2017-10-06 00:08:03 +03:00
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
package kms
import (
"fmt"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/private/protocol"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)
const opCancelKeyDeletion = "CancelKeyDeletion"
// CancelKeyDeletionRequest generates a "aws/request.Request" representing the
// client's request for the CancelKeyDeletion operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CancelKeyDeletion for more information on using the CancelKeyDeletion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CancelKeyDeletionRequest method.
// req, resp := client.CancelKeyDeletionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CancelKeyDeletionRequest ( input * CancelKeyDeletionInput ) ( req * request . Request , output * CancelKeyDeletionOutput ) {
op := & request . Operation {
Name : opCancelKeyDeletion ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & CancelKeyDeletionInput { }
}
output = & CancelKeyDeletionOutput { }
req = c . newRequest ( op , input , output )
return
}
// CancelKeyDeletion API operation for AWS Key Management Service.
//
// Cancels the deletion of a customer master key (CMK). When this operation
// is successful, the CMK is set to the Disabled state. To enable a CMK, use
2019-03-11 19:18:55 +03:00
// EnableKey. You cannot perform this operation on a CMK in a different AWS
// account.
2017-10-06 00:08:03 +03:00
//
// For more information about scheduling and canceling deletion of a CMK, see
// Deleting Customer Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation CancelKeyDeletion for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CancelKeyDeletion ( input * CancelKeyDeletionInput ) ( * CancelKeyDeletionOutput , error ) {
req , out := c . CancelKeyDeletionRequest ( input )
return out , req . Send ( )
}
// CancelKeyDeletionWithContext is the same as CancelKeyDeletion with the addition of
// the ability to pass a context and additional request options.
//
// See CancelKeyDeletion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) CancelKeyDeletionWithContext ( ctx aws . Context , input * CancelKeyDeletionInput , opts ... request . Option ) ( * CancelKeyDeletionOutput , error ) {
req , out := c . CancelKeyDeletionRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2019-03-11 19:18:55 +03:00
const opConnectCustomKeyStore = "ConnectCustomKeyStore"
// ConnectCustomKeyStoreRequest generates a "aws/request.Request" representing the
// client's request for the ConnectCustomKeyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ConnectCustomKeyStore for more information on using the ConnectCustomKeyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ConnectCustomKeyStoreRequest method.
// req, resp := client.ConnectCustomKeyStoreRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore
func ( c * KMS ) ConnectCustomKeyStoreRequest ( input * ConnectCustomKeyStoreInput ) ( req * request . Request , output * ConnectCustomKeyStoreOutput ) {
op := & request . Operation {
Name : opConnectCustomKeyStore ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & ConnectCustomKeyStoreInput { }
}
output = & ConnectCustomKeyStoreOutput { }
req = c . newRequest ( op , input , output )
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
return
}
// ConnectCustomKeyStore API operation for AWS Key Management Service.
//
// Connects or reconnects a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html)
// to its associated AWS CloudHSM cluster.
//
// The custom key store must be connected before you can create customer master
// keys (CMKs) in the key store or use the CMKs it contains. You can disconnect
// and reconnect a custom key store at any time.
//
// To connect a custom key store, its associated AWS CloudHSM cluster must have
// at least one active HSM. To get the number of active HSMs in a cluster, use
// the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters)
// operation. To add HSMs to the cluster, use the CreateHsm (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm)
// operation.
//
// The connection process can take an extended amount of time to complete; up
// to 20 minutes. This operation starts the connection process, but it does
// not wait for it to complete. When it succeeds, this operation quickly returns
// an HTTP 200 response and a JSON object with no properties. However, this
// response does not indicate that the custom key store is connected. To get
// the connection state of the custom key store, use the DescribeCustomKeyStores
// operation.
//
// During the connection process, AWS KMS finds the AWS CloudHSM cluster that
// is associated with the custom key store, creates the connection infrastructure,
// connects to the cluster, logs into the AWS CloudHSM client as the kmsuser
// (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
// crypto user (CU), and rotates its password.
//
// The ConnectCustomKeyStore operation might fail for various reasons. To find
// the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode
// in the response. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
//
// To fix the failure, use the DisconnectCustomKeyStore operation to disconnect
// the custom key store, correct the error, use the UpdateCustomKeyStore operation
// if necessary, and then use ConnectCustomKeyStore again.
//
// If you are having trouble connecting or disconnecting a custom key store,
// see Troubleshooting a Custom Key Store (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
// in the AWS Key Management Service Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ConnectCustomKeyStore for usage and error information.
//
// Returned Error Codes:
// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException"
// The request was rejected because the AWS CloudHSM cluster that is associated
// with the custom key store is not active. Initialize and activate the cluster
// and try the command again. For detailed instructions, see Getting Started
// (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the AWS CloudHSM User Guide.
//
// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException"
// The request was rejected because of the ConnectionState of the custom key
// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores
// operation.
//
// This exception is thrown under the following conditions:
//
// * You requested the CreateKey or GenerateRandom operation in a custom
// key store that is not connected. These operations are valid only when
// the custom key store ConnectionState is CONNECTED.
//
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
// * You requested the ConnectCustomKeyStore operation on a custom key store
// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
// for all other ConnectionState values.
//
// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException"
// The request was rejected because AWS KMS cannot find a custom key store with
// the specified key store name or ID.
//
// * ErrCodeInternalException "KMSInternalException"
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException"
// The request was rejected because the associated AWS CloudHSM cluster did
// not meet the configuration requirements for a custom key store. The cluster
// must be configured with private subnets in at least two different Availability
// Zones in the Region. Also, it must contain at least as many HSMs as the operation
// requires.
//
// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations,
// the AWS CloudHSM cluster must have at least two active HSMs, each in a different
// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM
// must contain at least one active HSM.
//
// For information about creating a private subnet for a AWS CloudHSM cluster,
// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm
// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore
func ( c * KMS ) ConnectCustomKeyStore ( input * ConnectCustomKeyStoreInput ) ( * ConnectCustomKeyStoreOutput , error ) {
req , out := c . ConnectCustomKeyStoreRequest ( input )
return out , req . Send ( )
}
// ConnectCustomKeyStoreWithContext is the same as ConnectCustomKeyStore with the addition of
// the ability to pass a context and additional request options.
//
// See ConnectCustomKeyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ConnectCustomKeyStoreWithContext ( ctx aws . Context , input * ConnectCustomKeyStoreInput , opts ... request . Option ) ( * ConnectCustomKeyStoreOutput , error ) {
req , out := c . ConnectCustomKeyStoreRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2017-10-06 00:08:03 +03:00
const opCreateAlias = "CreateAlias"
// CreateAliasRequest generates a "aws/request.Request" representing the
// client's request for the CreateAlias operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateAlias for more information on using the CreateAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreateAliasRequest method.
// req, resp := client.CreateAliasRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CreateAliasRequest ( input * CreateAliasInput ) ( req * request . Request , output * CreateAliasOutput ) {
op := & request . Operation {
Name : opCreateAlias ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & CreateAliasInput { }
}
output = & CreateAliasOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// CreateAlias API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Creates a display name for a customer master key (CMK). You can use an alias
// to identify a CMK in selected operations, such as Encrypt and GenerateDataKey.
//
// Each CMK can have multiple aliases, but each alias points to only one CMK.
// The alias name must be unique in the AWS account and region. To simplify
// code that runs in multiple regions, use the same alias name, but point it
// to a different CMK in each region.
//
// Because an alias is not a property of a CMK, you can delete and change the
// aliases of a CMK without affecting the CMK. Also, aliases do not appear in
// the response from the DescribeKey operation. To get the aliases of all CMKs,
// use the ListAliases operation.
//
// An alias must start with the word alias followed by a forward slash (alias/).
// The alias name can contain only alphanumeric characters, forward slashes
// (/), underscores (_), and dashes (-). Alias names cannot begin with aws;
// that alias name prefix is reserved by Amazon Web Services (AWS).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// The alias and the CMK it is mapped to must be in the same AWS account and
// the same region. You cannot perform this operation on an alias in a different
// AWS account.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To map an existing alias to a different CMK, call UpdateAlias.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation CreateAlias for usage and error information.
//
// Returned Error Codes:
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeAlreadyExistsException "AlreadyExistsException"
// The request was rejected because it attempted to create a resource that already
// exists.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidAliasNameException "InvalidAliasNameException"
// The request was rejected because the specified alias name is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeLimitExceededException "LimitExceededException"
// The request was rejected because a limit was exceeded. For more information,
// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CreateAlias ( input * CreateAliasInput ) ( * CreateAliasOutput , error ) {
req , out := c . CreateAliasRequest ( input )
return out , req . Send ( )
}
// CreateAliasWithContext is the same as CreateAlias with the addition of
// the ability to pass a context and additional request options.
//
// See CreateAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) CreateAliasWithContext ( ctx aws . Context , input * CreateAliasInput , opts ... request . Option ) ( * CreateAliasOutput , error ) {
req , out := c . CreateAliasRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2019-03-11 19:18:55 +03:00
const opCreateCustomKeyStore = "CreateCustomKeyStore"
// CreateCustomKeyStoreRequest generates a "aws/request.Request" representing the
// client's request for the CreateCustomKeyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateCustomKeyStore for more information on using the CreateCustomKeyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreateCustomKeyStoreRequest method.
// req, resp := client.CreateCustomKeyStoreRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore
func ( c * KMS ) CreateCustomKeyStoreRequest ( input * CreateCustomKeyStoreInput ) ( req * request . Request , output * CreateCustomKeyStoreOutput ) {
op := & request . Operation {
Name : opCreateCustomKeyStore ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & CreateCustomKeyStoreInput { }
}
output = & CreateCustomKeyStoreOutput { }
req = c . newRequest ( op , input , output )
return
}
// CreateCustomKeyStore API operation for AWS Key Management Service.
//
// Creates a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html)
// that is associated with an AWS CloudHSM cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html)
// that you own and manage.
//
// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in AWS KMS, which combines the convenience and extensive integration
// of AWS KMS with the isolation and control of a single-tenant key store.
//
// When the operation completes successfully, it returns the ID of the new custom
// key store. Before you can use your new custom key store, you need to use
// the ConnectCustomKeyStore operation to connect the new key store to its AWS
// CloudHSM cluster.
//
// The CreateCustomKeyStore operation requires the following elements.
//
// * You must specify an active AWS CloudHSM cluster in the same account
// and AWS Region as the custom key store. You can use an existing cluster
// or create and activate a new AWS CloudHSM cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-cluster.html)
// for the key store. AWS KMS does not require exclusive use of the cluster.
//
// * You must include the content of the trust anchor certificate for the
// cluster. You created this certificate, and saved it in the customerCA.crt
// file, when you initialized the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr).
//
// * You must provide the password of the dedicated kmsuser (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
// crypto user (CU) account in the cluster.
//
// Before you create the custom key store, use the createUser (http://docs.aws.amazon.com/cloudhsm/latest/userguide/cloudhsm_mgmt_util-createUser.html)
// command in cloudhsm_mgmt_util to create a crypto user (CU) named (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)kmsuserin
// specified AWS CloudHSM cluster. AWS KMS uses the kmsuser CU account to
// create and manage key material on your behalf. For instructions, see Create
// the kmsuser Crypto User (http://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
// in the AWS Key Management Service Developer Guide.
//
// The AWS CloudHSM cluster that you specify must meet the following requirements.
//
// * The cluster must be active and be in the same AWS account and Region
// as the custom key store.
//
// * Each custom key store must be associated with a different AWS CloudHSM
// cluster. The cluster cannot be associated with another custom key store
// or have the same cluster certificate as a cluster that is associated with
// another custom key store. To view the cluster certificate, use the AWS
// CloudHSM DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation. Clusters that share a backup history have the same cluster
// certificate.
//
// * The cluster must be configured with subnets in at least two different
// Availability Zones in the Region. Because AWS CloudHSM is not supported
// in all Availability Zones, we recommend that the cluster have subnets
// in all Availability Zones in the Region.
//
// * The cluster must contain at least two active HSMs, each in a different
// Availability Zone.
//
// New custom key stores are not automatically connected. After you create your
// custom key store, use the ConnectCustomKeyStore operation to connect the
// custom key store to its associated AWS CloudHSM cluster. Even if you are
// not going to use your custom key store immediately, you might want to connect
// it to verify that all settings are correct and then disconnect it until you
// are ready to use it.
//
// If this operation succeeds, it returns the ID of the new custom key store.
// For help with failures, see Troubleshoot a Custom Key Store (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
// in the AWS KMS Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation CreateCustomKeyStore for usage and error information.
//
// Returned Error Codes:
// * ErrCodeCloudHsmClusterInUseException "CloudHsmClusterInUseException"
// The request was rejected because the specified AWS CloudHSM cluster is already
// associated with a custom key store or it shares a backup history with a cluster
// that is associated with a custom key store. Each custom key store must be
// associated with a different AWS CloudHSM cluster.
//
// Clusters that share a backup history have the same cluster certificate. To
// view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
//
// * ErrCodeCustomKeyStoreNameInUseException "CustomKeyStoreNameInUseException"
// The request was rejected because the specified custom key store name is already
// assigned to another custom key store in the account. Try again with a custom
// key store name that is unique in the account.
//
// * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException"
// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster
// with the specified cluster ID. Retry the request with a different cluster
// ID.
//
// * ErrCodeInternalException "KMSInternalException"
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException"
// The request was rejected because the AWS CloudHSM cluster that is associated
// with the custom key store is not active. Initialize and activate the cluster
// and try the command again. For detailed instructions, see Getting Started
// (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the AWS CloudHSM User Guide.
//
// * ErrCodeIncorrectTrustAnchorException "IncorrectTrustAnchorException"
// The request was rejected because the trust anchor certificate in the request
// is not the trust anchor certificate for the specified AWS CloudHSM cluster.
//
// When you initialize the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
// you create the trust anchor certificate and save it in the customerCA.crt
// file.
//
// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException"
// The request was rejected because the associated AWS CloudHSM cluster did
// not meet the configuration requirements for a custom key store. The cluster
// must be configured with private subnets in at least two different Availability
// Zones in the Region. Also, it must contain at least as many HSMs as the operation
// requires.
//
// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations,
// the AWS CloudHSM cluster must have at least two active HSMs, each in a different
// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM
// must contain at least one active HSM.
//
// For information about creating a private subnet for a AWS CloudHSM cluster,
// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm
// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore
func ( c * KMS ) CreateCustomKeyStore ( input * CreateCustomKeyStoreInput ) ( * CreateCustomKeyStoreOutput , error ) {
req , out := c . CreateCustomKeyStoreRequest ( input )
return out , req . Send ( )
}
// CreateCustomKeyStoreWithContext is the same as CreateCustomKeyStore with the addition of
// the ability to pass a context and additional request options.
//
// See CreateCustomKeyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) CreateCustomKeyStoreWithContext ( ctx aws . Context , input * CreateCustomKeyStoreInput , opts ... request . Option ) ( * CreateCustomKeyStoreOutput , error ) {
req , out := c . CreateCustomKeyStoreRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2017-10-06 00:08:03 +03:00
const opCreateGrant = "CreateGrant"
// CreateGrantRequest generates a "aws/request.Request" representing the
// client's request for the CreateGrant operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateGrant for more information on using the CreateGrant
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreateGrantRequest method.
// req, resp := client.CreateGrantRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CreateGrantRequest ( input * CreateGrantInput ) ( req * request . Request , output * CreateGrantOutput ) {
op := & request . Operation {
Name : opCreateGrant ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & CreateGrantInput { }
}
output = & CreateGrantOutput { }
req = c . newRequest ( op , input , output )
return
}
// CreateGrant API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Adds a grant to a customer master key (CMK). The grant specifies who can
// use the CMK and under what conditions. When setting permissions, grants are
// an alternative to key policies.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To perform this operation on a CMK in a different AWS account, specify the
// key ARN in the value of the KeyId parameter. For more information about grants,
// see Grants (http://docs.aws.amazon.com/kms/latest/developerguide/grants.html)
// in the AWS Key Management Service Developer Guide.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
2017-10-06 00:08:03 +03:00
// in the AWS Key Management Service Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation CreateGrant for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException"
// The request was rejected because the specified grant token is not valid.
//
// * ErrCodeLimitExceededException "LimitExceededException"
// The request was rejected because a limit was exceeded. For more information,
// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CreateGrant ( input * CreateGrantInput ) ( * CreateGrantOutput , error ) {
req , out := c . CreateGrantRequest ( input )
return out , req . Send ( )
}
// CreateGrantWithContext is the same as CreateGrant with the addition of
// the ability to pass a context and additional request options.
//
// See CreateGrant for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) CreateGrantWithContext ( ctx aws . Context , input * CreateGrantInput , opts ... request . Option ) ( * CreateGrantOutput , error ) {
req , out := c . CreateGrantRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opCreateKey = "CreateKey"
// CreateKeyRequest generates a "aws/request.Request" representing the
// client's request for the CreateKey operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateKey for more information on using the CreateKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreateKeyRequest method.
// req, resp := client.CreateKeyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CreateKeyRequest ( input * CreateKeyInput ) ( req * request . Request , output * CreateKeyOutput ) {
op := & request . Operation {
Name : opCreateKey ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & CreateKeyInput { }
}
output = & CreateKeyOutput { }
req = c . newRequest ( op , input , output )
return
}
// CreateKey API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Creates a customer master key (CMK) in the caller's AWS account.
2017-10-06 00:08:03 +03:00
//
// You can use a CMK to encrypt small amounts of data (4 KiB or less) directly,
2019-03-11 19:18:55 +03:00
// but CMKs are more commonly used to encrypt data keys, which are used to encrypt
// raw data. For more information about data keys and the difference between
// CMKs and data keys, see the following:
2017-10-06 00:08:03 +03:00
//
// * The GenerateDataKey operation
//
// * AWS Key Management Service Concepts (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html)
// in the AWS Key Management Service Developer Guide
//
2019-03-11 19:18:55 +03:00
// If you plan to import key material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html),
// use the Origin parameter with a value of EXTERNAL to create a CMK with no
// key material.
//
// To create a CMK in a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html),
// use CustomKeyStoreId parameter to specify the custom key store. You must
// also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM
// cluster that is associated with the custom key store must have at least two
// active HSMs, each in a different Availability Zone in the Region.
//
// You cannot use this operation to create a CMK in a different AWS account.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation CreateKey for usage and error information.
//
// Returned Error Codes:
// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException"
// The request was rejected because the specified policy is not syntactically
// or semantically correct.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeLimitExceededException "LimitExceededException"
// The request was rejected because a limit was exceeded. For more information,
// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeTagException "TagException"
// The request was rejected because one or more tags are not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException"
// The request was rejected because AWS KMS cannot find a custom key store with
// the specified key store name or ID.
//
// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException"
// The request was rejected because of the ConnectionState of the custom key
// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores
// operation.
//
// This exception is thrown under the following conditions:
//
// * You requested the CreateKey or GenerateRandom operation in a custom
// key store that is not connected. These operations are valid only when
// the custom key store ConnectionState is CONNECTED.
//
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
// * You requested the ConnectCustomKeyStore operation on a custom key store
// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
// for all other ConnectionState values.
//
// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException"
// The request was rejected because the associated AWS CloudHSM cluster did
// not meet the configuration requirements for a custom key store. The cluster
// must be configured with private subnets in at least two different Availability
// Zones in the Region. Also, it must contain at least as many HSMs as the operation
// requires.
//
// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations,
// the AWS CloudHSM cluster must have at least two active HSMs, each in a different
// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM
// must contain at least one active HSM.
//
// For information about creating a private subnet for a AWS CloudHSM cluster,
// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm
// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) CreateKey ( input * CreateKeyInput ) ( * CreateKeyOutput , error ) {
req , out := c . CreateKeyRequest ( input )
return out , req . Send ( )
}
// CreateKeyWithContext is the same as CreateKey with the addition of
// the ability to pass a context and additional request options.
//
// See CreateKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) CreateKeyWithContext ( ctx aws . Context , input * CreateKeyInput , opts ... request . Option ) ( * CreateKeyOutput , error ) {
req , out := c . CreateKeyRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opDecrypt = "Decrypt"
// DecryptRequest generates a "aws/request.Request" representing the
// client's request for the Decrypt operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See Decrypt for more information on using the Decrypt
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DecryptRequest method.
// req, resp := client.DecryptRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DecryptRequest ( input * DecryptInput ) ( req * request . Request , output * DecryptOutput ) {
op := & request . Operation {
Name : opDecrypt ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DecryptInput { }
}
output = & DecryptOutput { }
req = c . newRequest ( op , input , output )
return
}
// Decrypt API operation for AWS Key Management Service.
//
// Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted
2019-03-11 19:18:55 +03:00
// by using any of the following operations:
2017-10-06 00:08:03 +03:00
//
// * GenerateDataKey
//
// * GenerateDataKeyWithoutPlaintext
//
// * Encrypt
//
// Note that if a caller has been granted access permissions to all keys (through,
// for example, IAM user policies that grant Decrypt permission on all resources),
// then ciphertext encrypted by using keys in other accounts where the key grants
// access to the caller can be decrypted. To remedy this, we recommend that
// you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt
// access only in key policies. If you must grant Decrypt access in an IAM user
// policy, you should scope the resource to specific keys or to specific trusted
// accounts.
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation Decrypt for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeInvalidCiphertextException "InvalidCiphertextException"
2019-03-11 19:18:55 +03:00
// The request was rejected because the specified ciphertext, or additional
// authenticated data incorporated into the ciphertext, such as the encryption
// context, is corrupted, missing, or otherwise invalid.
2017-10-06 00:08:03 +03:00
//
// * ErrCodeKeyUnavailableException "KeyUnavailableException"
// The request was rejected because the specified CMK was not available. The
// request can be retried.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException"
// The request was rejected because the specified grant token is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt
2017-10-06 00:08:03 +03:00
func ( c * KMS ) Decrypt ( input * DecryptInput ) ( * DecryptOutput , error ) {
req , out := c . DecryptRequest ( input )
return out , req . Send ( )
}
// DecryptWithContext is the same as Decrypt with the addition of
// the ability to pass a context and additional request options.
//
// See Decrypt for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DecryptWithContext ( ctx aws . Context , input * DecryptInput , opts ... request . Option ) ( * DecryptOutput , error ) {
req , out := c . DecryptRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opDeleteAlias = "DeleteAlias"
// DeleteAliasRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAlias operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteAlias for more information on using the DeleteAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DeleteAliasRequest method.
// req, resp := client.DeleteAliasRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DeleteAliasRequest ( input * DeleteAliasInput ) ( req * request . Request , output * DeleteAliasOutput ) {
op := & request . Operation {
Name : opDeleteAlias ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DeleteAliasInput { }
}
output = & DeleteAliasOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// DeleteAlias API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Deletes the specified alias. You cannot perform this operation on an alias
// in a different AWS account.
//
// Because an alias is not a property of a CMK, you can delete and change the
// aliases of a CMK without affecting the CMK. Also, aliases do not appear in
// the response from the DescribeKey operation. To get the aliases of all CMKs,
// use the ListAliases operation.
//
// Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias
// to delete the current alias and CreateAlias to create a new alias. To associate
// an existing alias with a different customer master key (CMK), call UpdateAlias.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation DeleteAlias for usage and error information.
//
// Returned Error Codes:
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DeleteAlias ( input * DeleteAliasInput ) ( * DeleteAliasOutput , error ) {
req , out := c . DeleteAliasRequest ( input )
return out , req . Send ( )
}
// DeleteAliasWithContext is the same as DeleteAlias with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DeleteAliasWithContext ( ctx aws . Context , input * DeleteAliasInput , opts ... request . Option ) ( * DeleteAliasOutput , error ) {
req , out := c . DeleteAliasRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2019-03-11 19:18:55 +03:00
const opDeleteCustomKeyStore = "DeleteCustomKeyStore"
// DeleteCustomKeyStoreRequest generates a "aws/request.Request" representing the
// client's request for the DeleteCustomKeyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteCustomKeyStore for more information on using the DeleteCustomKeyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DeleteCustomKeyStoreRequest method.
// req, resp := client.DeleteCustomKeyStoreRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore
func ( c * KMS ) DeleteCustomKeyStoreRequest ( input * DeleteCustomKeyStoreInput ) ( req * request . Request , output * DeleteCustomKeyStoreOutput ) {
op := & request . Operation {
Name : opDeleteCustomKeyStore ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DeleteCustomKeyStoreInput { }
}
output = & DeleteCustomKeyStoreOutput { }
req = c . newRequest ( op , input , output )
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
return
}
// DeleteCustomKeyStore API operation for AWS Key Management Service.
//
// Deletes a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html).
// This operation does not delete the AWS CloudHSM cluster that is associated
// with the custom key store, or affect any users or keys in the cluster.
//
// The custom key store that you delete cannot contain any AWS KMS customer
// master keys (CMKs) (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys).
// Before deleting the key store, verify that you will never need to use any
// of the CMKs in the key store for any cryptographic operations. Then, use
// ScheduleKeyDeletion to delete the AWS KMS customer master keys (CMKs) from
// the key store. When the scheduled waiting period expires, the ScheduleKeyDeletion
// operation deletes the CMKs. Then it makes a best effort to delete the key
// material from the associated cluster. However, you might need to manually
// delete the orphaned key material (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key)
// from the cluster and its backups.
//
// After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to
// disconnect the key store from AWS KMS. Then, you can delete the custom key
// store.
//
// Instead of deleting the custom key store, consider using DisconnectCustomKeyStore
// to disconnect it from AWS KMS. While the key store is disconnected, you cannot
// create or use the CMKs in the key store. But, you do not need to delete CMKs
// and you can reconnect a disconnected custom key store at any time.
//
// If the operation succeeds, it returns a JSON object with no properties.
//
// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in AWS KMS, which combines the convenience and extensive integration
// of AWS KMS with the isolation and control of a single-tenant key store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation DeleteCustomKeyStore for usage and error information.
//
// Returned Error Codes:
// * ErrCodeCustomKeyStoreHasCMKsException "CustomKeyStoreHasCMKsException"
// The request was rejected because the custom key store contains AWS KMS customer
// master keys (CMKs). After verifying that you do not need to use the CMKs,
// use the ScheduleKeyDeletion operation to delete the CMKs. After they are
// deleted, you can delete the custom key store.
//
// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException"
// The request was rejected because of the ConnectionState of the custom key
// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores
// operation.
//
// This exception is thrown under the following conditions:
//
// * You requested the CreateKey or GenerateRandom operation in a custom
// key store that is not connected. These operations are valid only when
// the custom key store ConnectionState is CONNECTED.
//
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
// * You requested the ConnectCustomKeyStore operation on a custom key store
// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
// for all other ConnectionState values.
//
// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException"
// The request was rejected because AWS KMS cannot find a custom key store with
// the specified key store name or ID.
