rolesanywhere

package module
v1.16.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2024 License: Apache-2.0 Imports: 43 Imported by: 15

Documentation

Overview

Package rolesanywhere provides the API client, operations, and parameter types for IAM Roles Anywhere.

Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon Web Services to obtain temporary Amazon Web Services credentials. Your workloads can use the same IAM policies and roles you have for native Amazon Web Services applications to access Amazon Web Services resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon Web Services.

To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.

This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.

Index

Constants

View Source 
const ServiceAPIVersion = "2018-05-10"
View Source 
const ServiceID = "RolesAnywhere"

Variables

This section is empty.

Functions

func NewDefaultEndpointResolver 

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

func WithAPIOptions 

func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)

WithAPIOptions returns a functional option for setting the Client's APIOptions option.

func WithEndpointResolver deprecated 

func WithEndpointResolver(v EndpointResolver) func(*Options)

Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for this field will likely prevent you from using any endpoint-related service features released after the introduction of EndpointResolverV2 and BaseEndpoint.

To migrate an EndpointResolver implementation that uses a custom endpoint, set the client option BaseEndpoint instead.

func WithEndpointResolverV2 added in v1.3.0 

func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)

WithEndpointResolverV2 returns a functional option for setting the Client's EndpointResolverV2 option.

func WithSigV4SigningName added in v1.5.2 

func WithSigV4SigningName(name string) func(*Options)

WithSigV4SigningName applies an override to the authentication workflow to use the given signing name for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing name from both auth scheme resolution and endpoint resolution.

func WithSigV4SigningRegion added in v1.5.2 

func WithSigV4SigningRegion(region string) func(*Options)

WithSigV4SigningRegion applies an override to the authentication workflow to use the given signing region for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing region from both auth scheme resolution and endpoint resolution.

Types

type AuthResolverParameters added in v1.5.2 

type AuthResolverParameters struct {
	// The name of the operation being invoked.
	Operation string

	// The region in which the operation is being invoked.
	Region string
}

AuthResolverParameters contains the set of inputs necessary for auth scheme resolution.

type AuthSchemeResolver added in v1.5.2 

type AuthSchemeResolver interface {
	ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}

AuthSchemeResolver returns a set of possible authentication options for an operation.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client provides the API client to make operations call for IAM Roles Anywhere.

func New 

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig 

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) CreateProfile 

func (c *Client) CreateProfile(ctx context.Context, params *CreateProfileInput, optFns ...func(*Options)) (*CreateProfileOutput, error)

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile .

func (*Client) CreateTrustAnchor 

func (c *Client) CreateTrustAnchor(ctx context.Context, params *CreateTrustAnchorInput, optFns ...func(*Options)) (*CreateTrustAnchorOutput, error)

Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

Required permissions: rolesanywhere:CreateTrustAnchor .

func (*Client) DeleteAttributeMapping added in v1.11.0 

func (c *Client) DeleteAttributeMapping(ctx context.Context, params *DeleteAttributeMappingInput, optFns ...func(*Options)) (*DeleteAttributeMappingOutput, error)

Delete an entry from the attribute mapping rules enforced by a given profile.

func (*Client) DeleteCrl 

func (c *Client) DeleteCrl(ctx context.Context, params *DeleteCrlInput, optFns ...func(*Options)) (*DeleteCrlOutput, error)

Deletes a certificate revocation list (CRL).

Required permissions: rolesanywhere:DeleteCrl .

func (*Client) DeleteProfile 

func (c *Client) DeleteProfile(ctx context.Context, params *DeleteProfileInput, optFns ...func(*Options)) (*DeleteProfileOutput, error)

Deletes a profile.

Required permissions: rolesanywhere:DeleteProfile .

func (*Client) DeleteTrustAnchor 

func (c *Client) DeleteTrustAnchor(ctx context.Context, params *DeleteTrustAnchorInput, optFns ...func(*Options)) (*DeleteTrustAnchorOutput, error)

Deletes a trust anchor.

Required permissions: rolesanywhere:DeleteTrustAnchor .

func (*Client) DisableCrl 

func (c *Client) DisableCrl(ctx context.Context, params *DisableCrlInput, optFns ...func(*Options)) (*DisableCrlOutput, error)

Disables a certificate revocation list (CRL).

