-
Notifications
You must be signed in to change notification settings - Fork 597
/
types.go
506 lines (410 loc) · 19.4 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
// Code generated by smithy-go-codegen DO NOT EDIT.
package types
import (
smithydocument "github.com/aws/smithy-go/document"
"time"
)
// Contains metadata about an ACM certificate. This structure is returned in the
// response to a DescribeCertificaterequest.
type CertificateDetail struct {
// The Amazon Resource Name (ARN) of the certificate. For more information about
// ARNs, see [Amazon Resource Names (ARNs)]in the Amazon Web Services General Reference.
//
// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
CertificateArn *string
// The Amazon Resource Name (ARN) of the private certificate authority (CA) that
// issued the certificate. This has the following format:
//
// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
CertificateAuthorityArn *string
// The time at which the certificate was requested.
CreatedAt *time.Time
// The fully qualified domain name for the certificate, such as www.example.com or
// example.com.
DomainName *string
// Contains information about the initial validation of each domain name that
// occurs as a result of the RequestCertificaterequest. This field exists only when the certificate
// type is AMAZON_ISSUED .
DomainValidationOptions []DomainValidation
// Contains a list of Extended Key Usage X.509 v3 extension objects. Each object
// specifies a purpose for which the certificate public key can be used and
// consists of a name and an object identifier (OID).
ExtendedKeyUsages []ExtendedKeyUsage
// The reason the certificate request failed. This value exists only when the
// certificate status is FAILED . For more information, see [Certificate Request Failed] in the Certificate
// Manager User Guide.
//
// [Certificate Request Failed]: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting.html#troubleshooting-failed
FailureReason FailureReason
// The date and time when the certificate was imported. This value exists only
// when the certificate type is IMPORTED .
ImportedAt *time.Time
// A list of ARNs for the Amazon Web Services resources that are using the
// certificate. A certificate can be used by multiple Amazon Web Services
// resources.
InUseBy []string
// The time at which the certificate was issued. This value exists only when the
// certificate type is AMAZON_ISSUED .
IssuedAt *time.Time
// The name of the certificate authority that issued and signed the certificate.
Issuer *string
// The algorithm that was used to generate the public-private key pair.
KeyAlgorithm KeyAlgorithm
// A list of Key Usage X.509 v3 extension objects. Each object is a string value
// that identifies the purpose of the public key contained in the certificate.
// Possible extension values include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT,
// NON_REPUDIATION, and more.
KeyUsages []KeyUsage
// The time after which the certificate is not valid.
NotAfter *time.Time
// The time before which the certificate is not valid.
NotBefore *time.Time
// Value that specifies whether to add the certificate to a transparency log.
// Certificate transparency makes it possible to detect SSL certificates that have
// been mistakenly or maliciously issued. A browser might respond to certificate
// that has not been logged by showing an error message. The logs are
// cryptographically secure.
Options *CertificateOptions
// Specifies whether the certificate is eligible for renewal. At this time, only
// exported private certificates can be renewed with the RenewCertificatecommand.
RenewalEligibility RenewalEligibility
// Contains information about the status of ACM's [managed renewal] for the certificate. This field
// exists only when the certificate type is AMAZON_ISSUED .
//
// [managed renewal]: https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
RenewalSummary *RenewalSummary
// The reason the certificate was revoked. This value exists only when the
// certificate status is REVOKED .
RevocationReason RevocationReason
// The time at which the certificate was revoked. This value exists only when the
// certificate status is REVOKED .
RevokedAt *time.Time
// The serial number of the certificate.
Serial *string
// The algorithm that was used to sign the certificate.
SignatureAlgorithm *string
// The status of the certificate.
//
// A certificate enters status PENDING_VALIDATION upon being requested, unless it
// fails for any of the reasons given in the troubleshooting topic [Certificate request fails]. ACM makes
// repeated attempts to validate a certificate for 72 hours and then times out. If
// a certificate shows status FAILED or VALIDATION_TIMED_OUT, delete the request,
// correct the issue with [DNS validation]or [Email validation], and try again. If validation succeeds, the
// certificate enters status ISSUED.