//
// * ErrCodeInternalException "KMSInternalException"
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore
func ( c * KMS ) DeleteCustomKeyStore ( input * DeleteCustomKeyStoreInput ) ( * DeleteCustomKeyStoreOutput , error ) {
req , out := c . DeleteCustomKeyStoreRequest ( input )
return out , req . Send ( )
}
// DeleteCustomKeyStoreWithContext is the same as DeleteCustomKeyStore with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteCustomKeyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DeleteCustomKeyStoreWithContext ( ctx aws . Context , input * DeleteCustomKeyStoreInput , opts ... request . Option ) ( * DeleteCustomKeyStoreOutput , error ) {
req , out := c . DeleteCustomKeyStoreRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2017-10-06 00:08:03 +03:00
const opDeleteImportedKeyMaterial = "DeleteImportedKeyMaterial"
// DeleteImportedKeyMaterialRequest generates a "aws/request.Request" representing the
// client's request for the DeleteImportedKeyMaterial operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteImportedKeyMaterial for more information on using the DeleteImportedKeyMaterial
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DeleteImportedKeyMaterialRequest method.
// req, resp := client.DeleteImportedKeyMaterialRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DeleteImportedKeyMaterialRequest ( input * DeleteImportedKeyMaterialInput ) ( req * request . Request , output * DeleteImportedKeyMaterialOutput ) {
op := & request . Operation {
Name : opDeleteImportedKeyMaterial ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DeleteImportedKeyMaterialInput { }
}
output = & DeleteImportedKeyMaterialOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// DeleteImportedKeyMaterial API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Deletes key material that you previously imported. This operation makes the
// specified customer master key (CMK) unusable. For more information about
// importing key material into AWS KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the AWS Key Management Service Developer Guide. You cannot perform this
// operation on a CMK in a different AWS account.
2017-10-06 00:08:03 +03:00
//
// When the specified CMK is in the PendingDeletion state, this operation does
// not change the CMK's state. Otherwise, it changes the CMK's state to PendingImport.
//
// After you delete key material, you can use ImportKeyMaterial to reimport
// the same key material into the CMK.
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation DeleteImportedKeyMaterial for usage and error information.
//
// Returned Error Codes:
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DeleteImportedKeyMaterial ( input * DeleteImportedKeyMaterialInput ) ( * DeleteImportedKeyMaterialOutput , error ) {
req , out := c . DeleteImportedKeyMaterialRequest ( input )
return out , req . Send ( )
}
// DeleteImportedKeyMaterialWithContext is the same as DeleteImportedKeyMaterial with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteImportedKeyMaterial for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DeleteImportedKeyMaterialWithContext ( ctx aws . Context , input * DeleteImportedKeyMaterialInput , opts ... request . Option ) ( * DeleteImportedKeyMaterialOutput , error ) {
req , out := c . DeleteImportedKeyMaterialRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2019-03-11 19:18:55 +03:00
const opDescribeCustomKeyStores = "DescribeCustomKeyStores"
2017-10-06 00:08:03 +03:00
2019-03-11 19:18:55 +03:00
// DescribeCustomKeyStoresRequest generates a "aws/request.Request" representing the
// client's request for the DescribeCustomKeyStores operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
2019-03-11 19:18:55 +03:00
// See DescribeCustomKeyStores for more information on using the DescribeCustomKeyStores
2017-10-06 00:08:03 +03:00
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
2019-03-11 19:18:55 +03:00
// // Example sending a request using the DescribeCustomKeyStoresRequest method.
// req, resp := client.DescribeCustomKeyStoresRequest(params)
2017-10-06 00:08:03 +03:00
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores
func ( c * KMS ) DescribeCustomKeyStoresRequest ( input * DescribeCustomKeyStoresInput ) ( req * request . Request , output * DescribeCustomKeyStoresOutput ) {
2017-10-06 00:08:03 +03:00
op := & request . Operation {
2019-03-11 19:18:55 +03:00
Name : opDescribeCustomKeyStores ,
2017-10-06 00:08:03 +03:00
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
2019-03-11 19:18:55 +03:00
input = & DescribeCustomKeyStoresInput { }
2017-10-06 00:08:03 +03:00
}
2019-03-11 19:18:55 +03:00
output = & DescribeCustomKeyStoresOutput { }
2017-10-06 00:08:03 +03:00
req = c . newRequest ( op , input , output )
return
}
2019-03-11 19:18:55 +03:00
// DescribeCustomKeyStores API operation for AWS Key Management Service.
//
// Gets information about custom key stores (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html)
// in the account and region.
//
// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in AWS KMS, which combines the convenience and extensive integration
// of AWS KMS with the isolation and control of a single-tenant key store.
//
// By default, this operation returns information about all custom key stores
// in the account and region. To get only information about a particular custom
// key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter
// (but not both).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To determine whether the custom key store is connected to its AWS CloudHSM
// cluster, use the ConnectionState element in the response. If an attempt to
// connect the custom key store failed, the ConnectionState value is FAILED
// and the ConnectionErrorCode element in the response indicates the cause of
// the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
//
// Custom key stores have a DISCONNECTED connection state if the key store has
// never been connected or you use the DisconnectCustomKeyStore operation to
// disconnect it. If your custom key store state is CONNECTED but you are having
// trouble using it, make sure that its associated AWS CloudHSM cluster is active
// and contains the minimum number of HSMs required for the operation, if any.
//
// For help repairing your custom key store, see the Troubleshooting Custom
// Key Stores (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore-html)
// topic in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
2019-03-11 19:18:55 +03:00
// API operation DescribeCustomKeyStores for usage and error information.
2017-10-06 00:08:03 +03:00
//
// Returned Error Codes:
2019-03-11 19:18:55 +03:00
// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException"
// The request was rejected because AWS KMS cannot find a custom key store with
// the specified key store name or ID.
//
// * ErrCodeInternalException "KMSInternalException"
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores
func ( c * KMS ) DescribeCustomKeyStores ( input * DescribeCustomKeyStoresInput ) ( * DescribeCustomKeyStoresOutput , error ) {
req , out := c . DescribeCustomKeyStoresRequest ( input )
return out , req . Send ( )
}
// DescribeCustomKeyStoresWithContext is the same as DescribeCustomKeyStores with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeCustomKeyStores for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DescribeCustomKeyStoresWithContext ( ctx aws . Context , input * DescribeCustomKeyStoresInput , opts ... request . Option ) ( * DescribeCustomKeyStoresOutput , error ) {
req , out := c . DescribeCustomKeyStoresRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opDescribeKey = "DescribeKey"
// DescribeKeyRequest generates a "aws/request.Request" representing the
// client's request for the DescribeKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeKey for more information on using the DescribeKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DescribeKeyRequest method.
// req, resp := client.DescribeKeyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey
func ( c * KMS ) DescribeKeyRequest ( input * DescribeKeyInput ) ( req * request . Request , output * DescribeKeyOutput ) {
op := & request . Operation {
Name : opDescribeKey ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DescribeKeyInput { }
}
output = & DescribeKeyOutput { }
req = c . newRequest ( op , input , output )
return
}
// DescribeKey API operation for AWS Key Management Service.
//
// Provides detailed information about the specified customer master key (CMK).
//
// If you use DescribeKey on a predefined AWS alias, that is, an AWS alias with
// no key ID, AWS KMS associates the alias with an AWS managed CMK (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys)
// and returns its KeyId and Arn in the response.
//
// To perform this operation on a CMK in a different AWS account, specify the
// key ARN or alias ARN in the value of the KeyId parameter.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation DescribeKey for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DescribeKey ( input * DescribeKeyInput ) ( * DescribeKeyOutput , error ) {
req , out := c . DescribeKeyRequest ( input )
return out , req . Send ( )
}
// DescribeKeyWithContext is the same as DescribeKey with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DescribeKeyWithContext ( ctx aws . Context , input * DescribeKeyInput , opts ... request . Option ) ( * DescribeKeyOutput , error ) {
req , out := c . DescribeKeyRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opDisableKey = "DisableKey"
// DisableKeyRequest generates a "aws/request.Request" representing the
// client's request for the DisableKey operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DisableKey for more information on using the DisableKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DisableKeyRequest method.
// req, resp := client.DisableKeyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DisableKeyRequest ( input * DisableKeyInput ) ( req * request . Request , output * DisableKeyOutput ) {
op := & request . Operation {
Name : opDisableKey ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DisableKeyInput { }
}
output = & DisableKeyOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// DisableKey API operation for AWS Key Management Service.
//
// Sets the state of a customer master key (CMK) to disabled, thereby preventing
2019-03-11 19:18:55 +03:00
// its use for cryptographic operations. You cannot perform this operation on
// a CMK in a different AWS account.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects the Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
2017-10-06 00:08:03 +03:00
// in the AWS Key Management Service Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation DisableKey for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DisableKey ( input * DisableKeyInput ) ( * DisableKeyOutput , error ) {
req , out := c . DisableKeyRequest ( input )
return out , req . Send ( )
}
// DisableKeyWithContext is the same as DisableKey with the addition of
// the ability to pass a context and additional request options.
//
// See DisableKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DisableKeyWithContext ( ctx aws . Context , input * DisableKeyInput , opts ... request . Option ) ( * DisableKeyOutput , error ) {
req , out := c . DisableKeyRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opDisableKeyRotation = "DisableKeyRotation"
// DisableKeyRotationRequest generates a "aws/request.Request" representing the
// client's request for the DisableKeyRotation operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DisableKeyRotation for more information on using the DisableKeyRotation
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DisableKeyRotationRequest method.
// req, resp := client.DisableKeyRotationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DisableKeyRotationRequest ( input * DisableKeyRotationInput ) ( req * request . Request , output * DisableKeyRotationOutput ) {
op := & request . Operation {
Name : opDisableKeyRotation ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DisableKeyRotationInput { }
}
output = & DisableKeyRotationOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// DisableKeyRotation API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Disables automatic rotation of the key material (http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
// for the specified customer master key (CMK). You cannot perform this operation
// on a CMK in a different AWS account.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation DisableKeyRotation for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation
2017-10-06 00:08:03 +03:00
func ( c * KMS ) DisableKeyRotation ( input * DisableKeyRotationInput ) ( * DisableKeyRotationOutput , error ) {
req , out := c . DisableKeyRotationRequest ( input )
return out , req . Send ( )
}
// DisableKeyRotationWithContext is the same as DisableKeyRotation with the addition of
// the ability to pass a context and additional request options.
//
// See DisableKeyRotation for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DisableKeyRotationWithContext ( ctx aws . Context , input * DisableKeyRotationInput , opts ... request . Option ) ( * DisableKeyRotationOutput , error ) {
req , out := c . DisableKeyRotationRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2019-03-11 19:18:55 +03:00
const opDisconnectCustomKeyStore = "DisconnectCustomKeyStore"
// DisconnectCustomKeyStoreRequest generates a "aws/request.Request" representing the
// client's request for the DisconnectCustomKeyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DisconnectCustomKeyStore for more information on using the DisconnectCustomKeyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DisconnectCustomKeyStoreRequest method.
// req, resp := client.DisconnectCustomKeyStoreRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore
func ( c * KMS ) DisconnectCustomKeyStoreRequest ( input * DisconnectCustomKeyStoreInput ) ( req * request . Request , output * DisconnectCustomKeyStoreOutput ) {
op := & request . Operation {
Name : opDisconnectCustomKeyStore ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & DisconnectCustomKeyStoreInput { }
}
output = & DisconnectCustomKeyStoreOutput { }
req = c . newRequest ( op , input , output )
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
return
}
// DisconnectCustomKeyStore API operation for AWS Key Management Service.
//
// Disconnects the custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html)
// from its associated AWS CloudHSM cluster. While a custom key store is disconnected,
// you can manage the custom key store and its customer master keys (CMKs),
// but you cannot create or use CMKs in the custom key store. You can reconnect
// the custom key store at any time.
//
// While a custom key store is disconnected, all attempts to create customer
// master keys (CMKs) in the custom key store or to use existing CMKs in cryptographic
// operations will fail. This action can prevent users from storing and accessing
// sensitive data.
//
// To find the connection state of a custom key store, use the DescribeCustomKeyStoresoperation. To reconnect a custom key store, use the ConnectCustomKeyStoreoperation.
//
// If the operation succeeds, it returns a JSON object with no properties.
//
// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation DisconnectCustomKeyStore for usage and error information.
//
// Returned Error Codes:
// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException"
// The request was rejected because of the ConnectionState of the custom key
// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores
// operation.
//
// This exception is thrown under the following conditions:
//
// * You requested the CreateKey or GenerateRandom operation in a custom
// key store that is not connected. These operations are valid only when
// the custom key store ConnectionState is CONNECTED.
//
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
// * You requested the ConnectCustomKeyStore operation on a custom key store
// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
// for all other ConnectionState values.
//
// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException"
// The request was rejected because AWS KMS cannot find a custom key store with
// the specified key store name or ID.
//
// * ErrCodeInternalException "KMSInternalException"
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore
func ( c * KMS ) DisconnectCustomKeyStore ( input * DisconnectCustomKeyStoreInput ) ( * DisconnectCustomKeyStoreOutput , error ) {
req , out := c . DisconnectCustomKeyStoreRequest ( input )
return out , req . Send ( )
}
// DisconnectCustomKeyStoreWithContext is the same as DisconnectCustomKeyStore with the addition of
// the ability to pass a context and additional request options.
//
// See DisconnectCustomKeyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) DisconnectCustomKeyStoreWithContext ( ctx aws . Context , input * DisconnectCustomKeyStoreInput , opts ... request . Option ) ( * DisconnectCustomKeyStoreOutput , error ) {
req , out := c . DisconnectCustomKeyStoreRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2017-10-06 00:08:03 +03:00
const opEnableKey = "EnableKey"
// EnableKeyRequest generates a "aws/request.Request" representing the
// client's request for the EnableKey operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See EnableKey for more information on using the EnableKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the EnableKeyRequest method.
// req, resp := client.EnableKeyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) EnableKeyRequest ( input * EnableKeyInput ) ( req * request . Request , output * EnableKeyOutput ) {
op := & request . Operation {
Name : opEnableKey ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & EnableKeyInput { }
}
output = & EnableKeyOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// EnableKey API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Sets the key state of a customer master key (CMK) to enabled. This allows
// you to use the CMK for cryptographic operations. You cannot perform this
// operation on a CMK in a different AWS account.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation EnableKey for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeLimitExceededException "LimitExceededException"
// The request was rejected because a limit was exceeded. For more information,
// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) EnableKey ( input * EnableKeyInput ) ( * EnableKeyOutput , error ) {
req , out := c . EnableKeyRequest ( input )
return out , req . Send ( )
}
// EnableKeyWithContext is the same as EnableKey with the addition of
// the ability to pass a context and additional request options.
//
// See EnableKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) EnableKeyWithContext ( ctx aws . Context , input * EnableKeyInput , opts ... request . Option ) ( * EnableKeyOutput , error ) {
req , out := c . EnableKeyRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opEnableKeyRotation = "EnableKeyRotation"
// EnableKeyRotationRequest generates a "aws/request.Request" representing the
// client's request for the EnableKeyRotation operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See EnableKeyRotation for more information on using the EnableKeyRotation
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the EnableKeyRotationRequest method.
// req, resp := client.EnableKeyRotationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation
2017-10-06 00:08:03 +03:00
func ( c * KMS ) EnableKeyRotationRequest ( input * EnableKeyRotationInput ) ( req * request . Request , output * EnableKeyRotationOutput ) {
op := & request . Operation {
Name : opEnableKeyRotation ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & EnableKeyRotationInput { }
}
output = & EnableKeyRotationOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// EnableKeyRotation API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Enables automatic rotation of the key material (http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
// for the specified customer master key (CMK). You cannot perform this operation
// on a CMK in a different AWS account.
//
// You cannot enable automatic rotation of CMKs with imported key material or
// CMKs in a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html).
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation EnableKeyRotation for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation
2017-10-06 00:08:03 +03:00
func ( c * KMS ) EnableKeyRotation ( input * EnableKeyRotationInput ) ( * EnableKeyRotationOutput , error ) {
req , out := c . EnableKeyRotationRequest ( input )
return out , req . Send ( )
}
// EnableKeyRotationWithContext is the same as EnableKeyRotation with the addition of
// the ability to pass a context and additional request options.
//
// See EnableKeyRotation for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) EnableKeyRotationWithContext ( ctx aws . Context , input * EnableKeyRotationInput , opts ... request . Option ) ( * EnableKeyRotationOutput , error ) {
req , out := c . EnableKeyRotationRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opEncrypt = "Encrypt"
// EncryptRequest generates a "aws/request.Request" representing the
// client's request for the Encrypt operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See Encrypt for more information on using the Encrypt
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the EncryptRequest method.
// req, resp := client.EncryptRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt
2017-10-06 00:08:03 +03:00
func ( c * KMS ) EncryptRequest ( input * EncryptInput ) ( req * request . Request , output * EncryptOutput ) {
op := & request . Operation {
Name : opEncrypt ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & EncryptInput { }
}
output = & EncryptOutput { }
req = c . newRequest ( op , input , output )
return
}
// Encrypt API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Encrypts plaintext into ciphertext by using a customer master key (CMK).
// The Encrypt operation has two primary use cases:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such
// as an RSA key, a database password, or other sensitive information.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * To move encrypted data from one AWS region to another, you can use this
// operation to encrypt in the new region the plaintext data key that was
// used to encrypt the data in the original region. This provides you with
// an encrypted copy of the data key that can be decrypted in the new region
// and used there to decrypt the encrypted data.
//
// To perform this operation on a CMK in a different AWS account, specify the
// key ARN or alias ARN in the value of the KeyId parameter.
2017-10-06 00:08:03 +03:00
//
// Unless you are moving encrypted data from one region to another, you don't
2019-03-11 19:18:55 +03:00
// use this operation to encrypt a generated data key within a region. To get
// data keys that are already encrypted, call the GenerateDataKey or GenerateDataKeyWithoutPlaintext
// operation. Data keys don't need to be encrypted again by calling Encrypt.
//
// To encrypt data locally in your application, use the GenerateDataKey operation
// to return a plaintext data encryption key and a copy of the key encrypted
// under the CMK of your choosing.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation Encrypt for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeKeyUnavailableException "KeyUnavailableException"
// The request was rejected because the specified CMK was not available. The
// request can be retried.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException"
// The request was rejected because the specified KeySpec value is not valid.
//
// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException"
// The request was rejected because the specified grant token is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt
2017-10-06 00:08:03 +03:00
func ( c * KMS ) Encrypt ( input * EncryptInput ) ( * EncryptOutput , error ) {
req , out := c . EncryptRequest ( input )
return out , req . Send ( )
}
// EncryptWithContext is the same as Encrypt with the addition of
// the ability to pass a context and additional request options.
//
// See Encrypt for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) EncryptWithContext ( ctx aws . Context , input * EncryptInput , opts ... request . Option ) ( * EncryptOutput , error ) {
req , out := c . EncryptRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGenerateDataKey = "GenerateDataKey"
// GenerateDataKeyRequest generates a "aws/request.Request" representing the
// client's request for the GenerateDataKey operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateDataKey for more information on using the GenerateDataKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GenerateDataKeyRequest method.
// req, resp := client.GenerateDataKeyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GenerateDataKeyRequest ( input * GenerateDataKeyInput ) ( req * request . Request , output * GenerateDataKeyOutput ) {
op := & request . Operation {
Name : opGenerateDataKey ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & GenerateDataKeyInput { }
}
output = & GenerateDataKeyOutput { }
req = c . newRequest ( op , input , output )
return
}
// GenerateDataKey API operation for AWS Key Management Service.
//
// Returns a data encryption key that you can use in your application to encrypt
// data locally.
//
// You must specify the customer master key (CMK) under which to generate the
// data key. You must also specify the length of the data key using either the
// KeySpec or NumberOfBytes field. You must specify one field or the other,
// but not both. For common key lengths (128-bit and 256-bit symmetric keys),
2019-03-11 19:18:55 +03:00
// we recommend that you use KeySpec. To perform this operation on a CMK in
// a different AWS account, specify the key ARN or alias ARN in the value of
// the KeyId parameter.
2017-10-06 00:08:03 +03:00
//
// This operation returns a plaintext copy of the data key in the Plaintext
// field of the response, and an encrypted copy of the data key in the CiphertextBlob
// field. The data key is encrypted under the CMK specified in the KeyId field
// of the request.
//
// We recommend that you use the following pattern to encrypt data locally in
// your application:
//
2019-03-11 19:18:55 +03:00
// Use this operation (GenerateDataKey) to get a data encryption key.
2017-10-06 00:08:03 +03:00
//
// Use the plaintext data encryption key (returned in the Plaintext field of
// the response) to encrypt data locally, then erase the plaintext data key
// from memory.
//
// Store the encrypted data key (returned in the CiphertextBlob field of the
// response) alongside the locally encrypted data.
//
// To decrypt data locally:
//
// Use the Decrypt operation to decrypt the encrypted data key into a plaintext
// copy of the data key.
//
// Use the plaintext data key to decrypt data locally, then erase the plaintext
// data key from memory.
//
// To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext.
// To return a random byte string that is cryptographically secure, use GenerateRandom.
//
// If you use the optional EncryptionContext field, you must store at least
// enough information to be able to reconstruct the full encryption context
// when you later send the ciphertext to the Decrypt operation. It is a good
// practice to choose an encryption context that you can reconstruct on the
// fly to better secure the ciphertext. For more information, see Encryption
// Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation GenerateDataKey for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeKeyUnavailableException "KeyUnavailableException"
// The request was rejected because the specified CMK was not available. The
// request can be retried.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException"
// The request was rejected because the specified KeySpec value is not valid.
//
// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException"
// The request was rejected because the specified grant token is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GenerateDataKey ( input * GenerateDataKeyInput ) ( * GenerateDataKeyOutput , error ) {
req , out := c . GenerateDataKeyRequest ( input )
return out , req . Send ( )
}
// GenerateDataKeyWithContext is the same as GenerateDataKey with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateDataKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) GenerateDataKeyWithContext ( ctx aws . Context , input * GenerateDataKeyInput , opts ... request . Option ) ( * GenerateDataKeyOutput , error ) {
req , out := c . GenerateDataKeyRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext"
// GenerateDataKeyWithoutPlaintextRequest generates a "aws/request.Request" representing the
// client's request for the GenerateDataKeyWithoutPlaintext operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateDataKeyWithoutPlaintext for more information on using the GenerateDataKeyWithoutPlaintext
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GenerateDataKeyWithoutPlaintextRequest method.
// req, resp := client.GenerateDataKeyWithoutPlaintextRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GenerateDataKeyWithoutPlaintextRequest ( input * GenerateDataKeyWithoutPlaintextInput ) ( req * request . Request , output * GenerateDataKeyWithoutPlaintextOutput ) {
op := & request . Operation {
Name : opGenerateDataKeyWithoutPlaintext ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & GenerateDataKeyWithoutPlaintextInput { }
}
output = & GenerateDataKeyWithoutPlaintextOutput { }
req = c . newRequest ( op , input , output )
return
}
// GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service.
//
// Returns a data encryption key encrypted under a customer master key (CMK).
// This operation is identical to GenerateDataKey but returns only the encrypted
// copy of the data key.
//
2019-03-11 19:18:55 +03:00
// To perform this operation on a CMK in a different AWS account, specify the
// key ARN or alias ARN in the value of the KeyId parameter.
//
2017-10-06 00:08:03 +03:00
// This operation is useful in a system that has multiple components with different
// degrees of trust. For example, consider a system that stores encrypted data
// in containers. Each container stores the encrypted data and an encrypted
// copy of the data key. One component of the system, called the control plane,
// creates new containers. When it creates a new container, it uses this operation
// (GenerateDataKeyWithoutPlaintext) to get an encrypted data key and then stores
// it in the container. Later, a different component of the system, called the
// data plane, puts encrypted data into the containers. To do this, it passes
// the encrypted data key to the Decrypt operation, then uses the returned plaintext
// data key to encrypt data, and finally stores the encrypted data in the container.
// In this system, the control plane never sees the plaintext data key.
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation GenerateDataKeyWithoutPlaintext for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeKeyUnavailableException "KeyUnavailableException"
// The request was rejected because the specified CMK was not available. The
// request can be retried.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException"
// The request was rejected because the specified KeySpec value is not valid.
//
// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException"
// The request was rejected because the specified grant token is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GenerateDataKeyWithoutPlaintext ( input * GenerateDataKeyWithoutPlaintextInput ) ( * GenerateDataKeyWithoutPlaintextOutput , error ) {
req , out := c . GenerateDataKeyWithoutPlaintextRequest ( input )
return out , req . Send ( )
}
// GenerateDataKeyWithoutPlaintextWithContext is the same as GenerateDataKeyWithoutPlaintext with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateDataKeyWithoutPlaintext for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) GenerateDataKeyWithoutPlaintextWithContext ( ctx aws . Context , input * GenerateDataKeyWithoutPlaintextInput , opts ... request . Option ) ( * GenerateDataKeyWithoutPlaintextOutput , error ) {
req , out := c . GenerateDataKeyWithoutPlaintextRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGenerateRandom = "GenerateRandom"
// GenerateRandomRequest generates a "aws/request.Request" representing the
// client's request for the GenerateRandom operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateRandom for more information on using the GenerateRandom
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GenerateRandomRequest method.
// req, resp := client.GenerateRandomRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GenerateRandomRequest ( input * GenerateRandomInput ) ( req * request . Request , output * GenerateRandomOutput ) {
op := & request . Operation {
Name : opGenerateRandom ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & GenerateRandomInput { }
}
output = & GenerateRandomOutput { }
req = c . newRequest ( op , input , output )
return
}
// GenerateRandom API operation for AWS Key Management Service.
//
// Returns a random byte string that is cryptographically secure.
//
2019-03-11 19:18:55 +03:00
// By default, the random byte string is generated in AWS KMS. To generate the
// byte string in the AWS CloudHSM cluster that is associated with a custom
// key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html),
// specify the custom key store ID.
//
2017-10-06 00:08:03 +03:00
// For more information about entropy and random number generation, see the
// AWS Key Management Service Cryptographic Details (https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf)
// whitepaper.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation GenerateRandom for usage and error information.
//
// Returned Error Codes:
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException"
// The request was rejected because AWS KMS cannot find a custom key store with
// the specified key store name or ID.
//
// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException"
// The request was rejected because of the ConnectionState of the custom key
// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores
// operation.
//
// This exception is thrown under the following conditions:
//
// * You requested the CreateKey or GenerateRandom operation in a custom
// key store that is not connected. These operations are valid only when
// the custom key store ConnectionState is CONNECTED.
//
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
// * You requested the ConnectCustomKeyStore operation on a custom key store
// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
// for all other ConnectionState values.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GenerateRandom ( input * GenerateRandomInput ) ( * GenerateRandomOutput , error ) {
req , out := c . GenerateRandomRequest ( input )
return out , req . Send ( )
}
// GenerateRandomWithContext is the same as GenerateRandom with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateRandom for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) GenerateRandomWithContext ( ctx aws . Context , input * GenerateRandomInput , opts ... request . Option ) ( * GenerateRandomOutput , error ) {
req , out := c . GenerateRandomRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGetKeyPolicy = "GetKeyPolicy"
// GetKeyPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetKeyPolicy operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetKeyPolicy for more information on using the GetKeyPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GetKeyPolicyRequest method.