Required permissions: rolesanywhere:DisableCrl .

func (*Client) DisableProfile 

func (c *Client) DisableProfile(ctx context.Context, params *DisableProfileInput, optFns ...func(*Options)) (*DisableProfileOutput, error)

Disables a profile. When disabled, temporary credential requests with this profile fail.

Required permissions: rolesanywhere:DisableProfile .

func (*Client) DisableTrustAnchor 

func (c *Client) DisableTrustAnchor(ctx context.Context, params *DisableTrustAnchorInput, optFns ...func(*Options)) (*DisableTrustAnchorOutput, error)

Disables a trust anchor. When disabled, temporary credential requests specifying this trust anchor are unauthorized.

Required permissions: rolesanywhere:DisableTrustAnchor .

func (*Client) EnableCrl 

func (c *Client) EnableCrl(ctx context.Context, params *EnableCrlInput, optFns ...func(*Options)) (*EnableCrlOutput, error)

Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.

Required permissions: rolesanywhere:EnableCrl .

func (*Client) EnableProfile 

func (c *Client) EnableProfile(ctx context.Context, params *EnableProfileInput, optFns ...func(*Options)) (*EnableProfileOutput, error)

Enables temporary credential requests for a profile.

Required permissions: rolesanywhere:EnableProfile .

func (*Client) EnableTrustAnchor 

func (c *Client) EnableTrustAnchor(ctx context.Context, params *EnableTrustAnchorInput, optFns ...func(*Options)) (*EnableTrustAnchorOutput, error)

Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.

Required permissions: rolesanywhere:EnableTrustAnchor .

func (*Client) GetCrl 

func (c *Client) GetCrl(ctx context.Context, params *GetCrlInput, optFns ...func(*Options)) (*GetCrlOutput, error)

Gets a certificate revocation list (CRL).

Required permissions: rolesanywhere:GetCrl .

func (*Client) GetProfile 

func (c *Client) GetProfile(ctx context.Context, params *GetProfileInput, optFns ...func(*Options)) (*GetProfileOutput, error)

Gets a profile.

Required permissions: rolesanywhere:GetProfile .

func (*Client) GetSubject 

func (c *Client) GetSubject(ctx context.Context, params *GetSubjectInput, optFns ...func(*Options)) (*GetSubjectOutput, error)

Gets a subject, which associates a certificate identity with authentication attempts. The subject stores auditing information such as the status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.

Required permissions: rolesanywhere:GetSubject .

func (*Client) GetTrustAnchor 

func (c *Client) GetTrustAnchor(ctx context.Context, params *GetTrustAnchorInput, optFns ...func(*Options)) (*GetTrustAnchorOutput, error)

Gets a trust anchor.

Required permissions: rolesanywhere:GetTrustAnchor .

func (*Client) ImportCrl 

func (c *Client) ImportCrl(ctx context.Context, params *ImportCrlInput, optFns ...func(*Options)) (*ImportCrlOutput, error)

Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials.

Required permissions: rolesanywhere:ImportCrl .

func (*Client) ListCrls 

func (c *Client) ListCrls(ctx context.Context, params *ListCrlsInput, optFns ...func(*Options)) (*ListCrlsOutput, error)

Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListCrls .

func (*Client) ListProfiles 

func (c *Client) ListProfiles(ctx context.Context, params *ListProfilesInput, optFns ...func(*Options)) (*ListProfilesOutput, error)

Lists all profiles in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListProfiles .

func (*Client) ListSubjects 

func (c *Client) ListSubjects(ctx context.Context, params *ListSubjectsInput, optFns ...func(*Options)) (*ListSubjectsOutput, error)

Lists the subjects in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListSubjects .

func (*Client) ListTagsForResource 

func (c *Client) ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)

Lists the tags attached to the resource.

Required permissions: rolesanywhere:ListTagsForResource .

func (*Client) ListTrustAnchors 

func (c *Client) ListTrustAnchors(ctx context.Context, params *ListTrustAnchorsInput, optFns ...func(*Options)) (*ListTrustAnchorsOutput, error)

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListTrustAnchors .

func (*Client) Options added in v1.6.0 

func (c *Client) Options() Options

Options returns a copy of the client configuration.

