Documentation ¶
Index ¶
- Constants
- Variables
- func KMSKeyARN() reference.ExtractValueFn
- type AlgorithmSpec
- type Alias
- func (in *Alias) DeepCopy() *Alias
- func (in *Alias) DeepCopyInto(out *Alias)
- func (in *Alias) DeepCopyObject() runtime.Object
- func (mg *Alias) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (mg *Alias) GetDeletionPolicy() xpv1.DeletionPolicy
- func (mg *Alias) GetProviderConfigReference() *xpv1.Reference
- func (mg *Alias) GetProviderReference() *xpv1.Reference
- func (mg *Alias) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
- func (mg *Alias) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (mg *Alias) ResolveReferences(ctx context.Context, c client.Reader) error
- func (mg *Alias) SetConditions(c ...xpv1.Condition)
- func (mg *Alias) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Alias) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Alias) SetProviderReference(r *xpv1.Reference)
- func (mg *Alias) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
- func (mg *Alias) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type AliasList
- type AliasListEntry
- type AliasObservation
- type AliasParameters
- type AliasSpec
- type AliasStatus
- type ConnectionErrorCodeType
- type ConnectionStateType
- type CustomKeyParameters
- type CustomKeyStoreType
- type CustomKeyStoresListEntry
- type CustomerMasterKeySpec
- type DataKeyPairSpec
- type DataKeySpec
- type EncryptionAlgorithmSpec
- type ExpirationModelType
- type GrantListEntry
- type GrantOperation
- type Key
- func (in *Key) DeepCopy() *Key
- func (in *Key) DeepCopyInto(out *Key)
- func (in *Key) DeepCopyObject() runtime.Object
- func (mg *Key) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (mg *Key) GetDeletionPolicy() xpv1.DeletionPolicy
- func (mg *Key) GetProviderConfigReference() *xpv1.Reference
- func (mg *Key) GetProviderReference() *xpv1.Reference
- func (mg *Key) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
- func (mg *Key) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (mg *Key) SetConditions(c ...xpv1.Condition)
- func (mg *Key) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Key) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Key) SetProviderReference(r *xpv1.Reference)
- func (mg *Key) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
- func (mg *Key) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type KeyList
- type KeyListEntry
- type KeyManagerType
- type KeyMetadata
- type KeyObservation
- type KeyParameters
- type KeySpec
- type KeySpec_SDK
- type KeyState
- type KeyStatus
- type KeyUsageType
- type MacAlgorithmSpec
- type MessageType
- type MultiRegionConfiguration
- type MultiRegionKey
- type MultiRegionKeyType
- type OriginType
- type SigningAlgorithmSpec
- type Tag
- type WrappingKeySpec
- type XksKeyConfigurationType
- type XksProxyConnectivityType
Constants ¶
const ( CRDGroup = "kms.aws.crossplane.io" CRDVersion = "v1alpha1" )
Package type metadata.
Variables ¶
var ( AliasKind = "Alias" AliasGroupKind = schema.GroupKind{Group: CRDGroup, Kind: AliasKind}.String() AliasKindAPIVersion = AliasKind + "." + GroupVersion.String() AliasGroupVersionKind = GroupVersion.WithKind(AliasKind) )
Repository type metadata.
var ( // GroupVersion is the API Group Version used to register the objects GroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ( KeyKind = "Key" KeyGroupKind = schema.GroupKind{Group: CRDGroup, Kind: KeyKind}.String() KeyKindAPIVersion = KeyKind + "." + GroupVersion.String() KeyGroupVersionKind = GroupVersion.WithKind(KeyKind) )
Repository type metadata.
Functions ¶
func KMSKeyARN ¶
func KMSKeyARN() reference.ExtractValueFn
KMSKeyARN returns the status.atProvider.ARN of an KMSKey.
Types ¶
type AlgorithmSpec ¶
type AlgorithmSpec string
const ( AlgorithmSpec_RSAES_PKCS1_V1_5 AlgorithmSpec = "RSAES_PKCS1_V1_5" AlgorithmSpec_RSAES_OAEP_SHA_1 AlgorithmSpec = "RSAES_OAEP_SHA_1" AlgorithmSpec_RSAES_OAEP_SHA_256 AlgorithmSpec = "RSAES_OAEP_SHA_256" )
type Alias ¶
type Alias struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AliasSpec `json:"spec"` Status AliasStatus `json:"status,omitempty"` }
Alias is the Schema for the Aliases API +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
func (*Alias) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Alias.
func (*Alias) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Alias) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Alias) GetCondition ¶
func (mg *Alias) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Alias.
func (*Alias) GetDeletionPolicy ¶
func (mg *Alias) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Alias.
func (*Alias) GetProviderConfigReference ¶
GetProviderConfigReference of this Alias.
func (*Alias) GetProviderReference ¶
GetProviderReference of this Alias. Deprecated: Use GetProviderConfigReference.
func (*Alias) GetPublishConnectionDetailsTo ¶
func (mg *Alias) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
GetPublishConnectionDetailsTo of this Alias.
func (*Alias) GetWriteConnectionSecretToReference ¶
func (mg *Alias) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Alias.
func (*Alias) ResolveReferences ¶
ResolveReferences of this Alias.
func (*Alias) SetConditions ¶
SetConditions of this Alias.
func (*Alias) SetDeletionPolicy ¶
func (mg *Alias) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Alias.
func (*Alias) SetProviderConfigReference ¶
SetProviderConfigReference of this Alias.