//
// [DNS validation]: https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
// [Certificate request fails]: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html
// [Email validation]: https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html
Status CertificateStatus
// The name of the entity that is associated with the public key contained in the
// certificate.
Subject *string
// One or more domain names (subject alternative names) included in the
// certificate. This list contains the domain names that are bound to the public
// key that is contained in the certificate. The subject alternative names include
// the canonical domain name (CN) of the certificate and additional domain names
// that can be used to connect to the website.
SubjectAlternativeNames []string
// The source of the certificate. For certificates provided by ACM, this value is
// AMAZON_ISSUED . For certificates that you imported with ImportCertificate, this value is IMPORTED
// . ACM does not provide [managed renewal]for imported certificates. For more information about
// the differences between certificates that you import and those that ACM
// provides, see [Importing Certificates]in the Certificate Manager User Guide.
//
// [Importing Certificates]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
// [managed renewal]: https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
Type CertificateType
noSmithyDocumentSerde
}
// Structure that contains options for your certificate. Currently, you can use
// this only to specify whether to opt in to or out of certificate transparency
// logging. Some browsers require that public certificates issued for your domain
// be recorded in a log. Certificates that are not logged typically generate a
// browser error. Transparency makes it possible for you to detect SSL/TLS
// certificates that have been mistakenly or maliciously issued for your domain.
// For general information, see [Certificate Transparency Logging].
//
// [Certificate Transparency Logging]: https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency
type CertificateOptions struct {
// You can opt out of certificate transparency logging by specifying the DISABLED
// option. Opt in by specifying ENABLED .
CertificateTransparencyLoggingPreference CertificateTransparencyLoggingPreference
noSmithyDocumentSerde
}
// This structure is returned in the response object of ListCertificates action.
type CertificateSummary struct {
// Amazon Resource Name (ARN) of the certificate. This is of the form:
//
// arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
//
// For more information about ARNs, see [Amazon Resource Names (ARNs)].
//
// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
CertificateArn *string
// The time at which the certificate was requested.
CreatedAt *time.Time
// Fully qualified domain name (FQDN), such as www.example.com or example.com, for
// the certificate.
DomainName *string
// Indicates whether the certificate has been exported. This value exists only
// when the certificate type is PRIVATE .
Exported *bool
// Contains a list of Extended Key Usage X.509 v3 extension objects. Each object
// specifies a purpose for which the certificate public key can be used and
// consists of a name and an object identifier (OID).
ExtendedKeyUsages []ExtendedKeyUsageName
// When called by [ListCertificates], indicates whether the full list of subject alternative names
// has been included in the response. If false, the response includes all of the
// subject alternative names included in the certificate. If true, the response
// only includes the first 100 subject alternative names included in the
// certificate. To display the full list of subject alternative names, use [DescribeCertificate].
//
// [DescribeCertificate]: https://docs.aws.amazon.com/acm/latestAPIReference/API_DescribeCertificate.html
// [ListCertificates]: https://docs.aws.amazon.com/acm/latestAPIReference/API_ListCertificates.html
HasAdditionalSubjectAlternativeNames *bool
// The date and time when the certificate was imported. This value exists only
// when the certificate type is IMPORTED .
ImportedAt *time.Time
// Indicates whether the certificate is currently in use by any Amazon Web
// Services resources.
InUse *bool
// The time at which the certificate was issued. This value exists only when the
// certificate type is AMAZON_ISSUED .
IssuedAt *time.Time
// The algorithm that was used to generate the public-private key pair.
KeyAlgorithm KeyAlgorithm
// A list of Key Usage X.509 v3 extension objects. Each object is a string value
// that identifies the purpose of the public key contained in the certificate.
// Possible extension values include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT,
// NON_REPUDIATION, and more.
KeyUsages []KeyUsageName
// The time after which the certificate is not valid.
NotAfter *time.Time
// The time before which the certificate is not valid.
NotBefore *time.Time
// Specifies whether the certificate is eligible for renewal. At this time, only
// exported private certificates can be renewed with the RenewCertificatecommand.
