0.0.4
func (in *CertificateAuthorityActivationList) DeepCopy() *CertificateAuthorityActivationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivationList.
func (*CertificateAuthorityActivationList) DeepCopyInto ¶ added in v0.0.4
func (in *CertificateAuthorityActivationList) DeepCopyInto(out *CertificateAuthorityActivationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateAuthorityActivationList) DeepCopyObject ¶ added in v0.0.4
func (in *CertificateAuthorityActivationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateAuthorityActivationSpec ¶ added in v0.0.4
type CertificateAuthorityActivationSpec struct { // +kubebuilder:validation:Required Certificate *ackv1alpha1.SecretKeyReference `json:"certificate"` // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority // (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html). // This must be of the form: // // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 CertificateAuthorityARN *string `json:"certificateAuthorityARN,omitempty"` CertificateAuthorityRef *ackv1alpha1.AWSResourceReferenceWrapper `json:"certificateAuthorityRef,omitempty"` CertificateChain *ackv1alpha1.SecretKeyReference `json:"certificateChain,omitempty"` CompleteCertificateChainOutput *ackv1alpha1.SecretKeyReference `json:"completeCertificateChainOutput,omitempty"` Status *string `json:"status,omitempty"` }
CertificateAuthorityActivationSpec defines the desired state of CertificateAuthorityActivation.
func (*CertificateAuthorityActivationSpec) DeepCopy ¶ added in v0.0.4
func (in *CertificateAuthorityActivationSpec) DeepCopy() *CertificateAuthorityActivationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivationSpec.
func (*CertificateAuthorityActivationSpec) DeepCopyInto ¶ added in v0.0.4
func (in *CertificateAuthorityActivationSpec) DeepCopyInto(out *CertificateAuthorityActivationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateAuthorityActivationStatus ¶ added in v0.0.4
type CertificateAuthorityActivationStatus struct { // All CRs managed by ACK have a common `Status.ACKResourceMetadata` member // that is used to contain resource sync state, account ownership, // constructed ARN for the resource // +kubebuilder:validation:Optional ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` // All CRS managed by ACK have a common `Status.Conditions` member that // contains a collection of `ackv1alpha1.Condition` objects that describe // the various terminal states of the CR and its backend AWS service API // resource // +kubebuilder:validation:Optional Conditions []*ackv1alpha1.Condition `json:"conditions"` }
CertificateAuthorityActivationStatus defines the observed state of CertificateAuthorityActivation
func (*CertificateAuthorityActivationStatus) DeepCopy ¶ added in v0.0.4
func (in *CertificateAuthorityActivationStatus) DeepCopy() *CertificateAuthorityActivationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityActivationStatus.
func (*CertificateAuthorityActivationStatus) DeepCopyInto ¶ added in v0.0.4
func (in *CertificateAuthorityActivationStatus) DeepCopyInto(out *CertificateAuthorityActivationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateAuthorityConfiguration ¶
type CertificateAuthorityConfiguration struct { // Describes the certificate extensions to be added to the certificate signing // request (CSR). CSRExtensions *CSRExtensions `json:"csrExtensions,omitempty"` KeyAlgorithm *string `json:"keyAlgorithm,omitempty"` SigningAlgorithm *string `json:"signingAlgorithm,omitempty"` // Contains information about the certificate subject. The Subject field in // the certificate identifies the entity that owns or controls the public key // in the certificate. The entity can be a user, computer, device, or service. // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence // of relative distinguished names (RDNs). The RDNs are separated by commas // in the certificate. Subject *ASN1Subject `json:"subject,omitempty"` }
Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate. It also includes the signature algorithm that it uses when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) action.
func (*CertificateAuthorityConfiguration) DeepCopy ¶
func (in *CertificateAuthorityConfiguration) DeepCopy() *CertificateAuthorityConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityConfiguration.
func (*CertificateAuthorityConfiguration) DeepCopyInto ¶
func (in *CertificateAuthorityConfiguration) DeepCopyInto(out *CertificateAuthorityConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateAuthorityList ¶
type CertificateAuthorityList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []CertificateAuthority `json:"items"` }
CertificateAuthorityList contains a list of CertificateAuthority +kubebuilder:object:root=true
func (*CertificateAuthorityList) DeepCopy ¶
func (in *CertificateAuthorityList) DeepCopy() *CertificateAuthorityList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityList.