Callers SHOULD NOT perform mutations on any inner structures within client config. Config overrides should instead be made on a per-operation basis through functional options.

func (*Client) PutAttributeMapping added in v1.11.0 

func (c *Client) PutAttributeMapping(ctx context.Context, params *PutAttributeMappingInput, optFns ...func(*Options)) (*PutAttributeMappingOutput, error)

Put an entry in the attribute mapping rules that will be enforced by a given profile. A mapping specifies a certificate field and one or more specifiers that have contextual meanings.

func (*Client) PutNotificationSettings added in v1.2.0 

func (c *Client) PutNotificationSettings(ctx context.Context, params *PutNotificationSettingsInput, optFns ...func(*Options)) (*PutNotificationSettingsOutput, error)

Attaches a list of notification settings to a trust anchor.

A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.

Required permissions: rolesanywhere:PutNotificationSettings .

func (*Client) ResetNotificationSettings added in v1.2.0 

func (c *Client) ResetNotificationSettings(ctx context.Context, params *ResetNotificationSettingsInput, optFns ...func(*Options)) (*ResetNotificationSettingsOutput, error)

Resets the custom notification setting to IAM Roles Anywhere default setting.

Required permissions: rolesanywhere:ResetNotificationSettings .

func (*Client) TagResource 

func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)

Attaches tags to a resource.

Required permissions: rolesanywhere:TagResource .

func (*Client) UntagResource 

func (c *Client) UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)

Removes tags from the resource.

Required permissions: rolesanywhere:UntagResource .

func (*Client) UpdateCrl 

func (c *Client) UpdateCrl(ctx context.Context, params *UpdateCrlInput, optFns ...func(*Options)) (*UpdateCrlOutput, error)

Updates the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.

Required permissions: rolesanywhere:UpdateCrl .

func (*Client) UpdateProfile 

func (c *Client) UpdateProfile(ctx context.Context, params *UpdateProfileInput, optFns ...func(*Options)) (*UpdateProfileOutput, error)

Updates a profile, a list of the roles that IAM Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:UpdateProfile .

func (*Client) UpdateTrustAnchor 

func (c *Client) UpdateTrustAnchor(ctx context.Context, params *UpdateTrustAnchorInput, optFns ...func(*Options)) (*UpdateTrustAnchorOutput, error)

Updates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials.

Required permissions: rolesanywhere:UpdateTrustAnchor .

type CreateProfileInput 

type CreateProfileInput struct {

	// The name of the profile.
	//
	// This member is required.
	Name *string

	// A list of IAM roles that this profile can assume in a temporary credential
	// request.
	//
	// This member is required.
	RoleArns []string

	// Used to determine if a custom role session name will be accepted in a temporary
	// credential request.
	AcceptRoleSessionName *bool

	//  Used to determine how long sessions vended using this profile are valid for.
	// See the Expiration section of the [CreateSession API documentation] page for more details. In requests, if this
	// value is not provided, the default value will be 3600.
	//
	// [CreateSession API documentation]: https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object
	DurationSeconds *int32

	// Specifies whether the profile is enabled.
	Enabled *bool

	// A list of managed policy ARNs that apply to the vended session credentials.
	ManagedPolicyArns []string

	// Specifies whether instance properties are required in temporary credential
	// requests with this profile.
	RequireInstanceProperties *bool

	// A session policy that applies to the trust boundary of the vended session
	// credentials.
	SessionPolicy *string

	// The tags to attach to the profile.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateProfileOutput 

type CreateProfileOutput struct {

	// The state of the profile after a read or write operation.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateTrustAnchorInput 

type CreateTrustAnchorInput struct {

	// The name of the trust anchor.
	//
	// This member is required.
	Name *string

	// The trust anchor type and its related certificate data.
	//
	// This member is required.
	Source *types.Source

	// Specifies whether the trust anchor is enabled.
	Enabled *bool

	// A list of notification settings to be associated to the trust anchor.
	NotificationSettings []types.NotificationSetting

	// The tags to attach to the trust anchor.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateTrustAnchorOutput 

type CreateTrustAnchorOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteAttributeMappingInput added in v1.11.0 

type DeleteAttributeMappingInput struct {

	// Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.
	//
	// This member is required.
	CertificateField types.CertificateField

	// The unique identifier of the profile.
	//
	// This member is required.
	ProfileId *string