RenewalEligibility RenewalEligibility
// The time at which the certificate was revoked. This value exists only when the
// certificate status is REVOKED .
RevokedAt *time.Time
// The status of the certificate.
//
// A certificate enters status PENDING_VALIDATION upon being requested, unless it
// fails for any of the reasons given in the troubleshooting topic [Certificate request fails]. ACM makes
// repeated attempts to validate a certificate for 72 hours and then times out. If
// a certificate shows status FAILED or VALIDATION_TIMED_OUT, delete the request,
// correct the issue with [DNS validation]or [Email validation], and try again. If validation succeeds, the
// certificate enters status ISSUED.
//
// [DNS validation]: https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
// [Certificate request fails]: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html
// [Email validation]: https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html
Status CertificateStatus
// One or more domain names (subject alternative names) included in the
// certificate. This list contains the domain names that are bound to the public
// key that is contained in the certificate. The subject alternative names include
// the canonical domain name (CN) of the certificate and additional domain names
// that can be used to connect to the website.
//
// When called by [ListCertificates], this parameter will only return the first 100 subject
// alternative names included in the certificate. To display the full list of
// subject alternative names, use [DescribeCertificate].
//
// [DescribeCertificate]: https://docs.aws.amazon.com/acm/latestAPIReference/API_DescribeCertificate.html
// [ListCertificates]: https://docs.aws.amazon.com/acm/latestAPIReference/API_ListCertificates.html
SubjectAlternativeNameSummaries []string
// The source of the certificate. For certificates provided by ACM, this value is
// AMAZON_ISSUED . For certificates that you imported with ImportCertificate, this value is IMPORTED
// . ACM does not provide [managed renewal]for imported certificates. For more information about
// the differences between certificates that you import and those that ACM
// provides, see [Importing Certificates]in the Certificate Manager User Guide.
//
// [Importing Certificates]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
// [managed renewal]: https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
Type CertificateType
noSmithyDocumentSerde
}
// Contains information about the validation of each domain name in the
// certificate.
type DomainValidation struct {
// A fully qualified domain name (FQDN) in the certificate. For example,
// www.example.com or example.com .
//
// This member is required.
DomainName *string
// Contains the CNAME record that you add to your DNS database for domain
// validation. For more information, see [Use DNS to Validate Domain Ownership].
//
// Note: The CNAME information that you need does not include the name of your
// domain. If you include
your domain name in the DNS database CNAME record,
// validation fails.
For example, if the name is
// "_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com", only
// "_a79865eb4cd1a6ab990a45779b4e0b96" must be used.
//
// [Use DNS to Validate Domain Ownership]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
ResourceRecord *ResourceRecord
// The domain name that ACM used to send domain validation emails.
ValidationDomain *string
// A list of email addresses that ACM used to send domain validation emails.
ValidationEmails []string
// Specifies the domain validation method.
ValidationMethod ValidationMethod
// The validation status of the domain name. This can be one of the following
// values:
//
// - PENDING_VALIDATION
//
// - SUCCESS
//
// - FAILED
ValidationStatus DomainStatus
noSmithyDocumentSerde
}
// Contains information about the domain names that you want ACM to use to send
// you emails that enable you to validate domain ownership.
type DomainValidationOption struct {
// A fully qualified domain name (FQDN) in the certificate request.
//
// This member is required.
DomainName *string
// The domain name that you want ACM to use to send you validation emails. This
// domain name is the suffix of the email addresses that you want ACM to use. This
// must be the same as the DomainName value or a superdomain of the DomainName
// value. For example, if you request a certificate for testing.example.com , you
// can specify example.com for this value. In that case, ACM sends domain
// validation emails to the following five addresses:
//
// - admin@example.com
//
// - administrator@example.com
//
// - hostmaster@example.com
//
// - postmaster@example.com
//
// - webmaster@example.com
//
// This member is required.
ValidationDomain *string
noSmithyDocumentSerde
}
// Object containing expiration events options associated with an Amazon Web
// Services account.
type ExpiryEventsConfiguration struct {
// Specifies the number of days prior to certificate expiration when ACM starts
// generating EventBridge events. ACM sends one event per day per certificate
// until the certificate expires. By default, accounts receive events starting 45
// days before certificate expiration.