func (*CertificateAuthorityList) DeepCopyInto ¶
func (in *CertificateAuthorityList) DeepCopyInto(out *CertificateAuthorityList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateAuthorityList) DeepCopyObject ¶
func (in *CertificateAuthorityList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateAuthoritySpec ¶
type CertificateAuthoritySpec struct { // Name and bit size of the private key algorithm, the name of the signing algorithm, // and X.500 certificate subject information. // +kubebuilder:validation:Required CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `json:"certificateAuthorityConfiguration"` // Specifies a cryptographic key management compliance standard used for handling // CA keys. // // Default: FIPS_140_2_LEVEL_3_OR_HIGHER // // Some Amazon Web Services Regions do not support the default. When creating // a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the // argument for KeyStorageSecurityStandard. Failure to do this results in an // InvalidArgsException with the message, "A certificate authority cannot be // created in this region with the specified security standard." // // For information about security standard support in various Regions, see Storage // and security compliance of Amazon Web Services Private CA private keys (https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys). KeyStorageSecurityStandard *string `json:"keyStorageSecurityStandard,omitempty"` // Contains information to enable Online Certificate Status Protocol (OCSP) // support, to enable a certificate revocation list (CRL), to enable both, or // to enable neither. The default is for both certificate validation mechanisms // to be disabled. // // The following requirements apply to revocation configurations. // // - A configuration disabling CRLs or OCSP must contain only the Enabled=False // parameter, and will fail if other parameters such as CustomCname or ExpirationInDays // are included. // // - In a CRL configuration, the S3BucketName parameter must conform to Amazon // S3 bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html). // // - A configuration containing a custom Canonical Name (CNAME) parameter // for CRLs or OCSP must conform to RFC2396 (https://www.ietf.org/rfc/rfc2396.txt) // restrictions on the use of special characters in a CNAME. // // - In a CRL or OCSP configuration, the value of a CNAME parameter must // not include a protocol prefix such as "http://" or "https://". // // For more information, see the OcspConfiguration (https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html) // and CrlConfiguration (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html) // types. RevocationConfiguration *RevocationConfiguration `json:"revocationConfiguration,omitempty"` // Key-value pairs that will be attached to the new private CA. You can associate // up to 50 tags with a private CA. For information using tags with IAM to manage // permissions, see Controlling Access Using IAM Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html). Tags []*Tag `json:"tags,omitempty"` // The type of the certificate authority. // +kubebuilder:validation:Required Type *string `json:"type,omitempty"` // Specifies whether the CA issues general-purpose certificates that typically // require a revocation mechanism, or short-lived certificates that may optionally // omit revocation because they expire quickly. Short-lived certificate validity // is limited to seven days. // // The default value is GENERAL_PURPOSE. UsageMode *string `json:"usageMode,omitempty"` }
CertificateAuthoritySpec defines the desired state of CertificateAuthority.
Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) action to create your private CA. You must then call the GetCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) action to import the signed certificate into Certificate Manager (ACM).
func (*CertificateAuthoritySpec) DeepCopy ¶
func (in *CertificateAuthoritySpec) DeepCopy() *CertificateAuthoritySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthoritySpec.
func (*CertificateAuthoritySpec) DeepCopyInto ¶
func (in *CertificateAuthoritySpec) DeepCopyInto(out *CertificateAuthoritySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateAuthorityStatus ¶
type CertificateAuthorityStatus struct { // All CRs managed by ACK have a common `Status.ACKResourceMetadata` member // that is used to contain resource sync state, account ownership, // constructed ARN for the resource // +kubebuilder:validation:Optional ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` // All CRS managed by ACK have a common `Status.Conditions` member that // contains a collection of `ackv1alpha1.Condition` objects that describe // the various terminal states of the CR and its backend AWS service API // resource // +kubebuilder:validation:Optional Conditions []*ackv1alpha1.Condition `json:"conditions"` // The base64 PEM-encoded certificate signing request (CSR) for your private // CA certificate. // +kubebuilder:validation:Optional CertificateSigningRequest *string `json:"certificateSigningRequest,omitempty"` // Date and time at which your private CA was created. // +kubebuilder:validation:Optional CreatedAt *metav1.Time `json:"createdAt,omitempty"` // Reason the request to create your private CA failed. // +kubebuilder:validation:Optional FailureReason *string `json:"failureReason,omitempty"` // Date and time at which your private CA was last updated. // +kubebuilder:validation:Optional LastStateChangeAt *metav1.Time `json:"lastStateChangeAt,omitempty"` // Date and time after which your private CA certificate is not valid. // +kubebuilder:validation:Optional NotAfter *metav1.Time `json:"notAfter,omitempty"` // Date and time before which your private CA certificate is not valid. // +kubebuilder:validation:Optional NotBefore *metav1.Time `json:"notBefore,omitempty"` // The Amazon Web Services account ID that owns the certificate authority. // +kubebuilder:validation:Optional OwnerAccount *string `json:"ownerAccount,omitempty"` // The period during which a deleted CA can be restored. For more information, // see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest // (https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html) // action. // +kubebuilder:validation:Optional RestorableUntil *metav1.Time `json:"restorableUntil,omitempty"` // Serial number of your private CA. // +kubebuilder:validation:Optional Serial *string `json:"serial,omitempty"` // Status of your private CA. // +kubebuilder:validation:Optional Status *string `json:"status,omitempty"` }
CertificateAuthorityStatus defines the observed state of CertificateAuthority
func (*CertificateAuthorityStatus) DeepCopy ¶
func (in *CertificateAuthorityStatus) DeepCopy() *CertificateAuthorityStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityStatus.