// req, resp := client.GetKeyPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GetKeyPolicyRequest ( input * GetKeyPolicyInput ) ( req * request . Request , output * GetKeyPolicyOutput ) {
op := & request . Operation {
Name : opGetKeyPolicy ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & GetKeyPolicyInput { }
}
output = & GetKeyPolicyOutput { }
req = c . newRequest ( op , input , output )
return
}
// GetKeyPolicy API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Gets a key policy attached to the specified customer master key (CMK). You
// cannot perform this operation on a CMK in a different AWS account.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation GetKeyPolicy for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GetKeyPolicy ( input * GetKeyPolicyInput ) ( * GetKeyPolicyOutput , error ) {
req , out := c . GetKeyPolicyRequest ( input )
return out , req . Send ( )
}
// GetKeyPolicyWithContext is the same as GetKeyPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetKeyPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) GetKeyPolicyWithContext ( ctx aws . Context , input * GetKeyPolicyInput , opts ... request . Option ) ( * GetKeyPolicyOutput , error ) {
req , out := c . GetKeyPolicyRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGetKeyRotationStatus = "GetKeyRotationStatus"
// GetKeyRotationStatusRequest generates a "aws/request.Request" representing the
// client's request for the GetKeyRotationStatus operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetKeyRotationStatus for more information on using the GetKeyRotationStatus
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GetKeyRotationStatusRequest method.
// req, resp := client.GetKeyRotationStatusRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GetKeyRotationStatusRequest ( input * GetKeyRotationStatusInput ) ( req * request . Request , output * GetKeyRotationStatusOutput ) {
op := & request . Operation {
Name : opGetKeyRotationStatus ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & GetKeyRotationStatusInput { }
}
output = & GetKeyRotationStatusOutput { }
req = c . newRequest ( op , input , output )
return
}
// GetKeyRotationStatus API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Gets a Boolean value that indicates whether automatic rotation of the key
// material (http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
// is enabled for the specified customer master key (CMK).
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// * Disabled: The key rotation status does not change when you disable a
// CMK. However, while the CMK is disabled, AWS KMS does not rotate the backing
// key.
//
// * Pending deletion: While a CMK is pending deletion, its key rotation
// status is false and AWS KMS does not rotate the backing key. If you cancel
// the deletion, the original key rotation status is restored.
//
// To perform this operation on a CMK in a different AWS account, specify the
// key ARN in the value of the KeyId parameter.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation GetKeyRotationStatus for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GetKeyRotationStatus ( input * GetKeyRotationStatusInput ) ( * GetKeyRotationStatusOutput , error ) {
req , out := c . GetKeyRotationStatusRequest ( input )
return out , req . Send ( )
}
// GetKeyRotationStatusWithContext is the same as GetKeyRotationStatus with the addition of
// the ability to pass a context and additional request options.
//
// See GetKeyRotationStatus for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) GetKeyRotationStatusWithContext ( ctx aws . Context , input * GetKeyRotationStatusInput , opts ... request . Option ) ( * GetKeyRotationStatusOutput , error ) {
req , out := c . GetKeyRotationStatusRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGetParametersForImport = "GetParametersForImport"
// GetParametersForImportRequest generates a "aws/request.Request" representing the
// client's request for the GetParametersForImport operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetParametersForImport for more information on using the GetParametersForImport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GetParametersForImportRequest method.
// req, resp := client.GetParametersForImportRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GetParametersForImportRequest ( input * GetParametersForImportInput ) ( req * request . Request , output * GetParametersForImportOutput ) {
op := & request . Operation {
Name : opGetParametersForImport ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & GetParametersForImportInput { }
}
output = & GetParametersForImportOutput { }
req = c . newRequest ( op , input , output )
return
}
// GetParametersForImport API operation for AWS Key Management Service.
//
// Returns the items you need in order to import key material into AWS KMS from
// your existing key management infrastructure. For more information about importing
// key material into AWS KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the AWS Key Management Service Developer Guide.
//
// You must specify the key ID of the customer master key (CMK) into which you
// will import key material. This CMK's Origin must be EXTERNAL. You must also
// specify the wrapping algorithm and type of wrapping key (public key) that
2019-03-11 19:18:55 +03:00
// you will use to encrypt the key material. You cannot perform this operation
// on a CMK in a different AWS account.
2017-10-06 00:08:03 +03:00
//
// This operation returns a public key and an import token. Use the public key
// to encrypt the key material. Store the import token to send with a subsequent
// ImportKeyMaterial request. The public key and import token from the same
2019-03-11 19:18:55 +03:00
// response must be used together. These items are valid for 24 hours. When
// they expire, they cannot be used for a subsequent ImportKeyMaterial request.
// To get new ones, send another GetParametersForImport request.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation GetParametersForImport for usage and error information.
//
// Returned Error Codes:
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport
2017-10-06 00:08:03 +03:00
func ( c * KMS ) GetParametersForImport ( input * GetParametersForImportInput ) ( * GetParametersForImportOutput , error ) {
req , out := c . GetParametersForImportRequest ( input )
return out , req . Send ( )
}
// GetParametersForImportWithContext is the same as GetParametersForImport with the addition of
// the ability to pass a context and additional request options.
//
// See GetParametersForImport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) GetParametersForImportWithContext ( ctx aws . Context , input * GetParametersForImportInput , opts ... request . Option ) ( * GetParametersForImportOutput , error ) {
req , out := c . GetParametersForImportRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opImportKeyMaterial = "ImportKeyMaterial"
// ImportKeyMaterialRequest generates a "aws/request.Request" representing the
// client's request for the ImportKeyMaterial operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ImportKeyMaterial for more information on using the ImportKeyMaterial
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ImportKeyMaterialRequest method.
// req, resp := client.ImportKeyMaterialRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ImportKeyMaterialRequest ( input * ImportKeyMaterialInput ) ( req * request . Request , output * ImportKeyMaterialOutput ) {
op := & request . Operation {
Name : opImportKeyMaterial ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & ImportKeyMaterialInput { }
}
output = & ImportKeyMaterialOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// ImportKeyMaterial API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Imports key material into an existing AWS KMS customer master key (CMK) that
// was created without key material. You cannot perform this operation on a
// CMK in a different AWS account. For more information about creating CMKs
// with no key material and then importing key material, see Importing Key Material
// (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
2017-10-06 00:08:03 +03:00
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// Before using this operation, call GetParametersForImport. Its response includes
// a public key and an import token. Use the public key to encrypt the key material.
// Then, submit the import token from the same GetParametersForImport response.
//
// When calling this operation, you must specify the following values:
//
// * The key ID or key ARN of a CMK with no key material. Its Origin must
// be EXTERNAL.
//
// To create a CMK with no key material, call CreateKey and set the value of
// its Origin parameter to EXTERNAL. To get the Origin of a CMK, call DescribeKey.)
//
// * The encrypted key material. To get the public key to encrypt the key
// material, call GetParametersForImport.
//
// * The import token that GetParametersForImport returned. This token and
// the public key used to encrypt the key material must have come from the
// same response.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Whether the key material expires and if so, when. If you set an expiration
// date, you can change it only by reimporting the same key material and
// specifying a new expiration date. If the key material expires, AWS KMS
// deletes the key material and the CMK becomes unusable. To use the CMK
// again, you must reimport the same key material.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// When this operation is successful, the key state of the CMK changes from
// PendingImport to Enabled, and you can use the CMK. After you successfully
// import key material into a CMK, you can reimport the same key material into
// that CMK, but you cannot import different key material.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ImportKeyMaterial for usage and error information.
//
// Returned Error Codes:
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeInvalidCiphertextException "InvalidCiphertextException"
2019-03-11 19:18:55 +03:00
// The request was rejected because the specified ciphertext, or additional
// authenticated data incorporated into the ciphertext, such as the encryption
// context, is corrupted, missing, or otherwise invalid.
2017-10-06 00:08:03 +03:00
//
// * ErrCodeIncorrectKeyMaterialException "IncorrectKeyMaterialException"
// The request was rejected because the provided key material is invalid or
// is not the same key material that was previously imported into this customer
// master key (CMK).
//
// * ErrCodeExpiredImportTokenException "ExpiredImportTokenException"
// The request was rejected because the provided import token is expired. Use
2019-03-11 19:18:55 +03:00
// GetParametersForImport to get a new import token and public key, use the
// new public key to encrypt the key material, and then try the request again.
2017-10-06 00:08:03 +03:00
//
// * ErrCodeInvalidImportTokenException "InvalidImportTokenException"
// The request was rejected because the provided import token is invalid or
// is associated with a different customer master key (CMK).
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ImportKeyMaterial ( input * ImportKeyMaterialInput ) ( * ImportKeyMaterialOutput , error ) {
req , out := c . ImportKeyMaterialRequest ( input )
return out , req . Send ( )
}
// ImportKeyMaterialWithContext is the same as ImportKeyMaterial with the addition of
// the ability to pass a context and additional request options.
//
// See ImportKeyMaterial for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ImportKeyMaterialWithContext ( ctx aws . Context , input * ImportKeyMaterialInput , opts ... request . Option ) ( * ImportKeyMaterialOutput , error ) {
req , out := c . ImportKeyMaterialRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opListAliases = "ListAliases"
// ListAliasesRequest generates a "aws/request.Request" representing the
// client's request for the ListAliases operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAliases for more information on using the ListAliases
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ListAliasesRequest method.
// req, resp := client.ListAliasesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListAliasesRequest ( input * ListAliasesInput ) ( req * request . Request , output * ListAliasesOutput ) {
op := & request . Operation {
Name : opListAliases ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
Paginator : & request . Paginator {
InputTokens : [ ] string { "Marker" } ,
OutputTokens : [ ] string { "NextMarker" } ,
LimitToken : "Limit" ,
TruncationToken : "Truncated" ,
} ,
}
if input == nil {
input = & ListAliasesInput { }
}
output = & ListAliasesOutput { }
req = c . newRequest ( op , input , output )
return
}
// ListAliases API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Gets a list of all aliases in the caller's AWS account and region. You cannot
// list aliases in other accounts. For more information about aliases, see CreateAlias.
//
// By default, the ListAliases command returns all aliases in the account and
// region. To get only the aliases that point to a particular customer master
// key (CMK), use the KeyId parameter.
//
// The ListAliases response might include several aliases have no TargetKeyId
// field. These are predefined aliases that AWS has created but has not yet
// associated with a CMK. Aliases that AWS creates in your account, including
// predefined aliases, do not count against your AWS KMS aliases limit (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit).
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ListAliases for usage and error information.
//
// Returned Error Codes:
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidMarkerException "InvalidMarkerException"
// The request was rejected because the marker that specifies where pagination
// should next begin is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListAliases ( input * ListAliasesInput ) ( * ListAliasesOutput , error ) {
req , out := c . ListAliasesRequest ( input )
return out , req . Send ( )
}
// ListAliasesWithContext is the same as ListAliases with the addition of
// the ability to pass a context and additional request options.
//
// See ListAliases for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListAliasesWithContext ( ctx aws . Context , input * ListAliasesInput , opts ... request . Option ) ( * ListAliasesOutput , error ) {
req , out := c . ListAliasesRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
// ListAliasesPages iterates over the pages of a ListAliases operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAliases method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListAliases operation.
// pageNum := 0
// err := client.ListAliasesPages(params,
// func(page *ListAliasesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
//
func ( c * KMS ) ListAliasesPages ( input * ListAliasesInput , fn func ( * ListAliasesOutput , bool ) bool ) error {
return c . ListAliasesPagesWithContext ( aws . BackgroundContext ( ) , input , fn )
}
// ListAliasesPagesWithContext same as ListAliasesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListAliasesPagesWithContext ( ctx aws . Context , input * ListAliasesInput , fn func ( * ListAliasesOutput , bool ) bool , opts ... request . Option ) error {
p := request . Pagination {
NewRequest : func ( ) ( * request . Request , error ) {
var inCpy * ListAliasesInput
if input != nil {
tmp := * input
inCpy = & tmp
}
req , _ := c . ListAliasesRequest ( inCpy )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return req , nil
} ,
}
cont := true
for p . Next ( ) && cont {
cont = fn ( p . Page ( ) . ( * ListAliasesOutput ) , ! p . HasNextPage ( ) )
}
return p . Err ( )
}
const opListGrants = "ListGrants"
// ListGrantsRequest generates a "aws/request.Request" representing the
// client's request for the ListGrants operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListGrants for more information on using the ListGrants
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ListGrantsRequest method.
// req, resp := client.ListGrantsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListGrantsRequest ( input * ListGrantsInput ) ( req * request . Request , output * ListGrantsResponse ) {
op := & request . Operation {
Name : opListGrants ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
Paginator : & request . Paginator {
InputTokens : [ ] string { "Marker" } ,
OutputTokens : [ ] string { "NextMarker" } ,
LimitToken : "Limit" ,
TruncationToken : "Truncated" ,
} ,
}
if input == nil {
input = & ListGrantsInput { }
}
output = & ListGrantsResponse { }
req = c . newRequest ( op , input , output )
return
}
// ListGrants API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Gets a list of all grants for the specified customer master key (CMK).
//
// To perform this operation on a CMK in a different AWS account, specify the
// key ARN in the value of the KeyId parameter.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ListGrants for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidMarkerException "InvalidMarkerException"
// The request was rejected because the marker that specifies where pagination
// should next begin is not valid.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListGrants ( input * ListGrantsInput ) ( * ListGrantsResponse , error ) {
req , out := c . ListGrantsRequest ( input )
return out , req . Send ( )
}
// ListGrantsWithContext is the same as ListGrants with the addition of
// the ability to pass a context and additional request options.
//
// See ListGrants for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListGrantsWithContext ( ctx aws . Context , input * ListGrantsInput , opts ... request . Option ) ( * ListGrantsResponse , error ) {
req , out := c . ListGrantsRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
// ListGrantsPages iterates over the pages of a ListGrants operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListGrants method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListGrants operation.
// pageNum := 0
// err := client.ListGrantsPages(params,
// func(page *ListGrantsResponse, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
//
func ( c * KMS ) ListGrantsPages ( input * ListGrantsInput , fn func ( * ListGrantsResponse , bool ) bool ) error {
return c . ListGrantsPagesWithContext ( aws . BackgroundContext ( ) , input , fn )
}
// ListGrantsPagesWithContext same as ListGrantsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListGrantsPagesWithContext ( ctx aws . Context , input * ListGrantsInput , fn func ( * ListGrantsResponse , bool ) bool , opts ... request . Option ) error {
p := request . Pagination {
NewRequest : func ( ) ( * request . Request , error ) {
var inCpy * ListGrantsInput
if input != nil {
tmp := * input
inCpy = & tmp
}
req , _ := c . ListGrantsRequest ( inCpy )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return req , nil
} ,
}
cont := true
for p . Next ( ) && cont {
cont = fn ( p . Page ( ) . ( * ListGrantsResponse ) , ! p . HasNextPage ( ) )
}
return p . Err ( )
}
const opListKeyPolicies = "ListKeyPolicies"
// ListKeyPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListKeyPolicies operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListKeyPolicies for more information on using the ListKeyPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ListKeyPoliciesRequest method.
// req, resp := client.ListKeyPoliciesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListKeyPoliciesRequest ( input * ListKeyPoliciesInput ) ( req * request . Request , output * ListKeyPoliciesOutput ) {
op := & request . Operation {
Name : opListKeyPolicies ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
Paginator : & request . Paginator {
InputTokens : [ ] string { "Marker" } ,
OutputTokens : [ ] string { "NextMarker" } ,
LimitToken : "Limit" ,
TruncationToken : "Truncated" ,
} ,
}
if input == nil {
input = & ListKeyPoliciesInput { }
}
output = & ListKeyPoliciesOutput { }
req = c . newRequest ( op , input , output )
return
}
// ListKeyPolicies API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Gets the names of the key policies that are attached to a customer master
// key (CMK). This operation is designed to get policy names that you can use
// in a GetKeyPolicy operation. However, the only valid policy name is default.
// You cannot perform this operation on a CMK in a different AWS account.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ListKeyPolicies for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListKeyPolicies ( input * ListKeyPoliciesInput ) ( * ListKeyPoliciesOutput , error ) {
req , out := c . ListKeyPoliciesRequest ( input )
return out , req . Send ( )
}
// ListKeyPoliciesWithContext is the same as ListKeyPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListKeyPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListKeyPoliciesWithContext ( ctx aws . Context , input * ListKeyPoliciesInput , opts ... request . Option ) ( * ListKeyPoliciesOutput , error ) {
req , out := c . ListKeyPoliciesRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
// ListKeyPoliciesPages iterates over the pages of a ListKeyPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListKeyPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListKeyPolicies operation.
// pageNum := 0
// err := client.ListKeyPoliciesPages(params,
// func(page *ListKeyPoliciesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
//
func ( c * KMS ) ListKeyPoliciesPages ( input * ListKeyPoliciesInput , fn func ( * ListKeyPoliciesOutput , bool ) bool ) error {
return c . ListKeyPoliciesPagesWithContext ( aws . BackgroundContext ( ) , input , fn )
}
// ListKeyPoliciesPagesWithContext same as ListKeyPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListKeyPoliciesPagesWithContext ( ctx aws . Context , input * ListKeyPoliciesInput , fn func ( * ListKeyPoliciesOutput , bool ) bool , opts ... request . Option ) error {
p := request . Pagination {
NewRequest : func ( ) ( * request . Request , error ) {
var inCpy * ListKeyPoliciesInput
if input != nil {
tmp := * input
inCpy = & tmp
}
req , _ := c . ListKeyPoliciesRequest ( inCpy )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return req , nil
} ,
}
cont := true
for p . Next ( ) && cont {
cont = fn ( p . Page ( ) . ( * ListKeyPoliciesOutput ) , ! p . HasNextPage ( ) )
}
return p . Err ( )
}
const opListKeys = "ListKeys"
// ListKeysRequest generates a "aws/request.Request" representing the
// client's request for the ListKeys operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListKeys for more information on using the ListKeys
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ListKeysRequest method.
// req, resp := client.ListKeysRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListKeysRequest ( input * ListKeysInput ) ( req * request . Request , output * ListKeysOutput ) {
op := & request . Operation {
Name : opListKeys ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
Paginator : & request . Paginator {
InputTokens : [ ] string { "Marker" } ,
OutputTokens : [ ] string { "NextMarker" } ,
LimitToken : "Limit" ,
TruncationToken : "Truncated" ,
} ,
}
if input == nil {
input = & ListKeysInput { }
}
output = & ListKeysOutput { }
req = c . newRequest ( op , input , output )
return
}
// ListKeys API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Gets a list of all customer master keys (CMKs) in the caller's AWS account
// and region.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ListKeys for usage and error information.
//
// Returned Error Codes:
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeInvalidMarkerException "InvalidMarkerException"
// The request was rejected because the marker that specifies where pagination
// should next begin is not valid.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListKeys ( input * ListKeysInput ) ( * ListKeysOutput , error ) {
req , out := c . ListKeysRequest ( input )
return out , req . Send ( )
}
// ListKeysWithContext is the same as ListKeys with the addition of
// the ability to pass a context and additional request options.
//
// See ListKeys for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListKeysWithContext ( ctx aws . Context , input * ListKeysInput , opts ... request . Option ) ( * ListKeysOutput , error ) {
req , out := c . ListKeysRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
// ListKeysPages iterates over the pages of a ListKeys operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListKeys method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListKeys operation.
// pageNum := 0
// err := client.ListKeysPages(params,
// func(page *ListKeysOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
//
func ( c * KMS ) ListKeysPages ( input * ListKeysInput , fn func ( * ListKeysOutput , bool ) bool ) error {
return c . ListKeysPagesWithContext ( aws . BackgroundContext ( ) , input , fn )
}
// ListKeysPagesWithContext same as ListKeysPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListKeysPagesWithContext ( ctx aws . Context , input * ListKeysInput , fn func ( * ListKeysOutput , bool ) bool , opts ... request . Option ) error {
p := request . Pagination {
NewRequest : func ( ) ( * request . Request , error ) {
var inCpy * ListKeysInput
if input != nil {
tmp := * input
inCpy = & tmp
}
req , _ := c . ListKeysRequest ( inCpy )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return req , nil
} ,
}
cont := true
for p . Next ( ) && cont {
cont = fn ( p . Page ( ) . ( * ListKeysOutput ) , ! p . HasNextPage ( ) )
}
return p . Err ( )
}
const opListResourceTags = "ListResourceTags"
// ListResourceTagsRequest generates a "aws/request.Request" representing the
// client's request for the ListResourceTags operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListResourceTags for more information on using the ListResourceTags
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ListResourceTagsRequest method.
// req, resp := client.ListResourceTagsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListResourceTagsRequest ( input * ListResourceTagsInput ) ( req * request . Request , output * ListResourceTagsOutput ) {
op := & request . Operation {
Name : opListResourceTags ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & ListResourceTagsInput { }
}
output = & ListResourceTagsOutput { }
req = c . newRequest ( op , input , output )
return
}
// ListResourceTags API operation for AWS Key Management Service.
//
// Returns a list of all tags for the specified customer master key (CMK).
//
2019-03-11 19:18:55 +03:00
// You cannot perform this operation on a CMK in a different AWS account.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ListResourceTags for usage and error information.
//
// Returned Error Codes:
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeInvalidMarkerException "InvalidMarkerException"
// The request was rejected because the marker that specifies where pagination
// should next begin is not valid.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListResourceTags ( input * ListResourceTagsInput ) ( * ListResourceTagsOutput , error ) {
req , out := c . ListResourceTagsRequest ( input )
return out , req . Send ( )
}
// ListResourceTagsWithContext is the same as ListResourceTags with the addition of
// the ability to pass a context and additional request options.
//
// See ListResourceTags for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListResourceTagsWithContext ( ctx aws . Context , input * ListResourceTagsInput , opts ... request . Option ) ( * ListResourceTagsOutput , error ) {
req , out := c . ListResourceTagsRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opListRetirableGrants = "ListRetirableGrants"
// ListRetirableGrantsRequest generates a "aws/request.Request" representing the
// client's request for the ListRetirableGrants operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListRetirableGrants for more information on using the ListRetirableGrants
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ListRetirableGrantsRequest method.
// req, resp := client.ListRetirableGrantsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListRetirableGrantsRequest ( input * ListRetirableGrantsInput ) ( req * request . Request , output * ListGrantsResponse ) {
op := & request . Operation {
Name : opListRetirableGrants ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & ListRetirableGrantsInput { }
}
output = & ListGrantsResponse { }
req = c . newRequest ( op , input , output )
return
}
// ListRetirableGrants API operation for AWS Key Management Service.
//
// Returns a list of all grants for which the grant's RetiringPrincipal matches
// the one specified.
//
// A typical use is to list all grants that you are able to retire. To retire
// a grant, use RetireGrant.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ListRetirableGrants for usage and error information.
//
// Returned Error Codes:
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidMarkerException "InvalidMarkerException"
// The request was rejected because the marker that specifies where pagination
// should next begin is not valid.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ListRetirableGrants ( input * ListRetirableGrantsInput ) ( * ListGrantsResponse , error ) {
req , out := c . ListRetirableGrantsRequest ( input )
return out , req . Send ( )
}
// ListRetirableGrantsWithContext is the same as ListRetirableGrants with the addition of
// the ability to pass a context and additional request options.
//
// See ListRetirableGrants for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ListRetirableGrantsWithContext ( ctx aws . Context , input * ListRetirableGrantsInput , opts ... request . Option ) ( * ListGrantsResponse , error ) {
req , out := c . ListRetirableGrantsRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opPutKeyPolicy = "PutKeyPolicy"
// PutKeyPolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutKeyPolicy operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutKeyPolicy for more information on using the PutKeyPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the PutKeyPolicyRequest method.
// req, resp := client.PutKeyPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy
2017-10-06 00:08:03 +03:00
func ( c * KMS ) PutKeyPolicyRequest ( input * PutKeyPolicyInput ) ( req * request . Request , output * PutKeyPolicyOutput ) {
op := & request . Operation {
Name : opPutKeyPolicy ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & PutKeyPolicyInput { }
}
output = & PutKeyPolicyOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// PutKeyPolicy API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Attaches a key policy to the specified customer master key (CMK). You cannot
// perform this operation on a CMK in a different AWS account.
2017-10-06 00:08:03 +03:00
//
// For more information about key policies, see Key Policies (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)
// in the AWS Key Management Service Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation PutKeyPolicy for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException"
// The request was rejected because the specified policy is not syntactically
// or semantically correct.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeUnsupportedOperationException "UnsupportedOperationException"
// The request was rejected because a specified parameter is not supported or
// a specified resource is not valid for this operation.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeLimitExceededException "LimitExceededException"
// The request was rejected because a limit was exceeded. For more information,
// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy
2017-10-06 00:08:03 +03:00
func ( c * KMS ) PutKeyPolicy ( input * PutKeyPolicyInput ) ( * PutKeyPolicyOutput , error ) {
req , out := c . PutKeyPolicyRequest ( input )
return out , req . Send ( )
}
// PutKeyPolicyWithContext is the same as PutKeyPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See PutKeyPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) PutKeyPolicyWithContext ( ctx aws . Context , input * PutKeyPolicyInput , opts ... request . Option ) ( * PutKeyPolicyOutput , error ) {
req , out := c . PutKeyPolicyRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opReEncrypt = "ReEncrypt"
// ReEncryptRequest generates a "aws/request.Request" representing the
// client's request for the ReEncrypt operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ReEncrypt for more information on using the ReEncrypt
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ReEncryptRequest method.
// req, resp := client.ReEncryptRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ReEncryptRequest ( input * ReEncryptInput ) ( req * request . Request , output * ReEncryptOutput ) {
op := & request . Operation {
Name : opReEncrypt ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & ReEncryptInput { }
}
output = & ReEncryptOutput { }
req = c . newRequest ( op , input , output )
return
}
// ReEncrypt API operation for AWS Key Management Service.
//
// Encrypts data on the server side with a new customer master key (CMK) without
// exposing the plaintext of the data on the client side. The data is first
// decrypted and then reencrypted. You can also use this operation to change
// the encryption context of a ciphertext.
//
2019-03-11 19:18:55 +03:00
// You can reencrypt data using CMKs in different AWS accounts.
//
2017-10-06 00:08:03 +03:00
// Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom
// on the source CMK and once as ReEncryptTo on the destination CMK. We recommend
// that you include the "kms:ReEncrypt*" permission in your key policies (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)
// to permit reencryption from or to the CMK. This permission is automatically
// included in the key policy when you create a CMK through the console, but
// you must include it manually when you create a CMK programmatically or when
// you set a key policy with the PutKeyPolicy operation.
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ReEncrypt for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDisabledException "DisabledException"
// The request was rejected because the specified CMK is not enabled.