DaysBeforeExpiry *int32
noSmithyDocumentSerde
}
// The Extended Key Usage X.509 v3 extension defines one or more purposes for
// which the public key can be used. This is in addition to or in place of the
// basic purposes specified by the Key Usage extension.
type ExtendedKeyUsage struct {
// The name of an Extended Key Usage value.
Name ExtendedKeyUsageName
// An object identifier (OID) for the extension value. OIDs are strings of numbers
// separated by periods. The following OIDs are defined in RFC 3280 and RFC 5280.
//
// - 1.3.6.1.5.5.7.3.1 (TLS_WEB_SERVER_AUTHENTICATION)
//
// - 1.3.6.1.5.5.7.3.2 (TLS_WEB_CLIENT_AUTHENTICATION)
//
// - 1.3.6.1.5.5.7.3.3 (CODE_SIGNING)
//
// - 1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)
//
// - 1.3.6.1.5.5.7.3.8 (TIME_STAMPING)
//
// - 1.3.6.1.5.5.7.3.9 (OCSP_SIGNING)
//
// - 1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)
//
// - 1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)
//
// - 1.3.6.1.5.5.7.3.7 (IPSEC_USER)
OID *string
noSmithyDocumentSerde
}
// This structure can be used in the ListCertificates action to filter the output of the
// certificate list.
type Filters struct {
// Specify one or more ExtendedKeyUsage extension values.
ExtendedKeyUsage []ExtendedKeyUsageName
// Specify one or more algorithms that can be used to generate key pairs.
//
// Default filtering returns only RSA_1024 and RSA_2048 certificates that have at
// least one domain. To return other certificate types, provide the desired type
// signatures in a comma-separated list. For example, "keyTypes":
// ["RSA_2048","RSA_4096"] returns both RSA_2048 and RSA_4096 certificates.
KeyTypes []KeyAlgorithm
// Specify one or more KeyUsage extension values.
KeyUsage []KeyUsageName
noSmithyDocumentSerde
}
// The Key Usage X.509 v3 extension defines the purpose of the public key
// contained in the certificate.
type KeyUsage struct {
// A string value that contains a Key Usage extension name.
Name KeyUsageName
noSmithyDocumentSerde
}
// Contains information about the status of ACM's [managed renewal] for the certificate. This
// structure exists only when the certificate type is AMAZON_ISSUED .
//
// [managed renewal]: https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
type RenewalSummary struct {
// Contains information about the validation of each domain name in the
// certificate, as it pertains to ACM's [managed renewal]. This is different from the initial
// validation that occurs as a result of the RequestCertificaterequest. This field exists only when
// the certificate type is AMAZON_ISSUED .
//
// [managed renewal]: https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
//
// This member is required.
DomainValidationOptions []DomainValidation
// The status of ACM's [managed renewal] of the certificate.
//
// [managed renewal]: https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
//
// This member is required.
RenewalStatus RenewalStatus
// The time at which the renewal summary was last updated.
//
// This member is required.
UpdatedAt *time.Time
// The reason that a renewal request was unsuccessful.
RenewalStatusReason FailureReason
noSmithyDocumentSerde
}
// Contains a DNS record value that you can use to validate ownership or control
// of a domain. This is used by the DescribeCertificateaction.
type ResourceRecord struct {
// The name of the DNS record to create in your domain. This is supplied by ACM.
//
// This member is required.
Name *string
// The type of DNS record. Currently this can be CNAME .
//
// This member is required.
Type RecordType
// The value of the CNAME record to add to your DNS database. This is supplied by
// ACM.
//
// This member is required.
Value *string
noSmithyDocumentSerde
}
// A key-value pair that identifies or specifies metadata about an ACM resource.
type Tag struct {
// The key of the tag.
//
// This member is required.
Key *string
// The value of the tag.
Value *string
noSmithyDocumentSerde
}
type noSmithyDocumentSerde = smithydocument.NoSerde