func (*CertificateAuthorityStatus) DeepCopyInto ¶
func (in *CertificateAuthorityStatus) DeepCopyInto(out *CertificateAuthorityStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateAuthorityStatus_SDK ¶
type CertificateAuthorityStatus_SDK string
const ( CertificateAuthorityStatus_SDK_CREATING CertificateAuthorityStatus_SDK = "CREATING" CertificateAuthorityStatus_SDK_PENDING_CERTIFICATE CertificateAuthorityStatus_SDK = "PENDING_CERTIFICATE" CertificateAuthorityStatus_SDK_ACTIVE CertificateAuthorityStatus_SDK = "ACTIVE" CertificateAuthorityStatus_SDK_DELETED CertificateAuthorityStatus_SDK = "DELETED" CertificateAuthorityStatus_SDK_DISABLED CertificateAuthorityStatus_SDK = "DISABLED" CertificateAuthorityStatus_SDK_EXPIRED CertificateAuthorityStatus_SDK = "EXPIRED" CertificateAuthorityStatus_SDK_FAILED CertificateAuthorityStatus_SDK = "FAILED" )
type CertificateAuthorityType ¶
type CertificateAuthorityType string
const ( CertificateAuthorityType_ROOT CertificateAuthorityType = "ROOT" CertificateAuthorityType_SUBORDINATE CertificateAuthorityType = "SUBORDINATE" )
type CertificateAuthorityUsageMode ¶
type CertificateAuthorityUsageMode string
const ( CertificateAuthorityUsageMode_GENERAL_PURPOSE CertificateAuthorityUsageMode = "GENERAL_PURPOSE" CertificateAuthorityUsageMode_SHORT_LIVED_CERTIFICATE CertificateAuthorityUsageMode = "SHORT_LIVED_CERTIFICATE" )
type CertificateAuthority_SDK ¶
type CertificateAuthority_SDK struct { ARN *string `json:"arn,omitempty"` // Contains configuration information for your private certificate authority // (CA). This includes information about the class of public key algorithm and // the key pair that your private CA creates when it issues a certificate. It // also includes the signature algorithm that it uses when issuing certificates, // and its X.500 distinguished name. You must specify this information when // you call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) // action. CertificateAuthorityConfiguration *CertificateAuthorityConfiguration `json:"certificateAuthorityConfiguration,omitempty"` CreatedAt *metav1.Time `json:"createdAt,omitempty"` FailureReason *string `json:"failureReason,omitempty"` KeyStorageSecurityStandard *string `json:"keyStorageSecurityStandard,omitempty"` LastStateChangeAt *metav1.Time `json:"lastStateChangeAt,omitempty"` NotAfter *metav1.Time `json:"notAfter,omitempty"` NotBefore *metav1.Time `json:"notBefore,omitempty"` OwnerAccount *string `json:"ownerAccount,omitempty"` RestorableUntil *metav1.Time `json:"restorableUntil,omitempty"` // Certificate revocation information used by the CreateCertificateAuthority // (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) // and UpdateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) // actions. Your private certificate authority (CA) can configure Online Certificate // Status Protocol (OCSP) support and/or maintain a certificate revocation list // (CRL). OCSP returns validation information about certificates as requested // by clients, and a CRL contains an updated list of certificates revoked by // your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) // and Setting up a certificate revocation method (https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) // in the Amazon Web Services Private Certificate Authority User Guide. RevocationConfiguration *RevocationConfiguration `json:"revocationConfiguration,omitempty"` Serial *string `json:"serial,omitempty"` Status *string `json:"status,omitempty"` Type *string `json:"type_,omitempty"` UsageMode *string `json:"usageMode,omitempty"` }
Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) action to create your private CA. You must then call the GetCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html) action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) action to import the signed certificate into Certificate Manager (ACM).
func (*CertificateAuthority_SDK) DeepCopy ¶
func (in *CertificateAuthority_SDK) DeepCopy() *CertificateAuthority_SDK
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthority_SDK.