//
// * ErrCodeInvalidCiphertextException "InvalidCiphertextException"
2019-03-11 19:18:55 +03:00
// The request was rejected because the specified ciphertext, or additional
// authenticated data incorporated into the ciphertext, such as the encryption
// context, is corrupted, missing, or otherwise invalid.
2017-10-06 00:08:03 +03:00
//
// * ErrCodeKeyUnavailableException "KeyUnavailableException"
// The request was rejected because the specified CMK was not available. The
// request can be retried.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException"
// The request was rejected because the specified KeySpec value is not valid.
//
// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException"
// The request was rejected because the specified grant token is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ReEncrypt ( input * ReEncryptInput ) ( * ReEncryptOutput , error ) {
req , out := c . ReEncryptRequest ( input )
return out , req . Send ( )
}
// ReEncryptWithContext is the same as ReEncrypt with the addition of
// the ability to pass a context and additional request options.
//
// See ReEncrypt for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ReEncryptWithContext ( ctx aws . Context , input * ReEncryptInput , opts ... request . Option ) ( * ReEncryptOutput , error ) {
req , out := c . ReEncryptRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opRetireGrant = "RetireGrant"
// RetireGrantRequest generates a "aws/request.Request" representing the
// client's request for the RetireGrant operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RetireGrant for more information on using the RetireGrant
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the RetireGrantRequest method.
// req, resp := client.RetireGrantRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant
2017-10-06 00:08:03 +03:00
func ( c * KMS ) RetireGrantRequest ( input * RetireGrantInput ) ( req * request . Request , output * RetireGrantOutput ) {
op := & request . Operation {
Name : opRetireGrant ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & RetireGrantInput { }
}
output = & RetireGrantOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// RetireGrant API operation for AWS Key Management Service.
//
// Retires a grant. To clean up, you can retire a grant when you're done using
// it. You should revoke a grant when you intend to actively deny operations
// that depend on it. The following are permitted to call this API:
//
// * The AWS account (root user) under which the grant was created
//
// * The RetiringPrincipal, if present in the grant
//
// * The GranteePrincipal, if RetireGrant is an operation specified in the
// grant
//
// You must identify the grant to retire by its grant token or by a combination
// of the grant ID and the Amazon Resource Name (ARN) of the customer master
// key (CMK). A grant token is a unique variable-length base64-encoded string.
// A grant ID is a 64 character unique identifier of a grant. The CreateGrant
// operation returns both.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation RetireGrant for usage and error information.
//
// Returned Error Codes:
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
2017-10-06 00:08:03 +03:00
// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException"
// The request was rejected because the specified grant token is not valid.
//
// * ErrCodeInvalidGrantIdException "InvalidGrantIdException"
// The request was rejected because the specified GrantId is not valid.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant
2017-10-06 00:08:03 +03:00
func ( c * KMS ) RetireGrant ( input * RetireGrantInput ) ( * RetireGrantOutput , error ) {
req , out := c . RetireGrantRequest ( input )
return out , req . Send ( )
}
// RetireGrantWithContext is the same as RetireGrant with the addition of
// the ability to pass a context and additional request options.
//
// See RetireGrant for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) RetireGrantWithContext ( ctx aws . Context , input * RetireGrantInput , opts ... request . Option ) ( * RetireGrantOutput , error ) {
req , out := c . RetireGrantRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opRevokeGrant = "RevokeGrant"
// RevokeGrantRequest generates a "aws/request.Request" representing the
// client's request for the RevokeGrant operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RevokeGrant for more information on using the RevokeGrant
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the RevokeGrantRequest method.
// req, resp := client.RevokeGrantRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant
2017-10-06 00:08:03 +03:00
func ( c * KMS ) RevokeGrantRequest ( input * RevokeGrantInput ) ( req * request . Request , output * RevokeGrantOutput ) {
op := & request . Operation {
Name : opRevokeGrant ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & RevokeGrantInput { }
}
output = & RevokeGrantOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// RevokeGrant API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Revokes the specified grant for the specified customer master key (CMK).
// You can revoke a grant to actively deny operations that depend on it.
//
// To perform this operation on a CMK in a different AWS account, specify the
// key ARN in the value of the KeyId parameter.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation RevokeGrant for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeInvalidGrantIdException "InvalidGrantIdException"
// The request was rejected because the specified GrantId is not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant
2017-10-06 00:08:03 +03:00
func ( c * KMS ) RevokeGrant ( input * RevokeGrantInput ) ( * RevokeGrantOutput , error ) {
req , out := c . RevokeGrantRequest ( input )
return out , req . Send ( )
}
// RevokeGrantWithContext is the same as RevokeGrant with the addition of
// the ability to pass a context and additional request options.
//
// See RevokeGrant for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) RevokeGrantWithContext ( ctx aws . Context , input * RevokeGrantInput , opts ... request . Option ) ( * RevokeGrantOutput , error ) {
req , out := c . RevokeGrantRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opScheduleKeyDeletion = "ScheduleKeyDeletion"
// ScheduleKeyDeletionRequest generates a "aws/request.Request" representing the
// client's request for the ScheduleKeyDeletion operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ScheduleKeyDeletion for more information on using the ScheduleKeyDeletion
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the ScheduleKeyDeletionRequest method.
// req, resp := client.ScheduleKeyDeletionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ScheduleKeyDeletionRequest ( input * ScheduleKeyDeletionInput ) ( req * request . Request , output * ScheduleKeyDeletionOutput ) {
op := & request . Operation {
Name : opScheduleKeyDeletion ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & ScheduleKeyDeletionInput { }
}
output = & ScheduleKeyDeletionOutput { }
req = c . newRequest ( op , input , output )
return
}
// ScheduleKeyDeletion API operation for AWS Key Management Service.
//
// Schedules the deletion of a customer master key (CMK). You may provide a
// waiting period, specified in days, before deletion occurs. If you do not
// provide a waiting period, the default period of 30 days is used. When this
2019-03-11 19:18:55 +03:00
// operation is successful, the key state of the CMK changes to PendingDeletion.
2017-10-06 00:08:03 +03:00
// Before the waiting period ends, you can use CancelKeyDeletion to cancel the
// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK
// and all AWS KMS data associated with it, including all aliases that refer
// to it.
//
// Deleting a CMK is a destructive and potentially dangerous operation. When
2019-03-11 19:18:55 +03:00
// a CMK is deleted, all data that was encrypted under the CMK is unrecoverable.
// To prevent the use of a CMK without deleting it, use DisableKey.
//
// If you schedule deletion of a CMK from a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html),
// when the waiting period expires, ScheduleKeyDeletion deletes the CMK from
// AWS KMS. Then AWS KMS makes a best effort to delete the key material from
// the associated AWS CloudHSM cluster. However, you might need to manually
// delete the orphaned key material (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key)
// from the cluster and its backups.
//
// You cannot perform this operation on a CMK in a different AWS account.
2017-10-06 00:08:03 +03:00
//
// For more information about scheduling a CMK for deletion, see Deleting Customer
// Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2017-10-06 00:08:03 +03:00
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation ScheduleKeyDeletion for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion
2017-10-06 00:08:03 +03:00
func ( c * KMS ) ScheduleKeyDeletion ( input * ScheduleKeyDeletionInput ) ( * ScheduleKeyDeletionOutput , error ) {
req , out := c . ScheduleKeyDeletionRequest ( input )
return out , req . Send ( )
}
// ScheduleKeyDeletionWithContext is the same as ScheduleKeyDeletion with the addition of
// the ability to pass a context and additional request options.
//
// See ScheduleKeyDeletion for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) ScheduleKeyDeletionWithContext ( ctx aws . Context , input * ScheduleKeyDeletionInput , opts ... request . Option ) ( * ScheduleKeyDeletionOutput , error ) {
req , out := c . ScheduleKeyDeletionRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opTagResource = "TagResource"
// TagResourceRequest generates a "aws/request.Request" representing the
// client's request for the TagResource operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagResource for more information on using the TagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the TagResourceRequest method.
// req, resp := client.TagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource
2017-10-06 00:08:03 +03:00
func ( c * KMS ) TagResourceRequest ( input * TagResourceInput ) ( req * request . Request , output * TagResourceOutput ) {
op := & request . Operation {
Name : opTagResource ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & TagResourceInput { }
}
output = & TagResourceOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// TagResource API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Adds or edits tags for a customer master key (CMK). You cannot perform this
// operation on a CMK in a different AWS account.
2017-10-06 00:08:03 +03:00
//
// Each tag consists of a tag key and a tag value. Tag keys and tag values are
// both required, but tag values can be empty (null) strings.
//
2019-03-11 19:18:55 +03:00
// You can only use a tag key once for each CMK. If you use the tag key again,
// AWS KMS replaces the current tag value with the specified value.
//
// For information about the rules that apply to tag keys and tag values, see
// User-Defined Tag Restrictions (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
// in the AWS Billing and Cost Management User Guide.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation TagResource for usage and error information.
//
// Returned Error Codes:
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeLimitExceededException "LimitExceededException"
// The request was rejected because a limit was exceeded. For more information,
// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeTagException "TagException"
// The request was rejected because one or more tags are not valid.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource
2017-10-06 00:08:03 +03:00
func ( c * KMS ) TagResource ( input * TagResourceInput ) ( * TagResourceOutput , error ) {
req , out := c . TagResourceRequest ( input )
return out , req . Send ( )
}
// TagResourceWithContext is the same as TagResource with the addition of
// the ability to pass a context and additional request options.
//
// See TagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) TagResourceWithContext ( ctx aws . Context , input * TagResourceInput , opts ... request . Option ) ( * TagResourceOutput , error ) {
req , out := c . TagResourceRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opUntagResource = "UntagResource"
// UntagResourceRequest generates a "aws/request.Request" representing the
// client's request for the UntagResource operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagResource for more information on using the UntagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the UntagResourceRequest method.
// req, resp := client.UntagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource
2017-10-06 00:08:03 +03:00
func ( c * KMS ) UntagResourceRequest ( input * UntagResourceInput ) ( req * request . Request , output * UntagResourceOutput ) {
op := & request . Operation {
Name : opUntagResource ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & UntagResourceInput { }
}
output = & UntagResourceOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// UntagResource API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Removes the specified tags from the specified customer master key (CMK).
// You cannot perform this operation on a CMK in a different AWS account.
//
// To remove a tag, specify the tag key. To change the tag value of an existing
// tag key, use TagResource.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation UntagResource for usage and error information.
//
// Returned Error Codes:
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// * ErrCodeTagException "TagException"
// The request was rejected because one or more tags are not valid.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource
2017-10-06 00:08:03 +03:00
func ( c * KMS ) UntagResource ( input * UntagResourceInput ) ( * UntagResourceOutput , error ) {
req , out := c . UntagResourceRequest ( input )
return out , req . Send ( )
}
// UntagResourceWithContext is the same as UntagResource with the addition of
// the ability to pass a context and additional request options.
//
// See UntagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) UntagResourceWithContext ( ctx aws . Context , input * UntagResourceInput , opts ... request . Option ) ( * UntagResourceOutput , error ) {
req , out := c . UntagResourceRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opUpdateAlias = "UpdateAlias"
// UpdateAliasRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAlias operation. The "output" return
2019-03-11 19:18:55 +03:00
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateAlias for more information on using the UpdateAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the UpdateAliasRequest method.
// req, resp := client.UpdateAliasRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias
2017-10-06 00:08:03 +03:00
func ( c * KMS ) UpdateAliasRequest ( input * UpdateAliasInput ) ( req * request . Request , output * UpdateAliasOutput ) {
op := & request . Operation {
Name : opUpdateAlias ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & UpdateAliasInput { }
}
output = & UpdateAliasOutput { }
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
// UpdateAlias API operation for AWS Key Management Service.
//
2019-03-11 19:18:55 +03:00
// Associates an existing alias with a different customer master key (CMK).
// Each CMK can have multiple aliases, but the aliases must be unique within
// the account and region. You cannot perform this operation on an alias in
// a different AWS account.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// This operation works only on existing aliases. To change the alias of a CMK
// to a new value, use CreateAlias to create a new alias and DeleteAlias to
// delete the old alias.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Because an alias is not a property of a CMK, you can create, update, and
// delete the aliases of a CMK without affecting the CMK. Also, aliases do not
// appear in the response from the DescribeKey operation. To get the aliases
// of all CMKs in the account, use the ListAliases operation.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// An alias name can contain only alphanumeric characters, forward slashes (/),
// underscores (_), and dashes (-). An alias must start with the word alias
// followed by a forward slash (alias/). The alias name can contain only alphanumeric
// characters, forward slashes (/), underscores (_), and dashes (-). Alias names
// cannot begin with aws; that alias name prefix is reserved by Amazon Web Services
// (AWS).
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation UpdateAlias for usage and error information.
//
// Returned Error Codes:
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInternalException "KMSInternalException"
2017-10-06 00:08:03 +03:00
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
2019-03-11 19:18:55 +03:00
// * ErrCodeInvalidStateException "KMSInvalidStateException"
2017-10-06 00:08:03 +03:00
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias
2017-10-06 00:08:03 +03:00
func ( c * KMS ) UpdateAlias ( input * UpdateAliasInput ) ( * UpdateAliasOutput , error ) {
req , out := c . UpdateAliasRequest ( input )
return out , req . Send ( )
}
// UpdateAliasWithContext is the same as UpdateAlias with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) UpdateAliasWithContext ( ctx aws . Context , input * UpdateAliasInput , opts ... request . Option ) ( * UpdateAliasOutput , error ) {
req , out := c . UpdateAliasRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
2019-03-11 19:18:55 +03:00
const opUpdateCustomKeyStore = "UpdateCustomKeyStore"
2017-10-06 00:08:03 +03:00
2019-03-11 19:18:55 +03:00
// UpdateCustomKeyStoreRequest generates a "aws/request.Request" representing the
// client's request for the UpdateCustomKeyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
2017-10-06 00:08:03 +03:00
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
2019-03-11 19:18:55 +03:00
// See UpdateCustomKeyStore for more information on using the UpdateCustomKeyStore
2017-10-06 00:08:03 +03:00
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
2019-03-11 19:18:55 +03:00
// // Example sending a request using the UpdateCustomKeyStoreRequest method.
// req, resp := client.UpdateCustomKeyStoreRequest(params)
2017-10-06 00:08:03 +03:00
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
2019-03-11 19:18:55 +03:00
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore
func ( c * KMS ) UpdateCustomKeyStoreRequest ( input * UpdateCustomKeyStoreInput ) ( req * request . Request , output * UpdateCustomKeyStoreOutput ) {
2017-10-06 00:08:03 +03:00
op := & request . Operation {
2019-03-11 19:18:55 +03:00
Name : opUpdateCustomKeyStore ,
2017-10-06 00:08:03 +03:00
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
2019-03-11 19:18:55 +03:00
input = & UpdateCustomKeyStoreInput { }
2017-10-06 00:08:03 +03:00
}
2019-03-11 19:18:55 +03:00
output = & UpdateCustomKeyStoreOutput { }
2017-10-06 00:08:03 +03:00
req = c . newRequest ( op , input , output )
2019-03-11 19:18:55 +03:00
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
2017-10-06 00:08:03 +03:00
return
}
2019-03-11 19:18:55 +03:00
// UpdateCustomKeyStore API operation for AWS Key Management Service.
//
// Changes the properties of a custom key store. Use the CustomKeyStoreId parameter
// to identify the custom key store you want to edit. Use the remaining parameters
// to change the properties of the custom key store.
//
// You can only update a custom key store that is disconnected. To disconnect
// the custom key store, use DisconnectCustomKeyStore. To reconnect the custom
// key store after the update completes, use ConnectCustomKeyStore. To find
// the connection state of a custom key store, use the DescribeCustomKeyStores
// operation.
//
// Use the NewCustomKeyStoreName parameter to change the friendly name of the
// custom key store to the value that you specify.
//
// Use the KeyStorePassword parameter tell AWS KMS the current password of the
// kmsuser (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
// crypto user (CU) in the associated AWS CloudHSM cluster. You can use this
// parameter to fix connection failures that occur when AWS KMS cannot log into
// the associated cluster because the kmsuser password has changed. This value
// does not change the password in the AWS CloudHSM cluster.
//
// Use the CloudHsmClusterId parameter to associate the custom key store with
// a related AWS CloudHSM cluster, that is, a cluster that shares a backup history
// with the original cluster. You can use this parameter to repair a custom
// key store if its AWS CloudHSM cluster becomes corrupted or is deleted, or
// when you need to create or restore a cluster from a backup.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// The cluster ID must identify a AWS CloudHSM cluster with the following requirements.
//
// * The cluster must be active and be in the same AWS account and Region
// as the custom key store.
//
// * The cluster must have the same cluster certificate as the original cluster.
// You cannot use this parameter to associate the custom key store with an
// unrelated cluster. To view the cluster certificate, use the AWS CloudHSM
// DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation. Clusters that share a backup history have the same cluster
// certificate.
//
// * The cluster must be configured with subnets in at least two different
// Availability Zones in the Region. Because AWS CloudHSM is not supported
// in all Availability Zones, we recommend that the cluster have subnets
// in all Availability Zones in the Region.
//
// * The cluster must contain at least two active HSMs, each in a different
// Availability Zone.
//
// If the operation succeeds, it returns a JSON object with no properties.
//
// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in AWS KMS, which combines the convenience and extensive integration
// of AWS KMS with the isolation and control of a single-tenant key store.
2017-10-06 00:08:03 +03:00
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
2019-03-11 19:18:55 +03:00
// API operation UpdateCustomKeyStore for usage and error information.
2017-10-06 00:08:03 +03:00
//
// Returned Error Codes:
2019-03-11 19:18:55 +03:00
// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException"
// The request was rejected because AWS KMS cannot find a custom key store with
// the specified key store name or ID.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException"
// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster
// with the specified cluster ID. Retry the request with a different cluster
// ID.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * ErrCodeCloudHsmClusterNotRelatedException "CloudHsmClusterNotRelatedException"
// The request was rejected because the specified AWS CloudHSM cluster has a
// different cluster certificate than the original cluster. You cannot use the
// operation to specify an unrelated cluster.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify a cluster that shares a backup history with the original cluster.
// This includes clusters that were created from a backup of the current cluster,
// and clusters that were created from the same backup that produced the current
// cluster.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Clusters that share a backup history have the same cluster certificate. To
// view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException"
// The request was rejected because of the ConnectionState of the custom key
// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores
// operation.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// This exception is thrown under the following conditions:
//
// * You requested the CreateKey or GenerateRandom operation in a custom
// key store that is not connected. These operations are valid only when
// the custom key store ConnectionState is CONNECTED.
//
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
// on a custom key store that is not disconnected. This operation is valid
// only when the custom key store ConnectionState is DISCONNECTED.
//
// * You requested the ConnectCustomKeyStore operation on a custom key store
// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
// for all other ConnectionState values.
//
// * ErrCodeInternalException "KMSInternalException"
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException"
// The request was rejected because the AWS CloudHSM cluster that is associated
// with the custom key store is not active. Initialize and activate the cluster
// and try the command again. For detailed instructions, see Getting Started
// (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
// in the AWS CloudHSM User Guide.
//
// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException"
// The request was rejected because the associated AWS CloudHSM cluster did
// not meet the configuration requirements for a custom key store. The cluster
// must be configured with private subnets in at least two different Availability
// Zones in the Region. Also, it must contain at least as many HSMs as the operation
// requires.
//
// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations,
// the AWS CloudHSM cluster must have at least two active HSMs, each in a different
// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM
// must contain at least one active HSM.
//
// For information about creating a private subnet for a AWS CloudHSM cluster,
// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm
// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
// operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore
func ( c * KMS ) UpdateCustomKeyStore ( input * UpdateCustomKeyStoreInput ) ( * UpdateCustomKeyStoreOutput , error ) {
req , out := c . UpdateCustomKeyStoreRequest ( input )
2017-10-06 00:08:03 +03:00
return out , req . Send ( )
}
2019-03-11 19:18:55 +03:00
// UpdateCustomKeyStoreWithContext is the same as UpdateCustomKeyStore with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateCustomKeyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) UpdateCustomKeyStoreWithContext ( ctx aws . Context , input * UpdateCustomKeyStoreInput , opts ... request . Option ) ( * UpdateCustomKeyStoreOutput , error ) {
req , out := c . UpdateCustomKeyStoreRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opUpdateKeyDescription = "UpdateKeyDescription"
// UpdateKeyDescriptionRequest generates a "aws/request.Request" representing the
// client's request for the UpdateKeyDescription operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateKeyDescription for more information on using the UpdateKeyDescription
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the UpdateKeyDescriptionRequest method.
// req, resp := client.UpdateKeyDescriptionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription
func ( c * KMS ) UpdateKeyDescriptionRequest ( input * UpdateKeyDescriptionInput ) ( req * request . Request , output * UpdateKeyDescriptionOutput ) {
op := & request . Operation {
Name : opUpdateKeyDescription ,
HTTPMethod : "POST" ,
HTTPPath : "/" ,
}
if input == nil {
input = & UpdateKeyDescriptionInput { }
}
output = & UpdateKeyDescriptionOutput { }
req = c . newRequest ( op , input , output )
req . Handlers . Unmarshal . Swap ( jsonrpc . UnmarshalHandler . Name , protocol . UnmarshalDiscardBodyHandler )
return
}
// UpdateKeyDescription API operation for AWS Key Management Service.
//
// Updates the description of a customer master key (CMK). To see the decription
// of a CMK, use DescribeKey.
//
// You cannot perform this operation on a CMK in a different AWS account.
//
// The result of this operation varies with the key state of the CMK. For details,
// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Key Management Service's
// API operation UpdateKeyDescription for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNotFoundException "NotFoundException"
// The request was rejected because the specified entity or resource could not
// be found.
//
// * ErrCodeInvalidArnException "InvalidArnException"
// The request was rejected because a specified ARN was not valid.
//
// * ErrCodeDependencyTimeoutException "DependencyTimeoutException"
// The system timed out while trying to fulfill the request. The request can
// be retried.
//
// * ErrCodeInternalException "KMSInternalException"
// The request was rejected because an internal exception occurred. The request
// can be retried.
//
// * ErrCodeInvalidStateException "KMSInvalidStateException"
// The request was rejected because the state of the specified resource is not
// valid for this request.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription
func ( c * KMS ) UpdateKeyDescription ( input * UpdateKeyDescriptionInput ) ( * UpdateKeyDescriptionOutput , error ) {
req , out := c . UpdateKeyDescriptionRequest ( input )
return out , req . Send ( )
}
// UpdateKeyDescriptionWithContext is the same as UpdateKeyDescription with the addition of
2017-10-06 00:08:03 +03:00
// the ability to pass a context and additional request options.
//
// See UpdateKeyDescription for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * KMS ) UpdateKeyDescriptionWithContext ( ctx aws . Context , input * UpdateKeyDescriptionInput , opts ... request . Option ) ( * UpdateKeyDescriptionOutput , error ) {
req , out := c . UpdateKeyDescriptionRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
// Contains information about an alias.
type AliasListEntry struct {
_ struct { } ` type:"structure" `
// String that contains the key ARN.
AliasArn * string ` min:"20" type:"string" `
// String that contains the alias.
AliasName * string ` min:"1" type:"string" `
// String that contains the key identifier referred to by the alias.
TargetKeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s AliasListEntry ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s AliasListEntry ) GoString ( ) string {
return s . String ( )
}
// SetAliasArn sets the AliasArn field's value.
func ( s * AliasListEntry ) SetAliasArn ( v string ) * AliasListEntry {
s . AliasArn = & v
return s
}
// SetAliasName sets the AliasName field's value.
func ( s * AliasListEntry ) SetAliasName ( v string ) * AliasListEntry {
s . AliasName = & v
return s
}
// SetTargetKeyId sets the TargetKeyId field's value.
func ( s * AliasListEntry ) SetTargetKeyId ( v string ) * AliasListEntry {
s . TargetKeyId = & v
return s
}
type CancelKeyDeletionInput struct {
_ struct { } ` type:"structure" `
// The unique identifier for the customer master key (CMK) for which to cancel
// deletion.
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s CancelKeyDeletionInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CancelKeyDeletionInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * CancelKeyDeletionInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "CancelKeyDeletionInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * CancelKeyDeletionInput ) SetKeyId ( v string ) * CancelKeyDeletionInput {
s . KeyId = & v
return s
}
type CancelKeyDeletionOutput struct {
_ struct { } ` type:"structure" `
// The unique identifier of the master key for which deletion is canceled.
KeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s CancelKeyDeletionOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CancelKeyDeletionOutput ) GoString ( ) string {
return s . String ( )
}
// SetKeyId sets the KeyId field's value.
func ( s * CancelKeyDeletionOutput ) SetKeyId ( v string ) * CancelKeyDeletionOutput {
s . KeyId = & v
return s
}
2019-03-11 19:18:55 +03:00
type ConnectCustomKeyStoreInput struct {
_ struct { } ` type:"structure" `
// Enter the key store ID of the custom key store that you want to connect.
// To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
//
// CustomKeyStoreId is a required field
CustomKeyStoreId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s ConnectCustomKeyStoreInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ConnectCustomKeyStoreInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ConnectCustomKeyStoreInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ConnectCustomKeyStoreInput" }
if s . CustomKeyStoreId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CustomKeyStoreId" ) )
}
if s . CustomKeyStoreId != nil && len ( * s . CustomKeyStoreId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * ConnectCustomKeyStoreInput ) SetCustomKeyStoreId ( v string ) * ConnectCustomKeyStoreInput {
s . CustomKeyStoreId = & v
return s
}
type ConnectCustomKeyStoreOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s ConnectCustomKeyStoreOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ConnectCustomKeyStoreOutput ) GoString ( ) string {
return s . String ( )
}
2017-10-06 00:08:03 +03:00
type CreateAliasInput struct {
_ struct { } ` type:"structure" `
// String that contains the display name. The name must start with the word
// "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS"
// are reserved.
//
// AliasName is a required field
AliasName * string ` min:"1" type:"string" required:"true" `
2019-03-11 19:18:55 +03:00
// Identifies the CMK for which you are creating the alias. This value cannot
// be an alias.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// TargetKeyId is a required field
TargetKeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s CreateAliasInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateAliasInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * CreateAliasInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "CreateAliasInput" }
if s . AliasName == nil {
invalidParams . Add ( request . NewErrParamRequired ( "AliasName" ) )
}
if s . AliasName != nil && len ( * s . AliasName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "AliasName" , 1 ) )
}
if s . TargetKeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "TargetKeyId" ) )
}
if s . TargetKeyId != nil && len ( * s . TargetKeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "TargetKeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetAliasName sets the AliasName field's value.
func ( s * CreateAliasInput ) SetAliasName ( v string ) * CreateAliasInput {
s . AliasName = & v
return s
}
// SetTargetKeyId sets the TargetKeyId field's value.
func ( s * CreateAliasInput ) SetTargetKeyId ( v string ) * CreateAliasInput {
s . TargetKeyId = & v
return s
}
type CreateAliasOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s CreateAliasOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateAliasOutput ) GoString ( ) string {
return s . String ( )
}
2019-03-11 19:18:55 +03:00
type CreateCustomKeyStoreInput struct {
_ struct { } ` type:"structure" `
// Identifies the AWS CloudHSM cluster for the custom key store. Enter the cluster
// ID of any active AWS CloudHSM cluster that is not already associated with
// a custom key store. To find the cluster ID, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
//
// CloudHsmClusterId is a required field
CloudHsmClusterId * string ` min:"19" type:"string" required:"true" `
// Specifies a friendly name for the custom key store. The name must be unique
// in your AWS account.