func (*Alias) SetProviderReference ¶
SetProviderReference of this Alias. Deprecated: Use SetProviderConfigReference.
func (*Alias) SetPublishConnectionDetailsTo ¶
func (mg *Alias) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
SetPublishConnectionDetailsTo of this Alias.
func (*Alias) SetWriteConnectionSecretToReference ¶
func (mg *Alias) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Alias.
type AliasList ¶
type AliasList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Alias `json:"items"` }
AliasList contains a list of Aliases
func (*AliasList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasList.
func (*AliasList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AliasList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AliasListEntry ¶
type AliasListEntry struct { AliasARN *string `json:"aliasARN,omitempty"` CreationDate *metav1.Time `json:"creationDate,omitempty"` LastUpdatedDate *metav1.Time `json:"lastUpdatedDate,omitempty"` TargetKeyID *string `json:"targetKeyID,omitempty"` }
+kubebuilder:skipversion
func (*AliasListEntry) DeepCopy ¶
func (in *AliasListEntry) DeepCopy() *AliasListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasListEntry.
func (*AliasListEntry) DeepCopyInto ¶
func (in *AliasListEntry) DeepCopyInto(out *AliasListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasObservation ¶
type AliasObservation struct { }
AliasObservation defines the observed state of Alias
func (*AliasObservation) DeepCopy ¶
func (in *AliasObservation) DeepCopy() *AliasObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasObservation.
func (*AliasObservation) DeepCopyInto ¶
func (in *AliasObservation) DeepCopyInto(out *AliasObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasParameters ¶
type AliasParameters struct { // Region is which region the Alias will be created. // +kubebuilder:validation:Required Region string `json:"region"` // Associates the alias with the specified customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // The CMK must be in the same AWS Region. // // A valid CMK ID is required. If you supply a null or empty string value, this // operation returns an error. // // For help finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) // in the AWS Key Management Service Developer Guide. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // +crossplane:generate:reference:type=Key TargetKeyID *string `json:"targetKeyId,omitempty"` // TargetKeyIDRef is a reference to a KMS Key used to set TargetKeyID. // +optional TargetKeyIDRef *xpv1.Reference `json:"targetKeyIdRef,omitempty"` // TargetKeyIDSelector selects a reference to a KMS Key used to set TargetKeyID. // +optional TargetKeyIDSelector *xpv1.Selector `json:"targetKeyIdSelector,omitempty"` }
AliasParameters defines the desired state of Alias
func (*AliasParameters) DeepCopy ¶
func (in *AliasParameters) DeepCopy() *AliasParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasParameters.
func (*AliasParameters) DeepCopyInto ¶
func (in *AliasParameters) DeepCopyInto(out *AliasParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasSpec ¶
type AliasSpec struct { xpv1.ResourceSpec `json:",inline"` ForProvider AliasParameters `json:"forProvider"` }
AliasSpec defines the desired state of Alias
func (*AliasSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasSpec.
func (*AliasSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasStatus ¶
type AliasStatus struct { xpv1.ResourceStatus `json:",inline"` AtProvider AliasObservation `json:"atProvider,omitempty"` }
AliasStatus defines the observed state of Alias.
func (*AliasStatus) DeepCopy ¶
func (in *AliasStatus) DeepCopy() *AliasStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasStatus.
func (*AliasStatus) DeepCopyInto ¶
func (in *AliasStatus) DeepCopyInto(out *AliasStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConnectionErrorCodeType ¶
type ConnectionErrorCodeType string
const ( ConnectionErrorCodeType_INVALID_CREDENTIALS ConnectionErrorCodeType = "INVALID_CREDENTIALS" ConnectionErrorCodeType_CLUSTER_NOT_FOUND ConnectionErrorCodeType = "CLUSTER_NOT_FOUND" ConnectionErrorCodeType_NETWORK_ERRORS ConnectionErrorCodeType = "NETWORK_ERRORS" ConnectionErrorCodeType_INTERNAL_ERROR ConnectionErrorCodeType = "INTERNAL_ERROR" ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS ConnectionErrorCodeType = "INSUFFICIENT_CLOUDHSM_HSMS" ConnectionErrorCodeType_USER_LOCKED_OUT ConnectionErrorCodeType = "USER_LOCKED_OUT" ConnectionErrorCodeType_USER_NOT_FOUND ConnectionErrorCodeType = "USER_NOT_FOUND" ConnectionErrorCodeType_USER_LOGGED_IN ConnectionErrorCodeType = "USER_LOGGED_IN" ConnectionErrorCodeType_SUBNET_NOT_FOUND ConnectionErrorCodeType = "SUBNET_NOT_FOUND" ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET ConnectionErrorCodeType = "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET" ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED ConnectionErrorCodeType = "XKS_PROXY_ACCESS_DENIED" ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE ConnectionErrorCodeType = "XKS_PROXY_NOT_REACHABLE" ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND ConnectionErrorCodeType = "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND" ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE ConnectionErrorCodeType = "XKS_PROXY_INVALID_RESPONSE" ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION ConnectionErrorCodeType = "XKS_PROXY_INVALID_CONFIGURATION" ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION ConnectionErrorCodeType = "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION" ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT ConnectionErrorCodeType = "XKS_PROXY_TIMED_OUT" ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION ConnectionErrorCodeType = "XKS_PROXY_INVALID_TLS_CONFIGURATION" )
type ConnectionStateType ¶
type ConnectionStateType string
const ( ConnectionStateType_CONNECTED ConnectionStateType = "CONNECTED" ConnectionStateType_CONNECTING ConnectionStateType = "CONNECTING" ConnectionStateType_FAILED ConnectionStateType = "FAILED" ConnectionStateType_DISCONNECTED ConnectionStateType = "DISCONNECTED" ConnectionStateType_DISCONNECTING ConnectionStateType = "DISCONNECTING" )
type CustomKeyParameters ¶
type CustomKeyParameters struct { // Specifies whether the CMK is enabled. Enabled *bool `json:"enabled,omitempty"` // Specifies how many days the Key is retained when scheduled for deletion. Defaults to 30 days. PendingWindowInDays *int64 `json:"pendingWindowInDays,omitempty"` // Specifies if key rotation is enabled for the corresponding key EnableKeyRotation *bool `json:"enableKeyRotation,omitempty"` }
CustomKeyParameters are custom parameters for Key.