func (*CertificateAuthority_SDK) DeepCopyInto ¶
func (in *CertificateAuthority_SDK) DeepCopyInto(out *CertificateAuthority_SDK)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateList ¶ added in v0.0.3
type CertificateList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Certificate `json:"items"` }
CertificateList contains a list of Certificate +kubebuilder:object:root=true
func (*CertificateList) DeepCopy ¶ added in v0.0.3
func (in *CertificateList) DeepCopy() *CertificateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateList.
func (*CertificateList) DeepCopyInto ¶ added in v0.0.3
func (in *CertificateList) DeepCopyInto(out *CertificateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CertificateList) DeepCopyObject ¶ added in v0.0.3
func (in *CertificateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type CertificateSpec ¶ added in v0.0.3
type CertificateSpec struct { // Specifies X.509 certificate information to be included in the issued certificate. // An APIPassthrough or APICSRPassthrough template variant must be selected, // or else this parameter is ignored. For more information about using these // templates, see Understanding Certificate Templates (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html). // // If conflicting or duplicate certificate information is supplied during certificate // issuance, Amazon Web Services Private CA applies order of operation rules // (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) // to determine what information is used. APIPassthrough *APIPassthrough `json:"apiPassthrough,omitempty"` // The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority // (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html). // This must be of the form: // // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 CertificateAuthorityARN *string `json:"certificateAuthorityARN,omitempty"` CertificateAuthorityRef *ackv1alpha1.AWSResourceReferenceWrapper `json:"certificateAuthorityRef,omitempty"` CertificateOutput *ackv1alpha1.SecretKeyReference `json:"certificateOutput,omitempty"` CertificateSigningRequest *string `json:"certificateSigningRequest,omitempty"` CertificateSigningRequestRef *ackv1alpha1.AWSResourceReferenceWrapper `json:"certificateSigningRequestRef,omitempty"` // The name of the algorithm that will be used to sign the certificate to be // issued. // // This parameter should not be confused with the SigningAlgorithm parameter // used to sign a CSR in the CreateCertificateAuthority action. // // The specified signing algorithm family (RSA or ECDSA) must match the algorithm // family of the CA's secret key. // +kubebuilder:validation:Required SigningAlgorithm *string `json:"signingAlgorithm"` // Specifies a custom configuration template to use when issuing a certificate. // If this parameter is not provided, Amazon Web Services Private CA defaults // to the EndEntityCertificate/V1 template. For CA certificates, you should // choose the shortest path length that meets your needs. The path length is // indicated by the PathLenN portion of the ARN, where N is the CA depth (https://docs.aws.amazon.com/privateca/latest/userguide/PcaTerms.html#terms-cadepth). // // Note: The CA depth configured on a subordinate CA certificate must not exceed // the limit set by its parents in the CA hierarchy. // // For a list of TemplateArn values supported by Amazon Web Services Private // CA, see Understanding Certificate Templates (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html). TemplateARN *string `json:"templateARN,omitempty"` // Information describing the end of the validity period of the certificate. // This parameter sets the “Not After” date for the certificate. // // Certificate validity is the period of time during which a certificate is // valid. Validity can be expressed as an explicit date and time when the certificate // expires, or as a span of time after issuance, stated in days, months, or // years. For more information, see Validity (https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5) // in RFC 5280. // // This value is unaffected when ValidityNotBefore is also specified. For example, // if Validity is set to 20 days in the future, the certificate will expire // 20 days from issuance time regardless of the ValidityNotBefore value. // // The end of the validity period configured on a certificate must not exceed // the limit set on its parents in the CA hierarchy. // +kubebuilder:validation:Required Validity *Validity `json:"validity"` // Information describing the start of the validity period of the certificate. // This parameter sets the “Not Before" date for the certificate. // // By default, when issuing a certificate, Amazon Web Services Private CA sets // the "Not Before" date to the issuance time minus 60 minutes. This compensates // for clock inconsistencies across computer systems. The ValidityNotBefore // parameter can be used to customize the “Not Before” value. // // Unlike the Validity parameter, the ValidityNotBefore parameter is optional. // // The ValidityNotBefore value is expressed as an explicit date and time, using // the Validity type value ABSOLUTE. For more information, see Validity (https://docs.aws.amazon.com/privateca/latest/APIReference/API_Validity.html) // in this API reference and Validity (https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5) // in RFC 5280. ValidityNotBefore *Validity `json:"validityNotBefore,omitempty"` }
CertificateSpec defines the desired state of Certificate.