//
// CustomKeyStoreName is a required field
CustomKeyStoreName * string ` min:"1" type:"string" required:"true" `
// Enter the password of the kmsuser (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)
// crypto user (CU) account in the specified AWS CloudHSM cluster. AWS KMS logs
// into the cluster as this user to manage key material on your behalf.
//
// This parameter tells AWS KMS the kmsuser account password; it does not change
// the password in the AWS CloudHSM cluster.
//
// KeyStorePassword is a required field
KeyStorePassword * string ` min:"1" type:"string" required:"true" sensitive:"true" `
// Enter the content of the trust anchor certificate for the cluster. This is
// the content of the customerCA.crt file that you created when you initialized
// the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html).
//
// TrustAnchorCertificate is a required field
TrustAnchorCertificate * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s CreateCustomKeyStoreInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateCustomKeyStoreInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * CreateCustomKeyStoreInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "CreateCustomKeyStoreInput" }
if s . CloudHsmClusterId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CloudHsmClusterId" ) )
}
if s . CloudHsmClusterId != nil && len ( * s . CloudHsmClusterId ) < 19 {
invalidParams . Add ( request . NewErrParamMinLen ( "CloudHsmClusterId" , 19 ) )
}
if s . CustomKeyStoreName == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CustomKeyStoreName" ) )
}
if s . CustomKeyStoreName != nil && len ( * s . CustomKeyStoreName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreName" , 1 ) )
}
if s . KeyStorePassword == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyStorePassword" ) )
}
if s . KeyStorePassword != nil && len ( * s . KeyStorePassword ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyStorePassword" , 1 ) )
}
if s . TrustAnchorCertificate == nil {
invalidParams . Add ( request . NewErrParamRequired ( "TrustAnchorCertificate" ) )
}
if s . TrustAnchorCertificate != nil && len ( * s . TrustAnchorCertificate ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "TrustAnchorCertificate" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCloudHsmClusterId sets the CloudHsmClusterId field's value.
func ( s * CreateCustomKeyStoreInput ) SetCloudHsmClusterId ( v string ) * CreateCustomKeyStoreInput {
s . CloudHsmClusterId = & v
return s
}
// SetCustomKeyStoreName sets the CustomKeyStoreName field's value.
func ( s * CreateCustomKeyStoreInput ) SetCustomKeyStoreName ( v string ) * CreateCustomKeyStoreInput {
s . CustomKeyStoreName = & v
return s
}
// SetKeyStorePassword sets the KeyStorePassword field's value.
func ( s * CreateCustomKeyStoreInput ) SetKeyStorePassword ( v string ) * CreateCustomKeyStoreInput {
s . KeyStorePassword = & v
return s
}
// SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value.
func ( s * CreateCustomKeyStoreInput ) SetTrustAnchorCertificate ( v string ) * CreateCustomKeyStoreInput {
s . TrustAnchorCertificate = & v
return s
}
type CreateCustomKeyStoreOutput struct {
_ struct { } ` type:"structure" `
// A unique identifier for the new custom key store.
CustomKeyStoreId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s CreateCustomKeyStoreOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateCustomKeyStoreOutput ) GoString ( ) string {
return s . String ( )
}
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * CreateCustomKeyStoreOutput ) SetCustomKeyStoreId ( v string ) * CreateCustomKeyStoreOutput {
s . CustomKeyStoreId = & v
return s
}
2017-10-06 00:08:03 +03:00
type CreateGrantInput struct {
_ struct { } ` type:"structure" `
// A structure that you can use to allow certain operations in the grant only
// when the desired encryption context is present. For more information about
// encryption context, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html)
// in the AWS Key Management Service Developer Guide.
Constraints * GrantConstraints ` type:"structure" `
// A list of grant tokens.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantTokens [ ] * string ` type:"list" `
// The principal that is given permission to perform the operations that the
// grant permits.
//
// To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an AWS principal. Valid AWS principals include AWS accounts (root), IAM
// users, IAM roles, federated users, and assumed role users. For examples of
// the ARN syntax to use for specifying a principal, see AWS Identity and Access
// Management (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam)
// in the Example ARNs section of the AWS General Reference.
//
// GranteePrincipal is a required field
GranteePrincipal * string ` min:"1" type:"string" required:"true" `
// The unique identifier for the customer master key (CMK) that the grant applies
// to.
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify
// a CMK in a different AWS account, you must use the key ARN.
//
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// A friendly name for identifying the grant. Use this value to prevent unintended
// creation of duplicate grants when retrying this request.
//
// When this value is absent, all CreateGrant requests result in a new grant
// with a unique GrantId even if all the supplied parameters are identical.
// This can result in unintended duplicates when you retry the CreateGrant request.
//
// When this value is present, you can retry a CreateGrant request with identical
// parameters; if the grant already exists, the original GrantId is returned
// without creating a new grant. Note that the returned grant token is unique
// with every CreateGrant request, even when a duplicate GrantId is returned.
// All grant tokens obtained in this way can be used interchangeably.
Name * string ` min:"1" type:"string" `
// A list of operations that the grant permits.
2019-03-11 19:18:55 +03:00
//
// Operations is a required field
Operations [ ] * string ` type:"list" required:"true" `
2017-10-06 00:08:03 +03:00
// The principal that is given permission to retire the grant by using RetireGrant
// operation.
//
// To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an AWS principal. Valid AWS principals include AWS accounts (root), IAM
// users, federated users, and assumed role users. For examples of the ARN syntax
// to use for specifying a principal, see AWS Identity and Access Management
// (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam)
// in the Example ARNs section of the AWS General Reference.
RetiringPrincipal * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s CreateGrantInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateGrantInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * CreateGrantInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "CreateGrantInput" }
if s . GranteePrincipal == nil {
invalidParams . Add ( request . NewErrParamRequired ( "GranteePrincipal" ) )
}
if s . GranteePrincipal != nil && len ( * s . GranteePrincipal ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "GranteePrincipal" , 1 ) )
}
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . Name != nil && len ( * s . Name ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Name" , 1 ) )
}
2019-03-11 19:18:55 +03:00
if s . Operations == nil {
invalidParams . Add ( request . NewErrParamRequired ( "Operations" ) )
}
2017-10-06 00:08:03 +03:00
if s . RetiringPrincipal != nil && len ( * s . RetiringPrincipal ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "RetiringPrincipal" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetConstraints sets the Constraints field's value.
func ( s * CreateGrantInput ) SetConstraints ( v * GrantConstraints ) * CreateGrantInput {
s . Constraints = v
return s
}
// SetGrantTokens sets the GrantTokens field's value.
func ( s * CreateGrantInput ) SetGrantTokens ( v [ ] * string ) * CreateGrantInput {
s . GrantTokens = v
return s
}
// SetGranteePrincipal sets the GranteePrincipal field's value.
func ( s * CreateGrantInput ) SetGranteePrincipal ( v string ) * CreateGrantInput {
s . GranteePrincipal = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * CreateGrantInput ) SetKeyId ( v string ) * CreateGrantInput {
s . KeyId = & v
return s
}
// SetName sets the Name field's value.
func ( s * CreateGrantInput ) SetName ( v string ) * CreateGrantInput {
s . Name = & v
return s
}
// SetOperations sets the Operations field's value.
func ( s * CreateGrantInput ) SetOperations ( v [ ] * string ) * CreateGrantInput {
s . Operations = v
return s
}
// SetRetiringPrincipal sets the RetiringPrincipal field's value.
func ( s * CreateGrantInput ) SetRetiringPrincipal ( v string ) * CreateGrantInput {
s . RetiringPrincipal = & v
return s
}
type CreateGrantOutput struct {
_ struct { } ` type:"structure" `
// The unique identifier for the grant.
//
// You can use the GrantId in a subsequent RetireGrant or RevokeGrant operation.
GrantId * string ` min:"1" type:"string" `
// The grant token.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantToken * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s CreateGrantOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateGrantOutput ) GoString ( ) string {
return s . String ( )
}
// SetGrantId sets the GrantId field's value.
func ( s * CreateGrantOutput ) SetGrantId ( v string ) * CreateGrantOutput {
s . GrantId = & v
return s
}
// SetGrantToken sets the GrantToken field's value.
func ( s * CreateGrantOutput ) SetGrantToken ( v string ) * CreateGrantOutput {
s . GrantToken = & v
return s
}
type CreateKeyInput struct {
_ struct { } ` type:"structure" `
// A flag to indicate whether to bypass the key policy lockout safety check.
//
2019-03-11 19:18:55 +03:00
// Setting this value to true increases the risk that the CMK becomes unmanageable.
// Do not set this value to true indiscriminately.
2017-10-06 00:08:03 +03:00
//
// For more information, refer to the scenario in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section in the AWS Key Management Service Developer Guide.
//
// Use this parameter only when you include a policy in the request and you
// intend to prevent the principal that is making the request from making a
// subsequent PutKeyPolicy request on the CMK.
//
// The default value is false.
BypassPolicyLockoutSafetyCheck * bool ` type:"boolean" `
2019-03-11 19:18:55 +03:00
// Creates the CMK in the specified custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html)
// and the key material in its associated AWS CloudHSM cluster. To create a
// CMK in a custom key store, you must also specify the Origin parameter with
// a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with
// the custom key store must have at least two active HSMs, each in a different
// Availability Zone in the Region.
//
// To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
//
// The response includes the custom key store ID and the ID of the AWS CloudHSM
// cluster.
//
// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in AWS KMS, which combines the convenience and extensive integration
// of AWS KMS with the isolation and control of a single-tenant key store.
CustomKeyStoreId * string ` min:"1" type:"string" `
2017-10-06 00:08:03 +03:00
// A description of the CMK.
//
// Use a description that helps you decide whether the CMK is appropriate for
// a task.
Description * string ` type:"string" `
// The intended use of the CMK.
//
// You can use CMKs only for symmetric encryption and decryption.
KeyUsage * string ` type:"string" enum:"KeyUsageType" `
2019-03-11 19:18:55 +03:00
// The source of the CMK's key material. You cannot change the origin after
// you create the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// The default is AWS_KMS, which means AWS KMS creates the key material in its
// own key store.
//
// When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material
// so that you can import key material from your existing key management infrastructure.
// For more information about importing key material into AWS KMS, see Importing
// Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
2017-10-06 00:08:03 +03:00
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in a AWS
// KMS custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html)
// and creates its key material in the associated AWS CloudHSM cluster. You
// must also use the CustomKeyStoreId parameter to identify the custom key store.
2017-10-06 00:08:03 +03:00
Origin * string ` type:"string" enum:"OriginType" `
// The key policy to attach to the CMK.
//
2019-03-11 19:18:55 +03:00
// If you provide a key policy, it must meet the following criteria:
//
// * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// must allow the principal that is making the CreateKey request to make
// a subsequent PutKeyPolicy request on the CMK. This reduces the risk that
// the CMK becomes unmanageable. For more information, refer to the scenario
// in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section of the AWS Key Management Service Developer Guide.
//
// * Each statement in the key policy must contain one or more principals.
// The principals in the key policy must exist and be visible to AWS KMS.
// When you create a new AWS principal (for example, an IAM user or role),
// you might need to enforce a delay before including the new principal in
// a key policy because the new principal might not be immediately visible
// to AWS KMS. For more information, see Changes that I make are not always
// immediately visible (http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the AWS Identity and Access Management User Guide.
//
// If you do not provide a key policy, AWS KMS attaches a default key policy
// to the CMK. For more information, see Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
2017-10-06 00:08:03 +03:00
// in the AWS Key Management Service Developer Guide.
//
2019-03-11 19:18:55 +03:00
// The key policy size limit is 32 kilobytes (32768 bytes).
2017-10-06 00:08:03 +03:00
Policy * string ` min:"1" type:"string" `
// One or more tags. Each tag consists of a tag key and a tag value. Tag keys
// and tag values are both required, but tag values can be empty (null) strings.
//
// Use this parameter to tag the CMK when it is created. Alternately, you can
// omit this parameter and instead tag the CMK after it is created using TagResource.
Tags [ ] * Tag ` type:"list" `
}
// String returns the string representation
func ( s CreateKeyInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateKeyInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * CreateKeyInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "CreateKeyInput" }
2019-03-11 19:18:55 +03:00
if s . CustomKeyStoreId != nil && len ( * s . CustomKeyStoreId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreId" , 1 ) )
}
2017-10-06 00:08:03 +03:00
if s . Policy != nil && len ( * s . Policy ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Policy" , 1 ) )
}
if s . Tags != nil {
for i , v := range s . Tags {
if v == nil {
continue
}
if err := v . Validate ( ) ; err != nil {
invalidParams . AddNested ( fmt . Sprintf ( "%s[%v]" , "Tags" , i ) , err . ( request . ErrInvalidParams ) )
}
}
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value.
func ( s * CreateKeyInput ) SetBypassPolicyLockoutSafetyCheck ( v bool ) * CreateKeyInput {
s . BypassPolicyLockoutSafetyCheck = & v
return s
}
2019-03-11 19:18:55 +03:00
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * CreateKeyInput ) SetCustomKeyStoreId ( v string ) * CreateKeyInput {
s . CustomKeyStoreId = & v
return s
}
2017-10-06 00:08:03 +03:00
// SetDescription sets the Description field's value.
func ( s * CreateKeyInput ) SetDescription ( v string ) * CreateKeyInput {
s . Description = & v
return s
}
// SetKeyUsage sets the KeyUsage field's value.
func ( s * CreateKeyInput ) SetKeyUsage ( v string ) * CreateKeyInput {
s . KeyUsage = & v
return s
}
// SetOrigin sets the Origin field's value.
func ( s * CreateKeyInput ) SetOrigin ( v string ) * CreateKeyInput {
s . Origin = & v
return s
}
// SetPolicy sets the Policy field's value.
func ( s * CreateKeyInput ) SetPolicy ( v string ) * CreateKeyInput {
s . Policy = & v
return s
}
// SetTags sets the Tags field's value.
func ( s * CreateKeyInput ) SetTags ( v [ ] * Tag ) * CreateKeyInput {
s . Tags = v
return s
}
type CreateKeyOutput struct {
_ struct { } ` type:"structure" `
// Metadata associated with the CMK.
KeyMetadata * KeyMetadata ` type:"structure" `
}
// String returns the string representation
func ( s CreateKeyOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CreateKeyOutput ) GoString ( ) string {
return s . String ( )
}
// SetKeyMetadata sets the KeyMetadata field's value.
func ( s * CreateKeyOutput ) SetKeyMetadata ( v * KeyMetadata ) * CreateKeyOutput {
s . KeyMetadata = v
return s
}
2019-03-11 19:18:55 +03:00
// Contains information about each custom key store in the custom key store
// list.
type CustomKeyStoresListEntry struct {
_ struct { } ` type:"structure" `
// A unique identifier for the AWS CloudHSM cluster that is associated with
// the custom key store.
CloudHsmClusterId * string ` min:"19" type:"string" `
// Describes the connection error. Valid values are:
//
// * CLUSTER_NOT_FOUND - AWS KMS cannot find the AWS CloudHSM cluster with
// the specified cluster ID.
//
// * INSUFFICIENT_CLOUDHSM_HSMS - The associated AWS CloudHSM cluster does
// not contain any active HSMs. To connect a custom key store to its AWS
// CloudHSM cluster, the cluster must contain at least one active HSM.
//
// * INVALID_CREDENTIALS - AWS KMS does not have the correct password for
// the kmsuser crypto user in the AWS CloudHSM cluster.
//
// * NETWORK_ERRORS - Network errors are preventing AWS KMS from connecting
// to the custom key store.
//
// * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated
// AWS CloudHSM cluster due to too many failed password attempts. Before
// you can connect your custom key store to its AWS CloudHSM cluster, you
// must change the kmsuser account password and update the password value
// for the custom key store.
//
// For help with connection failures, see Troubleshooting Custom Key Stores
// (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
// in the AWS Key Management Service Developer Guide.
ConnectionErrorCode * string ` type:"string" enum:"ConnectionErrorCodeType" `
// Indicates whether the custom key store is connected to its AWS CloudHSM cluster.
//
// You can create and use CMKs in your custom key stores only when its connection
// state is CONNECTED.
//
// The value is DISCONNECTED if the key store has never been connected or you
// use the DisconnectCustomKeyStore operation to disconnect it. If the value
// is CONNECTED but you are having trouble using the custom key store, make
// sure that its associated AWS CloudHSM cluster is active and contains at least
// one active HSM.
//
// A value of FAILED indicates that an attempt to connect was unsuccessful.
// For help resolving a connection failure, see Troubleshooting a Custom Key
// Store (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html)
// in the AWS Key Management Service Developer Guide.
ConnectionState * string ` type:"string" enum:"ConnectionStateType" `
// The date and time when the custom key store was created.
CreationDate * time . Time ` type:"timestamp" `
// A unique identifier for the custom key store.
CustomKeyStoreId * string ` min:"1" type:"string" `
// The user-specified friendly name for the custom key store.
CustomKeyStoreName * string ` min:"1" type:"string" `
// The trust anchor certificate of the associated AWS CloudHSM cluster. When
// you initialize the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
// you create this certificate and save it in the customerCA.crt file.
TrustAnchorCertificate * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s CustomKeyStoresListEntry ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s CustomKeyStoresListEntry ) GoString ( ) string {
return s . String ( )
}
// SetCloudHsmClusterId sets the CloudHsmClusterId field's value.
func ( s * CustomKeyStoresListEntry ) SetCloudHsmClusterId ( v string ) * CustomKeyStoresListEntry {
s . CloudHsmClusterId = & v
return s
}
// SetConnectionErrorCode sets the ConnectionErrorCode field's value.
func ( s * CustomKeyStoresListEntry ) SetConnectionErrorCode ( v string ) * CustomKeyStoresListEntry {
s . ConnectionErrorCode = & v
return s
}
// SetConnectionState sets the ConnectionState field's value.
func ( s * CustomKeyStoresListEntry ) SetConnectionState ( v string ) * CustomKeyStoresListEntry {
s . ConnectionState = & v
return s
}
// SetCreationDate sets the CreationDate field's value.
func ( s * CustomKeyStoresListEntry ) SetCreationDate ( v time . Time ) * CustomKeyStoresListEntry {
s . CreationDate = & v
return s
}
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * CustomKeyStoresListEntry ) SetCustomKeyStoreId ( v string ) * CustomKeyStoresListEntry {
s . CustomKeyStoreId = & v
return s
}
// SetCustomKeyStoreName sets the CustomKeyStoreName field's value.
func ( s * CustomKeyStoresListEntry ) SetCustomKeyStoreName ( v string ) * CustomKeyStoresListEntry {
s . CustomKeyStoreName = & v
return s
}
// SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value.
func ( s * CustomKeyStoresListEntry ) SetTrustAnchorCertificate ( v string ) * CustomKeyStoresListEntry {
s . TrustAnchorCertificate = & v
return s
}
2017-10-06 00:08:03 +03:00
type DecryptInput struct {
_ struct { } ` type:"structure" `
// Ciphertext to be decrypted. The blob includes metadata.
//
// CiphertextBlob is automatically base64 encoded/decoded by the SDK.
//
// CiphertextBlob is a required field
CiphertextBlob [ ] byte ` min:"1" type:"blob" required:"true" `
// The encryption context. If this was specified in the Encrypt function, it
// must be specified here or the decryption operation will fail. For more information,
// see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
EncryptionContext map [ string ] * string ` type:"map" `
// A list of grant tokens.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantTokens [ ] * string ` type:"list" `
}
// String returns the string representation
func ( s DecryptInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DecryptInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DecryptInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DecryptInput" }
if s . CiphertextBlob == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CiphertextBlob" ) )
}
if s . CiphertextBlob != nil && len ( s . CiphertextBlob ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CiphertextBlob" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCiphertextBlob sets the CiphertextBlob field's value.
func ( s * DecryptInput ) SetCiphertextBlob ( v [ ] byte ) * DecryptInput {
s . CiphertextBlob = v
return s
}
// SetEncryptionContext sets the EncryptionContext field's value.
func ( s * DecryptInput ) SetEncryptionContext ( v map [ string ] * string ) * DecryptInput {
s . EncryptionContext = v
return s
}
// SetGrantTokens sets the GrantTokens field's value.
func ( s * DecryptInput ) SetGrantTokens ( v [ ] * string ) * DecryptInput {
s . GrantTokens = v
return s
}
type DecryptOutput struct {
_ struct { } ` type:"structure" `
// ARN of the key used to perform the decryption. This value is returned if
// no errors are encountered during the operation.
KeyId * string ` min:"1" type:"string" `
2019-03-11 19:18:55 +03:00
// Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value
// is Base64-encdoded. Otherwise, it is not encoded.
2017-10-06 00:08:03 +03:00
//
// Plaintext is automatically base64 encoded/decoded by the SDK.
2019-03-11 19:18:55 +03:00
Plaintext [ ] byte ` min:"1" type:"blob" sensitive:"true" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
func ( s DecryptOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DecryptOutput ) GoString ( ) string {
return s . String ( )
}
// SetKeyId sets the KeyId field's value.
func ( s * DecryptOutput ) SetKeyId ( v string ) * DecryptOutput {
s . KeyId = & v
return s
}
// SetPlaintext sets the Plaintext field's value.
func ( s * DecryptOutput ) SetPlaintext ( v [ ] byte ) * DecryptOutput {
s . Plaintext = v
return s
}
type DeleteAliasInput struct {
_ struct { } ` type:"structure" `
// The alias to be deleted. The name must start with the word "alias" followed
2019-03-11 19:18:55 +03:00
// by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved.
2017-10-06 00:08:03 +03:00
//
// AliasName is a required field
AliasName * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s DeleteAliasInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DeleteAliasInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DeleteAliasInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DeleteAliasInput" }
if s . AliasName == nil {
invalidParams . Add ( request . NewErrParamRequired ( "AliasName" ) )
}
if s . AliasName != nil && len ( * s . AliasName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "AliasName" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetAliasName sets the AliasName field's value.
func ( s * DeleteAliasInput ) SetAliasName ( v string ) * DeleteAliasInput {
s . AliasName = & v
return s
}
type DeleteAliasOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s DeleteAliasOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DeleteAliasOutput ) GoString ( ) string {
return s . String ( )
}
2019-03-11 19:18:55 +03:00
type DeleteCustomKeyStoreInput struct {
_ struct { } ` type:"structure" `
// Enter the ID of the custom key store you want to delete. To find the ID of
// a custom key store, use the DescribeCustomKeyStores operation.
//
// CustomKeyStoreId is a required field
CustomKeyStoreId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s DeleteCustomKeyStoreInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DeleteCustomKeyStoreInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DeleteCustomKeyStoreInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DeleteCustomKeyStoreInput" }
if s . CustomKeyStoreId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CustomKeyStoreId" ) )
}
if s . CustomKeyStoreId != nil && len ( * s . CustomKeyStoreId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * DeleteCustomKeyStoreInput ) SetCustomKeyStoreId ( v string ) * DeleteCustomKeyStoreInput {
s . CustomKeyStoreId = & v
return s
}
type DeleteCustomKeyStoreOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s DeleteCustomKeyStoreOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DeleteCustomKeyStoreOutput ) GoString ( ) string {
return s . String ( )
}
2017-10-06 00:08:03 +03:00
type DeleteImportedKeyMaterialInput struct {
_ struct { } ` type:"structure" `
// The identifier of the CMK whose key material to delete. The CMK's Origin
// must be EXTERNAL.
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s DeleteImportedKeyMaterialInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DeleteImportedKeyMaterialInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DeleteImportedKeyMaterialInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DeleteImportedKeyMaterialInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
2019-03-11 19:18:55 +03:00
// SetKeyId sets the KeyId field's value.
func ( s * DeleteImportedKeyMaterialInput ) SetKeyId ( v string ) * DeleteImportedKeyMaterialInput {
s . KeyId = & v
return s
}
type DeleteImportedKeyMaterialOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s DeleteImportedKeyMaterialOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DeleteImportedKeyMaterialOutput ) GoString ( ) string {
return s . String ( )
}
type DescribeCustomKeyStoresInput struct {
_ struct { } ` type:"structure" `
// Gets only information about the specified custom key store. Enter the key
// store ID.
//
// By default, this operation gets information about all custom key stores in
// the account and region. To limit the output to a particular custom key store,
// you can use either the CustomKeyStoreId or CustomKeyStoreName parameter,
// but not both.
CustomKeyStoreId * string ` min:"1" type:"string" `
// Gets only information about the specified custom key store. Enter the friendly
// name of the custom key store.
//
// By default, this operation gets information about all custom key stores in
// the account and region. To limit the output to a particular custom key store,
// you can use either the CustomKeyStoreId or CustomKeyStoreName parameter,
// but not both.
CustomKeyStoreName * string ` min:"1" type:"string" `
// Use this parameter to specify the maximum number of items to return. When
// this value is present, AWS KMS does not return more than the specified number
// of items, but it might return fewer.
Limit * int64 ` min:"1" type:"integer" `
// Use this parameter in a subsequent request after you receive a response with
// truncated results. Set it to the value of NextMarker from the truncated response
// you just received.
Marker * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s DescribeCustomKeyStoresInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DescribeCustomKeyStoresInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DescribeCustomKeyStoresInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DescribeCustomKeyStoresInput" }
if s . CustomKeyStoreId != nil && len ( * s . CustomKeyStoreId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreId" , 1 ) )
}
if s . CustomKeyStoreName != nil && len ( * s . CustomKeyStoreName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreName" , 1 ) )
}
if s . Limit != nil && * s . Limit < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "Limit" , 1 ) )
}
if s . Marker != nil && len ( * s . Marker ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Marker" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * DescribeCustomKeyStoresInput ) SetCustomKeyStoreId ( v string ) * DescribeCustomKeyStoresInput {
s . CustomKeyStoreId = & v
return s
}
// SetCustomKeyStoreName sets the CustomKeyStoreName field's value.
func ( s * DescribeCustomKeyStoresInput ) SetCustomKeyStoreName ( v string ) * DescribeCustomKeyStoresInput {
s . CustomKeyStoreName = & v
return s
}
// SetLimit sets the Limit field's value.
func ( s * DescribeCustomKeyStoresInput ) SetLimit ( v int64 ) * DescribeCustomKeyStoresInput {
s . Limit = & v
return s
}
// SetMarker sets the Marker field's value.
func ( s * DescribeCustomKeyStoresInput ) SetMarker ( v string ) * DescribeCustomKeyStoresInput {
s . Marker = & v
2017-10-06 00:08:03 +03:00
return s
}
2019-03-11 19:18:55 +03:00
type DescribeCustomKeyStoresOutput struct {
2017-10-06 00:08:03 +03:00
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// Contains metadata about each custom key store.