func (*CustomKeyParameters) DeepCopy ¶
func (in *CustomKeyParameters) DeepCopy() *CustomKeyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomKeyParameters.
func (*CustomKeyParameters) DeepCopyInto ¶
func (in *CustomKeyParameters) DeepCopyInto(out *CustomKeyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomKeyStoreType ¶ added in v0.38.0
type CustomKeyStoreType string
const ( CustomKeyStoreType_AWS_CLOUDHSM CustomKeyStoreType = "AWS_CLOUDHSM" CustomKeyStoreType_EXTERNAL_KEY_STORE CustomKeyStoreType = "EXTERNAL_KEY_STORE" )
type CustomKeyStoresListEntry ¶
type CustomKeyStoresListEntry struct { CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"` CreationDate *metav1.Time `json:"creationDate,omitempty"` CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"` }
+kubebuilder:skipversion
func (*CustomKeyStoresListEntry) DeepCopy ¶
func (in *CustomKeyStoresListEntry) DeepCopy() *CustomKeyStoresListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomKeyStoresListEntry.
func (*CustomKeyStoresListEntry) DeepCopyInto ¶
func (in *CustomKeyStoresListEntry) DeepCopyInto(out *CustomKeyStoresListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomerMasterKeySpec ¶
type CustomerMasterKeySpec string
const ( CustomerMasterKeySpec_RSA_2048 CustomerMasterKeySpec = "RSA_2048" CustomerMasterKeySpec_RSA_3072 CustomerMasterKeySpec = "RSA_3072" CustomerMasterKeySpec_RSA_4096 CustomerMasterKeySpec = "RSA_4096" CustomerMasterKeySpec_ECC_NIST_P256 CustomerMasterKeySpec = "ECC_NIST_P256" CustomerMasterKeySpec_ECC_NIST_P384 CustomerMasterKeySpec = "ECC_NIST_P384" CustomerMasterKeySpec_ECC_NIST_P521 CustomerMasterKeySpec = "ECC_NIST_P521" CustomerMasterKeySpec_ECC_SECG_P256K1 CustomerMasterKeySpec = "ECC_SECG_P256K1" CustomerMasterKeySpec_SYMMETRIC_DEFAULT CustomerMasterKeySpec = "SYMMETRIC_DEFAULT" CustomerMasterKeySpec_HMAC_224 CustomerMasterKeySpec = "HMAC_224" CustomerMasterKeySpec_HMAC_256 CustomerMasterKeySpec = "HMAC_256" CustomerMasterKeySpec_HMAC_384 CustomerMasterKeySpec = "HMAC_384" CustomerMasterKeySpec_HMAC_512 CustomerMasterKeySpec = "HMAC_512" CustomerMasterKeySpec_SM2 CustomerMasterKeySpec = "SM2" )
type DataKeyPairSpec ¶
type DataKeyPairSpec string
const ( DataKeyPairSpec_RSA_2048 DataKeyPairSpec = "RSA_2048" DataKeyPairSpec_RSA_3072 DataKeyPairSpec = "RSA_3072" DataKeyPairSpec_RSA_4096 DataKeyPairSpec = "RSA_4096" DataKeyPairSpec_ECC_NIST_P256 DataKeyPairSpec = "ECC_NIST_P256" DataKeyPairSpec_ECC_NIST_P384 DataKeyPairSpec = "ECC_NIST_P384" DataKeyPairSpec_ECC_NIST_P521 DataKeyPairSpec = "ECC_NIST_P521" DataKeyPairSpec_ECC_SECG_P256K1 DataKeyPairSpec = "ECC_SECG_P256K1" DataKeyPairSpec_SM2 DataKeyPairSpec = "SM2" )
type DataKeySpec ¶
type DataKeySpec string
const ( DataKeySpec_AES_256 DataKeySpec = "AES_256" DataKeySpec_AES_128 DataKeySpec = "AES_128" )
type EncryptionAlgorithmSpec ¶
type EncryptionAlgorithmSpec string
const ( EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT EncryptionAlgorithmSpec = "SYMMETRIC_DEFAULT" EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_1" EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_256" EncryptionAlgorithmSpec_SM2PKE EncryptionAlgorithmSpec = "SM2PKE" )
type ExpirationModelType ¶
type ExpirationModelType string
const ( ExpirationModelType_KEY_MATERIAL_EXPIRES ExpirationModelType = "KEY_MATERIAL_EXPIRES" ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE ExpirationModelType = "KEY_MATERIAL_DOES_NOT_EXPIRE" )
type GrantListEntry ¶
type GrantListEntry struct { CreationDate *metav1.Time `json:"creationDate,omitempty"` KeyID *string `json:"keyID,omitempty"` }
+kubebuilder:skipversion
func (*GrantListEntry) DeepCopy ¶
func (in *GrantListEntry) DeepCopy() *GrantListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrantListEntry.