func (*CertificateSpec) DeepCopy ¶ added in v0.0.3
func (in *CertificateSpec) DeepCopy() *CertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (*CertificateSpec) DeepCopyInto ¶ added in v0.0.3
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateStatus ¶ added in v0.0.3
type CertificateStatus struct { // All CRs managed by ACK have a common `Status.ACKResourceMetadata` member // that is used to contain resource sync state, account ownership, // constructed ARN for the resource // +kubebuilder:validation:Optional ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"` // All CRS managed by ACK have a common `Status.Conditions` member that // contains a collection of `ackv1alpha1.Condition` objects that describe // the various terminal states of the CR and its backend AWS service API // resource // +kubebuilder:validation:Optional Conditions []*ackv1alpha1.Condition `json:"conditions"` }
CertificateStatus defines the observed state of Certificate
func (*CertificateStatus) DeepCopy ¶ added in v0.0.3
func (in *CertificateStatus) DeepCopy() *CertificateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateStatus.
func (*CertificateStatus) DeepCopyInto ¶ added in v0.0.3
func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomAttribute ¶
type CustomAttribute struct { ObjectIdentifier *string `json:"objectIdentifier,omitempty"` Value *string `json:"value,omitempty"` }
Defines the X.500 relative distinguished name (RDN).
func (*CustomAttribute) DeepCopy ¶
func (in *CustomAttribute) DeepCopy() *CustomAttribute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomAttribute.
func (*CustomAttribute) DeepCopyInto ¶
func (in *CustomAttribute) DeepCopyInto(out *CustomAttribute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomExtension ¶
type CustomExtension struct { Critical *bool `json:"critical,omitempty"` ObjectIdentifier *string `json:"objectIdentifier,omitempty"` Value *string `json:"value,omitempty"` }
Specifies the X.509 extension information for a certificate.
Extensions present in CustomExtensions follow the ApiPassthrough template rules (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).
func (*CustomExtension) DeepCopy ¶
func (in *CustomExtension) DeepCopy() *CustomExtension
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomExtension.
func (*CustomExtension) DeepCopyInto ¶
func (in *CustomExtension) DeepCopyInto(out *CustomExtension)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EDIPartyName ¶
type EDIPartyName struct { NameAssigner *string `json:"nameAssigner,omitempty"` PartyName *string `json:"partyName,omitempty"` }
Describes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name (https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
func (*EDIPartyName) DeepCopy ¶
func (in *EDIPartyName) DeepCopy() *EDIPartyName
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EDIPartyName.
func (*EDIPartyName) DeepCopyInto ¶
func (in *EDIPartyName) DeepCopyInto(out *EDIPartyName)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtendedKeyUsage ¶
type ExtendedKeyUsage struct { ExtendedKeyUsageObjectIdentifier *string `json:"extendedKeyUsageObjectIdentifier,omitempty"` ExtendedKeyUsageType *string `json:"extendedKeyUsageType,omitempty"` }
Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
func (*ExtendedKeyUsage) DeepCopy ¶
func (in *ExtendedKeyUsage) DeepCopy() *ExtendedKeyUsage
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtendedKeyUsage.
func (*ExtendedKeyUsage) DeepCopyInto ¶
func (in *ExtendedKeyUsage) DeepCopyInto(out *ExtendedKeyUsage)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtendedKeyUsageType ¶
type ExtendedKeyUsageType string
const ( ExtendedKeyUsageType_SERVER_AUTH ExtendedKeyUsageType = "SERVER_AUTH" ExtendedKeyUsageType_CLIENT_AUTH ExtendedKeyUsageType = "CLIENT_AUTH" ExtendedKeyUsageType_CODE_SIGNING ExtendedKeyUsageType = "CODE_SIGNING" ExtendedKeyUsageType_EMAIL_PROTECTION ExtendedKeyUsageType = "EMAIL_PROTECTION" ExtendedKeyUsageType_TIME_STAMPING ExtendedKeyUsageType = "TIME_STAMPING" ExtendedKeyUsageType_OCSP_SIGNING ExtendedKeyUsageType = "OCSP_SIGNING" ExtendedKeyUsageType_SMART_CARD_LOGIN ExtendedKeyUsageType = "SMART_CARD_LOGIN" ExtendedKeyUsageType_DOCUMENT_SIGNING ExtendedKeyUsageType = "DOCUMENT_SIGNING" ExtendedKeyUsageType_CERTIFICATE_TRANSPARENCY ExtendedKeyUsageType = "CERTIFICATE_TRANSPARENCY" )
type Extensions ¶
type Extensions struct { CertificatePolicies []*PolicyInformation `json:"certificatePolicies,omitempty"` CustomExtensions []*CustomExtension `json:"customExtensions,omitempty"` ExtendedKeyUsage []*ExtendedKeyUsage `json:"extendedKeyUsage,omitempty"` // Defines one or more purposes for which the key contained in the certificate // can be used. Default value for each option is false. KeyUsage *KeyUsage `json:"keyUsage,omitempty"` SubjectAlternativeNames []*GeneralName `json:"subjectAlternativeNames,omitempty"` }
Contains X.509 extension information for a certificate.