CustomKeyStores [ ] * CustomKeyStoresListEntry ` type:"list" `
// When Truncated is true, this element is present and contains the value to
// use for the Marker parameter in a subsequent request.
NextMarker * string ` min:"1" type:"string" `
// A flag that indicates whether there are more items in the list. When this
// value is true, the list in this response is truncated. To get more items,
// pass the value of the NextMarker element in this response to the Marker parameter
// in a subsequent request.
Truncated * bool ` type:"boolean" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
2019-03-11 19:18:55 +03:00
func ( s DescribeCustomKeyStoresOutput ) String ( ) string {
2017-10-06 00:08:03 +03:00
return awsutil . Prettify ( s )
}
// GoString returns the string representation
2019-03-11 19:18:55 +03:00
func ( s DescribeCustomKeyStoresOutput ) GoString ( ) string {
2017-10-06 00:08:03 +03:00
return s . String ( )
}
2019-03-11 19:18:55 +03:00
// SetCustomKeyStores sets the CustomKeyStores field's value.
func ( s * DescribeCustomKeyStoresOutput ) SetCustomKeyStores ( v [ ] * CustomKeyStoresListEntry ) * DescribeCustomKeyStoresOutput {
s . CustomKeyStores = v
return s
}
// SetNextMarker sets the NextMarker field's value.
func ( s * DescribeCustomKeyStoresOutput ) SetNextMarker ( v string ) * DescribeCustomKeyStoresOutput {
s . NextMarker = & v
return s
}
// SetTruncated sets the Truncated field's value.
func ( s * DescribeCustomKeyStoresOutput ) SetTruncated ( v bool ) * DescribeCustomKeyStoresOutput {
s . Truncated = & v
return s
}
2017-10-06 00:08:03 +03:00
type DescribeKeyInput struct {
_ struct { } ` type:"structure" `
// A list of grant tokens.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantTokens [ ] * string ` type:"list" `
2019-03-11 19:18:55 +03:00
// Describes the specified customer master key (CMK).
//
// If you specify a predefined AWS alias (an AWS alias with no key ID), KMS
// associates the alias with an AWS managed CMK (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys)
// and returns its KeyId and Arn in the response.
//
// To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name,
// or alias ARN. When using an alias name, prefix it with "alias/". To specify
// a CMK in a different AWS account, you must use the key ARN or alias ARN.
//
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Alias name: alias/ExampleAlias
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To
// get the alias name and alias ARN, use ListAliases.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s DescribeKeyInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DescribeKeyInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DescribeKeyInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DescribeKeyInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetGrantTokens sets the GrantTokens field's value.
func ( s * DescribeKeyInput ) SetGrantTokens ( v [ ] * string ) * DescribeKeyInput {
s . GrantTokens = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * DescribeKeyInput ) SetKeyId ( v string ) * DescribeKeyInput {
s . KeyId = & v
return s
}
type DescribeKeyOutput struct {
_ struct { } ` type:"structure" `
// Metadata associated with the key.
KeyMetadata * KeyMetadata ` type:"structure" `
}
// String returns the string representation
func ( s DescribeKeyOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DescribeKeyOutput ) GoString ( ) string {
return s . String ( )
}
// SetKeyMetadata sets the KeyMetadata field's value.
func ( s * DescribeKeyOutput ) SetKeyMetadata ( v * KeyMetadata ) * DescribeKeyOutput {
s . KeyMetadata = v
return s
}
type DisableKeyInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s DisableKeyInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DisableKeyInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DisableKeyInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DisableKeyInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * DisableKeyInput ) SetKeyId ( v string ) * DisableKeyInput {
s . KeyId = & v
return s
}
type DisableKeyOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s DisableKeyOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DisableKeyOutput ) GoString ( ) string {
return s . String ( )
}
type DisableKeyRotationInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s DisableKeyRotationInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DisableKeyRotationInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DisableKeyRotationInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DisableKeyRotationInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * DisableKeyRotationInput ) SetKeyId ( v string ) * DisableKeyRotationInput {
s . KeyId = & v
return s
}
type DisableKeyRotationOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s DisableKeyRotationOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DisableKeyRotationOutput ) GoString ( ) string {
return s . String ( )
}
2019-03-11 19:18:55 +03:00
type DisconnectCustomKeyStoreInput struct {
_ struct { } ` type:"structure" `
// Enter the ID of the custom key store you want to disconnect. To find the
// ID of a custom key store, use the DescribeCustomKeyStores operation.
//
// CustomKeyStoreId is a required field
CustomKeyStoreId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s DisconnectCustomKeyStoreInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DisconnectCustomKeyStoreInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * DisconnectCustomKeyStoreInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "DisconnectCustomKeyStoreInput" }
if s . CustomKeyStoreId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CustomKeyStoreId" ) )
}
if s . CustomKeyStoreId != nil && len ( * s . CustomKeyStoreId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * DisconnectCustomKeyStoreInput ) SetCustomKeyStoreId ( v string ) * DisconnectCustomKeyStoreInput {
s . CustomKeyStoreId = & v
return s
}
type DisconnectCustomKeyStoreOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s DisconnectCustomKeyStoreOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s DisconnectCustomKeyStoreOutput ) GoString ( ) string {
return s . String ( )
}
2017-10-06 00:08:03 +03:00
type EnableKeyInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
//
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s EnableKeyInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s EnableKeyInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * EnableKeyInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "EnableKeyInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * EnableKeyInput ) SetKeyId ( v string ) * EnableKeyInput {
s . KeyId = & v
return s
}
type EnableKeyOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s EnableKeyOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s EnableKeyOutput ) GoString ( ) string {
return s . String ( )
}
type EnableKeyRotationInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s EnableKeyRotationInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s EnableKeyRotationInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * EnableKeyRotationInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "EnableKeyRotationInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * EnableKeyRotationInput ) SetKeyId ( v string ) * EnableKeyRotationInput {
s . KeyId = & v
return s
}
type EnableKeyRotationOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s EnableKeyRotationOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s EnableKeyRotationOutput ) GoString ( ) string {
return s . String ( )
}
type EncryptInput struct {
_ struct { } ` type:"structure" `
// Name-value pair that specifies the encryption context to be used for authenticated
// encryption. If used here, the same value must be supplied to the Decrypt
// API or decryption will fail. For more information, see Encryption Context
// (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
EncryptionContext map [ string ] * string ` type:"map" `
// A list of grant tokens.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantTokens [ ] * string ` type:"list" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name,
// or alias ARN. When using an alias name, prefix it with "alias/". To specify
// a CMK in a different AWS account, you must use the key ARN or alias ARN.
//
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Alias name: alias/ExampleAlias
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To
// get the alias name and alias ARN, use ListAliases.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// Data to be encrypted.
//
// Plaintext is automatically base64 encoded/decoded by the SDK.
//
// Plaintext is a required field
2019-03-11 19:18:55 +03:00
Plaintext [ ] byte ` min:"1" type:"blob" required:"true" sensitive:"true" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
func ( s EncryptInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s EncryptInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * EncryptInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "EncryptInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . Plaintext == nil {
invalidParams . Add ( request . NewErrParamRequired ( "Plaintext" ) )
}
if s . Plaintext != nil && len ( s . Plaintext ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Plaintext" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetEncryptionContext sets the EncryptionContext field's value.
func ( s * EncryptInput ) SetEncryptionContext ( v map [ string ] * string ) * EncryptInput {
s . EncryptionContext = v
return s
}
// SetGrantTokens sets the GrantTokens field's value.
func ( s * EncryptInput ) SetGrantTokens ( v [ ] * string ) * EncryptInput {
s . GrantTokens = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * EncryptInput ) SetKeyId ( v string ) * EncryptInput {
s . KeyId = & v
return s
}
// SetPlaintext sets the Plaintext field's value.
func ( s * EncryptInput ) SetPlaintext ( v [ ] byte ) * EncryptInput {
s . Plaintext = v
return s
}
type EncryptOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value
// is Base64-encdoded. Otherwise, it is not encoded.
2017-10-06 00:08:03 +03:00
//
// CiphertextBlob is automatically base64 encoded/decoded by the SDK.
CiphertextBlob [ ] byte ` min:"1" type:"blob" `
// The ID of the key used during encryption.
KeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s EncryptOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s EncryptOutput ) GoString ( ) string {
return s . String ( )
}
// SetCiphertextBlob sets the CiphertextBlob field's value.
func ( s * EncryptOutput ) SetCiphertextBlob ( v [ ] byte ) * EncryptOutput {
s . CiphertextBlob = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * EncryptOutput ) SetKeyId ( v string ) * EncryptOutput {
s . KeyId = & v
return s
}
type GenerateDataKeyInput struct {
_ struct { } ` type:"structure" `
// A set of key-value pairs that represents additional authenticated data.
//
// For more information, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html)
// in the AWS Key Management Service Developer Guide.
EncryptionContext map [ string ] * string ` type:"map" `
// A list of grant tokens.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantTokens [ ] * string ` type:"list" `
// The identifier of the CMK under which to generate and encrypt the data encryption
// key.
//
2019-03-11 19:18:55 +03:00
// To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name,
// or alias ARN. When using an alias name, prefix it with "alias/". To specify
// a CMK in a different AWS account, you must use the key ARN or alias ARN.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Alias name: alias/ExampleAlias
//
// * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To
// get the alias name and alias ARN, use ListAliases.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// The length of the data encryption key. Use AES_128 to generate a 128-bit
// symmetric key, or AES_256 to generate a 256-bit symmetric key.
KeySpec * string ` type:"string" enum:"DataKeySpec" `
// The length of the data encryption key in bytes. For example, use the value
// 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key
// lengths (128-bit and 256-bit symmetric keys), we recommend that you use the
// KeySpec field instead of this one.
NumberOfBytes * int64 ` min:"1" type:"integer" `
}
// String returns the string representation
func ( s GenerateDataKeyInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GenerateDataKeyInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * GenerateDataKeyInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "GenerateDataKeyInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . NumberOfBytes != nil && * s . NumberOfBytes < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "NumberOfBytes" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetEncryptionContext sets the EncryptionContext field's value.
func ( s * GenerateDataKeyInput ) SetEncryptionContext ( v map [ string ] * string ) * GenerateDataKeyInput {
s . EncryptionContext = v
return s
}
// SetGrantTokens sets the GrantTokens field's value.
func ( s * GenerateDataKeyInput ) SetGrantTokens ( v [ ] * string ) * GenerateDataKeyInput {
s . GrantTokens = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * GenerateDataKeyInput ) SetKeyId ( v string ) * GenerateDataKeyInput {
s . KeyId = & v
return s
}
// SetKeySpec sets the KeySpec field's value.
func ( s * GenerateDataKeyInput ) SetKeySpec ( v string ) * GenerateDataKeyInput {
s . KeySpec = & v
return s
}
// SetNumberOfBytes sets the NumberOfBytes field's value.
func ( s * GenerateDataKeyInput ) SetNumberOfBytes ( v int64 ) * GenerateDataKeyInput {
s . NumberOfBytes = & v
return s
}
type GenerateDataKeyOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// The encrypted data encryption key. When you use the HTTP API or the AWS CLI,
// the value is Base64-encdoded. Otherwise, it is not encoded.
2017-10-06 00:08:03 +03:00
//
// CiphertextBlob is automatically base64 encoded/decoded by the SDK.
CiphertextBlob [ ] byte ` min:"1" type:"blob" `
// The identifier of the CMK under which the data encryption key was generated
// and encrypted.
KeyId * string ` min:"1" type:"string" `
2019-03-11 19:18:55 +03:00
// The data encryption key. When you use the HTTP API or the AWS CLI, the value
// is Base64-encdoded. Otherwise, it is not encoded. Use this data key for local
// encryption and decryption, then remove it from memory as soon as possible.
2017-10-06 00:08:03 +03:00
//
// Plaintext is automatically base64 encoded/decoded by the SDK.
2019-03-11 19:18:55 +03:00
Plaintext [ ] byte ` min:"1" type:"blob" sensitive:"true" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
func ( s GenerateDataKeyOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GenerateDataKeyOutput ) GoString ( ) string {
return s . String ( )
}
// SetCiphertextBlob sets the CiphertextBlob field's value.
func ( s * GenerateDataKeyOutput ) SetCiphertextBlob ( v [ ] byte ) * GenerateDataKeyOutput {
s . CiphertextBlob = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * GenerateDataKeyOutput ) SetKeyId ( v string ) * GenerateDataKeyOutput {
s . KeyId = & v
return s
}
// SetPlaintext sets the Plaintext field's value.
func ( s * GenerateDataKeyOutput ) SetPlaintext ( v [ ] byte ) * GenerateDataKeyOutput {
s . Plaintext = v
return s
}
type GenerateDataKeyWithoutPlaintextInput struct {
_ struct { } ` type:"structure" `
// A set of key-value pairs that represents additional authenticated data.
//
// For more information, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html)
// in the AWS Key Management Service Developer Guide.
EncryptionContext map [ string ] * string ` type:"map" `
// A list of grant tokens.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantTokens [ ] * string ` type:"list" `
2019-03-11 19:18:55 +03:00
// The identifier of the customer master key (CMK) under which to generate and
// encrypt the data encryption key.
//
// To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name,
// or alias ARN. When using an alias name, prefix it with "alias/". To specify
// a CMK in a different AWS account, you must use the key ARN or alias ARN.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Alias name: alias/ExampleAlias
//
// * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To
// get the alias name and alias ARN, use ListAliases.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// The length of the data encryption key. Use AES_128 to generate a 128-bit
// symmetric key, or AES_256 to generate a 256-bit symmetric key.
KeySpec * string ` type:"string" enum:"DataKeySpec" `
// The length of the data encryption key in bytes. For example, use the value
// 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key
// lengths (128-bit and 256-bit symmetric keys), we recommend that you use the
// KeySpec field instead of this one.
NumberOfBytes * int64 ` min:"1" type:"integer" `
}
// String returns the string representation
func ( s GenerateDataKeyWithoutPlaintextInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GenerateDataKeyWithoutPlaintextInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * GenerateDataKeyWithoutPlaintextInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "GenerateDataKeyWithoutPlaintextInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . NumberOfBytes != nil && * s . NumberOfBytes < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "NumberOfBytes" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetEncryptionContext sets the EncryptionContext field's value.
func ( s * GenerateDataKeyWithoutPlaintextInput ) SetEncryptionContext ( v map [ string ] * string ) * GenerateDataKeyWithoutPlaintextInput {
s . EncryptionContext = v
return s
}
// SetGrantTokens sets the GrantTokens field's value.
func ( s * GenerateDataKeyWithoutPlaintextInput ) SetGrantTokens ( v [ ] * string ) * GenerateDataKeyWithoutPlaintextInput {
s . GrantTokens = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * GenerateDataKeyWithoutPlaintextInput ) SetKeyId ( v string ) * GenerateDataKeyWithoutPlaintextInput {
s . KeyId = & v
return s
}
// SetKeySpec sets the KeySpec field's value.
func ( s * GenerateDataKeyWithoutPlaintextInput ) SetKeySpec ( v string ) * GenerateDataKeyWithoutPlaintextInput {
s . KeySpec = & v
return s
}
// SetNumberOfBytes sets the NumberOfBytes field's value.
func ( s * GenerateDataKeyWithoutPlaintextInput ) SetNumberOfBytes ( v int64 ) * GenerateDataKeyWithoutPlaintextInput {
s . NumberOfBytes = & v
return s
}
type GenerateDataKeyWithoutPlaintextOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// The encrypted data encryption key. When you use the HTTP API or the AWS CLI,
// the value is Base64-encdoded. Otherwise, it is not encoded.
2017-10-06 00:08:03 +03:00
//
// CiphertextBlob is automatically base64 encoded/decoded by the SDK.
CiphertextBlob [ ] byte ` min:"1" type:"blob" `
// The identifier of the CMK under which the data encryption key was generated
// and encrypted.
KeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s GenerateDataKeyWithoutPlaintextOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GenerateDataKeyWithoutPlaintextOutput ) GoString ( ) string {
return s . String ( )
}
// SetCiphertextBlob sets the CiphertextBlob field's value.
func ( s * GenerateDataKeyWithoutPlaintextOutput ) SetCiphertextBlob ( v [ ] byte ) * GenerateDataKeyWithoutPlaintextOutput {
s . CiphertextBlob = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * GenerateDataKeyWithoutPlaintextOutput ) SetKeyId ( v string ) * GenerateDataKeyWithoutPlaintextOutput {
s . KeyId = & v
return s
}
type GenerateRandomInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// Generates the random byte string in the AWS CloudHSM cluster that is associated
// with the specified custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html).
// To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
CustomKeyStoreId * string ` min:"1" type:"string" `
2017-10-06 00:08:03 +03:00
// The length of the byte string.
NumberOfBytes * int64 ` min:"1" type:"integer" `
}
// String returns the string representation
func ( s GenerateRandomInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GenerateRandomInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * GenerateRandomInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "GenerateRandomInput" }
2019-03-11 19:18:55 +03:00
if s . CustomKeyStoreId != nil && len ( * s . CustomKeyStoreId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreId" , 1 ) )
}
2017-10-06 00:08:03 +03:00
if s . NumberOfBytes != nil && * s . NumberOfBytes < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "NumberOfBytes" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
2019-03-11 19:18:55 +03:00
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * GenerateRandomInput ) SetCustomKeyStoreId ( v string ) * GenerateRandomInput {
s . CustomKeyStoreId = & v
return s
}
2017-10-06 00:08:03 +03:00
// SetNumberOfBytes sets the NumberOfBytes field's value.
func ( s * GenerateRandomInput ) SetNumberOfBytes ( v int64 ) * GenerateRandomInput {
s . NumberOfBytes = & v
return s
}
type GenerateRandomOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// The random byte string. When you use the HTTP API or the AWS CLI, the value
// is Base64-encdoded. Otherwise, it is not encoded.
2017-10-06 00:08:03 +03:00
//
// Plaintext is automatically base64 encoded/decoded by the SDK.
2019-03-11 19:18:55 +03:00
Plaintext [ ] byte ` min:"1" type:"blob" sensitive:"true" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
func ( s GenerateRandomOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GenerateRandomOutput ) GoString ( ) string {
return s . String ( )
}
// SetPlaintext sets the Plaintext field's value.
func ( s * GenerateRandomOutput ) SetPlaintext ( v [ ] byte ) * GenerateRandomOutput {
s . Plaintext = v
return s
}
type GetKeyPolicyInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
2019-03-11 19:18:55 +03:00
// Specifies the name of the key policy. The only valid name is default. To
// get the names of key policies, use ListKeyPolicies.
2017-10-06 00:08:03 +03:00
//
// PolicyName is a required field
PolicyName * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s GetKeyPolicyInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GetKeyPolicyInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * GetKeyPolicyInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "GetKeyPolicyInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . PolicyName == nil {
invalidParams . Add ( request . NewErrParamRequired ( "PolicyName" ) )
}
if s . PolicyName != nil && len ( * s . PolicyName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "PolicyName" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * GetKeyPolicyInput ) SetKeyId ( v string ) * GetKeyPolicyInput {
s . KeyId = & v
return s
}
// SetPolicyName sets the PolicyName field's value.
func ( s * GetKeyPolicyInput ) SetPolicyName ( v string ) * GetKeyPolicyInput {
s . PolicyName = & v
return s
}
type GetKeyPolicyOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A key policy document in JSON format.
2017-10-06 00:08:03 +03:00
Policy * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s GetKeyPolicyOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GetKeyPolicyOutput ) GoString ( ) string {
return s . String ( )
}
// SetPolicy sets the Policy field's value.
func ( s * GetKeyPolicyOutput ) SetPolicy ( v string ) * GetKeyPolicyOutput {
s . Policy = & v
return s
}
type GetKeyRotationStatusInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify
// a CMK in a different AWS account, you must use the key ARN.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s GetKeyRotationStatusInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GetKeyRotationStatusInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * GetKeyRotationStatusInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "GetKeyRotationStatusInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * GetKeyRotationStatusInput ) SetKeyId ( v string ) * GetKeyRotationStatusInput {
s . KeyId = & v
return s
}
type GetKeyRotationStatusOutput struct {
_ struct { } ` type:"structure" `
// A Boolean value that specifies whether key rotation is enabled.
KeyRotationEnabled * bool ` type:"boolean" `
}
// String returns the string representation
func ( s GetKeyRotationStatusOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GetKeyRotationStatusOutput ) GoString ( ) string {
return s . String ( )
}
// SetKeyRotationEnabled sets the KeyRotationEnabled field's value.
func ( s * GetKeyRotationStatusOutput ) SetKeyRotationEnabled ( v bool ) * GetKeyRotationStatusOutput {
s . KeyRotationEnabled = & v
return s
}
type GetParametersForImportInput struct {
_ struct { } ` type:"structure" `
// The identifier of the CMK into which you will import key material. The CMK's
// Origin must be EXTERNAL.
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
//
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// The algorithm you will use to encrypt the key material before importing it
// with ImportKeyMaterial. For more information, see Encrypt the Key Material
// (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html)
// in the AWS Key Management Service Developer Guide.
//
// WrappingAlgorithm is a required field
WrappingAlgorithm * string ` type:"string" required:"true" enum:"AlgorithmSpec" `
// The type of wrapping key (public key) to return in the response. Only 2048-bit
// RSA public keys are supported.
//
// WrappingKeySpec is a required field
WrappingKeySpec * string ` type:"string" required:"true" enum:"WrappingKeySpec" `
}
// String returns the string representation
func ( s GetParametersForImportInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GetParametersForImportInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * GetParametersForImportInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "GetParametersForImportInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . WrappingAlgorithm == nil {
invalidParams . Add ( request . NewErrParamRequired ( "WrappingAlgorithm" ) )
}
if s . WrappingKeySpec == nil {
invalidParams . Add ( request . NewErrParamRequired ( "WrappingKeySpec" ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * GetParametersForImportInput ) SetKeyId ( v string ) * GetParametersForImportInput {
s . KeyId = & v
return s
}
// SetWrappingAlgorithm sets the WrappingAlgorithm field's value.
func ( s * GetParametersForImportInput ) SetWrappingAlgorithm ( v string ) * GetParametersForImportInput {
s . WrappingAlgorithm = & v
return s
}
// SetWrappingKeySpec sets the WrappingKeySpec field's value.
func ( s * GetParametersForImportInput ) SetWrappingKeySpec ( v string ) * GetParametersForImportInput {
s . WrappingKeySpec = & v
return s
}
type GetParametersForImportOutput struct {
_ struct { } ` type:"structure" `
// The import token to send in a subsequent ImportKeyMaterial request.
//
// ImportToken is automatically base64 encoded/decoded by the SDK.
ImportToken [ ] byte ` min:"1" type:"blob" `
// The identifier of the CMK to use in a subsequent ImportKeyMaterial request.
// This is the same CMK specified in the GetParametersForImport request.
KeyId * string ` min:"1" type:"string" `
// The time at which the import token and public key are no longer valid. After
// this time, you cannot use them to make an ImportKeyMaterial request and you
2019-03-11 19:18:55 +03:00
// must send another GetParametersForImport request to get new ones.
ParametersValidTo * time . Time ` type:"timestamp" `
2017-10-06 00:08:03 +03:00
// The public key to use to encrypt the key material before importing it with
// ImportKeyMaterial.
//
// PublicKey is automatically base64 encoded/decoded by the SDK.
2019-03-11 19:18:55 +03:00
PublicKey [ ] byte ` min:"1" type:"blob" sensitive:"true" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
func ( s GetParametersForImportOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GetParametersForImportOutput ) GoString ( ) string {
return s . String ( )
}
// SetImportToken sets the ImportToken field's value.
func ( s * GetParametersForImportOutput ) SetImportToken ( v [ ] byte ) * GetParametersForImportOutput {
s . ImportToken = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * GetParametersForImportOutput ) SetKeyId ( v string ) * GetParametersForImportOutput {
s . KeyId = & v
return s
}
// SetParametersValidTo sets the ParametersValidTo field's value.
func ( s * GetParametersForImportOutput ) SetParametersValidTo ( v time . Time ) * GetParametersForImportOutput {
s . ParametersValidTo = & v
return s
}
// SetPublicKey sets the PublicKey field's value.
func ( s * GetParametersForImportOutput ) SetPublicKey ( v [ ] byte ) * GetParametersForImportOutput {
s . PublicKey = v
return s
}
// A structure that you can use to allow certain operations in the grant only
// when the desired encryption context is present. For more information about
// encryption context, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html)
// in the AWS Key Management Service Developer Guide.
//
// Grant constraints apply only to operations that accept encryption context
// as input. For example, the DescribeKey operation does not accept encryption
// context as input. A grant that allows the DescribeKey operation does so regardless
// of the grant constraints. In constrast, the Encrypt operation accepts encryption
// context as input. A grant that allows the Encrypt operation does so only
// when the encryption context of the Encrypt operation satisfies the grant
// constraints.
type GrantConstraints struct {
_ struct { } ` type:"structure" `
// A list of key-value pairs that must be present in the encryption context
// of certain subsequent operations that the grant allows. When certain subsequent
// operations allowed by the grant include encryption context that matches this
// list, the grant allows the operation. Otherwise, the grant does not allow
// the operation.
EncryptionContextEquals map [ string ] * string ` type:"map" `
// A list of key-value pairs, all of which must be present in the encryption
// context of certain subsequent operations that the grant allows. When certain
// subsequent operations allowed by the grant include encryption context that
// matches this list or is a superset of this list, the grant allows the operation.
// Otherwise, the grant does not allow the operation.
EncryptionContextSubset map [ string ] * string ` type:"map" `
}
// String returns the string representation
func ( s GrantConstraints ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GrantConstraints ) GoString ( ) string {
return s . String ( )
}
// SetEncryptionContextEquals sets the EncryptionContextEquals field's value.
func ( s * GrantConstraints ) SetEncryptionContextEquals ( v map [ string ] * string ) * GrantConstraints {
s . EncryptionContextEquals = v
return s
}
// SetEncryptionContextSubset sets the EncryptionContextSubset field's value.
func ( s * GrantConstraints ) SetEncryptionContextSubset ( v map [ string ] * string ) * GrantConstraints {
s . EncryptionContextSubset = v
return s
}
// Contains information about an entry in a list of grants.
type GrantListEntry struct {
_ struct { } ` type:"structure" `
// A list of key-value pairs that must be present in the encryption context
// of certain subsequent operations that the grant allows.
Constraints * GrantConstraints ` type:"structure" `
// The date and time when the grant was created.
2019-03-11 19:18:55 +03:00
CreationDate * time . Time ` type:"timestamp" `
2017-10-06 00:08:03 +03:00
// The unique identifier for the grant.
GrantId * string ` min:"1" type:"string" `
// The principal that receives the grant's permissions.