func (*GrantListEntry) DeepCopyInto ¶
func (in *GrantListEntry) DeepCopyInto(out *GrantListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GrantOperation ¶
type GrantOperation string
const ( GrantOperation_Decrypt GrantOperation = "Decrypt" GrantOperation_Encrypt GrantOperation = "Encrypt" GrantOperation_GenerateDataKey GrantOperation = "GenerateDataKey" GrantOperation_GenerateDataKeyWithoutPlaintext GrantOperation = "GenerateDataKeyWithoutPlaintext" GrantOperation_ReEncryptFrom GrantOperation = "ReEncryptFrom" GrantOperation_ReEncryptTo GrantOperation = "ReEncryptTo" GrantOperation_Sign GrantOperation = "Sign" GrantOperation_Verify GrantOperation = "Verify" GrantOperation_GetPublicKey GrantOperation = "GetPublicKey" GrantOperation_CreateGrant GrantOperation = "CreateGrant" GrantOperation_RetireGrant GrantOperation = "RetireGrant" GrantOperation_DescribeKey GrantOperation = "DescribeKey" GrantOperation_GenerateDataKeyPair GrantOperation = "GenerateDataKeyPair" GrantOperation_GenerateDataKeyPairWithoutPlaintext GrantOperation = "GenerateDataKeyPairWithoutPlaintext" GrantOperation_GenerateMac GrantOperation = "GenerateMac" GrantOperation_VerifyMac GrantOperation = "VerifyMac" )
type Key ¶
type Key struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec KeySpec `json:"spec"` Status KeyStatus `json:"status,omitempty"` }
Key is the Schema for the Keys API +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:subresource:status +kubebuilder:storageversion +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
func (*Key) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key.
func (*Key) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Key) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Key) GetCondition ¶
func (mg *Key) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Key.
func (*Key) GetDeletionPolicy ¶
func (mg *Key) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Key.
func (*Key) GetProviderConfigReference ¶
GetProviderConfigReference of this Key.
func (*Key) GetProviderReference ¶
GetProviderReference of this Key. Deprecated: Use GetProviderConfigReference.
func (*Key) GetPublishConnectionDetailsTo ¶
func (mg *Key) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
GetPublishConnectionDetailsTo of this Key.
func (*Key) GetWriteConnectionSecretToReference ¶
func (mg *Key) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Key.
func (*Key) SetConditions ¶
SetConditions of this Key.
func (*Key) SetDeletionPolicy ¶
func (mg *Key) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Key.
func (*Key) SetProviderConfigReference ¶
SetProviderConfigReference of this Key.
func (*Key) SetProviderReference ¶
SetProviderReference of this Key. Deprecated: Use SetProviderConfigReference.
func (*Key) SetPublishConnectionDetailsTo ¶
func (mg *Key) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
SetPublishConnectionDetailsTo of this Key.
func (*Key) SetWriteConnectionSecretToReference ¶
func (mg *Key) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Key.
type KeyList ¶
type KeyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Key `json:"items"` }
KeyList contains a list of Keys
func (*KeyList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyList.
func (*KeyList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KeyList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KeyListEntry ¶
type KeyListEntry struct { KeyARN *string `json:"keyARN,omitempty"` KeyID *string `json:"keyID,omitempty"` }
+kubebuilder:skipversion
func (*KeyListEntry) DeepCopy ¶
func (in *KeyListEntry) DeepCopy() *KeyListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyListEntry.
func (*KeyListEntry) DeepCopyInto ¶
func (in *KeyListEntry) DeepCopyInto(out *KeyListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyManagerType ¶
type KeyManagerType string
const ( KeyManagerType_AWS KeyManagerType = "AWS" KeyManagerType_CUSTOMER KeyManagerType = "CUSTOMER" )
type KeyMetadata ¶
type KeyMetadata struct { AWSAccountID *string `json:"awsAccountID,omitempty"` ARN *string `json:"arn,omitempty"` CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"` CreationDate *metav1.Time `json:"creationDate,omitempty"` CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"` CustomerMasterKeySpec *string `json:"customerMasterKeySpec,omitempty"` DeletionDate *metav1.Time `json:"deletionDate,omitempty"` Description *string `json:"description,omitempty"` Enabled *bool `json:"enabled,omitempty"` EncryptionAlgorithms []*string `json:"encryptionAlgorithms,omitempty"` ExpirationModel *string `json:"expirationModel,omitempty"` KeyID *string `json:"keyID,omitempty"` KeyManager *string `json:"keyManager,omitempty"` KeySpec *string `json:"keySpec,omitempty"` KeyState *string `json:"keyState,omitempty"` KeyUsage *string `json:"keyUsage,omitempty"` MacAlgorithms []*string `json:"macAlgorithms,omitempty"` MultiRegion *bool `json:"multiRegion,omitempty"` // Describes the configuration of this multi-Region key. This field appears // only when the KMS key is a primary or replica of a multi-Region key. // // For more information about any listed KMS key, use the DescribeKey operation. MultiRegionConfiguration *MultiRegionConfiguration `json:"multiRegionConfiguration,omitempty"` Origin *string `json:"origin,omitempty"` PendingDeletionWindowInDays *int64 `json:"pendingDeletionWindowInDays,omitempty"` SigningAlgorithms []*string `json:"signingAlgorithms,omitempty"` ValidTo *metav1.Time `json:"validTo,omitempty"` // Information about the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key)that // is associated with a KMS key in an external key store. // // This element appears in a CreateKey or DescribeKey response only for a KMS // key in an external key store. // // The external key is a symmetric encryption key that is hosted by an external // key manager outside of Amazon Web Services. When you use the KMS key in an // external key store in a cryptographic operation, the cryptographic operation // is performed in the external key manager using the specified external key. // For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) // in the Key Management Service Developer Guide. XksKeyConfiguration *XksKeyConfigurationType `json:"xksKeyConfiguration,omitempty"` }
+kubebuilder:skipversion
func (*KeyMetadata) DeepCopy ¶
func (in *KeyMetadata) DeepCopy() *KeyMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyMetadata.