	// A list of specifiers of a certificate field; for example, CN, OU, UID from a
	// Subject.
	Specifiers []string
	// contains filtered or unexported fields
}

type DeleteAttributeMappingOutput added in v1.11.0 

type DeleteAttributeMappingOutput struct {

	// The state of the profile after a read or write operation.
	//
	// This member is required.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteCrlInput 

type DeleteCrlInput struct {

	// The unique identifier of the certificate revocation list (CRL).
	//
	// This member is required.
	CrlId *string
	// contains filtered or unexported fields
}

type DeleteCrlOutput 

type DeleteCrlOutput struct {

	// The state of the certificate revocation list (CRL) after a read or write
	// operation.
	//
	// This member is required.
	Crl *types.CrlDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteProfileInput 

type DeleteProfileInput struct {

	// The unique identifier of the profile.
	//
	// This member is required.
	ProfileId *string
	// contains filtered or unexported fields
}

type DeleteProfileOutput 

type DeleteProfileOutput struct {

	// The state of the profile after a read or write operation.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteTrustAnchorInput 

type DeleteTrustAnchorInput struct {

	// The unique identifier of the trust anchor.
	//
	// This member is required.
	TrustAnchorId *string
	// contains filtered or unexported fields
}

type DeleteTrustAnchorOutput 

type DeleteTrustAnchorOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DisableCrlInput 

type DisableCrlInput struct {

	// The unique identifier of the certificate revocation list (CRL).
	//
	// This member is required.
	CrlId *string
	// contains filtered or unexported fields
}

type DisableCrlOutput 

type DisableCrlOutput struct {

	// The state of the certificate revocation list (CRL) after a read or write
	// operation.
	//
	// This member is required.
	Crl *types.CrlDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DisableProfileInput 

type DisableProfileInput struct {

	// The unique identifier of the profile.
	//
	// This member is required.
	ProfileId *string
	// contains filtered or unexported fields
}

type DisableProfileOutput 

type DisableProfileOutput struct {

	// The state of the profile after a read or write operation.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DisableTrustAnchorInput 

type DisableTrustAnchorInput struct {

	// The unique identifier of the trust anchor.
	//
	// This member is required.
	TrustAnchorId *string
	// contains filtered or unexported fields
}

type DisableTrustAnchorOutput 

type DisableTrustAnchorOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EnableCrlInput 

type EnableCrlInput struct {

	// The unique identifier of the certificate revocation list (CRL).
	//
	// This member is required.
	CrlId *string
	// contains filtered or unexported fields
}

type EnableCrlOutput 

type EnableCrlOutput struct {

	// The state of the certificate revocation list (CRL) after a read or write
	// operation.
	//
	// This member is required.
	Crl *types.CrlDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EnableProfileInput 

type EnableProfileInput struct {

	// The unique identifier of the profile.
	//
	// This member is required.
	ProfileId *string
	// contains filtered or unexported fields
}

type EnableProfileOutput 

type EnableProfileOutput struct {

	// The state of the profile after a read or write operation.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EnableTrustAnchorInput 

type EnableTrustAnchorInput struct {

	// The unique identifier of the trust anchor.
	//
	// This member is required.
	TrustAnchorId *string
	// contains filtered or unexported fields
}

type EnableTrustAnchorOutput 

type EnableTrustAnchorOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EndpointParameters added in v1.3.0 

type EndpointParameters struct {
	// The AWS region used to dispatch the request.
	//
	// Parameter is
	// required.
	//
	// AWS::Region
	Region *string

	// When true, use the dual-stack endpoint. If the configured endpoint does not
	// support dual-stack, dispatching the request MAY return an error.
	//
	// Defaults to
	// false if no value is provided.
	//
	// AWS::UseDualStack
	UseDualStack *bool

	// When true, send this request to the FIPS-compliant regional endpoint. If the
	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
	// request will return an error.
	//
	// Defaults to false if no value is
	// provided.
	//
	// AWS::UseFIPS
	UseFIPS *bool

	// Override the endpoint used to send this request
	//
	// Parameter is
	// required.
	//
	// SDK::Endpoint
	Endpoint *string
}

EndpointParameters provides the parameters that influence how endpoints are resolved.

func (EndpointParameters) ValidateRequired added in v1.3.0 

func (p EndpointParameters) ValidateRequired() error

ValidateRequired validates required parameters are set.