GranteePrincipal * string ` min:"1" type:"string" `
// The AWS account under which the grant was issued.
IssuingAccount * string ` min:"1" type:"string" `
// The unique identifier for the customer master key (CMK) to which the grant
// applies.
KeyId * string ` min:"1" type:"string" `
// The friendly name that identifies the grant. If a name was provided in the
// CreateGrant request, that name is returned. Otherwise this value is null.
Name * string ` min:"1" type:"string" `
// The list of operations permitted by the grant.
Operations [ ] * string ` type:"list" `
// The principal that can retire the grant.
RetiringPrincipal * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s GrantListEntry ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s GrantListEntry ) GoString ( ) string {
return s . String ( )
}
// SetConstraints sets the Constraints field's value.
func ( s * GrantListEntry ) SetConstraints ( v * GrantConstraints ) * GrantListEntry {
s . Constraints = v
return s
}
// SetCreationDate sets the CreationDate field's value.
func ( s * GrantListEntry ) SetCreationDate ( v time . Time ) * GrantListEntry {
s . CreationDate = & v
return s
}
// SetGrantId sets the GrantId field's value.
func ( s * GrantListEntry ) SetGrantId ( v string ) * GrantListEntry {
s . GrantId = & v
return s
}
// SetGranteePrincipal sets the GranteePrincipal field's value.
func ( s * GrantListEntry ) SetGranteePrincipal ( v string ) * GrantListEntry {
s . GranteePrincipal = & v
return s
}
// SetIssuingAccount sets the IssuingAccount field's value.
func ( s * GrantListEntry ) SetIssuingAccount ( v string ) * GrantListEntry {
s . IssuingAccount = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * GrantListEntry ) SetKeyId ( v string ) * GrantListEntry {
s . KeyId = & v
return s
}
// SetName sets the Name field's value.
func ( s * GrantListEntry ) SetName ( v string ) * GrantListEntry {
s . Name = & v
return s
}
// SetOperations sets the Operations field's value.
func ( s * GrantListEntry ) SetOperations ( v [ ] * string ) * GrantListEntry {
s . Operations = v
return s
}
// SetRetiringPrincipal sets the RetiringPrincipal field's value.
func ( s * GrantListEntry ) SetRetiringPrincipal ( v string ) * GrantListEntry {
s . RetiringPrincipal = & v
return s
}
type ImportKeyMaterialInput struct {
_ struct { } ` type:"structure" `
// The encrypted key material to import. It must be encrypted with the public
// key that you received in the response to a previous GetParametersForImport
// request, using the wrapping algorithm that you specified in that request.
//
// EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK.
//
// EncryptedKeyMaterial is a required field
EncryptedKeyMaterial [ ] byte ` min:"1" type:"blob" required:"true" `
// Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES,
// in which case you must include the ValidTo parameter. When this parameter
// is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter.
ExpirationModel * string ` type:"string" enum:"ExpirationModelType" `
// The import token that you received in the response to a previous GetParametersForImport
// request. It must be from the same response that contained the public key
// that you used to encrypt the key material.
//
// ImportToken is automatically base64 encoded/decoded by the SDK.
//
// ImportToken is a required field
ImportToken [ ] byte ` min:"1" type:"blob" required:"true" `
// The identifier of the CMK to import the key material into. The CMK's Origin
// must be EXTERNAL.
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
//
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// The time at which the imported key material expires. When the key material
// expires, AWS KMS deletes the key material and the CMK becomes unusable. You
// must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE.
// Otherwise it is required.
2019-03-11 19:18:55 +03:00
ValidTo * time . Time ` type:"timestamp" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
func ( s ImportKeyMaterialInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ImportKeyMaterialInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ImportKeyMaterialInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ImportKeyMaterialInput" }
if s . EncryptedKeyMaterial == nil {
invalidParams . Add ( request . NewErrParamRequired ( "EncryptedKeyMaterial" ) )
}
if s . EncryptedKeyMaterial != nil && len ( s . EncryptedKeyMaterial ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "EncryptedKeyMaterial" , 1 ) )
}
if s . ImportToken == nil {
invalidParams . Add ( request . NewErrParamRequired ( "ImportToken" ) )
}
if s . ImportToken != nil && len ( s . ImportToken ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "ImportToken" , 1 ) )
}
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetEncryptedKeyMaterial sets the EncryptedKeyMaterial field's value.
func ( s * ImportKeyMaterialInput ) SetEncryptedKeyMaterial ( v [ ] byte ) * ImportKeyMaterialInput {
s . EncryptedKeyMaterial = v
return s
}
// SetExpirationModel sets the ExpirationModel field's value.
func ( s * ImportKeyMaterialInput ) SetExpirationModel ( v string ) * ImportKeyMaterialInput {
s . ExpirationModel = & v
return s
}
// SetImportToken sets the ImportToken field's value.
func ( s * ImportKeyMaterialInput ) SetImportToken ( v [ ] byte ) * ImportKeyMaterialInput {
s . ImportToken = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * ImportKeyMaterialInput ) SetKeyId ( v string ) * ImportKeyMaterialInput {
s . KeyId = & v
return s
}
// SetValidTo sets the ValidTo field's value.
func ( s * ImportKeyMaterialInput ) SetValidTo ( v time . Time ) * ImportKeyMaterialInput {
s . ValidTo = & v
return s
}
type ImportKeyMaterialOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s ImportKeyMaterialOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ImportKeyMaterialOutput ) GoString ( ) string {
return s . String ( )
}
// Contains information about each entry in the key list.
type KeyListEntry struct {
_ struct { } ` type:"structure" `
// ARN of the key.
KeyArn * string ` min:"20" type:"string" `
// Unique identifier of the key.
KeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s KeyListEntry ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s KeyListEntry ) GoString ( ) string {
return s . String ( )
}
// SetKeyArn sets the KeyArn field's value.
func ( s * KeyListEntry ) SetKeyArn ( v string ) * KeyListEntry {
s . KeyArn = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * KeyListEntry ) SetKeyId ( v string ) * KeyListEntry {
s . KeyId = & v
return s
}
// Contains metadata about a customer master key (CMK).
//
// This data type is used as a response element for the CreateKey and DescribeKey
// operations.
type KeyMetadata struct {
_ struct { } ` type:"structure" `
// The twelve-digit account ID of the AWS account that owns the CMK.
AWSAccountId * string ` type:"string" `
// The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management
// Service (AWS KMS) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms)
// in the Example ARNs section of the AWS General Reference.
Arn * string ` min:"20" type:"string" `
2019-03-11 19:18:55 +03:00
// The cluster ID of the AWS CloudHSM cluster that contains the key material
// for the CMK. When you create a CMK in a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html),
// AWS KMS creates the key material for the CMK in the associated AWS CloudHSM
// cluster. This value is present only when the CMK is created in a custom key
// store.
CloudHsmClusterId * string ` min:"19" type:"string" `
2017-10-06 00:08:03 +03:00
// The date and time when the CMK was created.
2019-03-11 19:18:55 +03:00
CreationDate * time . Time ` type:"timestamp" `
// A unique identifier for the custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html)
// that contains the CMK. This value is present only when the CMK is created
// in a custom key store.
CustomKeyStoreId * string ` min:"1" type:"string" `
2017-10-06 00:08:03 +03:00
// The date and time after which AWS KMS deletes the CMK. This value is present
2019-03-11 19:18:55 +03:00
// only when KeyState is PendingDeletion.
DeletionDate * time . Time ` type:"timestamp" `
2017-10-06 00:08:03 +03:00
// The description of the CMK.
Description * string ` type:"string" `
// Specifies whether the CMK is enabled. When KeyState is Enabled this value
// is true, otherwise it is false.
Enabled * bool ` type:"boolean" `
// Specifies whether the CMK's key material expires. This value is present only
// when Origin is EXTERNAL, otherwise this value is omitted.
ExpirationModel * string ` type:"string" enum:"ExpirationModelType" `
// The globally unique identifier for the CMK.
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// The CMK's manager. CMKs are either customer-managed or AWS-managed. For more
// information about the difference, see Customer Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys)
// in the AWS Key Management Service Developer Guide.
KeyManager * string ` type:"string" enum:"KeyManagerType" `
// The state of the CMK.
//
// For more information about how key state affects the use of a CMK, see How
// Key State Affects the Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
KeyState * string ` type:"string" enum:"KeyState" `
// The cryptographic operations for which you can use the CMK. Currently the
// only allowed value is ENCRYPT_DECRYPT, which means you can use the CMK for
// the Encrypt and Decrypt operations.
KeyUsage * string ` type:"string" enum:"KeyUsageType" `
// The source of the CMK's key material. When this value is AWS_KMS, AWS KMS
// created the key material. When this value is EXTERNAL, the key material was
// imported from your existing key management infrastructure or the CMK lacks
2019-03-11 19:18:55 +03:00
// key material. When this value is AWS_CLOUDHSM, the key material was created
// in the AWS CloudHSM cluster associated with a custom key store.
2017-10-06 00:08:03 +03:00
Origin * string ` type:"string" enum:"OriginType" `
// The time at which the imported key material expires. When the key material
// expires, AWS KMS deletes the key material and the CMK becomes unusable. This
// value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel
// is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.
2019-03-11 19:18:55 +03:00
ValidTo * time . Time ` type:"timestamp" `
2017-10-06 00:08:03 +03:00
}
// String returns the string representation
func ( s KeyMetadata ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s KeyMetadata ) GoString ( ) string {
return s . String ( )
}
// SetAWSAccountId sets the AWSAccountId field's value.
func ( s * KeyMetadata ) SetAWSAccountId ( v string ) * KeyMetadata {
s . AWSAccountId = & v
return s
}
// SetArn sets the Arn field's value.
func ( s * KeyMetadata ) SetArn ( v string ) * KeyMetadata {
s . Arn = & v
return s
}
2019-03-11 19:18:55 +03:00
// SetCloudHsmClusterId sets the CloudHsmClusterId field's value.
func ( s * KeyMetadata ) SetCloudHsmClusterId ( v string ) * KeyMetadata {
s . CloudHsmClusterId = & v
return s
}
2017-10-06 00:08:03 +03:00
// SetCreationDate sets the CreationDate field's value.
func ( s * KeyMetadata ) SetCreationDate ( v time . Time ) * KeyMetadata {
s . CreationDate = & v
return s
}
2019-03-11 19:18:55 +03:00
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * KeyMetadata ) SetCustomKeyStoreId ( v string ) * KeyMetadata {
s . CustomKeyStoreId = & v
return s
}
2017-10-06 00:08:03 +03:00
// SetDeletionDate sets the DeletionDate field's value.
func ( s * KeyMetadata ) SetDeletionDate ( v time . Time ) * KeyMetadata {
s . DeletionDate = & v
return s
}
// SetDescription sets the Description field's value.
func ( s * KeyMetadata ) SetDescription ( v string ) * KeyMetadata {
s . Description = & v
return s
}
// SetEnabled sets the Enabled field's value.
func ( s * KeyMetadata ) SetEnabled ( v bool ) * KeyMetadata {
s . Enabled = & v
return s
}
// SetExpirationModel sets the ExpirationModel field's value.
func ( s * KeyMetadata ) SetExpirationModel ( v string ) * KeyMetadata {
s . ExpirationModel = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * KeyMetadata ) SetKeyId ( v string ) * KeyMetadata {
s . KeyId = & v
return s
}
// SetKeyManager sets the KeyManager field's value.
func ( s * KeyMetadata ) SetKeyManager ( v string ) * KeyMetadata {
s . KeyManager = & v
return s
}
// SetKeyState sets the KeyState field's value.
func ( s * KeyMetadata ) SetKeyState ( v string ) * KeyMetadata {
s . KeyState = & v
return s
}
// SetKeyUsage sets the KeyUsage field's value.
func ( s * KeyMetadata ) SetKeyUsage ( v string ) * KeyMetadata {
s . KeyUsage = & v
return s
}
// SetOrigin sets the Origin field's value.
func ( s * KeyMetadata ) SetOrigin ( v string ) * KeyMetadata {
s . Origin = & v
return s
}
// SetValidTo sets the ValidTo field's value.
func ( s * KeyMetadata ) SetValidTo ( v time . Time ) * KeyMetadata {
s . ValidTo = & v
return s
}
type ListAliasesInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// Lists only aliases that refer to the specified CMK. The value of this parameter
// can be the ID or Amazon Resource Name (ARN) of a CMK in the caller's account
// and region. You cannot use an alias name or alias ARN in this value.
//
// This parameter is optional. If you omit it, ListAliases returns all aliases
// in the account and region.
KeyId * string ` min:"1" type:"string" `
2017-10-06 00:08:03 +03:00
// Use this parameter to specify the maximum number of items to return. When
// this value is present, AWS KMS does not return more than the specified number
// of items, but it might return fewer.
//
// This value is optional. If you include a value, it must be between 1 and
// 100, inclusive. If you do not include a value, it defaults to 50.
Limit * int64 ` min:"1" type:"integer" `
// Use this parameter in a subsequent request after you receive a response with
// truncated results. Set it to the value of NextMarker from the truncated response
// you just received.
Marker * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s ListAliasesInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListAliasesInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ListAliasesInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ListAliasesInput" }
2019-03-11 19:18:55 +03:00
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
2017-10-06 00:08:03 +03:00
if s . Limit != nil && * s . Limit < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "Limit" , 1 ) )
}
if s . Marker != nil && len ( * s . Marker ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Marker" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
2019-03-11 19:18:55 +03:00
// SetKeyId sets the KeyId field's value.
func ( s * ListAliasesInput ) SetKeyId ( v string ) * ListAliasesInput {
s . KeyId = & v
return s
}
2017-10-06 00:08:03 +03:00
// SetLimit sets the Limit field's value.
func ( s * ListAliasesInput ) SetLimit ( v int64 ) * ListAliasesInput {
s . Limit = & v
return s
}
// SetMarker sets the Marker field's value.
func ( s * ListAliasesInput ) SetMarker ( v string ) * ListAliasesInput {
s . Marker = & v
return s
}
type ListAliasesOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A list of aliases.
2017-10-06 00:08:03 +03:00
Aliases [ ] * AliasListEntry ` type:"list" `
// When Truncated is true, this element is present and contains the value to
// use for the Marker parameter in a subsequent request.
NextMarker * string ` min:"1" type:"string" `
// A flag that indicates whether there are more items in the list. When this
2019-03-11 19:18:55 +03:00
// value is true, the list in this response is truncated. To get more items,
2017-10-06 00:08:03 +03:00
// pass the value of the NextMarker element in this response to the Marker parameter
// in a subsequent request.
Truncated * bool ` type:"boolean" `
}
// String returns the string representation
func ( s ListAliasesOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListAliasesOutput ) GoString ( ) string {
return s . String ( )
}
// SetAliases sets the Aliases field's value.
func ( s * ListAliasesOutput ) SetAliases ( v [ ] * AliasListEntry ) * ListAliasesOutput {
s . Aliases = v
return s
}
// SetNextMarker sets the NextMarker field's value.
func ( s * ListAliasesOutput ) SetNextMarker ( v string ) * ListAliasesOutput {
s . NextMarker = & v
return s
}
// SetTruncated sets the Truncated field's value.
func ( s * ListAliasesOutput ) SetTruncated ( v bool ) * ListAliasesOutput {
s . Truncated = & v
return s
}
type ListGrantsInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify
// a CMK in a different AWS account, you must use the key ARN.
//
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// Use this parameter to specify the maximum number of items to return. When
// this value is present, AWS KMS does not return more than the specified number
// of items, but it might return fewer.
//
// This value is optional. If you include a value, it must be between 1 and
// 100, inclusive. If you do not include a value, it defaults to 50.
Limit * int64 ` min:"1" type:"integer" `
// Use this parameter in a subsequent request after you receive a response with
// truncated results. Set it to the value of NextMarker from the truncated response
// you just received.
Marker * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s ListGrantsInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListGrantsInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ListGrantsInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ListGrantsInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . Limit != nil && * s . Limit < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "Limit" , 1 ) )
}
if s . Marker != nil && len ( * s . Marker ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Marker" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * ListGrantsInput ) SetKeyId ( v string ) * ListGrantsInput {
s . KeyId = & v
return s
}
// SetLimit sets the Limit field's value.
func ( s * ListGrantsInput ) SetLimit ( v int64 ) * ListGrantsInput {
s . Limit = & v
return s
}
// SetMarker sets the Marker field's value.
func ( s * ListGrantsInput ) SetMarker ( v string ) * ListGrantsInput {
s . Marker = & v
return s
}
type ListGrantsResponse struct {
_ struct { } ` type:"structure" `
// A list of grants.
Grants [ ] * GrantListEntry ` type:"list" `
// When Truncated is true, this element is present and contains the value to
// use for the Marker parameter in a subsequent request.
NextMarker * string ` min:"1" type:"string" `
// A flag that indicates whether there are more items in the list. When this
2019-03-11 19:18:55 +03:00
// value is true, the list in this response is truncated. To get more items,
2017-10-06 00:08:03 +03:00
// pass the value of the NextMarker element in this response to the Marker parameter
// in a subsequent request.
Truncated * bool ` type:"boolean" `
}
// String returns the string representation
func ( s ListGrantsResponse ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListGrantsResponse ) GoString ( ) string {
return s . String ( )
}
// SetGrants sets the Grants field's value.
func ( s * ListGrantsResponse ) SetGrants ( v [ ] * GrantListEntry ) * ListGrantsResponse {
s . Grants = v
return s
}
// SetNextMarker sets the NextMarker field's value.
func ( s * ListGrantsResponse ) SetNextMarker ( v string ) * ListGrantsResponse {
s . NextMarker = & v
return s
}
// SetTruncated sets the Truncated field's value.
func ( s * ListGrantsResponse ) SetTruncated ( v bool ) * ListGrantsResponse {
s . Truncated = & v
return s
}
type ListKeyPoliciesInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
//
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// Use this parameter to specify the maximum number of items to return. When
// this value is present, AWS KMS does not return more than the specified number
// of items, but it might return fewer.
//
// This value is optional. If you include a value, it must be between 1 and
// 1000, inclusive. If you do not include a value, it defaults to 100.
//
// Currently only 1 policy can be attached to a key.
Limit * int64 ` min:"1" type:"integer" `
// Use this parameter in a subsequent request after you receive a response with
// truncated results. Set it to the value of NextMarker from the truncated response
// you just received.
Marker * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s ListKeyPoliciesInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListKeyPoliciesInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ListKeyPoliciesInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ListKeyPoliciesInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . Limit != nil && * s . Limit < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "Limit" , 1 ) )
}
if s . Marker != nil && len ( * s . Marker ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Marker" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * ListKeyPoliciesInput ) SetKeyId ( v string ) * ListKeyPoliciesInput {
s . KeyId = & v
return s
}
// SetLimit sets the Limit field's value.
func ( s * ListKeyPoliciesInput ) SetLimit ( v int64 ) * ListKeyPoliciesInput {
s . Limit = & v
return s
}
// SetMarker sets the Marker field's value.
func ( s * ListKeyPoliciesInput ) SetMarker ( v string ) * ListKeyPoliciesInput {
s . Marker = & v
return s
}
type ListKeyPoliciesOutput struct {
_ struct { } ` type:"structure" `
// When Truncated is true, this element is present and contains the value to
// use for the Marker parameter in a subsequent request.
NextMarker * string ` min:"1" type:"string" `
2019-03-11 19:18:55 +03:00
// A list of key policy names. Currently, there is only one key policy per CMK
// and it is always named default.
2017-10-06 00:08:03 +03:00
PolicyNames [ ] * string ` type:"list" `
// A flag that indicates whether there are more items in the list. When this
2019-03-11 19:18:55 +03:00
// value is true, the list in this response is truncated. To get more items,
2017-10-06 00:08:03 +03:00
// pass the value of the NextMarker element in this response to the Marker parameter
// in a subsequent request.
Truncated * bool ` type:"boolean" `
}
// String returns the string representation
func ( s ListKeyPoliciesOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListKeyPoliciesOutput ) GoString ( ) string {
return s . String ( )
}
// SetNextMarker sets the NextMarker field's value.
func ( s * ListKeyPoliciesOutput ) SetNextMarker ( v string ) * ListKeyPoliciesOutput {
s . NextMarker = & v
return s
}
// SetPolicyNames sets the PolicyNames field's value.
func ( s * ListKeyPoliciesOutput ) SetPolicyNames ( v [ ] * string ) * ListKeyPoliciesOutput {
s . PolicyNames = v
return s
}
// SetTruncated sets the Truncated field's value.
func ( s * ListKeyPoliciesOutput ) SetTruncated ( v bool ) * ListKeyPoliciesOutput {
s . Truncated = & v
return s
}
type ListKeysInput struct {
_ struct { } ` type:"structure" `
// Use this parameter to specify the maximum number of items to return. When
// this value is present, AWS KMS does not return more than the specified number
// of items, but it might return fewer.
//
// This value is optional. If you include a value, it must be between 1 and
// 1000, inclusive. If you do not include a value, it defaults to 100.
Limit * int64 ` min:"1" type:"integer" `
// Use this parameter in a subsequent request after you receive a response with
// truncated results. Set it to the value of NextMarker from the truncated response
// you just received.
Marker * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s ListKeysInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListKeysInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ListKeysInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ListKeysInput" }
if s . Limit != nil && * s . Limit < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "Limit" , 1 ) )
}
if s . Marker != nil && len ( * s . Marker ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Marker" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetLimit sets the Limit field's value.
func ( s * ListKeysInput ) SetLimit ( v int64 ) * ListKeysInput {
s . Limit = & v
return s
}
// SetMarker sets the Marker field's value.
func ( s * ListKeysInput ) SetMarker ( v string ) * ListKeysInput {
s . Marker = & v
return s
}
type ListKeysOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A list of customer master keys (CMKs).
2017-10-06 00:08:03 +03:00
Keys [ ] * KeyListEntry ` type:"list" `
// When Truncated is true, this element is present and contains the value to
// use for the Marker parameter in a subsequent request.
NextMarker * string ` min:"1" type:"string" `
// A flag that indicates whether there are more items in the list. When this
2019-03-11 19:18:55 +03:00
// value is true, the list in this response is truncated. To get more items,
2017-10-06 00:08:03 +03:00
// pass the value of the NextMarker element in this response to the Marker parameter
// in a subsequent request.
Truncated * bool ` type:"boolean" `
}
// String returns the string representation
func ( s ListKeysOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListKeysOutput ) GoString ( ) string {
return s . String ( )
}
// SetKeys sets the Keys field's value.
func ( s * ListKeysOutput ) SetKeys ( v [ ] * KeyListEntry ) * ListKeysOutput {
s . Keys = v
return s
}
// SetNextMarker sets the NextMarker field's value.
func ( s * ListKeysOutput ) SetNextMarker ( v string ) * ListKeysOutput {
s . NextMarker = & v
return s
}
// SetTruncated sets the Truncated field's value.
func ( s * ListKeysOutput ) SetTruncated ( v bool ) * ListKeysOutput {
s . Truncated = & v
return s
}
type ListResourceTagsInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// Use this parameter to specify the maximum number of items to return. When
// this value is present, AWS KMS does not return more than the specified number
// of items, but it might return fewer.
//
// This value is optional. If you include a value, it must be between 1 and
// 50, inclusive. If you do not include a value, it defaults to 50.
Limit * int64 ` min:"1" type:"integer" `
// Use this parameter in a subsequent request after you receive a response with
// truncated results. Set it to the value of NextMarker from the truncated response
// you just received.
//
// Do not attempt to construct this value. Use only the value of NextMarker
// from the truncated response you just received.
Marker * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s ListResourceTagsInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListResourceTagsInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ListResourceTagsInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ListResourceTagsInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . Limit != nil && * s . Limit < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "Limit" , 1 ) )
}
if s . Marker != nil && len ( * s . Marker ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Marker" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * ListResourceTagsInput ) SetKeyId ( v string ) * ListResourceTagsInput {
s . KeyId = & v
return s
}
// SetLimit sets the Limit field's value.
func ( s * ListResourceTagsInput ) SetLimit ( v int64 ) * ListResourceTagsInput {
s . Limit = & v
return s
}
// SetMarker sets the Marker field's value.
func ( s * ListResourceTagsInput ) SetMarker ( v string ) * ListResourceTagsInput {
s . Marker = & v
return s
}
type ListResourceTagsOutput struct {
_ struct { } ` type:"structure" `
// When Truncated is true, this element is present and contains the value to
// use for the Marker parameter in a subsequent request.
//
// Do not assume or infer any information from this value.
NextMarker * string ` min:"1" type:"string" `
// A list of tags. Each tag consists of a tag key and a tag value.
Tags [ ] * Tag ` type:"list" `
// A flag that indicates whether there are more items in the list. When this
2019-03-11 19:18:55 +03:00
// value is true, the list in this response is truncated. To get more items,
2017-10-06 00:08:03 +03:00
// pass the value of the NextMarker element in this response to the Marker parameter
// in a subsequent request.
Truncated * bool ` type:"boolean" `
}
// String returns the string representation
func ( s ListResourceTagsOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListResourceTagsOutput ) GoString ( ) string {
return s . String ( )
}
// SetNextMarker sets the NextMarker field's value.
func ( s * ListResourceTagsOutput ) SetNextMarker ( v string ) * ListResourceTagsOutput {
s . NextMarker = & v
return s
}
// SetTags sets the Tags field's value.
func ( s * ListResourceTagsOutput ) SetTags ( v [ ] * Tag ) * ListResourceTagsOutput {
s . Tags = v
return s
}
// SetTruncated sets the Truncated field's value.
func ( s * ListResourceTagsOutput ) SetTruncated ( v bool ) * ListResourceTagsOutput {
s . Truncated = & v
return s
}
type ListRetirableGrantsInput struct {
_ struct { } ` type:"structure" `
// Use this parameter to specify the maximum number of items to return. When
// this value is present, AWS KMS does not return more than the specified number
// of items, but it might return fewer.
//
// This value is optional. If you include a value, it must be between 1 and
// 100, inclusive. If you do not include a value, it defaults to 50.
Limit * int64 ` min:"1" type:"integer" `
// Use this parameter in a subsequent request after you receive a response with
// truncated results. Set it to the value of NextMarker from the truncated response
// you just received.
Marker * string ` min:"1" type:"string" `
// The retiring principal for which to list grants.
//
// To specify the retiring principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an AWS principal. Valid AWS principals include AWS accounts (root), IAM
// users, federated users, and assumed role users. For examples of the ARN syntax
// for specifying a principal, see AWS Identity and Access Management (IAM)
// (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam)
// in the Example ARNs section of the Amazon Web Services General Reference.