func (*KeyMetadata) DeepCopyInto ¶
func (in *KeyMetadata) DeepCopyInto(out *KeyMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyObservation ¶
type KeyObservation struct { // The twelve-digit account ID of the Amazon Web Services account that owns // the KMS key. AWSAccountID *string `json:"awsAccountID,omitempty"` // The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management // Service (KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) // in the Example ARNs section of the Amazon Web Services General Reference. ARN *string `json:"arn,omitempty"` // The cluster ID of the CloudHSM cluster that contains the key material for // the KMS key. When you create a KMS key in an CloudHSM custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // KMS creates the key material for the KMS key in the associated CloudHSM cluster. // This field is present only when the KMS key is created in an CloudHSM key // store. CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"` // The date and time when the KMS key was created. CreationDate *metav1.Time `json:"creationDate,omitempty"` // The date and time after which KMS deletes this KMS key. This value is present // only when the KMS key is scheduled for deletion, that is, when its KeyState // is PendingDeletion. // // When the primary key in a multi-Region key is scheduled for deletion but // still has replica keys, its key state is PendingReplicaDeletion and the length // of its waiting period is displayed in the PendingDeletionWindowInDays field. DeletionDate *metav1.Time `json:"deletionDate,omitempty"` // Specifies whether the KMS key is enabled. When KeyState is Enabled this value // is true, otherwise it is false. Enabled *bool `json:"enabled,omitempty"` // The encryption algorithms that the KMS key supports. You cannot use the KMS // key with other encryption algorithms within KMS. // // This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT. EncryptionAlgorithms []*string `json:"encryptionAlgorithms,omitempty"` // Specifies whether the KMS key's key material expires. This value is present // only when Origin is EXTERNAL, otherwise this value is omitted. ExpirationModel *string `json:"expirationModel,omitempty"` // The globally unique identifier for the KMS key. KeyID *string `json:"keyID,omitempty"` // The manager of the KMS key. KMS keys in your Amazon Web Services account // are either customer managed or Amazon Web Services managed. For more information // about the difference, see KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) // in the Key Management Service Developer Guide. KeyManager *string `json:"keyManager,omitempty"` // The current status of the KMS key. // // For more information about how key state affects the use of a KMS key, see // Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the Key Management Service Developer Guide. KeyState *string `json:"keyState,omitempty"` // The message authentication code (MAC) algorithm that the HMAC KMS key supports. // // This value is present only when the KeyUsage of the KMS key is GENERATE_VERIFY_MAC. MacAlgorithms []*string `json:"macAlgorithms,omitempty"` // Lists the primary and replica keys in same multi-Region key. This field is // present only when the value of the MultiRegion field is True. // // For more information about any listed KMS key, use the DescribeKey operation. // // * MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA // key. // // * PrimaryKey displays the key ARN and Region of the primary key. This // field displays the current KMS key if it is the primary key. // // * ReplicaKeys displays the key ARNs and Regions of all replica keys. This // field includes the current KMS key if it is a replica key. MultiRegionConfiguration *MultiRegionConfiguration `json:"multiRegionConfiguration,omitempty"` // The waiting period before the primary key in a multi-Region key is deleted. // This waiting period begins when the last of its replica keys is deleted. // This value is present only when the KeyState of the KMS key is PendingReplicaDeletion. // That indicates that the KMS key is the primary key in a multi-Region key, // it is scheduled for deletion, and it still has existing replica keys. // // When a single-Region KMS key or a multi-Region replica key is scheduled for // deletion, its deletion date is displayed in the DeletionDate field. However, // when the primary key in a multi-Region key is scheduled for deletion, its // waiting period doesn't begin until all of its replica keys are deleted. This // value displays that waiting period. When the last replica key in the multi-Region // key is deleted, the KeyState of the scheduled primary key changes from PendingReplicaDeletion // to PendingDeletion and the deletion date appears in the DeletionDate field. PendingDeletionWindowInDays *int64 `json:"pendingDeletionWindowInDays,omitempty"` // The signing algorithms that the KMS key supports. You cannot use the KMS // key with other signing algorithms within KMS. // // This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY. SigningAlgorithms []*string `json:"signingAlgorithms,omitempty"` // The time at which the imported key material expires. When the key material // expires, KMS deletes the key material and the KMS key becomes unusable. This // value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. ValidTo *metav1.Time `json:"validTo,omitempty"` // Information about the external key that is associated with a KMS key in an // external key store. // // For more information, see External key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) // in the Key Management Service Developer Guide. XksKeyConfiguration *XksKeyConfigurationType `json:"xksKeyConfiguration,omitempty"` }
KeyObservation defines the observed state of Key
func (*KeyObservation) DeepCopy ¶
func (in *KeyObservation) DeepCopy() *KeyObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyObservation.