func (EndpointParameters) WithDefaults added in v1.3.0 

func (p EndpointParameters) WithDefaults() EndpointParameters

WithDefaults returns a shallow copy of EndpointParameterswith default values applied to members where applicable.

type EndpointResolver 

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func EndpointResolverFromURL 

func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver

EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.

type EndpointResolverFunc 

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint 

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)

type EndpointResolverOptions 

type EndpointResolverOptions = internalendpoints.Options

EndpointResolverOptions is the service endpoint resolver options

type EndpointResolverV2 added in v1.3.0 

type EndpointResolverV2 interface {
	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
	// returning the endpoint if found. Otherwise an error is returned.
	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
		smithyendpoints.Endpoint, error,
	)
}

EndpointResolverV2 provides the interface for resolving service endpoints.

func NewDefaultEndpointResolverV2 added in v1.3.0 

func NewDefaultEndpointResolverV2() EndpointResolverV2

type GetCrlInput 

type GetCrlInput struct {

	// The unique identifier of the certificate revocation list (CRL).
	//
	// This member is required.
	CrlId *string
	// contains filtered or unexported fields
}

type GetCrlOutput 

type GetCrlOutput struct {

	// The state of the certificate revocation list (CRL) after a read or write
	// operation.
	//
	// This member is required.
	Crl *types.CrlDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetProfileInput 

type GetProfileInput struct {

	// The unique identifier of the profile.
	//
	// This member is required.
	ProfileId *string
	// contains filtered or unexported fields
}

type GetProfileOutput 

type GetProfileOutput struct {

	// The state of the profile after a read or write operation.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetSubjectInput 

type GetSubjectInput struct {

	// The unique identifier of the subject.
	//
	// This member is required.
	SubjectId *string
	// contains filtered or unexported fields
}

type GetSubjectOutput 

type GetSubjectOutput struct {

	// The state of the subject after a read or write operation.
	Subject *types.SubjectDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetTrustAnchorInput 

type GetTrustAnchorInput struct {

	// The unique identifier of the trust anchor.
	//
	// This member is required.
	TrustAnchorId *string
	// contains filtered or unexported fields
}

type GetTrustAnchorOutput 

type GetTrustAnchorOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type HTTPClient 

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}

type ImportCrlInput 

type ImportCrlInput struct {

	// The x509 v3 specified certificate revocation list (CRL).
	//
	// This member is required.
	CrlData []byte

	// The name of the certificate revocation list (CRL).
	//
	// This member is required.
	Name *string

	// The ARN of the TrustAnchor the certificate revocation list (CRL) will provide
	// revocation for.
	//
	// This member is required.
	TrustAnchorArn *string

	// Specifies whether the certificate revocation list (CRL) is enabled.
	Enabled *bool

	// A list of tags to attach to the certificate revocation list (CRL).
	Tags []types.Tag
	// contains filtered or unexported fields
}

type ImportCrlOutput 

type ImportCrlOutput struct {

	// The state of the certificate revocation list (CRL) after a read or write
	// operation.
	//
	// This member is required.
	Crl *types.CrlDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListCrlsAPIClient 

type ListCrlsAPIClient interface {
	ListCrls(context.Context, *ListCrlsInput, ...func(*Options)) (*ListCrlsOutput, error)
}

ListCrlsAPIClient is a client that implements the ListCrls operation.

type ListCrlsInput 

type ListCrlsInput struct {

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// The number of resources in the paginated list.
	PageSize *int32
	// contains filtered or unexported fields
}

type ListCrlsOutput 

type ListCrlsOutput struct {

	// A list of certificate revocation lists (CRL).
	Crls []types.CrlDetail

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListCrlsPaginator 

type ListCrlsPaginator struct {
	// contains filtered or unexported fields
}

ListCrlsPaginator is a paginator for ListCrls

func NewListCrlsPaginator 

func NewListCrlsPaginator(client ListCrlsAPIClient, params *ListCrlsInput, optFns ...func(*ListCrlsPaginatorOptions)) *ListCrlsPaginator

NewListCrlsPaginator returns a new ListCrlsPaginator

func (*ListCrlsPaginator) HasMorePages 

func (p *ListCrlsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListCrlsPaginator) NextPage 

func (p *ListCrlsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListCrlsOutput, error)