//
// RetiringPrincipal is a required field
RetiringPrincipal * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s ListRetirableGrantsInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ListRetirableGrantsInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ListRetirableGrantsInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ListRetirableGrantsInput" }
if s . Limit != nil && * s . Limit < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "Limit" , 1 ) )
}
if s . Marker != nil && len ( * s . Marker ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Marker" , 1 ) )
}
if s . RetiringPrincipal == nil {
invalidParams . Add ( request . NewErrParamRequired ( "RetiringPrincipal" ) )
}
if s . RetiringPrincipal != nil && len ( * s . RetiringPrincipal ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "RetiringPrincipal" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetLimit sets the Limit field's value.
func ( s * ListRetirableGrantsInput ) SetLimit ( v int64 ) * ListRetirableGrantsInput {
s . Limit = & v
return s
}
// SetMarker sets the Marker field's value.
func ( s * ListRetirableGrantsInput ) SetMarker ( v string ) * ListRetirableGrantsInput {
s . Marker = & v
return s
}
// SetRetiringPrincipal sets the RetiringPrincipal field's value.
func ( s * ListRetirableGrantsInput ) SetRetiringPrincipal ( v string ) * ListRetirableGrantsInput {
s . RetiringPrincipal = & v
return s
}
type PutKeyPolicyInput struct {
_ struct { } ` type:"structure" `
// A flag to indicate whether to bypass the key policy lockout safety check.
//
2019-03-11 19:18:55 +03:00
// Setting this value to true increases the risk that the CMK becomes unmanageable.
// Do not set this value to true indiscriminately.
2017-10-06 00:08:03 +03:00
//
// For more information, refer to the scenario in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section in the AWS Key Management Service Developer Guide.
//
// Use this parameter only when you intend to prevent the principal that is
// making the request from making a subsequent PutKeyPolicy request on the CMK.
//
// The default value is false.
BypassPolicyLockoutSafetyCheck * bool ` type:"boolean" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// The key policy to attach to the CMK.
//
2019-03-11 19:18:55 +03:00
// The key policy must meet the following criteria:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// must allow the principal that is making the PutKeyPolicy request to make
// a subsequent PutKeyPolicy request on the CMK. This reduces the risk that
// the CMK becomes unmanageable. For more information, refer to the scenario
// in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section of the AWS Key Management Service Developer Guide.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Each statement in the key policy must contain one or more principals.
// The principals in the key policy must exist and be visible to AWS KMS.
// When you create a new AWS principal (for example, an IAM user or role),
// you might need to enforce a delay before including the new principal in
// a key policy because the new principal might not be immediately visible
// to AWS KMS. For more information, see Changes that I make are not always
// immediately visible (http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the AWS Identity and Access Management User Guide.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// The key policy size limit is 32 kilobytes (32768 bytes).
2017-10-06 00:08:03 +03:00
//
// Policy is a required field
Policy * string ` min:"1" type:"string" required:"true" `
2019-03-11 19:18:55 +03:00
// The name of the key policy. The only valid value is default.
2017-10-06 00:08:03 +03:00
//
// PolicyName is a required field
PolicyName * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s PutKeyPolicyInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s PutKeyPolicyInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * PutKeyPolicyInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "PutKeyPolicyInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . Policy == nil {
invalidParams . Add ( request . NewErrParamRequired ( "Policy" ) )
}
if s . Policy != nil && len ( * s . Policy ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "Policy" , 1 ) )
}
if s . PolicyName == nil {
invalidParams . Add ( request . NewErrParamRequired ( "PolicyName" ) )
}
if s . PolicyName != nil && len ( * s . PolicyName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "PolicyName" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value.
func ( s * PutKeyPolicyInput ) SetBypassPolicyLockoutSafetyCheck ( v bool ) * PutKeyPolicyInput {
s . BypassPolicyLockoutSafetyCheck = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * PutKeyPolicyInput ) SetKeyId ( v string ) * PutKeyPolicyInput {
s . KeyId = & v
return s
}
// SetPolicy sets the Policy field's value.
func ( s * PutKeyPolicyInput ) SetPolicy ( v string ) * PutKeyPolicyInput {
s . Policy = & v
return s
}
// SetPolicyName sets the PolicyName field's value.
func ( s * PutKeyPolicyInput ) SetPolicyName ( v string ) * PutKeyPolicyInput {
s . PolicyName = & v
return s
}
type PutKeyPolicyOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s PutKeyPolicyOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s PutKeyPolicyOutput ) GoString ( ) string {
return s . String ( )
}
type ReEncryptInput struct {
_ struct { } ` type:"structure" `
// Ciphertext of the data to reencrypt.
//
// CiphertextBlob is automatically base64 encoded/decoded by the SDK.
//
// CiphertextBlob is a required field
CiphertextBlob [ ] byte ` min:"1" type:"blob" required:"true" `
// Encryption context to use when the data is reencrypted.
DestinationEncryptionContext map [ string ] * string ` type:"map" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the CMK that is used to reencrypt the data.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name,
// or alias ARN. When using an alias name, prefix it with "alias/". To specify
// a CMK in a different AWS account, you must use the key ARN or alias ARN.
//
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Alias name: alias/ExampleAlias
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To
// get the alias name and alias ARN, use ListAliases.
2017-10-06 00:08:03 +03:00
//
// DestinationKeyId is a required field
DestinationKeyId * string ` min:"1" type:"string" required:"true" `
// A list of grant tokens.
//
// For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token)
// in the AWS Key Management Service Developer Guide.
GrantTokens [ ] * string ` type:"list" `
// Encryption context used to encrypt and decrypt the data specified in the
// CiphertextBlob parameter.
SourceEncryptionContext map [ string ] * string ` type:"map" `
}
// String returns the string representation
func ( s ReEncryptInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ReEncryptInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ReEncryptInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ReEncryptInput" }
if s . CiphertextBlob == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CiphertextBlob" ) )
}
if s . CiphertextBlob != nil && len ( s . CiphertextBlob ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CiphertextBlob" , 1 ) )
}
if s . DestinationKeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "DestinationKeyId" ) )
}
if s . DestinationKeyId != nil && len ( * s . DestinationKeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "DestinationKeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCiphertextBlob sets the CiphertextBlob field's value.
func ( s * ReEncryptInput ) SetCiphertextBlob ( v [ ] byte ) * ReEncryptInput {
s . CiphertextBlob = v
return s
}
// SetDestinationEncryptionContext sets the DestinationEncryptionContext field's value.
func ( s * ReEncryptInput ) SetDestinationEncryptionContext ( v map [ string ] * string ) * ReEncryptInput {
s . DestinationEncryptionContext = v
return s
}
// SetDestinationKeyId sets the DestinationKeyId field's value.
func ( s * ReEncryptInput ) SetDestinationKeyId ( v string ) * ReEncryptInput {
s . DestinationKeyId = & v
return s
}
// SetGrantTokens sets the GrantTokens field's value.
func ( s * ReEncryptInput ) SetGrantTokens ( v [ ] * string ) * ReEncryptInput {
s . GrantTokens = v
return s
}
// SetSourceEncryptionContext sets the SourceEncryptionContext field's value.
func ( s * ReEncryptInput ) SetSourceEncryptionContext ( v map [ string ] * string ) * ReEncryptInput {
s . SourceEncryptionContext = v
return s
}
type ReEncryptOutput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// The reencrypted data. When you use the HTTP API or the AWS CLI, the value
// is Base64-encdoded. Otherwise, it is not encoded.
2017-10-06 00:08:03 +03:00
//
// CiphertextBlob is automatically base64 encoded/decoded by the SDK.
CiphertextBlob [ ] byte ` min:"1" type:"blob" `
// Unique identifier of the CMK used to reencrypt the data.
KeyId * string ` min:"1" type:"string" `
// Unique identifier of the CMK used to originally encrypt the data.
SourceKeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s ReEncryptOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ReEncryptOutput ) GoString ( ) string {
return s . String ( )
}
// SetCiphertextBlob sets the CiphertextBlob field's value.
func ( s * ReEncryptOutput ) SetCiphertextBlob ( v [ ] byte ) * ReEncryptOutput {
s . CiphertextBlob = v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * ReEncryptOutput ) SetKeyId ( v string ) * ReEncryptOutput {
s . KeyId = & v
return s
}
// SetSourceKeyId sets the SourceKeyId field's value.
func ( s * ReEncryptOutput ) SetSourceKeyId ( v string ) * ReEncryptOutput {
s . SourceKeyId = & v
return s
}
type RetireGrantInput struct {
_ struct { } ` type:"structure" `
// Unique identifier of the grant to retire. The grant ID is returned in the
// response to a CreateGrant operation.
//
// * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123
GrantId * string ` min:"1" type:"string" `
// Token that identifies the grant to be retired.
GrantToken * string ` min:"1" type:"string" `
2019-03-11 19:18:55 +03:00
// The Amazon Resource Name (ARN) of the CMK associated with the grant.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example: arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
KeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s RetireGrantInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s RetireGrantInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * RetireGrantInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "RetireGrantInput" }
if s . GrantId != nil && len ( * s . GrantId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "GrantId" , 1 ) )
}
if s . GrantToken != nil && len ( * s . GrantToken ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "GrantToken" , 1 ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetGrantId sets the GrantId field's value.
func ( s * RetireGrantInput ) SetGrantId ( v string ) * RetireGrantInput {
s . GrantId = & v
return s
}
// SetGrantToken sets the GrantToken field's value.
func ( s * RetireGrantInput ) SetGrantToken ( v string ) * RetireGrantInput {
s . GrantToken = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * RetireGrantInput ) SetKeyId ( v string ) * RetireGrantInput {
s . KeyId = & v
return s
}
type RetireGrantOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s RetireGrantOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s RetireGrantOutput ) GoString ( ) string {
return s . String ( )
}
type RevokeGrantInput struct {
_ struct { } ` type:"structure" `
// Identifier of the grant to be revoked.
//
// GrantId is a required field
GrantId * string ` min:"1" type:"string" required:"true" `
// A unique identifier for the customer master key associated with the grant.
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify
// a CMK in a different AWS account, you must use the key ARN.
//
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s RevokeGrantInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s RevokeGrantInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * RevokeGrantInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "RevokeGrantInput" }
if s . GrantId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "GrantId" ) )
}
if s . GrantId != nil && len ( * s . GrantId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "GrantId" , 1 ) )
}
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetGrantId sets the GrantId field's value.
func ( s * RevokeGrantInput ) SetGrantId ( v string ) * RevokeGrantInput {
s . GrantId = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * RevokeGrantInput ) SetKeyId ( v string ) * RevokeGrantInput {
s . KeyId = & v
return s
}
type RevokeGrantOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s RevokeGrantOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s RevokeGrantOutput ) GoString ( ) string {
return s . String ( )
}
type ScheduleKeyDeletionInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// The unique identifier of the customer master key (CMK) to delete.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// The waiting period, specified in number of days. After the waiting period
// ends, AWS KMS deletes the customer master key (CMK).
//
// This value is optional. If you include a value, it must be between 7 and
// 30, inclusive. If you do not include a value, it defaults to 30.
PendingWindowInDays * int64 ` min:"1" type:"integer" `
}
// String returns the string representation
func ( s ScheduleKeyDeletionInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ScheduleKeyDeletionInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * ScheduleKeyDeletionInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "ScheduleKeyDeletionInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . PendingWindowInDays != nil && * s . PendingWindowInDays < 1 {
invalidParams . Add ( request . NewErrParamMinValue ( "PendingWindowInDays" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * ScheduleKeyDeletionInput ) SetKeyId ( v string ) * ScheduleKeyDeletionInput {
s . KeyId = & v
return s
}
// SetPendingWindowInDays sets the PendingWindowInDays field's value.
func ( s * ScheduleKeyDeletionInput ) SetPendingWindowInDays ( v int64 ) * ScheduleKeyDeletionInput {
s . PendingWindowInDays = & v
return s
}
type ScheduleKeyDeletionOutput struct {
_ struct { } ` type:"structure" `
// The date and time after which AWS KMS deletes the customer master key (CMK).
2019-03-11 19:18:55 +03:00
DeletionDate * time . Time ` type:"timestamp" `
2017-10-06 00:08:03 +03:00
// The unique identifier of the customer master key (CMK) for which deletion
// is scheduled.
KeyId * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s ScheduleKeyDeletionOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s ScheduleKeyDeletionOutput ) GoString ( ) string {
return s . String ( )
}
// SetDeletionDate sets the DeletionDate field's value.
func ( s * ScheduleKeyDeletionOutput ) SetDeletionDate ( v time . Time ) * ScheduleKeyDeletionOutput {
s . DeletionDate = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * ScheduleKeyDeletionOutput ) SetKeyId ( v string ) * ScheduleKeyDeletionOutput {
s . KeyId = & v
return s
}
// A key-value pair. A tag consists of a tag key and a tag value. Tag keys and
// tag values are both required, but tag values can be empty (null) strings.
2019-03-11 19:18:55 +03:00
//
// For information about the rules that apply to tag keys and tag values, see
// User-Defined Tag Restrictions (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html)
// in the AWS Billing and Cost Management User Guide.
2017-10-06 00:08:03 +03:00
type Tag struct {
_ struct { } ` type:"structure" `
// The key of the tag.
//
// TagKey is a required field
TagKey * string ` min:"1" type:"string" required:"true" `
// The value of the tag.
//
// TagValue is a required field
TagValue * string ` type:"string" required:"true" `
}
// String returns the string representation
func ( s Tag ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s Tag ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * Tag ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "Tag" }
if s . TagKey == nil {
invalidParams . Add ( request . NewErrParamRequired ( "TagKey" ) )
}
if s . TagKey != nil && len ( * s . TagKey ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "TagKey" , 1 ) )
}
if s . TagValue == nil {
invalidParams . Add ( request . NewErrParamRequired ( "TagValue" ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetTagKey sets the TagKey field's value.
func ( s * Tag ) SetTagKey ( v string ) * Tag {
s . TagKey = & v
return s
}
// SetTagValue sets the TagValue field's value.
func ( s * Tag ) SetTagValue ( v string ) * Tag {
s . TagValue = & v
return s
}
type TagResourceInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the CMK you are tagging.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
//
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// One or more tags. Each tag consists of a tag key and a tag value.
//
// Tags is a required field
Tags [ ] * Tag ` type:"list" required:"true" `
}
// String returns the string representation
func ( s TagResourceInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s TagResourceInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * TagResourceInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "TagResourceInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . Tags == nil {
invalidParams . Add ( request . NewErrParamRequired ( "Tags" ) )
}
if s . Tags != nil {
for i , v := range s . Tags {
if v == nil {
continue
}
if err := v . Validate ( ) ; err != nil {
invalidParams . AddNested ( fmt . Sprintf ( "%s[%v]" , "Tags" , i ) , err . ( request . ErrInvalidParams ) )
}
}
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * TagResourceInput ) SetKeyId ( v string ) * TagResourceInput {
s . KeyId = & v
return s
}
// SetTags sets the Tags field's value.
func ( s * TagResourceInput ) SetTags ( v [ ] * Tag ) * TagResourceInput {
s . Tags = v
return s
}
type TagResourceOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s TagResourceOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s TagResourceOutput ) GoString ( ) string {
return s . String ( )
}
type UntagResourceInput struct {
_ struct { } ` type:"structure" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the CMK from which you are removing tags.
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
2017-10-06 00:08:03 +03:00
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
// One or more tag keys. Specify only the tag keys, not the tag values.
//
// TagKeys is a required field
TagKeys [ ] * string ` type:"list" required:"true" `
}
// String returns the string representation
func ( s UntagResourceInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UntagResourceInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * UntagResourceInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "UntagResourceInput" }
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if s . TagKeys == nil {
invalidParams . Add ( request . NewErrParamRequired ( "TagKeys" ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func ( s * UntagResourceInput ) SetKeyId ( v string ) * UntagResourceInput {
s . KeyId = & v
return s
}
// SetTagKeys sets the TagKeys field's value.
func ( s * UntagResourceInput ) SetTagKeys ( v [ ] * string ) * UntagResourceInput {
s . TagKeys = v
return s
}
type UntagResourceOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s UntagResourceOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UntagResourceOutput ) GoString ( ) string {
return s . String ( )
}
type UpdateAliasInput struct {
_ struct { } ` type:"structure" `
// String that contains the name of the alias to be modified. The name must
// start with the word "alias" followed by a forward slash (alias/). Aliases
// that begin with "alias/aws" are reserved.
//
// AliasName is a required field
AliasName * string ` min:"1" type:"string" required:"true" `
2019-03-11 19:18:55 +03:00
// Unique identifier of the customer master key to be mapped to the alias.
//
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// For example:
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
//
// To verify that the alias is mapped to the correct CMK, use ListAliases.
2017-10-06 00:08:03 +03:00
//
// TargetKeyId is a required field
TargetKeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s UpdateAliasInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UpdateAliasInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * UpdateAliasInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "UpdateAliasInput" }
if s . AliasName == nil {
invalidParams . Add ( request . NewErrParamRequired ( "AliasName" ) )
}
if s . AliasName != nil && len ( * s . AliasName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "AliasName" , 1 ) )
}
if s . TargetKeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "TargetKeyId" ) )
}
if s . TargetKeyId != nil && len ( * s . TargetKeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "TargetKeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetAliasName sets the AliasName field's value.
func ( s * UpdateAliasInput ) SetAliasName ( v string ) * UpdateAliasInput {
s . AliasName = & v
return s
}
// SetTargetKeyId sets the TargetKeyId field's value.
func ( s * UpdateAliasInput ) SetTargetKeyId ( v string ) * UpdateAliasInput {
s . TargetKeyId = & v
return s
}
type UpdateAliasOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s UpdateAliasOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UpdateAliasOutput ) GoString ( ) string {
return s . String ( )
}
2019-03-11 19:18:55 +03:00
type UpdateCustomKeyStoreInput struct {
_ struct { } ` type:"structure" `
// Associates the custom key store with a related AWS CloudHSM cluster.
//
// Enter the cluster ID of the cluster that you used to create the custom key
// store or a cluster that shares a backup history with the original cluster.
// You cannot use this parameter to associate a custom key store with a different
// cluster.
//
// Clusters that share a backup history have the same cluster certificate. To
// view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
// operation.
CloudHsmClusterId * string ` min:"19" type:"string" `
// Identifies the custom key store that you want to update. Enter the ID of
// the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores
// operation.
//
// CustomKeyStoreId is a required field
CustomKeyStoreId * string ` min:"1" type:"string" required:"true" `
// Enter the current password of the kmsuser crypto user (CU) in the AWS CloudHSM
// cluster that is associated with the custom key store.
//
// This parameter tells AWS KMS the current password of the kmsuser crypto user
// (CU). It does not set or change the password of any users in the AWS CloudHSM
// cluster.
KeyStorePassword * string ` min:"1" type:"string" sensitive:"true" `
// Changes the friendly name of the custom key store to the value that you specify.
// The custom key store name must be unique in the AWS account.
NewCustomKeyStoreName * string ` min:"1" type:"string" `
}
// String returns the string representation
func ( s UpdateCustomKeyStoreInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UpdateCustomKeyStoreInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * UpdateCustomKeyStoreInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "UpdateCustomKeyStoreInput" }
if s . CloudHsmClusterId != nil && len ( * s . CloudHsmClusterId ) < 19 {
invalidParams . Add ( request . NewErrParamMinLen ( "CloudHsmClusterId" , 19 ) )
}
if s . CustomKeyStoreId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "CustomKeyStoreId" ) )
}
if s . CustomKeyStoreId != nil && len ( * s . CustomKeyStoreId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "CustomKeyStoreId" , 1 ) )
}
if s . KeyStorePassword != nil && len ( * s . KeyStorePassword ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyStorePassword" , 1 ) )
}
if s . NewCustomKeyStoreName != nil && len ( * s . NewCustomKeyStoreName ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "NewCustomKeyStoreName" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetCloudHsmClusterId sets the CloudHsmClusterId field's value.
func ( s * UpdateCustomKeyStoreInput ) SetCloudHsmClusterId ( v string ) * UpdateCustomKeyStoreInput {
s . CloudHsmClusterId = & v
return s
}
// SetCustomKeyStoreId sets the CustomKeyStoreId field's value.
func ( s * UpdateCustomKeyStoreInput ) SetCustomKeyStoreId ( v string ) * UpdateCustomKeyStoreInput {
s . CustomKeyStoreId = & v
return s
}
// SetKeyStorePassword sets the KeyStorePassword field's value.
func ( s * UpdateCustomKeyStoreInput ) SetKeyStorePassword ( v string ) * UpdateCustomKeyStoreInput {
s . KeyStorePassword = & v
return s
}
// SetNewCustomKeyStoreName sets the NewCustomKeyStoreName field's value.
func ( s * UpdateCustomKeyStoreInput ) SetNewCustomKeyStoreName ( v string ) * UpdateCustomKeyStoreInput {
s . NewCustomKeyStoreName = & v
return s
}
type UpdateCustomKeyStoreOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s UpdateCustomKeyStoreOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UpdateCustomKeyStoreOutput ) GoString ( ) string {
return s . String ( )
}
2017-10-06 00:08:03 +03:00
type UpdateKeyDescriptionInput struct {
_ struct { } ` type:"structure" `
// New description for the CMK.
//
// Description is a required field
Description * string ` type:"string" required:"true" `
2019-03-11 19:18:55 +03:00
// A unique identifier for the customer master key (CMK).
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
//
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
2017-10-06 00:08:03 +03:00
//
2019-03-11 19:18:55 +03:00
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
2017-10-06 00:08:03 +03:00
//
// KeyId is a required field
KeyId * string ` min:"1" type:"string" required:"true" `
}
// String returns the string representation
func ( s UpdateKeyDescriptionInput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UpdateKeyDescriptionInput ) GoString ( ) string {
return s . String ( )
}
// Validate inspects the fields of the type to determine if they are valid.
func ( s * UpdateKeyDescriptionInput ) Validate ( ) error {
invalidParams := request . ErrInvalidParams { Context : "UpdateKeyDescriptionInput" }
if s . Description == nil {
invalidParams . Add ( request . NewErrParamRequired ( "Description" ) )
}
if s . KeyId == nil {
invalidParams . Add ( request . NewErrParamRequired ( "KeyId" ) )
}
if s . KeyId != nil && len ( * s . KeyId ) < 1 {
invalidParams . Add ( request . NewErrParamMinLen ( "KeyId" , 1 ) )
}
if invalidParams . Len ( ) > 0 {
return invalidParams
}
return nil
}
// SetDescription sets the Description field's value.
func ( s * UpdateKeyDescriptionInput ) SetDescription ( v string ) * UpdateKeyDescriptionInput {
s . Description = & v
return s
}
// SetKeyId sets the KeyId field's value.
func ( s * UpdateKeyDescriptionInput ) SetKeyId ( v string ) * UpdateKeyDescriptionInput {
s . KeyId = & v
return s
}
type UpdateKeyDescriptionOutput struct {
_ struct { } ` type:"structure" `
}
// String returns the string representation
func ( s UpdateKeyDescriptionOutput ) String ( ) string {
return awsutil . Prettify ( s )
}
// GoString returns the string representation
func ( s UpdateKeyDescriptionOutput ) GoString ( ) string {
return s . String ( )
}
const (
// AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value
AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5"
// AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value
AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1"
// AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value
AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256"
)
2019-03-11 19:18:55 +03:00
const (
// ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value
ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS"
// ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value
ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND"
// ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value
ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS"
// ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value
ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS"
// ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value
ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT"
)
const (
// ConnectionStateTypeConnected is a ConnectionStateType enum value
ConnectionStateTypeConnected = "CONNECTED"
// ConnectionStateTypeConnecting is a ConnectionStateType enum value
ConnectionStateTypeConnecting = "CONNECTING"
// ConnectionStateTypeFailed is a ConnectionStateType enum value
ConnectionStateTypeFailed = "FAILED"
// ConnectionStateTypeDisconnected is a ConnectionStateType enum value
ConnectionStateTypeDisconnected = "DISCONNECTED"
// ConnectionStateTypeDisconnecting is a ConnectionStateType enum value
ConnectionStateTypeDisconnecting = "DISCONNECTING"
)
2017-10-06 00:08:03 +03:00
const (
// DataKeySpecAes256 is a DataKeySpec enum value
DataKeySpecAes256 = "AES_256"
// DataKeySpecAes128 is a DataKeySpec enum value
DataKeySpecAes128 = "AES_128"
)
const (
// ExpirationModelTypeKeyMaterialExpires is a ExpirationModelType enum value
ExpirationModelTypeKeyMaterialExpires = "KEY_MATERIAL_EXPIRES"
// ExpirationModelTypeKeyMaterialDoesNotExpire is a ExpirationModelType enum value
ExpirationModelTypeKeyMaterialDoesNotExpire = "KEY_MATERIAL_DOES_NOT_EXPIRE"
)
const (
// GrantOperationDecrypt is a GrantOperation enum value
GrantOperationDecrypt = "Decrypt"
// GrantOperationEncrypt is a GrantOperation enum value
GrantOperationEncrypt = "Encrypt"
// GrantOperationGenerateDataKey is a GrantOperation enum value
GrantOperationGenerateDataKey = "GenerateDataKey"
// GrantOperationGenerateDataKeyWithoutPlaintext is a GrantOperation enum value
GrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext"
// GrantOperationReEncryptFrom is a GrantOperation enum value
GrantOperationReEncryptFrom = "ReEncryptFrom"
// GrantOperationReEncryptTo is a GrantOperation enum value
GrantOperationReEncryptTo = "ReEncryptTo"
// GrantOperationCreateGrant is a GrantOperation enum value
GrantOperationCreateGrant = "CreateGrant"
// GrantOperationRetireGrant is a GrantOperation enum value
GrantOperationRetireGrant = "RetireGrant"
// GrantOperationDescribeKey is a GrantOperation enum value
GrantOperationDescribeKey = "DescribeKey"
)
const (
// KeyManagerTypeAws is a KeyManagerType enum value
KeyManagerTypeAws = "AWS"
// KeyManagerTypeCustomer is a KeyManagerType enum value
KeyManagerTypeCustomer = "CUSTOMER"
)
const (
// KeyStateEnabled is a KeyState enum value
KeyStateEnabled = "Enabled"
// KeyStateDisabled is a KeyState enum value
KeyStateDisabled = "Disabled"
// KeyStatePendingDeletion is a KeyState enum value
KeyStatePendingDeletion = "PendingDeletion"
// KeyStatePendingImport is a KeyState enum value
KeyStatePendingImport = "PendingImport"
2019-03-11 19:18:55 +03:00
// KeyStateUnavailable is a KeyState enum value
KeyStateUnavailable = "Unavailable"
2017-10-06 00:08:03 +03:00
)
const (
// KeyUsageTypeEncryptDecrypt is a KeyUsageType enum value
KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT"
)
const (
// OriginTypeAwsKms is a OriginType enum value
OriginTypeAwsKms = "AWS_KMS"
// OriginTypeExternal is a OriginType enum value
OriginTypeExternal = "EXTERNAL"
2019-03-11 19:18:55 +03:00
// OriginTypeAwsCloudhsm is a OriginType enum value
OriginTypeAwsCloudhsm = "AWS_CLOUDHSM"
2017-10-06 00:08:03 +03:00
)
const (
// WrappingKeySpecRsa2048 is a WrappingKeySpec enum value
WrappingKeySpecRsa2048 = "RSA_2048"
)