func (*KeyObservation) DeepCopyInto ¶
func (in *KeyObservation) DeepCopyInto(out *KeyObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyParameters ¶
type KeyParameters struct { // Region is which region the Key will be created. // +kubebuilder:validation:Required Region string `json:"region"` // A flag to indicate whether to bypass the key policy lockout safety check. // // Setting this value to true increases the risk that the KMS key becomes unmanageable. // Do not set this value to true indiscriminately. // // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section in the Key Management Service Developer Guide . // // Use this parameter only when you include a policy in the request and you // intend to prevent the principal that is making the request from making a // subsequent PutKeyPolicy request on the KMS key. // // The default value is false. BypassPolicyLockoutSafetyCheck *bool `json:"bypassPolicyLockoutSafetyCheck,omitempty"` // Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // The ConnectionState of the custom key store must be CONNECTED. To find the // CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation. // // This parameter is valid only for symmetric encryption KMS keys in a single // Region. You cannot create any other type of KMS key in a custom key store. // // When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable // 256-bit symmetric key in its associated CloudHSM cluster and associates it // with the KMS key. When you create a KMS key in an external key store, you // must use the XksKeyId parameter to specify an external key that serves as // key material for the KMS key. CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"` // Instead, use the KeySpec parameter. // // The KeySpec and CustomerMasterKeySpec parameters work the same way. Only // the names differ. We recommend that you use KeySpec parameter in your code. // However, to avoid breaking changes, KMS supports both parameters. CustomerMasterKeySpec *string `json:"customerMasterKeySpec,omitempty"` // A description of the KMS key. // // Use a description that helps you decide whether the KMS key is appropriate // for a task. The default value is an empty string (no description). // // To set or change the description after the key is created, use UpdateKeyDescription. Description *string `json:"description,omitempty"` // Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, // creates a KMS key with a 256-bit AES-GCM key that is used for encryption // and decryption, except in China Regions, where it creates a 128-bit symmetric // key that uses SM4 encryption. For help choosing a key spec for your KMS key, // see Choosing a KMS key type (https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose) // in the Key Management Service Developer Guide . // // The KeySpec determines whether the KMS key contains a symmetric key or an // asymmetric key pair. It also determines the algorithms that the KMS key supports. // You can't change the KeySpec after the KMS key is created. To further restrict // the algorithms that can be used with the KMS key, use a condition key in // its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm // (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm), // kms:MacAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm) // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) // in the Key Management Service Developer Guide . // // Amazon Web Services services that are integrated with KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration) // use symmetric encryption KMS keys to protect your data. These services do // not support asymmetric KMS keys or HMAC KMS keys. // // KMS supports the following key specs for KMS keys: // // * Symmetric encryption key (default) SYMMETRIC_DEFAULT // // * HMAC keys (symmetric) HMAC_224 HMAC_256 HMAC_384 HMAC_512 // // * Asymmetric RSA key pairs RSA_2048 RSA_3072 RSA_4096 // // * Asymmetric NIST-recommended elliptic curve key pairs ECC_NIST_P256 (secp256r1) // ECC_NIST_P384 (secp384r1) ECC_NIST_P521 (secp521r1) // // * Other asymmetric elliptic curve key pairs ECC_SECG_P256K1 (secp256k1), // commonly used for cryptocurrencies. // // * SM2 key pairs (China Regions only) SM2 KeySpec *string `json:"keySpec,omitempty"` // Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) // for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. // This parameter is optional when you are creating a symmetric encryption KMS // key; otherwise, it is required. You can't change the KeyUsage value after // the KMS key is created. // // Select only one valid value. // // * For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT. // // * For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC. // // * For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT // or SIGN_VERIFY. // // * For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY. // // * For asymmetric KMS keys with SM2 key material (China Regions only), // specify ENCRYPT_DECRYPT or SIGN_VERIFY. KeyUsage *string `json:"keyUsage,omitempty"` // Creates a multi-Region primary key that you can replicate into other Amazon // Web Services Regions. You cannot change this value after you create the KMS // key. // // For a multi-Region key, set this parameter to True. For a single-Region KMS // key, omit this parameter or set it to False. The default value is False. // // This operation supports multi-Region keys, an KMS feature that lets you create // multiple interoperable KMS keys in different Amazon Web Services Regions. // Because these KMS keys have the same key ID, key material, and other metadata, // you can use them interchangeably to encrypt data in one Amazon Web Services // Region and decrypt it in a different Amazon Web Services Region without re-encrypting // the data or making a cross-Region call. For more information about multi-Region // keys, see Multi-Region keys in KMS (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) // in the Key Management Service Developer Guide. // // This value creates a primary key, not a replica. To create a replica key, // use the ReplicateKey operation. // // You can create a symmetric or asymmetric multi-Region key, and you can create // a multi-Region key with imported key material. However, you cannot create // a multi-Region key in a custom key store. MultiRegion *bool `json:"multiRegion,omitempty"` // The source of the key material for the KMS key. You cannot change the origin // after you create the KMS key. The default is AWS_KMS, which means that KMS // creates the key material. // // To create a KMS key with no key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) // (for imported key material), set this value to EXTERNAL. For more information // about importing key material into KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the Key Management Service Developer Guide. The EXTERNAL origin value // is valid only for symmetric KMS keys. // // To