NextPage retrieves the next ListCrls page.

type ListCrlsPaginatorOptions 

type ListCrlsPaginatorOptions struct {
	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListCrlsPaginatorOptions is the paginator options for ListCrls

type ListProfilesAPIClient 

type ListProfilesAPIClient interface {
	ListProfiles(context.Context, *ListProfilesInput, ...func(*Options)) (*ListProfilesOutput, error)
}

ListProfilesAPIClient is a client that implements the ListProfiles operation.

type ListProfilesInput 

type ListProfilesInput struct {

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// The number of resources in the paginated list.
	PageSize *int32
	// contains filtered or unexported fields
}

type ListProfilesOutput 

type ListProfilesOutput struct {

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// A list of profiles.
	Profiles []types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListProfilesPaginator 

type ListProfilesPaginator struct {
	// contains filtered or unexported fields
}

ListProfilesPaginator is a paginator for ListProfiles

func NewListProfilesPaginator 

func NewListProfilesPaginator(client ListProfilesAPIClient, params *ListProfilesInput, optFns ...func(*ListProfilesPaginatorOptions)) *ListProfilesPaginator

NewListProfilesPaginator returns a new ListProfilesPaginator

func (*ListProfilesPaginator) HasMorePages 

func (p *ListProfilesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListProfilesPaginator) NextPage 

func (p *ListProfilesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListProfilesOutput, error)

NextPage retrieves the next ListProfiles page.

type ListProfilesPaginatorOptions 

type ListProfilesPaginatorOptions struct {
	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListProfilesPaginatorOptions is the paginator options for ListProfiles

type ListSubjectsAPIClient 

type ListSubjectsAPIClient interface {
	ListSubjects(context.Context, *ListSubjectsInput, ...func(*Options)) (*ListSubjectsOutput, error)
}

ListSubjectsAPIClient is a client that implements the ListSubjects operation.

type ListSubjectsInput 

type ListSubjectsInput struct {

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// The number of resources in the paginated list.
	PageSize *int32
	// contains filtered or unexported fields
}

type ListSubjectsOutput 

type ListSubjectsOutput struct {

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// A list of subjects.
	Subjects []types.SubjectSummary

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListSubjectsPaginator 

type ListSubjectsPaginator struct {
	// contains filtered or unexported fields
}

ListSubjectsPaginator is a paginator for ListSubjects

func NewListSubjectsPaginator 

func NewListSubjectsPaginator(client ListSubjectsAPIClient, params *ListSubjectsInput, optFns ...func(*ListSubjectsPaginatorOptions)) *ListSubjectsPaginator

NewListSubjectsPaginator returns a new ListSubjectsPaginator

func (*ListSubjectsPaginator) HasMorePages 

func (p *ListSubjectsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListSubjectsPaginator) NextPage 

func (p *ListSubjectsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListSubjectsOutput, error)

NextPage retrieves the next ListSubjects page.

type ListSubjectsPaginatorOptions 

type ListSubjectsPaginatorOptions struct {
	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListSubjectsPaginatorOptions is the paginator options for ListSubjects

type ListTagsForResourceInput 

type ListTagsForResourceInput struct {

	// The ARN of the resource.
	//
	// This member is required.
	ResourceArn *string
	// contains filtered or unexported fields
}

type ListTagsForResourceOutput 

type ListTagsForResourceOutput struct {

	// A list of tags attached to the resource.
	Tags []types.Tag

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListTrustAnchorsAPIClient 

type ListTrustAnchorsAPIClient interface {
	ListTrustAnchors(context.Context, *ListTrustAnchorsInput, ...func(*Options)) (*ListTrustAnchorsOutput, error)
}

ListTrustAnchorsAPIClient is a client that implements the ListTrustAnchors operation.

type ListTrustAnchorsInput 

type ListTrustAnchorsInput struct {

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// The number of resources in the paginated list.
	PageSize *int32
	// contains filtered or unexported fields
}

type ListTrustAnchorsOutput 

type ListTrustAnchorsOutput struct {

	// A token that indicates where the output should continue from, if a previous
	// request did not show all results. To get the next results, make the request
	// again with this value.
	NextToken *string