func (*Extensions) DeepCopy ¶
func (in *Extensions) DeepCopy() *Extensions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Extensions.
func (*Extensions) DeepCopyInto ¶
func (in *Extensions) DeepCopyInto(out *Extensions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FailureReason ¶
type FailureReason string
const ( FailureReason_REQUEST_TIMED_OUT FailureReason = "REQUEST_TIMED_OUT" FailureReason_UNSUPPORTED_ALGORITHM FailureReason = "UNSUPPORTED_ALGORITHM" FailureReason_OTHER FailureReason = "OTHER" )
type GeneralName ¶
type GeneralName struct { // Contains information about the certificate subject. The Subject field in // the certificate identifies the entity that owns or controls the public key // in the certificate. The entity can be a user, computer, device, or service. // The Subject must contain an X.500 distinguished name (DN). A DN is a sequence // of relative distinguished names (RDNs). The RDNs are separated by commas // in the certificate. DirectoryName *ASN1Subject `json:"directoryName,omitempty"` DNSName *string `json:"dnsName,omitempty"` // Describes an Electronic Data Interchange (EDI) entity as described in as // defined in Subject Alternative Name (https://datatracker.ietf.org/doc/html/rfc5280) // in RFC 5280. EDIPartyName *EDIPartyName `json:"ediPartyName,omitempty"` IPAddress *string `json:"ipAddress,omitempty"` // Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) // and value. The OID must satisfy the regular expression shown below. For more // information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier). OtherName *OtherName `json:"otherName,omitempty"` RegisteredID *string `json:"registeredID,omitempty"` RFC822Name *string `json:"rfc822Name,omitempty"` UniformResourceIdentifier *string `json:"uniformResourceIdentifier,omitempty"` }
Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280). Only one of the following naming options should be provided. Providing more than one option results in an InvalidArgsException error.
func (*GeneralName) DeepCopy ¶
func (in *GeneralName) DeepCopy() *GeneralName
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GeneralName.
func (*GeneralName) DeepCopyInto ¶
func (in *GeneralName) DeepCopyInto(out *GeneralName)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyAlgorithm ¶
type KeyAlgorithm string
const ( KeyAlgorithm_RSA_2048 KeyAlgorithm = "RSA_2048" KeyAlgorithm_RSA_4096 KeyAlgorithm = "RSA_4096" KeyAlgorithm_EC_prime256v1 KeyAlgorithm = "EC_prime256v1" KeyAlgorithm_EC_secp384r1 KeyAlgorithm = "EC_secp384r1" )
type KeyStorageSecurityStandard ¶
type KeyStorageSecurityStandard string
const ( KeyStorageSecurityStandard_FIPS_140_2_LEVEL_2_OR_HIGHER KeyStorageSecurityStandard = "FIPS_140_2_LEVEL_2_OR_HIGHER" KeyStorageSecurityStandard_FIPS_140_2_LEVEL_3_OR_HIGHER KeyStorageSecurityStandard = "FIPS_140_2_LEVEL_3_OR_HIGHER" )
type KeyUsage ¶
type KeyUsage struct { CRLSign *bool `json:"crlSign,omitempty"` DataEncipherment *bool `json:"dataEncipherment,omitempty"` DecipherOnly *bool `json:"decipherOnly,omitempty"` DigitalSignature *bool `json:"digitalSignature,omitempty"` EncipherOnly *bool `json:"encipherOnly,omitempty"` KeyAgreement *bool `json:"keyAgreement,omitempty"` KeyCertSign *bool `json:"keyCertSign,omitempty"` KeyEncipherment *bool `json:"keyEncipherment,omitempty"` NonRepudiation *bool `json:"nonRepudiation,omitempty"` }
Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
func (*KeyUsage) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyUsage.
func (*KeyUsage) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OCSPConfiguration ¶
type OCSPConfiguration struct { Enabled *bool `json:"enabled,omitempty"` OCSPCustomCNAME *string `json:"ocspCustomCNAME,omitempty"` }
Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.
func (*OCSPConfiguration) DeepCopy ¶
func (in *OCSPConfiguration) DeepCopy() *OCSPConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCSPConfiguration.
func (*OCSPConfiguration) DeepCopyInto ¶
func (in *OCSPConfiguration) DeepCopyInto(out *OCSPConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OtherName ¶
type OtherName struct { TypeID *string `json:"typeID,omitempty"` Value *string `json:"value,omitempty"` }
Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier).