create a KMS key in an CloudHSM key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) // and create its key material in the associated CloudHSM cluster, set this // value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to // identify the CloudHSM key store. The KeySpec value must be SYMMETRIC_DEFAULT. // // To create a KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html), // set this value to EXTERNAL_KEY_STORE. You must also use the CustomKeyStoreId // parameter to identify the external key store and the XksKeyId parameter to // identify the associated external key. The KeySpec value must be SYMMETRIC_DEFAULT. Origin *string `json:"origin,omitempty"` // The key policy to attach to the KMS key. // // If you provide a key policy, it must meet the following criteria: // // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the CreateKey request to make // a subsequent PutKeyPolicy request on the KMS key. This reduces the risk // that the KMS key becomes unmanageable. For more information, refer to // the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section of the Key Management Service Developer Guide . // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to KMS. When // you create a new Amazon Web Services principal (for example, an IAM user // or role), you might need to enforce a delay before including the new principal // in a key policy because the new principal might not be immediately visible // to KMS. For more information, see Changes that I make are not always immediately // visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the Amazon Web Services Identity and Access Management User Guide. // // If you do not provide a key policy, KMS attaches a default key policy to // the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) // in the Key Management Service Developer Guide. // // The key policy size quota is 32 kilobytes (32768 bytes). // // For help writing and formatting a JSON policy document, see the IAM JSON // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) // in the Identity and Access Management User Guide . Policy *string `json:"policy,omitempty"` // Assigns one or more tags to the KMS key. Use this parameter to tag the KMS // key when it is created. To tag an existing KMS key, use the TagResource operation. // // Tagging or untagging a KMS key can allow or deny permission to the KMS key. // For details, see ABAC for KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) // in the Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // permission in an IAM policy. // // Each tag consists of a tag key and a tag value. Both the tag key and the // tag value are required, but the tag value can be an empty (null) string. // You cannot have more than one tag on a KMS key with the same tag key. If // you specify an existing tag key with a different tag value, KMS replaces // the current tag value with the specified one. // // When you add tags to an Amazon Web Services resource, Amazon Web Services // generates a cost allocation report with usage and costs aggregated by tags. // Tags can also be used to control access to a KMS key. For details, see Tagging // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). Tags []*Tag `json:"tags,omitempty"` // Identifies the external key (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key) // that serves as key material for the KMS key in an external key store (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html). // Specify the ID that the external key store proxy (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy) // uses to refer to the external key. For help, see the documentation for your // external key store proxy. // // This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE. // It is not valid for KMS keys with any other Origin value. // // The external key must be an existing 256-bit AES symmetric encryption key // hosted outside of Amazon Web Services in an external key manager associated // with the external key store specified by the CustomKeyStoreId parameter. // This key must be enabled and configured to perform encryption and decryption. // Each KMS key in an external key store must use a different external key. // For details, see Requirements for a KMS key in an external key store (https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements) // in the Key Management Service Developer Guide. // // Each KMS key in an external key store is associated two backing keys. One // is key material that KMS generates. The other is the external key specified // by this parameter. When you use the KMS key in an external key store to encrypt // data, the encryption operation is performed first by KMS using the KMS key // material, and then by the external key manager using the specified external // key, a process known as double encryption. For details, see Double encryption // (https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption) // in the Key Management Service Developer Guide. XksKeyID *string `json:"xksKeyID,omitempty"` CustomKeyParameters `json:",inline"` }
KeyParameters defines the desired state of Key
func (*KeyParameters) DeepCopy ¶
func (in *KeyParameters) DeepCopy() *KeyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyParameters.
func (*KeyParameters) DeepCopyInto ¶
func (in *KeyParameters) DeepCopyInto(out *KeyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeySpec ¶
type KeySpec struct { xpv1.ResourceSpec `json:",inline"` ForProvider KeyParameters `json:"forProvider"` }
KeySpec defines the desired state of Key
func (*KeySpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeySpec.
func (*KeySpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeySpec_SDK ¶
type KeySpec_SDK string
const ( KeySpec_SDK_RSA_2048 KeySpec_SDK = "RSA_2048" KeySpec_SDK_RSA_3072 KeySpec_SDK = "RSA_3072" KeySpec_SDK_RSA_4096 KeySpec_SDK = "RSA_4096" KeySpec_SDK_ECC_NIST_P256 KeySpec_SDK = "ECC_NIST_P256" KeySpec_SDK_ECC_NIST_P384 KeySpec_SDK = "ECC_NIST_P384" KeySpec_SDK_ECC_NIST_P521 KeySpec_SDK = "ECC_NIST_P521" KeySpec_SDK_ECC_SECG_P256K1 KeySpec_SDK = "ECC_SECG_P256K1" KeySpec_SDK_SYMMETRIC_DEFAULT KeySpec_SDK = "SYMMETRIC_DEFAULT" KeySpec_SDK_HMAC_224 KeySpec_SDK = "HMAC_224" KeySpec_SDK_HMAC_256 KeySpec_SDK = "HMAC_256" KeySpec_SDK_HMAC_384 KeySpec_SDK = "HMAC_384" KeySpec_SDK_HMAC_512 KeySpec_SDK = "HMAC_512" KeySpec_SDK_SM2 KeySpec_SDK = "SM2" )
type KeyState ¶
type KeyState string
const ( KeyState_Creating KeyState = "Creating" KeyState_Enabled KeyState = "Enabled" KeyState_Disabled KeyState = "Disabled" KeyState_PendingDeletion KeyState = "PendingDeletion" KeyState_PendingImport KeyState = "PendingImport" KeyState_PendingReplicaDeletion KeyState = "PendingReplicaDeletion" KeyState_Updating KeyState = "Updating" )
type KeyStatus ¶
type KeyStatus struct { xpv1.ResourceStatus `json:",inline"` AtProvider KeyObservation `json:"atProvider,omitempty"` }
KeyStatus defines the observed state of Key.