	// A list of trust anchors.
	TrustAnchors []types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListTrustAnchorsPaginator 

type ListTrustAnchorsPaginator struct {
	// contains filtered or unexported fields
}

ListTrustAnchorsPaginator is a paginator for ListTrustAnchors

func NewListTrustAnchorsPaginator 

func NewListTrustAnchorsPaginator(client ListTrustAnchorsAPIClient, params *ListTrustAnchorsInput, optFns ...func(*ListTrustAnchorsPaginatorOptions)) *ListTrustAnchorsPaginator

NewListTrustAnchorsPaginator returns a new ListTrustAnchorsPaginator

func (*ListTrustAnchorsPaginator) HasMorePages 

func (p *ListTrustAnchorsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListTrustAnchorsPaginator) NextPage 

func (p *ListTrustAnchorsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListTrustAnchorsOutput, error)

NextPage retrieves the next ListTrustAnchors page.

type ListTrustAnchorsPaginatorOptions 

type ListTrustAnchorsPaginatorOptions struct {
	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListTrustAnchorsPaginatorOptions is the paginator options for ListTrustAnchors

type Options 

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The optional application specific identifier appended to the User-Agent header.
	AppID string

	// This endpoint will be given as input to an EndpointResolverV2. It is used for
	// providing a custom base endpoint that is subject to modifications by the
	// processing EndpointResolverV2.
	BaseEndpoint *string

	// Configures the events that will be sent to the configured logger.
	ClientLogMode aws.ClientLogMode

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The configuration DefaultsMode that the SDK should use when constructing the
	// clients initial default settings.
	DefaultsMode aws.DefaultsMode

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions EndpointResolverOptions

	// The service endpoint resolver.
	//
	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
	// value for this field will likely prevent you from using any endpoint-related
	// service features released after the introduction of EndpointResolverV2 and
	// BaseEndpoint.
	//
	// To migrate an EndpointResolver implementation that uses a custom endpoint, set
	// the client option BaseEndpoint instead.
	EndpointResolver EndpointResolver

	// Resolves the endpoint used for a particular service operation. This should be
	// used over the deprecated EndpointResolver.
	EndpointResolverV2 EndpointResolverV2

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// The logger writer interface to write logging messages to.
	Logger logging.Logger

	// The client meter provider.
	MeterProvider metrics.MeterProvider

	// The region to send requests to. (Required)
	Region string

	// RetryMaxAttempts specifies the maximum number attempts an API client will call
	// an operation that fails with a retryable error. A value of 0 is ignored, and
	// will not be used to configure the API client created default retryer, or modify
	// per operation call's retry max attempts.
	//
	// If specified in an operation call's functional options with a value that is
	// different than the constructed client's Options, the Client's Retryer will be
	// wrapped to use the operation's specific RetryMaxAttempts value.
	RetryMaxAttempts int

	// RetryMode specifies the retry mode the API client will be created with, if
	// Retryer option is not also specified.
	//
	// When creating a new API Clients this member will only be used if the Retryer
	// Options member is nil. This value will be ignored if Retryer is not nil.
	//
	// Currently does not support per operation call overrides, may in the future.
	RetryMode aws.RetryMode

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer. The kind of
	// default retry created by the API client can be changed with the RetryMode
	// option.
	Retryer aws.Retryer

	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
	// should not populate this structure programmatically, or rely on the values here
	// within your applications.
	RuntimeEnvironment aws.RuntimeEnvironment

	// The client tracer provider.
	TracerProvider tracing.TracerProvider

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient

	// The auth scheme resolver which determines how to authenticate for each
	// operation.
	AuthSchemeResolver AuthSchemeResolver

	// The list of auth schemes supported by the client.
	AuthSchemes []smithyhttp.AuthScheme
	// contains filtered or unexported fields
}

func (Options) Copy 

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

func (Options) GetIdentityResolver added in v1.5.2 

func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver

type PutAttributeMappingInput added in v1.11.0 

type PutAttributeMappingInput struct {

	// Fields (x509Subject, x509Issuer and x509SAN) within X.509 certificates.
	//
	// This member is required.
	CertificateField types.CertificateField

	// A list of mapping entries for every supported specifier or sub-field.
	//
	// This member is required.
	MappingRules []types.MappingRule