func (*OtherName) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OtherName.
func (*OtherName) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Permission ¶
type Permission struct { CertificateAuthorityARN *string `json:"certificateAuthorityARN,omitempty"` CreatedAt *metav1.Time `json:"createdAt,omitempty"` SourceAccount *string `json:"sourceAccount,omitempty"` }
Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html) action, removed with the DeletePermission (https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html) action, and listed with the ListPermissions (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html) action.
func (*Permission) DeepCopy ¶
func (in *Permission) DeepCopy() *Permission
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Permission.
func (*Permission) DeepCopyInto ¶
func (in *Permission) DeepCopyInto(out *Permission)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyInformation ¶
type PolicyInformation struct { CertPolicyID *string `json:"certPolicyID,omitempty"` PolicyQualifiers []*PolicyQualifierInfo `json:"policyQualifiers,omitempty"` }
Defines the X.509 CertificatePolicies extension.
func (*PolicyInformation) DeepCopy ¶
func (in *PolicyInformation) DeepCopy() *PolicyInformation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyInformation.
func (*PolicyInformation) DeepCopyInto ¶
func (in *PolicyInformation) DeepCopyInto(out *PolicyInformation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyQualifierID ¶
type PolicyQualifierID string
const (
PolicyQualifierID_CPS PolicyQualifierID = "CPS"
)
type PolicyQualifierInfo ¶ added in v0.0.3
type PolicyQualifierInfo struct { PolicyQualifierID *string `json:"policyQualifierID,omitempty"` // Defines a PolicyInformation qualifier. Amazon Web Services Private CA supports // the certification practice statement (CPS) qualifier (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) // defined in RFC 5280. Qualifier *Qualifier `json:"qualifier,omitempty"` }
Modifies the CertPolicyId of a PolicyInformation object with a qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifier.
func (*PolicyQualifierInfo) DeepCopy ¶ added in v0.0.3
func (in *PolicyQualifierInfo) DeepCopy() *PolicyQualifierInfo
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyQualifierInfo.
func (*PolicyQualifierInfo) DeepCopyInto ¶ added in v0.0.3
func (in *PolicyQualifierInfo) DeepCopyInto(out *PolicyQualifierInfo)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Qualifier ¶
type Qualifier struct {
CPSURI *string `json:"cpsURI,omitempty"`
}
Defines a PolicyInformation qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifier (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) defined in RFC 5280.
func (*Qualifier) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Qualifier.
func (*Qualifier) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceOwner ¶
type ResourceOwner string
const ( ResourceOwner_SELF ResourceOwner = "SELF" ResourceOwner_OTHER_ACCOUNTS ResourceOwner = "OTHER_ACCOUNTS" )
type RevocationConfiguration ¶
type RevocationConfiguration struct { // Contains configuration information for a certificate revocation list (CRL). // Your private certificate authority (CA) creates base CRLs. Delta CRLs are // not supported. You can enable CRLs for your new or an existing private CA // by setting the Enabled parameter to true. Your private CA writes CRLs to // an S3 bucket that you specify in the S3BucketName parameter. You can hide // the name of your bucket by specifying a value for the CustomCname parameter. // Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution // Points extension of each certificate it issues. Your S3 bucket policy must // give write permission to Amazon Web Services Private CA. // // Amazon Web Services Private CA assets that are stored in Amazon S3 can be // protected with encryption. For more information, see Encrypting Your CRLs // (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption). // // Your private CA uses the value in the ExpirationInDays parameter to calculate // the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's // expiration date or when a certificate is revoked. When a certificate is revoked, // it appears in the CRL until the certificate expires, and then in one additional // CRL after expiration, and it always appears in the audit report. // // A CRL is typically updated approximately 30 minutes after a certificate is // revoked. If for any reason a CRL update fails, Amazon Web Services Private // CA makes further attempts every 15 minutes. // // CRLs contain the following fields: // // * Version: The current version number defined in RFC 5280 is V2. The integer // value is 0x1. // // * Signature Algorithm: The name of the algorithm used to sign the CRL. // // * Issuer: The X.500 distinguished name of your private CA that issued // the CRL. // // * Last Update: The issue date and time of this CRL. // // * Next Update: The day and time by which the next CRL will be issued. // // * Revoked Certificates: List of revoked certificates. Each list item contains // the following information. Serial Number: The serial number, in hexadecimal // format, of the revoked certificate. Revocation Date: Date and time the // certificate was revoked. CRL Entry Extensions: Optional extensions for // the CRL entry. X509v3 CRL Reason Code: Reason the certificate was revoked. // // * CRL Extensions: Optional extensions for the CRL. X509v3 Authority Key // Identifier: Identifies the public key associated with the private key // used to sign the certificate. X509v3 CRL Number:: Decimal sequence number // for the CRL. // // * Signature Algorithm: Algorithm used by your private CA to sign the CRL. // // * Signature Value: Signature computed over the CRL. // // Certificate revocation lists created by Amazon Web Services Private CA are // DER-encoded. You can use the following OpenSSL command to list a CRL. // // openssl crl -inform DER -text -in crl_path -noout // // For more information, see Planning a certificate revocation list (CRL) (https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html) // in the Amazon Web Services Private Certificate Authority User Guide CRLConfiguration *CRLConfiguration `json:"crlConfiguration,omitempty"` // Contains information to enable and configure Online Certificate Status Protocol // (OCSP) for validating certificate revocation status. // // When you revoke a certificate, OCSP responses may take up to 60 minutes to // reflect the new status. OCSPConfiguration *OCSPConfiguration `json:"ocspConfiguration,omitempty"` }
Certificate revocation information used by the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and UpdateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) and Setting up a certificate revocation method (https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the Amazon Web Services Private Certificate Authority User Guide.