func (*KeyStatus) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyStatus.
func (*KeyStatus) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyUsageType ¶
type KeyUsageType string
const ( KeyUsageType_SIGN_VERIFY KeyUsageType = "SIGN_VERIFY" KeyUsageType_ENCRYPT_DECRYPT KeyUsageType = "ENCRYPT_DECRYPT" KeyUsageType_GENERATE_VERIFY_MAC KeyUsageType = "GENERATE_VERIFY_MAC" )
type MacAlgorithmSpec ¶ added in v0.34.0
type MacAlgorithmSpec string
const ( MacAlgorithmSpec_HMAC_SHA_224 MacAlgorithmSpec = "HMAC_SHA_224" MacAlgorithmSpec_HMAC_SHA_256 MacAlgorithmSpec = "HMAC_SHA_256" MacAlgorithmSpec_HMAC_SHA_384 MacAlgorithmSpec = "HMAC_SHA_384" MacAlgorithmSpec_HMAC_SHA_512 MacAlgorithmSpec = "HMAC_SHA_512" )
type MessageType ¶
type MessageType string
const ( MessageType_RAW MessageType = "RAW" MessageType_DIGEST MessageType = "DIGEST" )
type MultiRegionConfiguration ¶
type MultiRegionConfiguration struct { MultiRegionKeyType *string `json:"multiRegionKeyType,omitempty"` // Describes the primary or replica key in a multi-Region key. PrimaryKey *MultiRegionKey `json:"primaryKey,omitempty"` ReplicaKeys []*MultiRegionKey `json:"replicaKeys,omitempty"` }
+kubebuilder:skipversion
func (*MultiRegionConfiguration) DeepCopy ¶
func (in *MultiRegionConfiguration) DeepCopy() *MultiRegionConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MultiRegionConfiguration.
func (*MultiRegionConfiguration) DeepCopyInto ¶
func (in *MultiRegionConfiguration) DeepCopyInto(out *MultiRegionConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MultiRegionKey ¶
type MultiRegionKey struct { ARN *string `json:"arn,omitempty"` Region *string `json:"region,omitempty"` }
+kubebuilder:skipversion
func (*MultiRegionKey) DeepCopy ¶
func (in *MultiRegionKey) DeepCopy() *MultiRegionKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MultiRegionKey.
func (*MultiRegionKey) DeepCopyInto ¶
func (in *MultiRegionKey) DeepCopyInto(out *MultiRegionKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MultiRegionKeyType ¶
type MultiRegionKeyType string
const ( MultiRegionKeyType_PRIMARY MultiRegionKeyType = "PRIMARY" MultiRegionKeyType_REPLICA MultiRegionKeyType = "REPLICA" )
type OriginType ¶
type OriginType string
const ( OriginType_AWS_KMS OriginType = "AWS_KMS" OriginType_EXTERNAL OriginType = "EXTERNAL" OriginType_AWS_CLOUDHSM OriginType = "AWS_CLOUDHSM" OriginType_EXTERNAL_KEY_STORE OriginType = "EXTERNAL_KEY_STORE" )
type SigningAlgorithmSpec ¶
type SigningAlgorithmSpec string
const ( SigningAlgorithmSpec_RSASSA_PSS_SHA_256 SigningAlgorithmSpec = "RSASSA_PSS_SHA_256" SigningAlgorithmSpec_RSASSA_PSS_SHA_384 SigningAlgorithmSpec = "RSASSA_PSS_SHA_384" SigningAlgorithmSpec_RSASSA_PSS_SHA_512 SigningAlgorithmSpec = "RSASSA_PSS_SHA_512" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_256" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_384" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_512" SigningAlgorithmSpec_ECDSA_SHA_256 SigningAlgorithmSpec = "ECDSA_SHA_256" SigningAlgorithmSpec_ECDSA_SHA_384 SigningAlgorithmSpec = "ECDSA_SHA_384" SigningAlgorithmSpec_ECDSA_SHA_512 SigningAlgorithmSpec = "ECDSA_SHA_512" SigningAlgorithmSpec_SM2DSA SigningAlgorithmSpec = "SM2DSA" )
type Tag ¶
type Tag struct { TagKey *string `json:"tagKey,omitempty"` TagValue *string `json:"tagValue,omitempty"` }
+kubebuilder:skipversion
func (*Tag) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.
func (*Tag) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WrappingKeySpec ¶
type WrappingKeySpec string
const (
WrappingKeySpec_RSA_2048 WrappingKeySpec = "RSA_2048"
)
type XksKeyConfigurationType ¶ added in v0.38.0
type XksKeyConfigurationType struct {
ID *string `json:"id,omitempty"`
}
+kubebuilder:skipversion
func (*XksKeyConfigurationType) DeepCopy ¶ added in v0.38.0
func (in *XksKeyConfigurationType) DeepCopy() *XksKeyConfigurationType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XksKeyConfigurationType.
func (*XksKeyConfigurationType) DeepCopyInto ¶ added in v0.38.0
func (in *XksKeyConfigurationType) DeepCopyInto(out *XksKeyConfigurationType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type XksProxyConnectivityType ¶ added in v0.38.0
type XksProxyConnectivityType string
const ( XksProxyConnectivityType_PUBLIC_ENDPOINT XksProxyConnectivityType = "PUBLIC_ENDPOINT" XksProxyConnectivityType_VPC_ENDPOINT_SERVICE XksProxyConnectivityType = "VPC_ENDPOINT_SERVICE" )