	// The unique identifier of the profile.
	//
	// This member is required.
	ProfileId *string
	// contains filtered or unexported fields
}

type PutAttributeMappingOutput added in v1.11.0 

type PutAttributeMappingOutput struct {

	// The state of the profile after a read or write operation.
	//
	// This member is required.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type PutNotificationSettingsInput added in v1.2.0 

type PutNotificationSettingsInput struct {

	// A list of notification settings to be associated to the trust anchor.
	//
	// This member is required.
	NotificationSettings []types.NotificationSetting

	// The unique identifier of the trust anchor.
	//
	// This member is required.
	TrustAnchorId *string
	// contains filtered or unexported fields
}

type PutNotificationSettingsOutput added in v1.2.0 

type PutNotificationSettingsOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ResetNotificationSettingsInput added in v1.2.0 

type ResetNotificationSettingsInput struct {

	// A list of notification setting keys to reset. A notification setting key
	// includes the event and the channel.
	//
	// This member is required.
	NotificationSettingKeys []types.NotificationSettingKey

	// The unique identifier of the trust anchor.
	//
	// This member is required.
	TrustAnchorId *string
	// contains filtered or unexported fields
}

type ResetNotificationSettingsOutput added in v1.2.0 

type ResetNotificationSettingsOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ResolveEndpoint 

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  EndpointResolverOptions
}

func (*ResolveEndpoint) HandleSerialize 

func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
)

func (*ResolveEndpoint) ID 

func (*ResolveEndpoint) ID() string

type TagResourceInput 

type TagResourceInput struct {

	// The ARN of the resource.
	//
	// This member is required.
	ResourceArn *string

	// The tags to attach to the resource.
	//
	// This member is required.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type TagResourceOutput 

type TagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UntagResourceInput 

type UntagResourceInput struct {

	// The ARN of the resource.
	//
	// This member is required.
	ResourceArn *string

	// A list of keys. Tag keys are the unique identifiers of tags.
	//
	// This member is required.
	TagKeys []string
	// contains filtered or unexported fields
}

type UntagResourceOutput 

type UntagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateCrlInput 

type UpdateCrlInput struct {

	// The unique identifier of the certificate revocation list (CRL).
	//
	// This member is required.
	CrlId *string

	// The x509 v3 specified certificate revocation list (CRL).
	CrlData []byte

	// The name of the Crl.
	Name *string
	// contains filtered or unexported fields
}

type UpdateCrlOutput 

type UpdateCrlOutput struct {

	// The state of the certificate revocation list (CRL) after a read or write
	// operation.
	//
	// This member is required.
	Crl *types.CrlDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateProfileInput 

type UpdateProfileInput struct {

	// The unique identifier of the profile.
	//
	// This member is required.
	ProfileId *string

	// Used to determine if a custom role session name will be accepted in a temporary
	// credential request.
	AcceptRoleSessionName *bool

	//  Used to determine how long sessions vended using this profile are valid for.
	// See the Expiration section of the [CreateSession API documentation] page for more details. In requests, if this
	// value is not provided, the default value will be 3600.
	//
	// [CreateSession API documentation]: https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object
	DurationSeconds *int32

	// A list of managed policy ARNs that apply to the vended session credentials.
	ManagedPolicyArns []string

	// The name of the profile.
	Name *string

	// A list of IAM roles that this profile can assume in a temporary credential
	// request.
	RoleArns []string

	// A session policy that applies to the trust boundary of the vended session
	// credentials.
	SessionPolicy *string
	// contains filtered or unexported fields
}

type UpdateProfileOutput 

type UpdateProfileOutput struct {

	// The state of the profile after a read or write operation.
	Profile *types.ProfileDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateTrustAnchorInput 

type UpdateTrustAnchorInput struct {

	// The unique identifier of the trust anchor.
	//
	// This member is required.
	TrustAnchorId *string

	// The name of the trust anchor.
	Name *string

	// The trust anchor type and its related certificate data.
	Source *types.Source
	// contains filtered or unexported fields
}

type UpdateTrustAnchorOutput 

type UpdateTrustAnchorOutput struct {

	// The state of the trust anchor after a read or write operation.
	//
	// This member is required.
	TrustAnchor *types.TrustAnchorDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

Source Files

View all Source files

Directories

Path Synopsis
internal
endpoints

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.