func (*RevocationConfiguration) DeepCopy ¶
func (in *RevocationConfiguration) DeepCopy() *RevocationConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RevocationConfiguration.
func (*RevocationConfiguration) DeepCopyInto ¶
func (in *RevocationConfiguration) DeepCopyInto(out *RevocationConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RevocationReason ¶
type RevocationReason string
const ( RevocationReason_UNSPECIFIED RevocationReason = "UNSPECIFIED" RevocationReason_KEY_COMPROMISE RevocationReason = "KEY_COMPROMISE" RevocationReason_CERTIFICATE_AUTHORITY_COMPROMISE RevocationReason = "CERTIFICATE_AUTHORITY_COMPROMISE" RevocationReason_AFFILIATION_CHANGED RevocationReason = "AFFILIATION_CHANGED" RevocationReason_SUPERSEDED RevocationReason = "SUPERSEDED" RevocationReason_CESSATION_OF_OPERATION RevocationReason = "CESSATION_OF_OPERATION" RevocationReason_PRIVILEGE_WITHDRAWN RevocationReason = "PRIVILEGE_WITHDRAWN" RevocationReason_A_A_COMPROMISE RevocationReason = "A_A_COMPROMISE" )
type S3ObjectACL ¶
type S3ObjectACL string
const ( S3ObjectACL_PUBLIC_READ S3ObjectACL = "PUBLIC_READ" S3ObjectACL_BUCKET_OWNER_FULL_CONTROL S3ObjectACL = "BUCKET_OWNER_FULL_CONTROL" )
type SigningAlgorithm ¶
type SigningAlgorithm string
const ( SigningAlgorithm_SHA256WITHECDSA SigningAlgorithm = "SHA256WITHECDSA" SigningAlgorithm_SHA384WITHECDSA SigningAlgorithm = "SHA384WITHECDSA" SigningAlgorithm_SHA512WITHECDSA SigningAlgorithm = "SHA512WITHECDSA" SigningAlgorithm_SHA256WITHRSA SigningAlgorithm = "SHA256WITHRSA" SigningAlgorithm_SHA384WITHRSA SigningAlgorithm = "SHA384WITHRSA" SigningAlgorithm_SHA512WITHRSA SigningAlgorithm = "SHA512WITHRSA" )
type Tag ¶
Tags are labels that you can use to identify and organize your private CAs. Each tag consists of a key and an optional value. You can associate up to 50 tags with a private CA. To add one or more tags to a private CA, call the TagCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html) action. To remove a tag, call the UntagCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html) action.
func (*Tag) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.
func (*Tag) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Validity ¶ added in v0.0.3
Validity specifies the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the validity of a certificate starts or expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5) in RFC 5280.
Amazon Web Services Private CA API consumes the Validity data type differently in two distinct parameters of the IssueCertificate action. The required parameter IssueCertificate:Validity specifies the end of a certificate's validity period. The optional parameter IssueCertificate:ValidityNotBefore specifies a customized starting time for the validity period.
func (*Validity) DeepCopy ¶ added in v0.0.3
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validity.
func (*Validity) DeepCopyInto ¶ added in v0.0.3
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ValidityPeriodType ¶
type ValidityPeriodType string
const ( ValidityPeriodType_END_DATE ValidityPeriodType = "END_DATE" ValidityPeriodType_ABSOLUTE ValidityPeriodType = "ABSOLUTE" ValidityPeriodType_DAYS ValidityPeriodType = "DAYS" ValidityPeriodType_MONTHS ValidityPeriodType = "MONTHS" ValidityPeriodType_YEARS ValidityPeriodType = "YEARS" )